diff options
| author | Michael Gugino <mgugino@redhat.com> | 2017-10-19 11:25:47 -0400 |
|---|---|---|
| committer | Michael Gugino <mgugino@redhat.com> | 2017-10-19 11:31:18 -0400 |
| commit | 1f0690622de8f26667d40a838298e63ffd3887f5 (patch) | |
| tree | 3f88fad5478fa1d565d6b55fb6d5643868608ffd | |
| parent | 64f452f9081e380db41acf588a28fe4bb79a4e9e (diff) | |
| download | openshift-1f0690622de8f26667d40a838298e63ffd3887f5.tar.gz openshift-1f0690622de8f26667d40a838298e63ffd3887f5.tar.bz2 openshift-1f0690622de8f26667d40a838298e63ffd3887f5.tar.xz openshift-1f0690622de8f26667d40a838298e63ffd3887f5.zip | |
Enable oreg_auth credential replace during upgrades
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml | 6 | ||||
| -rw-r--r-- | roles/docker/tasks/package_docker.yml | 12 | ||||
| -rw-r--r-- | roles/docker/tasks/registry_auth.yml | 12 |
3 files changed, 19 insertions, 11 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 142ce5f3d..759beb1f9 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -4,6 +4,12 @@ msg: Verify OpenShift is already installed when: openshift.common.version is not defined +- name: Update oreg_auth docker login credentials if necessary + include_role: + name: docker + tasks_from: registry_auth.yml + when: oreg_auth_user is defined + - name: Verify containers are available for upgrade command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index 7ccab37a5..52d745202 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -161,16 +161,6 @@ - set_fact: docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}" -- name: Check for credentials file for registry auth - stat: - path: "{{ docker_cli_auth_config_path }}/config.json" - when: oreg_auth_user is defined - register: docker_cli_auth_credentials_stat - -- name: Create credentials for docker cli registry auth - command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" - when: - - oreg_auth_user is defined - - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool +- include: registry_auth.yml - meta: flush_handlers diff --git a/roles/docker/tasks/registry_auth.yml b/roles/docker/tasks/registry_auth.yml new file mode 100644 index 000000000..65ed60efa --- /dev/null +++ b/roles/docker/tasks/registry_auth.yml @@ -0,0 +1,12 @@ +--- +- name: Check for credentials file for registry auth + stat: + path: "{{ docker_cli_auth_config_path }}/config.json" + when: oreg_auth_user is defined + register: docker_cli_auth_credentials_stat + +- name: Create credentials for docker cli registry auth + command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" + when: + - oreg_auth_user is defined + - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool |