summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-03-01 14:44:54 -0500
committerKenny Woodson <kwoodson@redhat.com>2017-03-01 14:44:54 -0500
commit5ada5e9bcad7a8d361b47bb471c681964490be5f (patch)
tree2a901da8e427dc41f256224db12b92e828b4dd3f
parentdf2024ea268e93bf00ccc44b00f95ca0cb128219 (diff)
downloadopenshift-5ada5e9bcad7a8d361b47bb471c681964490be5f.tar.gz
openshift-5ada5e9bcad7a8d361b47bb471c681964490be5f.tar.bz2
openshift-5ada5e9bcad7a8d361b47bb471c681964490be5f.tar.xz
openshift-5ada5e9bcad7a8d361b47bb471c681964490be5f.zip
Separating routes so logic is simpler.
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml36
1 files changed, 30 insertions, 6 deletions
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index 9a0108a93..a082a075a 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -6,6 +6,12 @@
- debug: var=openshift_hosted_registry_routecertificates
+- debug:
+ msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) }}"
+
+- debug:
+ msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('THIS IS TRUE', 'THIS IS FALSE') }}"
+
- name: Get the certificate contents for registry
copy:
backup: True
@@ -15,20 +21,38 @@
with_dict: "{{ openshift_hosted_registry_routecertificates }}"
when: openshift_hosted_registry_routecertificates
-- debug: var=openshift_hosted_registry_route_termination
+# When certificates are defined we will create the reencrypt
+# docker-registry route
+- name: Create a reencrypt route for docker-registry
+ run_once: true
+ oc_route:
+ name: docker-registry
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ service_name: docker-registry
+ tls_termination: "{{ openshift_hosted_registry_routetermination }}"
+ host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
+ cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
+ key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
+ cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
+ dest_cacert_path: /etc/origin/master/ca.crt
+ when:
+ - "'cafile' in openshift_hosted_registry_routecertificates"
+ - "'certfile' in openshift_hosted_registry_routecertificates"
+ - "'keyfile' in openshift_hosted_registry_routecertificates"
+- debug:
+ msg: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
+
+# When routetermination is passthrough we will create the route
- name: Create passthrough route for docker-registry
oc_route:
name: docker-registry
namespace: "{{ openshift_hosted_registry_namespace }}"
service_name: docker-registry
tls_termination: "{{ openshift_hosted_registry_routetermination }}"
- host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}"
- cert_path: "{{ ('certfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.certfile | basename), omit) }}"
- key_path: "{{ ('keyfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.keyfile | basename), omit) }}"
- cacert_path: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.cafile | basename), omit) }}"
- dest_cacert_path: "{{ (openshift_hosted_registry_routetermination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}"
+ host: "{{ openshift_hosted_registry_routehost | ternary(openshift_hosted_registry_routehost, docker_registry_route_hostname) }}"
run_once: true
+ when: openshift_hosted_registry_routetermination == 'passthrough'
- name: Retrieve registry service IP
oc_service: