diff options
author | Scott Dodson <sdodson@redhat.com> | 2017-08-29 10:13:15 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-08-29 10:13:15 -0400 |
commit | 5e32de3e8e9b302dbc9f4ba26985380197ac4171 (patch) | |
tree | b4c74790895dab78bcd3f2f2865032010a15f338 | |
parent | 4338dce09dbe5497f2a3700992eb4c5afeb4e6f6 (diff) | |
parent | 5815311c8fbad15fe23691e010ce7e4a132f6e7c (diff) | |
download | openshift-5e32de3e8e9b302dbc9f4ba26985380197ac4171.tar.gz openshift-5e32de3e8e9b302dbc9f4ba26985380197ac4171.tar.bz2 openshift-5e32de3e8e9b302dbc9f4ba26985380197ac4171.tar.xz openshift-5e32de3e8e9b302dbc9f4ba26985380197ac4171.zip |
Merge pull request #5128 from mgugino-upstream-stage/reg-auth
Add independent registry auth support
-rw-r--r-- | inventory/byo/hosts.ose.example | 8 | ||||
-rw-r--r-- | roles/openshift_master/defaults/main.yml | 5 | ||||
-rw-r--r-- | roles/openshift_master/tasks/main.yml | 16 | ||||
-rw-r--r-- | roles/openshift_node/defaults/main.yml | 5 | ||||
-rw-r--r-- | roles/openshift_node/tasks/main.yml | 15 |
5 files changed, 49 insertions, 0 deletions
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index c36dca971..c55eb9b3f 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -170,6 +170,14 @@ openshift_release=v3.6 # modify image streams to point at that registry by setting the following to true #openshift_examples_modify_imagestreams=true +# If oreg_url points to a registry requiring authentication, provide the following: +#oreg_auth_user=some_user +#oreg_auth_password='my-pass' +# NOTE: oreg_url must be defined by the user for oreg_auth_* to have any affect. +# oreg_auth_pass should be generated from running docker login. +# To update registry auth credentials, uncomment the following: +#oreg_auth_credentials_replace: True + # OpenShift repository configuration #openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': 'http://example.com/puddle/build/AtomicOpenShift/3.1/latest/RH7-RHOSE-3.0/$basearch/os', 'enabled': 1, 'gpgcheck': 0}] #openshift_repos_enable_testing=false diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index cbc879d31..d70106276 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -19,3 +19,8 @@ r_openshift_master_os_firewall_allow: - service: etcd embedded port: 4001/tcp cond: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" + +oreg_url: '' +oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}" +oreg_auth_credentials_path: "{{ openshift.common.data_dir }}/.docker" +oreg_auth_credentials_replace: False diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index b80941b48..ba56ac94e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -232,6 +232,22 @@ - restart master controllers when: openshift_master_bootstrap_enabled | default(False) +- name: Check for credentials file for registry auth + stat: + path: "{{oreg_auth_credentials_path }}" + when: + - oreg_auth_user is defined + register: master_oreg_auth_credentials_stat + +- name: Create credentials for registry auth + command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" + when: + - oreg_auth_user is defined + - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + notify: + - restart master api + - restart master controllers + - include: set_loopback_context.yml when: - openshift.common.version_gte_3_2_or_1_2 diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index c7867d225..cc000496a 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -21,3 +21,8 @@ r_openshift_node_os_firewall_allow: - service: Kubernetes service NodePort UDP port: "{{ openshift_node_port_range | default('') }}/udp" cond: "{{ openshift_node_port_range is defined }}" + +oreg_url: '' +oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}" +oreg_auth_credentials_path: "{{ openshift.common.data_dir }}/.docker" +oreg_auth_credentials_replace: False diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index da16e7592..525dd1d1a 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -150,6 +150,21 @@ notify: - restart node +- name: Check for credentials file for registry auth + stat: + path: "{{oreg_auth_credentials_path }}" + when: + - oreg_auth_user is defined + register: node_oreg_auth_credentials_stat + +- name: Create credentials for registry auth + command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" + when: + - oreg_auth_user is defined + - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + notify: + - restart node + - name: Configure AWS Cloud Provider Settings lineinfile: dest: /etc/sysconfig/{{ openshift.common.service_type }}-node |