summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKenny Woodson <kwoodson@redhat.com>2017-02-24 16:46:06 -0500
committerKenny Woodson <kwoodson@redhat.com>2017-02-28 09:29:21 -0500
commite0090381732d43de74715b9d41480b3c43391783 (patch)
tree322be180faf601d1cbc5f9243e05d852920ddfe5
parent1629eb0af60e14f70f942b66a6c4c37e875dabe1 (diff)
downloadopenshift-e0090381732d43de74715b9d41480b3c43391783.tar.gz
openshift-e0090381732d43de74715b9d41480b3c43391783.tar.bz2
openshift-e0090381732d43de74715b9d41480b3c43391783.tar.xz
openshift-e0090381732d43de74715b9d41480b3c43391783.zip
Adding support for a route with certs and reencrypt.
-rw-r--r--roles/lib_openshift/library/oc_route.py8
-rw-r--r--roles/lib_openshift/src/class/oc_route.py8
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml4
-rw-r--r--roles/openshift_hosted/tasks/registry/secure.yml32
4 files changed, 49 insertions, 3 deletions
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index 9d95fcdbb..e40e21e8f 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -1594,7 +1594,13 @@ class OCRoute(OpenShiftCLI):
def update(self):
'''update the object'''
- # need to update the tls information and the service name
+ # when the host attribute is being updated, we need to delete and recreate
+ if self.config.host != self.route.host:
+ import time
+ self.delete()
+ time.sleep(3)
+ return self.create()
+
return self._replace_content(self.kind, self.config.name, self.config.data)
def needs_update(self):
diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py
index 448457292..122cc5fe9 100644
--- a/roles/lib_openshift/src/class/oc_route.py
+++ b/roles/lib_openshift/src/class/oc_route.py
@@ -55,7 +55,13 @@ class OCRoute(OpenShiftCLI):
def update(self):
'''update the object'''
- # need to update the tls information and the service name
+ # when the host attribute is being updated, we need to delete and recreate
+ if self.config.host != self.route.host:
+ import time
+ self.delete()
+ time.sleep(3)
+ return self.create()
+
return self._replace_content(self.kind, self.config.name, self.config.data)
def needs_update(self):
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index 2369c4e2e..f9441dd57 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -40,6 +40,9 @@
openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
openshift_hosted_registry_volumes: []
openshift_hosted_registry_env_vars: {}
+ openshift_hosted_registry_route_certificates: "{{ openshift.hosted.registry.route.certificates | default(false) }}"
+ openshift_hosted_registry_route_host: "{{ openshift.hosted.registry.route.host | default(false) }}"
+ openshift_hosted_registry_route_termination: "{{ openshift.hosted.registry.route.termination | default('passthrough') }}"
openshift_hosted_registry_edits:
# These edits are being specified only to prevent 'changed' on rerun
- key: spec.strategy.rollingParams
@@ -89,6 +92,7 @@
- name: Create OpenShift registry
oc_adm_registry:
+#debug: True
name: "{{ openshift_hosted_registry_name }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
selector: "{{ openshift_hosted_registry_selector }}"
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index e70d377c6..244979f2e 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -2,14 +2,43 @@
- name: Set fact docker_registry_route_hostname
set_fact:
docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
+ run_once: true
+
+#- name: Create passthrough route for docker-registry
+# oc_route:
+# name: docker-registry
+# namespace: "{{ openshift_hosted_registry_namespace }}"
+# service_name: docker-registry
+# tls_termination: passthrough
+# host: "{{ docker_registry_route_hostname }}"
+# run_once: true
+- name: Get the certificate contents for registry
+ local_action:
+ module: slurp
+ src: "{{ item }}"
+ register: openshift_hosted_registry_certificate_content
+ with_items:
+ - "{{ (openshift_hosted_registry_route_certificates | default({'certfile':none})).certfile }}"
+ - "{{ (openshift_hosted_registry_route_certificates | default({'keyfile':none})).keyfile }}"
+ - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}"
+ when: openshift_hosted_registry_route_certificates
+
+- debug: var=openshift_hosted_registry_certificate_content
+ when: openshift_hosted_registry_route_certificates
- name: Create passthrough route for docker-registry
oc_route:
name: docker-registry
namespace: "{{ openshift_hosted_registry_namespace }}"
service_name: docker-registry
- tls_termination: passthrough
host: "{{ docker_registry_route_hostname }}"
+ tls_termination: "{{ openshift_hosted_registry_route_termination }}"
+ host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
+ cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}"
+ key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
+ cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
+ dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}"
+ run_once: true
- name: Retrieve registry service IP
oc_service:
@@ -17,6 +46,7 @@
name: docker-registry
state: list
register: docker_registry_service_ip
+ run_once: true
- name: Create registry certificates
oc_adm_ca_server_cert: