diff options
author | Kenny Woodson <kwoodson@redhat.com> | 2017-02-24 16:46:06 -0500 |
---|---|---|
committer | Kenny Woodson <kwoodson@redhat.com> | 2017-02-28 09:29:21 -0500 |
commit | e0090381732d43de74715b9d41480b3c43391783 (patch) | |
tree | 322be180faf601d1cbc5f9243e05d852920ddfe5 | |
parent | 1629eb0af60e14f70f942b66a6c4c37e875dabe1 (diff) | |
download | openshift-e0090381732d43de74715b9d41480b3c43391783.tar.gz openshift-e0090381732d43de74715b9d41480b3c43391783.tar.bz2 openshift-e0090381732d43de74715b9d41480b3c43391783.tar.xz openshift-e0090381732d43de74715b9d41480b3c43391783.zip |
Adding support for a route with certs and reencrypt.
-rw-r--r-- | roles/lib_openshift/library/oc_route.py | 8 | ||||
-rw-r--r-- | roles/lib_openshift/src/class/oc_route.py | 8 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/registry/registry.yml | 4 | ||||
-rw-r--r-- | roles/openshift_hosted/tasks/registry/secure.yml | 32 |
4 files changed, 49 insertions, 3 deletions
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index 9d95fcdbb..e40e21e8f 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -1594,7 +1594,13 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' - # need to update the tls information and the service name + # when the host attribute is being updated, we need to delete and recreate + if self.config.host != self.route.host: + import time + self.delete() + time.sleep(3) + return self.create() + return self._replace_content(self.kind, self.config.name, self.config.data) def needs_update(self): diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 448457292..122cc5fe9 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -55,7 +55,13 @@ class OCRoute(OpenShiftCLI): def update(self): '''update the object''' - # need to update the tls information and the service name + # when the host attribute is being updated, we need to delete and recreate + if self.config.host != self.route.host: + import time + self.delete() + time.sleep(3) + return self.create() + return self._replace_content(self.kind, self.config.name, self.config.data) def needs_update(self): diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index 2369c4e2e..f9441dd57 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -40,6 +40,9 @@ openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}" openshift_hosted_registry_volumes: [] openshift_hosted_registry_env_vars: {} + openshift_hosted_registry_route_certificates: "{{ openshift.hosted.registry.route.certificates | default(false) }}" + openshift_hosted_registry_route_host: "{{ openshift.hosted.registry.route.host | default(false) }}" + openshift_hosted_registry_route_termination: "{{ openshift.hosted.registry.route.termination | default('passthrough') }}" openshift_hosted_registry_edits: # These edits are being specified only to prevent 'changed' on rerun - key: spec.strategy.rollingParams @@ -89,6 +92,7 @@ - name: Create OpenShift registry oc_adm_registry: +#debug: True name: "{{ openshift_hosted_registry_name }}" namespace: "{{ openshift_hosted_registry_namespace }}" selector: "{{ openshift_hosted_registry_selector }}" diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index e70d377c6..244979f2e 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -2,14 +2,43 @@ - name: Set fact docker_registry_route_hostname set_fact: docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}" + run_once: true + +#- name: Create passthrough route for docker-registry +# oc_route: +# name: docker-registry +# namespace: "{{ openshift_hosted_registry_namespace }}" +# service_name: docker-registry +# tls_termination: passthrough +# host: "{{ docker_registry_route_hostname }}" +# run_once: true +- name: Get the certificate contents for registry + local_action: + module: slurp + src: "{{ item }}" + register: openshift_hosted_registry_certificate_content + with_items: + - "{{ (openshift_hosted_registry_route_certificates | default({'certfile':none})).certfile }}" + - "{{ (openshift_hosted_registry_route_certificates | default({'keyfile':none})).keyfile }}" + - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}" + when: openshift_hosted_registry_route_certificates + +- debug: var=openshift_hosted_registry_certificate_content + when: openshift_hosted_registry_route_certificates - name: Create passthrough route for docker-registry oc_route: name: docker-registry namespace: "{{ openshift_hosted_registry_namespace }}" service_name: docker-registry - tls_termination: passthrough host: "{{ docker_registry_route_hostname }}" + tls_termination: "{{ openshift_hosted_registry_route_termination }}" + host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}" + cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}" + key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}" + cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}" + dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}" + run_once: true - name: Retrieve registry service IP oc_service: @@ -17,6 +46,7 @@ name: docker-registry state: list register: docker_registry_service_ip + run_once: true - name: Create registry certificates oc_adm_ca_server_cert: |