diff options
| -rw-r--r-- | inventory/byo/hosts.origin.example | 6 | ||||
| -rw-r--r-- | inventory/byo/hosts.ose.example | 7 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/s3.yml | 21 |
3 files changed, 34 insertions, 0 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index f24cfc737..1b89bed07 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -386,6 +386,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_pullthrough=true #openshift_hosted_registry_acceptschema2=true #openshift_hosted_registry_enforcequota=true +# +# Additional CloudFront Options. When using CloudFront all three +# of the followingg variables must be defined. +#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/ +#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem +#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid # Metrics deployment # See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index b48776304..855be3db4 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -358,6 +358,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_storage_volume_size=10Gi # # AWS S3 +# # S3 bucket must already exist. #openshift_hosted_registry_storage_kind=object #openshift_hosted_registry_storage_provider=s3 @@ -386,6 +387,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', #openshift_hosted_registry_pullthrough=true #openshift_hosted_registry_acceptschema2=true #openshift_hosted_registry_enforcequota=true +# +# Additional CloudFront Options. When using CloudFront all three +# of the followingg variables must be defined. +#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/ +#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem +#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid # Metrics deployment # See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html diff --git a/roles/openshift_hosted/tasks/registry/storage/s3.yml b/roles/openshift_hosted/tasks/registry/storage/s3.yml index 707be9c00..f73d9f0ae 100644 --- a/roles/openshift_hosted/tasks/registry/storage/s3.yml +++ b/roles/openshift_hosted/tasks/registry/storage/s3.yml @@ -10,3 +10,24 @@ openshift_hosted_registry_storage_s3_bucket and openshift_hosted_registry_storage_s3_region are required when: openshift.hosted.registry.storage.s3.bucket | default(none) is none or openshift.hosted.registry.storage.s3.region | default(none) is none + +# If cloudfront is being used, fail if we don't have all the required variables +- assert: + that: + - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile | default(none) is not none" + - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_keypairid | default(none) is not none" + msg: > + When openshift_hosted_registry_storage_s3_cloudfront_baseurl is provided + openshift_hosted_registry_storage_s3_cloudfront_keypairid and + openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile are required + +# Copy the cloudfront.pem to the host if the baseurl is given +- name: Copy cloudfront.pem to the registry + copy: + src: "{{ openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile }}" + dest: /etc/s3-cloudfront/cloudfront.pem + backup: true + owner: root + group: root + mode: 0600 + when: openshift_hosted_registry_storage_s3_cloudfront_baseurl | default(none) is not none |