summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/adhoc/s3_registry/s3_registry.j220
-rw-r--r--playbooks/adhoc/s3_registry/s3_registry.yml55
2 files changed, 75 insertions, 0 deletions
diff --git a/playbooks/adhoc/s3_registry/s3_registry.j2 b/playbooks/adhoc/s3_registry/s3_registry.j2
new file mode 100644
index 000000000..eb8660f6c
--- /dev/null
+++ b/playbooks/adhoc/s3_registry/s3_registry.j2
@@ -0,0 +1,20 @@
+version: 0.1
+log:
+ level: debug
+http:
+ addr: :5000
+storage:
+ cache:
+ layerinfo: inmemory
+ s3:
+ accesskey: {{ accesskey }}
+ secretkey: {{ secretkey }}
+ region: us-east-1
+ bucket: {{ bucketname }}
+ encrypt: true
+ secure: true
+ v4auth: true
+ rootdirectory: /registry
+middleware:
+ repository:
+ - name: openshift
diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml
new file mode 100644
index 000000000..61280df0b
--- /dev/null
+++ b/playbooks/adhoc/s3_registry/s3_registry.yml
@@ -0,0 +1,55 @@
+---
+# This playbook creates an S3 bucket, if it doesn't already exist, and configures the docker registry service to use the bucket as its backend storage.
+# Usage:
+# ansible-playbook s3_registry.yml -e bucketname="mybucket" -e accesskey="S3 aws access key" -e secretkey="S3 aws secret key" -e master="master fqdn or IP" -i "master,"
+#
+# Example:
+# ansible-playbook s3_registry.yml -e accesskey="asdf" -e secretkey="hjkl" -e bucketname="testbucket" -e master="54.173.148.238" -i "54.173.148.238,"
+#
+# The bucket name can be anything, but generally should correspond with your cluster name.
+# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
+# The 'master' param is the fqdn or public IP of your cluster's master.
+# The -i param allows this playbook to be run on your master, even if it's not yet in your main inventory file. (The comma is mandatory).
+
+- hosts: "{{ master }}"
+ remote_user: root
+ gather_facts: False
+
+ tasks:
+
+ - name: Create S3 bucket
+ local_action:
+ module: s3 bucket={{ bucketname|quote }} mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }}
+
+ - name: Generate docker registry config
+ template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
+
+ - name: Determine if new secrets are needed
+ command: oc get secrets
+ register: secrets
+
+ - name: Create registry secrets
+ command: oc secrets new dockerregistry /root/config.yml
+ when: "'dockerregistry' not in secrets.stdout"
+
+ - name: Determine if service account contains secrets
+ command: oc describe serviceaccount/registry
+ register: serviceaccount
+
+ - name: Add secrets to registry service account
+ command: oc secrets add serviceaccount/registry secrets/dockerregistry
+ when: "'dockerregistry' not in serviceaccount.stdout"
+
+ - name: Determine if deployment config contains secrets
+ command: oc volume dc/docker-registry --list
+ register: dc
+
+ - name: Add secrets to registry deployment config
+ command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry
+ when: "'dockersecrets' not in dc.stdout"
+
+ - name: Scale up registry
+ command: oc scale --replicas=1 dc/docker-registry
+
+ - name: Delete temporary config file
+ file: path=/root/config.yml state=absent