From 5ada5e9bcad7a8d361b47bb471c681964490be5f Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Wed, 1 Mar 2017 14:44:54 -0500 Subject: Separating routes so logic is simpler. --- roles/openshift_hosted/tasks/registry/secure.yml | 36 ++++++++++++++++++++---- 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index 9a0108a93..a082a075a 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -6,6 +6,12 @@ - debug: var=openshift_hosted_registry_routecertificates +- debug: + msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) }}" + +- debug: + msg: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('THIS IS TRUE', 'THIS IS FALSE') }}" + - name: Get the certificate contents for registry copy: backup: True @@ -15,20 +21,38 @@ with_dict: "{{ openshift_hosted_registry_routecertificates }}" when: openshift_hosted_registry_routecertificates -- debug: var=openshift_hosted_registry_route_termination +# When certificates are defined we will create the reencrypt +# docker-registry route +- name: Create a reencrypt route for docker-registry + run_once: true + oc_route: + name: docker-registry + namespace: "{{ openshift_hosted_registry_namespace }}" + service_name: docker-registry + tls_termination: "{{ openshift_hosted_registry_routetermination }}" + host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" + cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}" + key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}" + cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}" + dest_cacert_path: /etc/origin/master/ca.crt + when: + - "'cafile' in openshift_hosted_registry_routecertificates" + - "'certfile' in openshift_hosted_registry_routecertificates" + - "'keyfile' in openshift_hosted_registry_routecertificates" +- debug: + msg: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" + +# When routetermination is passthrough we will create the route - name: Create passthrough route for docker-registry oc_route: name: docker-registry namespace: "{{ openshift_hosted_registry_namespace }}" service_name: docker-registry tls_termination: "{{ openshift_hosted_registry_routetermination }}" - host: "{{ openshift_hosted_registry_routehost | default(docker_registry_route_hostname) }}" - cert_path: "{{ ('certfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.certfile | basename), omit) }}" - key_path: "{{ ('keyfile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.keyfile | basename), omit) }}" - cacert_path: "{{ ('cafile' in openshift_hosted_registry_routecertificates) | ternary('/etc/origin/master/named_certificates/' ~ (openshift_hosted_registry_routecertificates.cafile | basename), omit) }}" - dest_cacert_path: "{{ (openshift_hosted_registry_routetermination == 'reencrypt') | ternary('/etc/origin/master/ca.crt', omit) }}" + host: "{{ openshift_hosted_registry_routehost | ternary(openshift_hosted_registry_routehost, docker_registry_route_hostname) }}" run_once: true + when: openshift_hosted_registry_routetermination == 'passthrough' - name: Retrieve registry service IP oc_service: -- cgit v1.2.3