diff options
| author | Andrew Butcher <abutcher@redhat.com> | 2016-06-30 13:20:10 -0400 |
|---|---|---|
| committer | Andrew Butcher <abutcher@redhat.com> | 2016-07-07 13:31:12 -0400 |
| commit | 57dfae185d3d0e02ebe515263c54867bee37b45e (patch) | |
| tree | fce310bd381bb38145aed3dc10424484feaf96c6 /roles/openshift_hosted | |
| parent | 1a2c22a060b8b6f0e64d452fdfc13012d3c067ed (diff) | |
| download | openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.tar.gz openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.tar.bz2 openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.tar.xz openshift-57dfae185d3d0e02ebe515263c54867bee37b45e.zip | |
Various hosted component improvements
* [openshift_projects] Add openshift_projects role
* [openshift_hosted] hosted deployments use openshift_hosted_infra_selector if openshift_hosted_<component>_selector is not defined
* [openshift_hosted] move openshift_projects, openshift_serviceaccounts and openshift_metrics to dependencies of openshift_hosted
* [router] improve router deployment
- add router option to force subdomain
- add CA to router certificate options
* [registry] move registry config into openshift_hosted role
- additional registry fixes/tweaks
- add s3 storage support for registry
* [serviceaccount] fix up serviceaccount creation
Diffstat (limited to 'roles/openshift_hosted')
| -rw-r--r-- | roles/openshift_hosted/README.md | 20 | ||||
| -rw-r--r-- | roles/openshift_hosted/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/openshift_hosted/meta/main.yml | 25 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/main.yml | 21 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/registry.yml | 40 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/object_storage.yml | 114 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml | 18 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/registry/storage/s3.yml | 12 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/router.yml | 65 | ||||
| -rw-r--r-- | roles/openshift_hosted/tasks/router/router.yml | 70 | ||||
| -rw-r--r-- | roles/openshift_hosted/templates/registry_config.j2 | 70 | ||||
| -rw-r--r-- | roles/openshift_hosted/templates/registry_config_secret.j2 | 9 | ||||
| -rw-r--r-- | roles/openshift_hosted/vars/main.yml | 1 |
13 files changed, 391 insertions, 76 deletions
diff --git a/roles/openshift_hosted/README.md b/roles/openshift_hosted/README.md index 633ec0937..102728820 100644 --- a/roles/openshift_hosted/README.md +++ b/roles/openshift_hosted/README.md @@ -4,24 +4,27 @@ OpenShift Hosted OpenShift Hosted Resources * OpenShift Router +* OpenShift Registry Requirements ------------ -This role requires a running OpenShift cluster with nodes labeled to -match the openshift_hosted_router_selector (default: region=infra). +This role requires a running OpenShift cluster. Role Variables -------------- From this role: -| Name | Default value | Description | -|-------------------------------------|------------------------------------------|----------------------------------------------------------------------------------------------------------------------| -| openshift_hosted_router_certificate | None | Dictionary containing "certfile" and "keyfile" keys with values containing paths to local certificate files. | -| openshift_hosted_router_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift router on. | -| openshift_hosted_router_replicas | Number of nodes matching selector | The number of replicas to configure. | -| openshift_hosted_router_selector | region=infra | Node selector used when creating router. The OpenShift router will only be deployed to nodes matching this selector. | +| Name | Default value | Description | +|---------------------------------------|------------------------------------------|--------------------------------------------------------------------------------------------------------------------------| +| openshift_hosted_router_certificate | None | Dictionary containing "certfile", "keyfile" and "cafile" keys with values containing paths to local certificate files. | +| openshift_hosted_router_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift router on. | +| openshift_hosted_router_replicas | Number of nodes matching selector | The number of replicas to configure. | +| openshift_hosted_router_selector | region=infra | Node selector used when creating router. The OpenShift router will only be deployed to nodes matching this selector. | +| openshift_hosted_registry_registryurl | 'openshift3/ose-${component}:${version}' | The image to base the OpenShift registry on. | +| openshift_hosted_registry_replicas | Number of nodes matching selector | The number of replicas to configure. | +| openshift_hosted_registry_selector | region=infra | Node selector used when creating registry. The OpenShift registry will only be deployed to nodes matching this selector. | Dependencies ------------ @@ -40,6 +43,7 @@ Example Playbook openshift_hosted_router_certificate: certfile: /path/to/my-router.crt keyfile: /path/to/my-router.key + cafile: /path/to/my-router-ca.crt openshift_hosted_router_registryurl: 'registry.access.redhat.com/openshift3/ose-haproxy-router:v3.0.2.0' openshift_hosted_router_selector: 'type=infra' ``` diff --git a/roles/openshift_hosted/defaults/main.yml b/roles/openshift_hosted/defaults/main.yml new file mode 100644 index 000000000..17a0d5301 --- /dev/null +++ b/roles/openshift_hosted/defaults/main.yml @@ -0,0 +1,2 @@ +--- +registry_volume_claim: 'registry-claim' diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index 75dfc24c3..c7d20f88b 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -12,5 +12,26 @@ galaxy_info: categories: - cloud dependencies: -- openshift_common -- openshift_hosted_facts +- role: openshift_cli +- role: openshift_hosted_facts +- role: openshift_projects + # TODO: Move standard project definitions to openshift_hosted/vars/main.yml + # Vars are not accessible in meta/main.yml in ansible-1.9.x + openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" +- role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - hostnetwork + when: openshift.common.version_gte_3_2_or_1_2 +- role: openshift_serviceaccounts + openshift_serviceaccounts_names: + - router + - registry + openshift_serviceaccounts_namespace: default + openshift_serviceaccounts_sccs: + - privileged + when: not openshift.common.version_gte_3_2_or_1_2 +- role: openshift_metrics + when: openshift.hosted.metrics.deploy | bool diff --git a/roles/openshift_hosted/tasks/main.yml b/roles/openshift_hosted/tasks/main.yml index d42a4e365..c801a0e67 100644 --- a/roles/openshift_hosted/tasks/main.yml +++ b/roles/openshift_hosted/tasks/main.yml @@ -1,3 +1,22 @@ --- +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False -- include: router.yml +- set_fact: + openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) + command: > + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }} + changed_when: False + +- include: router/router.yml +- include: registry/registry.yml + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml new file mode 100644 index 000000000..be1a172f8 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -0,0 +1,40 @@ +--- +- name: Retrieve list of openshift nodes matching registry selector + command: > + {{ openshift.common.client_binary }} --api-version='v1' -o json + get nodes -n default --config={{ openshift_hosted_kubeconfig }} + --selector={{ openshift.hosted.registry.selector | default('') }} + register: openshift_hosted_registry_nodes_json + changed_when: false + when: openshift.hosted.registry.replicas | default(none) is none + +- set_fact: + replicas: "{{ openshift.hosted.registry.replicas | default((openshift_hosted_registry_nodes_json.stdout | from_json)['items'] | length) }}" + +- name: Create OpenShift registry + command: > + {{ openshift.common.admin_binary }} registry --create + --config={{ openshift_hosted_kubeconfig }} + {% if replicas > 1 -%} + --replicas={{ replicas }} + {% endif -%} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + --service-account=registry + {% if openshift.hosted.registry.selector | default(none) is not none -%} + --selector='{{ openshift.hosted.registry.selector }}' + {% endif -%} + {% if not openshift.common.version_gte_3_2_or_1_2 | bool -%} + --credentials={{ openshift_master_config_dir }}/openshift-registry.kubeconfig + {% endif -%} + {% if openshift.hosted.registry.registryurl | default(none) is not none -%} + --images='{{ openshift.hosted.registry.registryurl }}' + {% endif -%} + register: openshift_hosted_registry_results + changed_when: "'service exists' not in openshift_hosted_registry_results.stdout" + failed_when: "openshift_hosted_registry_results.rc != 0 and 'service exists' not in openshift_hosted_registry_results.stdout and 'deployment_config' not in openshift_hosted_registry_results.stderr and 'service' not in openshift_hosted_registry_results.stderr" + +- include: storage/object_storage.yml + when: openshift.hosted.registry.storage.kind | default(none) == 'object' + +- include: storage/persistent_volume.yml + when: openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack'] diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml new file mode 100644 index 000000000..9db67ecc6 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml @@ -0,0 +1,114 @@ +- fail: + msg: > + Object Storage Provider: {{ openshift.hosted.registry.storage.provider }} + is not currently supported + when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift'] + +- fail: + msg: > + Support for provider: "{{ openshift.hosted.registry.storage.provider }}" + not implemented yet + when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift'] + +- include: s3.yml + when: openshift.hosted.registry.storage.provider == 's3' + +- name: Test if docker registry config secret exists + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + get secrets {{ registry_config_secret_name }} -o json + register: secrets + changed_when: false + failed_when: false + +- set_fact: + registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}" + +- set_fact: + registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}" + +- set_fact: + same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}" + when: secrets.rc == 0 + +- name: Update registry config secret + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + patch secret/{{ registry_config_secret_name }} + -p '{"data": {"config.yml": "{{ registry_config }}"}}' + register: update_config_secret + when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool + +- name: Create registry config secret + shell: > + echo '{{ registry_config_secret |to_json }}' | + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + create -f - + when: secrets.rc == 1 + +- name: Determine if service account contains secrets + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + get serviceaccounts registry + -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}' + register: serviceaccount + changed_when: false + +- name: Add secrets to registry service account + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }} + when: serviceaccount.stdout == '' + +- name: Determine if deployment config contains secrets + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set volumes dc/docker-registry --list + register: volume + changed_when: false + +- name: Add secrets to registry deployment config + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set volumes dc/docker-registry --add --name=docker-config -m /etc/registry + --type=secret --secret-name={{ registry_config_secret_name }} + when: registry_config_secret_name not in volume.stdout + +- name: Determine if registry environment variable needs to be created + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set env --list dc/docker-registry + register: oc_env + changed_when: false + +- name: Add registry environment variable + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml + when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout" + +- name: Redeploy registry + command: > + {{ openshift.common.client_binary }} + --config={{ openshift_hosted_kubeconfig }} + --namespace={{ openshift.hosted.registry.namespace | default('default') }} + deploy dc/docker-registry --latest + when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool diff --git a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml new file mode 100644 index 000000000..6bf859e82 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml @@ -0,0 +1,18 @@ +--- +- set_fact: + registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" + +- name: Determine if volume is already attached to dc/docker-registry + command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\} --output-version=v1" + changed_when: false + register: registry_volumes_output + +- set_fact: + volume_attached: "{{ registry_volume_claim in registry_volumes_output.stdout }}" + +- name: Add volume to dc/docker-registry + command: > + {{ openshift.common.client_binary }} volume dc/docker-registry + --add --overwrite -t persistentVolumeClaim --claim-name={{ registry_volume_claim }} + --name=registry-storage + when: not volume_attached | bool diff --git a/roles/openshift_hosted/tasks/registry/storage/s3.yml b/roles/openshift_hosted/tasks/registry/storage/s3.yml new file mode 100644 index 000000000..707be9c00 --- /dev/null +++ b/roles/openshift_hosted/tasks/registry/storage/s3.yml @@ -0,0 +1,12 @@ +--- +- fail: + msg: > + openshift_hosted_registry_storage_s3_accesskey and + openshift_hosted_registry_storage_s3_secretkey are required + when: openshift.hosted.registry.storage.s3.accesskey | default(none) is none or openshift.hosted.registry.storage.s3.secretkey | default(none) is none + +- fail: + msg: > + openshift_hosted_registry_storage_s3_bucket and + openshift_hosted_registry_storage_s3_region are required + when: openshift.hosted.registry.storage.s3.bucket | default(none) is none or openshift.hosted.registry.storage.s3.region | default(none) is none diff --git a/roles/openshift_hosted/tasks/router.yml b/roles/openshift_hosted/tasks/router.yml deleted file mode 100644 index 4ccbf4430..000000000 --- a/roles/openshift_hosted/tasks/router.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- fail: - msg: "Both 'certfile' and 'keyfile' keys must be specified when supplying the openshift_hosted_router_certificate variable." - when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate) - -- name: Read router certificate and key - slurp: - src: "{{ item }}" - register: openshift_router_certificate_output - with_items: - - "{{ openshift_hosted_router_certificate.certfile }}" - - "{{ openshift_hosted_router_certificate.keyfile }}" - delegate_to: localhost - when: openshift_hosted_router_certificate is defined - -- name: Persist certificate contents - openshift_facts: - role: hosted - openshift_env: - openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}" - when: openshift_hosted_router_certificate is defined - -- name: Create PEM certificate - copy: - content: "{{ openshift.hosted.router.certificate.contents }}" - dest: "{{ openshift_master_config_dir }}/openshift-router.pem" - mode: 0600 - when: openshift.hosted.router.certificate | default(None) != None - -- name: Retrieve list of openshift nodes - command: > - {{ openshift.common.client_binary }} --api-version='v1' -o json - get nodes -n default --config={{ openshift.common.config_base }}/master/admin.kubeconfig - register: openshift_hosted_router_nodes_json - changed_when: false - when: openshift.hosted.router.replicas | default(None) == None - -- name: Collect nodes matching router selector - set_fact: - openshift_hosted_router_nodes: > - {{ (openshift_hosted_router_nodes_json.stdout|from_json)['items'] - | oo_oc_nodes_matching_selector(openshift.hosted.router.selector) }} - when: openshift.hosted.router.replicas | default(None) == None - -- name: Create OpenShift router - command: > - {{ openshift.common.admin_binary }} router --create - {% if openshift.hosted.router.replicas | default(None) != None -%} - --replicas={{ openshift.hosted.router.replicas }} - {% else -%} - --replicas={{ openshift_hosted_router_nodes | length }} - {% endif %} - {% if openshift.hosted.router.certificate | default(None) != None -%} - --default-cert={{ openshift_master_config_dir }}/openshift-router.pem - {% endif -%} - --namespace=default - --service-account=router - --selector='{{ openshift.hosted.router.selector }}' - --credentials={{ openshift_master_config_dir }}/openshift-router.kubeconfig - {% if openshift.hosted.router.registryurl | default(None)!= None -%} - --images='{{ openshift.hosted.router.registryurl }}' - {% endif -%} - register: openshift_hosted_router_results - changed_when: "'service exists' not in openshift_hosted_router_results.stdout" - when: openshift.hosted.router.replicas | default(None) != None or (openshift_hosted_router_nodes is defined and openshift_hosted_router_nodes | length > 0) diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml new file mode 100644 index 000000000..c011db762 --- /dev/null +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -0,0 +1,70 @@ +--- +- fail: + msg: "'certfile', 'keyfile' and 'cafile' keys must be specified when supplying the openshift_hosted_router_certificate variable." + when: openshift_hosted_router_certificate is defined and ('certfile' not in openshift_hosted_router_certificate or 'keyfile' not in openshift_hosted_router_certificate or 'cafile' not in openshift_hosted_router_certificate) + +- name: Read router certificate and key + become: no + local_action: + module: slurp + src: "{{ item }}" + register: openshift_router_certificate_output + with_items: + - "{{ openshift_hosted_router_certificate.certfile }}" + - "{{ openshift_hosted_router_certificate.keyfile }}" + - "{{ openshift_hosted_router_certificate.cafile }}" + when: openshift_hosted_router_certificate is defined + +- name: Persist certificate contents + openshift_facts: + role: hosted + openshift_env: + openshift_hosted_router_certificate_contents: "{% for certificate in openshift_router_certificate_output.results -%}{{ certificate.content | b64decode }}{% endfor -%}" + when: openshift_hosted_router_certificate is defined + +- name: Create PEM certificate + copy: + content: "{{ openshift.hosted.router.certificate.contents }}" + dest: "{{ openshift_master_config_dir }}/openshift-router.pem" + mode: 0600 + when: openshift.hosted.router.certificate | default(none) is not none + +- name: Retrieve list of openshift nodes matching router selector + command: > + {{ openshift.common.client_binary }} --api-version='v1' -o json + get nodes -n default --config={{ openshift_hosted_kubeconfig }} + --selector={{ openshift.hosted.router.selector | default('') }} + register: openshift_hosted_router_nodes_json + changed_when: false + when: openshift.hosted.router.replicas | default(none) is none + +- set_fact: + replicas: "{{ openshift.hosted.router.replicas | default((openshift_hosted_router_nodes_json.stdout | from_json)['items'] | length) }}" + +- name: Create OpenShift router + command: > + {{ openshift.common.admin_binary }} router --create + --config={{ openshift_hosted_kubeconfig }} + {% if replicas > 1 -%} + --replicas={{ replicas }} + {% endif -%} + {% if openshift.hosted.router.certificate | default(none) is not none -%} + --default-cert={{ openshift_master_config_dir }}/openshift-router.pem + {% endif -%} + --namespace={{ openshift.hosted.router.namespace | default('default') }} + {% if openshift.hosted.router.force_subdomain | default(none) is not none %} + --force-subdomain={{ openshift.hosted.router.force_subdomain }} + {% endif %} + --service-account=router + {% if openshift.hosted.router.selector | default(none) is not none -%} + --selector='{{ openshift.hosted.router.selector }}' + {% endif -%} + {% if not openshift.common.version_gte_3_2_or_1_2 | bool -%} + --credentials={{ openshift_master_config_dir }}/openshift-router.kubeconfig + {% endif -%} + {% if openshift.hosted.router.registryurl | default(none) is not none -%} + --images='{{ openshift.hosted.router.registryurl }}' + {% endif -%} + register: openshift_hosted_router_results + changed_when: "'service exists' not in openshift_hosted_router_results.stdout" + failed_when: "openshift_hosted_router_results.rc != 0 and 'service exists' not in openshift_hosted_router_results.stdout and 'deployment_config' not in openshift_hosted_router_results.stderr and 'service' not in openshift_hosted_router_results.stderr" diff --git a/roles/openshift_hosted/templates/registry_config.j2 b/roles/openshift_hosted/templates/registry_config.j2 new file mode 100644 index 000000000..88704d968 --- /dev/null +++ b/roles/openshift_hosted/templates/registry_config.j2 @@ -0,0 +1,70 @@ +version: 0.1 +log: + level: debug +http: + addr: :5000 +storage: + cache: + blobdescriptor: inmemory +{% if openshift.hosted.registry.storage.provider == 's3' %} + s3: + accesskey: {{ openshift.hosted.registry.storage.s3.accesskey }} + secretkey: {{ openshift.hosted.registry.storage.s3.secretkey }} + region: {{ openshift.hosted.registry.storage.s3.region }} + bucket: {{ openshift.hosted.registry.storage.s3.bucket }} + encrypt: false + secure: true + v4auth: true + rootdirectory: /registry + chunksize: "{{ openshift.hosted.registry.storage.s3.chunksize | default(26214400) }}" +{% elif openshift.hosted.registry.storage.provider == 'azure_blob' %} + azure: + accountname: {{ openshift.hosted.registry.storage.azure_blob.accountname }} + accountkey: {{ openshift.hosted.registry.storage.azure_blob.accountkey }} + container: {{ openshift.hosted.registry.storage.azure_blob.container }} + realm: {{ openshift.hosted.registry.storage.azure_blob.realm }} +{% elif openshift.hosted.registry.storage.provider == 'swift' %} + swift: + authurl: {{ openshift.hosted.registry.storage.swift.authurl }} + username: {{ openshift.hosted.registry.storage.swift.username }} + password: {{ openshift.hosted.registry.storage.swift.password }} + container: {{ openshift.hosted.registry.storage.swift.container }} +{% if 'region' in openshift.hosted.registry.storage.swift %} + region: {{ openshift.hosted.registry.storage.swift.region }} +{% endif -%} +{% if 'tenant' in openshift.hosted.registry.storage.swift %} + tenant: {{ openshift.hosted.registry.storage.swift.tenant }} +{% endif -%} +{% if 'tenantid' in openshift.hosted.registry.storage.swift %} + tenantid: {{ openshift.hosted.registry.storage.swift.tenantid }} +{% endif -%} +{% if 'domain' in openshift.hosted.registry.storage.swift %} + domain: {{ openshift.hosted.registry.storage.swift.domain }} +{% endif -%} +{% if 'domainid' in openshift.hosted.registry.storage.swift %} + domainid: {{ openshift.hosted.registry.storage.swift.domainid }} +{% endif -%} +{% elif openshift.hosted.registry.storage.provider == 'gcs' %} + gcs: + bucket: {{ openshift.hosted.registry.storage.gcs.bucket }} +{% if 'keyfile' in openshift.hosted.registry.storage.gcs %} + keyfile: {{ openshift.hosted.registry.storage.gcs.keyfile }} +{% endif -%} +{% if 'rootdirectory' in openshift.hosted.registry.storage.gcs %} + rootdirectory: {{ openshift.hosted.registry.storage.gcs.rootdirectory }} +{% endif -%} +{% endif -%} +auth: + openshift: + realm: openshift +middleware: + repository: + - name: openshift +{% if openshift.hosted.registry.storage.provider == 's3' and 'cloudfront' in openshift.hosted.registry.storage.s3 %} + storage: + - name: cloudfront + options: + baseurl: {{ openshift.hosted.registry.storage.s3.cloudfront.baseurl }} + privatekey: {{ openshift.hosted.registry.storage.s3.cloudfront.privatekeyfile }} + keypairid: {{ openshift.hosted.registry.storage.s3.cloudfront.keypairid }} +{% endif -%} diff --git a/roles/openshift_hosted/templates/registry_config_secret.j2 b/roles/openshift_hosted/templates/registry_config_secret.j2 new file mode 100644 index 000000000..ca68544ec --- /dev/null +++ b/roles/openshift_hosted/templates/registry_config_secret.j2 @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: registry-config + annotations: + provider: {{ openshift.hosted.registry.storage.provider }} +data: + config.yml: {{ registry_config }} diff --git a/roles/openshift_hosted/vars/main.yml b/roles/openshift_hosted/vars/main.yml index 9967e26f4..521578cd0 100644 --- a/roles/openshift_hosted/vars/main.yml +++ b/roles/openshift_hosted/vars/main.yml @@ -1,2 +1,3 @@ --- openshift_master_config_dir: "{{ openshift.common.config_base }}/master" +registry_config_secret_name: registry-config |