diff options
| author | Michael Gugino <mgugino@redhat.com> | 2017-11-10 20:51:00 -0500 |
|---|---|---|
| committer | Michael Gugino <mgugino@redhat.com> | 2017-11-14 16:12:20 -0500 |
| commit | 0de92e0e4c85c876436ae21f61daee31c870705e (patch) | |
| tree | 468008319e0d91fbd8a1e6c3842b8867a65b0412 /roles/openshift_master | |
| parent | 7175c6f228f61b883d958c12ba5130f37a0615c4 (diff) | |
| download | openshift-0de92e0e4c85c876436ae21f61daee31c870705e.tar.gz openshift-0de92e0e4c85c876436ae21f61daee31c870705e.tar.bz2 openshift-0de92e0e4c85c876436ae21f61daee31c870705e.tar.xz openshift-0de92e0e4c85c876436ae21f61daee31c870705e.zip | |
Alternative method to create docker registry auth creds
Currently, the command 'docker login' is run when using
oreg with authentication.
On some hosts, such as hosts configured to use system containers,
the docker service is not running. 'docker login' will fail
without the docker service running.
This commit adds a module to idempotently add credentials
to the registry credentials file without the use of
'docker login'
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
Diffstat (limited to 'roles/openshift_master')
| -rw-r--r-- | roles/openshift_master/defaults/main.yml | 1 | ||||
| -rw-r--r-- | roles/openshift_master/tasks/registry_auth.yml | 20 |
2 files changed, 21 insertions, 0 deletions
diff --git a/roles/openshift_master/defaults/main.yml b/roles/openshift_master/defaults/main.yml index a27fbae7e..97a8735ee 100644 --- a/roles/openshift_master/defaults/main.yml +++ b/roles/openshift_master/defaults/main.yml @@ -31,6 +31,7 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur oreg_auth_credentials_path: "{{ r_openshift_master_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" containerized_svc_dir: "/usr/lib/systemd/system" ha_svc_template_path: "native-cluster" diff --git a/roles/openshift_master/tasks/registry_auth.yml b/roles/openshift_master/tasks/registry_auth.yml index cde01c49e..c95f562d0 100644 --- a/roles/openshift_master/tasks/registry_auth.yml +++ b/roles/openshift_master/tasks/registry_auth.yml @@ -8,6 +8,7 @@ - name: Create credentials for registry auth command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: + - not (openshift_docker_alternative_creds | default(False)) - oreg_auth_user is defined - (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: master_oreg_auth_credentials_create @@ -18,6 +19,25 @@ - restart master api - restart master controllers +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for registry auth (alternative) + docker_creds: + path: "{{ oreg_auth_credentials_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | default(False) | bool + - oreg_auth_user is defined + - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: master_oreg_auth_credentials_create + notify: + - restart master api + - restart master controllers + # Container images may need the registry credentials - name: Setup ro mount of /root/.docker for containerized hosts set_fact: |