--- - name: Configure CA certificate for secure registry hosts: oo_nodes_to_config tags: - hosted tasks: - name: Create temp directory for kubeconfig command: mktemp -d /tmp/openshift-ansible-XXXXXX register: mktemp when: openshift_hosted_manage_registry | default(true) | bool changed_when: false delegate_to: "{{ groups.oo_first_master.0 }}" run_once: true - set_fact: openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" when: openshift_hosted_manage_registry | default(true) | bool delegate_to: "{{ groups.oo_first_master.0 }}" run_once: true - name: Copy the admin client config(s) command: > cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }} when: openshift_hosted_manage_registry | default(true) | bool changed_when: false delegate_to: "{{ groups.oo_first_master.0 }}" run_once: true - name: Retrieve docker-registry route command: > {{ openshift.common.client_binary }} get route docker-registry -o jsonpath='{.spec.host}' --config={{ openshift_hosted_kubeconfig }} -n default register: docker_registry_route when: openshift_hosted_manage_registry | default(true) | bool changed_when: false delegate_to: "{{ groups.oo_first_master.0 }}" run_once: true - name: Retrieve registry service IP command: > {{ openshift.common.client_binary }} get svc/docker-registry -o jsonpath='{.spec.clusterIP}' --config={{ openshift_hosted_kubeconfig }} -n default register: docker_registry_service_ip when: openshift_hosted_manage_registry | default(true) | bool changed_when: false delegate_to: "{{ groups.oo_first_master.0 }}" run_once: true - name: Create registry CA directories file: path: "/etc/docker/certs.d/{{ item }}" state: directory with_items: - "{{ docker_registry_service_ip.stdout }}:5000" - "{{ docker_registry_route.stdout }}" - "docker-registry.default.svc.cluster.local:5000" when: openshift_hosted_manage_registry | default(true) | bool - name: Copy CA to registry CA directories copy: src: "{{ openshift.common.config_base }}/node/ca.crt" dest: "/etc/docker/certs.d/{{ item }}" remote_src: yes force: yes with_items: - "{{ docker_registry_service_ip.stdout }}:5000" - "{{ docker_registry_route.stdout }}" - "docker-registry.default.svc.cluster.local:5000" when: openshift_hosted_manage_registry | default(true) | bool notify: - Wait for docker-registry deployment - Wait for registry-console deployment - Restart docker handlers: # Restarting docker before deployments have begun will block the # deployments from ever starting so try waiting for the registry to # become available. - name: Wait for docker-registry deployment command: > {{ openshift.common.client_binary }} get dc/docker-registry -o jsonpath='{.status.availableReplicas}' --config={{ openshift_hosted_kubeconfig }} -n default delegate_to: "{{ groups.oo_first_master.0}}" register: l_docker_registry_available_replicas until: l_docker_registry_available_replicas.stdout | default("0") != "0" retries: 30 delay: 1 failed_when: false changed_when: false run_once: true - name: Wait for registry-console deployment command: > {{ openshift.common.client_binary }} get dc/registry-console -o jsonpath='{.status.availableReplicas}' --config={{ openshift_hosted_kubeconfig }} -n default delegate_to: "{{ groups.oo_first_master.0 }}" register: l_registry_console_available_replicas until: l_registry_console_available_replicas.stdout | default("0") != "0" retries: 30 delay: 1 failed_when: false changed_when: false run_once: true - name: Restart docker service: name: docker state: restarted - name: Delete temp directory hosts: oo_first_master tags: - hosted tasks: - name: Delete temp directory file: name: "{{ mktemp.stdout }}" state: absent when: openshift_hosted_manage_registry | default(true) | bool changed_when: False