blob: 6482c827bb9ff52201537b259e831e02df64fd0d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
---
- name: Configure CA certificate for secure registry
hosts: oo_nodes_to_config
tags:
- hosted
tasks:
- name: Create temp directory for kubeconfig
command: mktemp -d /tmp/openshift-ansible-XXXXXX
register: mktemp
when: openshift_hosted_manage_registry | default(true) | bool
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- set_fact:
openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
when: openshift_hosted_manage_registry | default(true) | bool
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Copy the admin client config(s)
command: >
cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
when: openshift_hosted_manage_registry | default(true) | bool
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Retrieve docker-registry route
command: >
{{ openshift.common.client_binary }} get route docker-registry
-o jsonpath='{.spec.host}'
--config={{ openshift_hosted_kubeconfig }}
-n default
register: docker_registry_route
when: openshift_hosted_manage_registry | default(true) | bool
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Retrieve registry service IP
command: >
{{ openshift.common.client_binary }} get svc/docker-registry
-o jsonpath='{.spec.clusterIP}'
--config={{ openshift_hosted_kubeconfig }}
-n default
register: docker_registry_service_ip
when: openshift_hosted_manage_registry | default(true) | bool
changed_when: false
delegate_to: "{{ groups.oo_first_master.0 }}"
run_once: true
- name: Create registry CA directories
file:
path: "/etc/docker/certs.d/{{ item }}"
state: directory
with_items:
- "{{ docker_registry_service_ip.stdout }}:5000"
- "{{ docker_registry_route.stdout }}"
- "docker-registry.default.svc.cluster.local:5000"
when: openshift_hosted_manage_registry | default(true) | bool
- name: Copy CA to registry CA directories
copy:
src: "{{ openshift.common.config_base }}/node/ca.crt"
dest: "/etc/docker/certs.d/{{ item }}"
remote_src: yes
force: yes
with_items:
- "{{ docker_registry_service_ip.stdout }}:5000"
- "{{ docker_registry_route.stdout }}"
- "docker-registry.default.svc.cluster.local:5000"
when: openshift_hosted_manage_registry | default(true) | bool
notify:
- Wait for docker-registry deployment
- Wait for registry-console deployment
- Restart docker
handlers:
# Restarting docker before deployments have begun will block the
# deployments from ever starting so try waiting for the registry to
# become available.
- name: Wait for docker-registry deployment
command: >
{{ openshift.common.client_binary }} get dc/docker-registry
-o jsonpath='{.status.availableReplicas}'
--config={{ openshift_hosted_kubeconfig }}
-n default
register: l_docker_registry_available_replicas
until: l_docker_registry_available_replicas.stdout | default("0") != "0"
retries: 30
delay: 1
failed_when: false
changed_when: false
- name: Wait for registry-console deployment
command: >
{{ openshift.common.client_binary }} get dc/registry-console
-o jsonpath='{.status.availableReplicas}'
--config={{ openshift_hosted_kubeconfig }}
-n default
register: l_registry_console_available_replicas
until: l_registry_console_available_replicas.stdout | default("0") != "0"
retries: 30
delay: 1
failed_when: false
changed_when: false
- name: Restart docker
service:
name: docker
state: restarted
- name: Delete temp directory
hosts: oo_first_master
tags:
- hosted
tasks:
- name: Delete temp directory
file:
name: "{{ mktemp.stdout }}"
state: absent
when: openshift_hosted_manage_registry | default(true) | bool
changed_when: False
|
