Move all docker config into openshift_docker to minimize docker restarts

roles/openshift_docker/tasks/main.yml

@@ -1,18 +1,30 @@
 ---
-- openshift_facts:
-    role: common
+- name: Set docker facts
+  openshift_facts:
+    role: "{{ item.role }}"
+    local_facts: "{{ item.local_facts }}"
+  with_items:
+  - role: common
     local_facts:
       deployment_type: "{{ openshift_deployment_type }}"
       docker_additional_registries: "{{ docker_additional_registries }}"
       docker_insecure_registries: "{{ docker_insecure_registries }}"
       docker_blocked_registries: "{{ docker_blocked_registries }}"
+  - role: node
+    local_facts:
+      portal_net: "{{ openshift_master_portal_net | default(None) }}"
+      docker_log_driver:  "{{ lookup( 'oo_option' , 'docker_log_driver'  )  | default('',True) }}"
+      docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' )  | default('',True) }}"
 
+- stat: path=/etc/sysconfig/docker
+  register: docker_check
+  
 - name: Set registry params
   lineinfile:
     dest: /etc/sysconfig/docker
     regexp: '^{{ item.reg_conf_var }}=.*$'
     line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
-  when: "'docker_additional_registries' in openshift.common"
+  when: "'docker_additional_registries' in openshift.common and docker_check.stat.isreg"
   with_items:
   - reg_conf_var: ADD_REGISTRY
     reg_fact_val: "{{ openshift.common.docker_additional_registries }}"
@@ -25,3 +37,17 @@
     reg_flag: --insecure-registry
   notify:
   - restart docker
+
+# TODO: Enable secure registry when code available in origin
+# TODO: perhaps move this to openshift_docker?
+- name: Secure Registry and Logs Options
+  lineinfile:
+    dest: /etc/sysconfig/docker
+    regexp: '^OPTIONS=.*$'
+    line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
+      {% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %} \
+      {% if openshift.node.docker_log_driver is defined  %} --log-driver {{ openshift.node.docker_log_driver }}  {% endif %} \
+      {% if openshift.node.docker_log_options is defined %}   {{ openshift.node.docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}  {% endif %} '"
+  when: docker_check.stat.isreg
+  notify:
+    - restart docker

roles/openshift_facts/library/openshift_facts.py

@@ -652,10 +652,9 @@ def set_deployment_facts_if_unset(facts):
 
         if deployment_type in ['enterprise', 'atomic-enterprise', 'openshift-enterprise']:
             addtl_regs = facts['common'].get('docker_additional_registries', [])
-            ent_reg = ['registry.access.redhat.com']
+            ent_reg = 'registry.access.redhat.com'
             if ent_reg not in addtl_regs:
-                facts['common']['docker_additional_registries'] = addtl_regs + ent_reg
-
+                facts['common']['docker_additional_registries'] = addtl_regs + [ent_reg]
 
     for role in ('master', 'node'):
         if role in facts:

roles/openshift_node/tasks/main.yml

@@ -22,8 +22,6 @@
     local_facts:
       annotations: "{{ openshift_node_annotations | default(none) }}"
       debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
-      docker_log_driver:  "{{ lookup( 'oo_option' , 'docker_log_driver'  )  | default('',True) }}"
-      docker_log_options: "{{ lookup( 'oo_option' , 'docker_log_options' )  | default('',True) }}"
       iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}"
       kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
       labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}"