9 years ago · 40d95679b7
--- a/inventory/byo/hosts.aep.example
+++ b/inventory/byo/hosts.aep.example
@@ -58,6 +58,10 @@ deployment_type=atomic-enterprise
 
				 # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html
			
 
				 #openshift_master_logging_public_url=https://kibana.example.com
			
 
				 
			
 
				+# Configure imagePolicyConfig in the master config
			
 
				+# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig
			
 
				+#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true}
			
 
				+
			
 
				 # Docker Configuration
			
 
				 # Add additional, insecure, and blocked registries to global docker configuration
			
 
				 # For enterprise deployment types we ensure that registry.access.redhat.com is
			
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -59,6 +59,10 @@ deployment_type=origin
 
				 # See: https://docs.openshift.org/latest/install_config/aggregate_logging.html
			
 
				 #openshift_master_logging_public_url=https://kibana.example.com
			
 
				 
			
 
				+# Configure imagePolicyConfig in the master config
			
 
				+# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig
			
 
				+#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true}
			
 
				+
			
 
				 # Docker Configuration
			
 
				 # Add additional, insecure, and blocked registries to global docker configuration
			
 
				 # For enterprise deployment types we ensure that registry.access.redhat.com is
			
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -57,6 +57,10 @@ deployment_type=openshift-enterprise
 
				 # Configure loggingPublicURL in the master config for aggregate logging
			
 
				 # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html
			
 
				 #openshift_master_logging_public_url=https://kibana.example.com
			
 
				+#
			
 
				+# Configure imagePolicyConfig in the master config
			
 
				+# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig
			
 
				+#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true}
			
 
				 
			
 
				 # Docker Configuration
			
 
				 # Add additional, insecure, and blocked registries to global docker configuration
			
--- a/roles/openshift_facts/library/openshift_facts.py
+++ b/roles/openshift_facts/library/openshift_facts.py
@@ -1159,17 +1159,23 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw
 
				     protected_facts = ['ha', 'master_count']
			
 
				 
			
 
				     # Facts we do not ever want to merge. These originate in inventory variables
			
 
				-    # and typically contain JSON dicts. We don't ever want to trigger a merge
			
 
				+    # and contain JSON dicts. We don't ever want to trigger a merge
			
 
				     # here, just completely overwrite with the new if they are present there.
			
 
				-    overwrite_facts = ['admission_plugin_config',
			
 
				-                       'kube_admission_plugin_config']
			
 
				+    inventory_json_facts = ['admission_plugin_config',
			
 
				+                            'kube_admission_plugin_config',
			
 
				+                            'image_policy_config']
			
 
				 
			
 
				     facts = dict()
			
 
				     for key, value in orig.iteritems():
			
 
				         # Key exists in both old and new facts.
			
 
				         if key in new:
			
 
				-            if key in overwrite_facts:
			
 
				-                facts[key] = copy.deepcopy(new[key])
			
 
				+            if key in inventory_json_facts:
			
 
				+                # Watchout for JSON facts that sometimes load as strings.
			
 
				+                # (can happen if the JSON contains a boolean)
			
 
				+                if isinstance(new[key], str):
			
 
				+                    facts[key] = yaml.safe_load(new[key])
			
 
				+                else:
			
 
				+                    facts[key] = copy.deepcopy(new[key])
			
 
				             # Continue to recurse if old and new fact is a dictionary.
			
 
				             elif isinstance(value, dict) and isinstance(new[key], dict):
			
 
				                 # Collect the subset of additive facts to overwrite if
			
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -89,6 +89,9 @@ etcdStorageConfig:
 
				 imageConfig:
			
 
				   format: {{ openshift.master.registry_url }}
			
 
				   latest: false
			
 
				+{% if 'image_policy_config' in openshift.master %}
			
 
				+imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }}
			
 
				+{% endif %}
			
 
				 kind: MasterConfig
			
 
				 kubeletClientInfo:
			
 
				 {# TODO: allow user specified kubelet port #}
			
--- a/roles/openshift_master_facts/tasks/main.yml
+++ b/roles/openshift_master_facts/tasks/main.yml
@@ -72,3 +72,4 @@
 
				       oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2
			
 
				       oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}"
			
 
				       oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}"
			
 
				+      image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}"