6 năm trước cách đây · 85de16083a
--- a/roles/container_runtime/tasks/package_crio.yml
+++ b/roles/container_runtime/tasks/package_crio.yml
@@ -77,6 +77,11 @@
 
				     dest: /etc/sysconfig/crio-network
			
 
				     src: crio-network.j2
			
 
				 
			
 
				+- name: Place registries.conf in /etc/containers/registries.conf
			
 
				+  template:
			
 
				+    dest: "{{ containers_registries_conf_path }}"
			
 
				+    src: registries.conf.j2
			
 
				+
			
 
				 - name: Start the CRI-O service
			
 
				   systemd:
			
 
				     name: "cri-o"
			
--- a/roles/container_runtime/tasks/package_docker.yml
+++ b/roles/container_runtime/tasks/package_docker.yml
@@ -71,7 +71,7 @@
 
				 - name: Place additional/blocked/insecure registries in /etc/containers/registries.conf
			
 
				   template:
			
 
				     dest: "{{ containers_registries_conf_path }}"
			
 
				-    src: registries.conf
			
 
				+    src: registries.conf.j2
			
 
				   when: openshift_docker_use_etc_containers | bool
			
 
				   notify:
			
 
				   - restart container runtime
			
--- a/roles/container_runtime/templates/crio.conf.j2
+++ b/roles/container_runtime/templates/crio.conf.j2
@@ -141,16 +141,18 @@ signature_policy = ""
 
				 # The valid values are mkdir and ignore.
			
 
				 image_volumes = "mkdir"
			
 
				 
			
 
				+# CRI-O reads its configured registries defaults from the containers/image configuration
			
 
				+# file, /etc/containers/registries.conf. Modify registries.conf if you want to
			
 
				+# change default registries for all tools that use containers/image.  If you
			
 
				+# want to modify just crio, you can change the registies configuration in this
			
 
				+# file.
			
 
				+
			
 
				 # insecure_registries is used to skip TLS verification when pulling images.
			
 
				-insecure_registries = [
			
 
				-{{ l_insecure_crio_registries|default("") }}
			
 
				-]
			
 
				+# insecure_registries = []
			
 
				 
			
 
				 # registries is used to specify a comma separated list of registries to be used
			
 
				 # when pulling an unqualified image (e.g. fedora:rawhide).
			
 
				-registries = [
			
 
				-{{ l_additional_crio_registries|default("") }}
			
 
				-]
			
 
				+# registries = []
			
 
				 
			
 
				 # The "crio.network" table contains settings pertaining to the
			
 
				 # management of CNI plugins.
			
--- a/roles/container_runtime/templates/registries.conf
+++ b/roles/container_runtime/templates/registries.conf
@@ -1,46 +0,0 @@
 
				-# {{ ansible_managed }}
			
 
				-# This is a system-wide configuration file used to
			
 
				-# keep track of registries for various container backends.
			
 
				-# It adheres to YAML format and does not support recursive
			
 
				-# lists of registries.
			
 
				-
			
 
				-# The default location for this configuration file is /etc/containers/registries.conf.
			
 
				-
			
 
				-# The only valid categories are: 'registries', 'insecure_registries',
			
 
				-# and 'block_registries'.
			
 
				-
			
 
				-
			
 
				-#registries:
			
 
				-#  - registry.redhat.io
			
 
				-
			
 
				-{% if l2_docker_additional_registries %}
			
 
				-registries:
			
 
				-{% for reg in l2_docker_additional_registries %}
			
 
				-  - {{ reg }}
			
 
				-{% endfor %}
			
 
				-{% endif %}
			
 
				-
			
 
				-# If you need to access insecure registries, uncomment the section below
			
 
				-# and add the registries fully-qualified name. An insecure registry is one
			
 
				-# that does not have a valid SSL certificate or only does HTTP.
			
 
				-#insecure_registries:
			
 
				-#  -
			
 
				-
			
 
				-{% if l2_docker_insecure_registries %}
			
 
				-insecure_registries:
			
 
				-{% for reg in l2_docker_insecure_registries %}
			
 
				-  - {{ reg }}
			
 
				-{% endfor %}
			
 
				-{% endif %}
			
 
				-
			
 
				-# If you need to block pull access from a registry, uncomment the section below
			
 
				-# and add the registries fully-qualified name.
			
 
				-#block_registries:
			
 
				-# -
			
 
				-
			
 
				-{% if l2_docker_blocked_registries %}
			
 
				-block_registries:
			
 
				-{% for reg in l2_docker_blocked_registries %}
			
 
				-  - {{ reg }}
			
 
				-{% endfor %}
			
 
				-{% endif %}
			
--- a/roles/container_runtime/templates/registries.conf.j2
+++ b/roles/container_runtime/templates/registries.conf.j2
@@ -0,0 +1,27 @@
 
				+# {{ ansible_managed }}
			
 
				+# This is a system-wide configuration file used to
			
 
				+# keep track of registries for various container backends.
			
 
				+# It adheres to TOML format and does not support recursive
			
 
				+# lists of registries.
			
 
				+
			
 
				+# The default location for this configuration file is /etc/containers/registries.conf.
			
 
				+
			
 
				+# The only valid categories are: 'registries.search', 'registries.insecure',
			
 
				+# and 'registries.block'.
			
 
				+
			
 
				+[registries.search]
			
 
				+registries = [{{ l_additional_crio_registries|default("") }}]
			
 
				+
			
 
				+
			
 
				+# If you need to access insecure registries, add the registry's fully-qualified name.
			
 
				+# An insecure registry is one that does not have a valid SSL certificate or only does HTTP.
			
 
				+[registries.insecure]
			
 
				+registries = [{{ l_insecure_crio_registries|default("") }}]
			
 
				+
			
 
				+
			
 
				+# If you need to block pull access from a registry, uncomment the section below
			
 
				+# and add the registries fully-qualified name.
			
 
				+#
			
 
				+# Docker only
			
 
				+[registries.block]
			
 
				+registries = {{ l2_docker_blocked_registries | to_json }}