|
|
@@ -1,81 +0,0 @@
|
|
|
----
|
|
|
-# This playbook creates an S3 bucket named after your cluster and configures the docker-registry service to use the bucket as its backend storage.
|
|
|
-# Usage:
|
|
|
-# ansible-playbook s3_registry.yml -e clusterid="mycluster" -e aws_bucket="clusterid-docker" -e aws_region="us-east-1"
|
|
|
-#
|
|
|
-# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
|
|
|
-# The 'clusterid' is the short name of your cluster.
|
|
|
-
|
|
|
-- hosts: tag_clusterid_{{ clusterid }}:&tag_host-type_openshift-master
|
|
|
- remote_user: root
|
|
|
- gather_facts: False
|
|
|
-
|
|
|
- vars:
|
|
|
- aws_access_key: "{{ lookup('env', 'S3_ACCESS_KEY_ID') }}"
|
|
|
- aws_secret_key: "{{ lookup('env', 'S3_SECRET_ACCESS_KEY') }}"
|
|
|
- aws_bucket_name: "{{ aws_bucket | default(clusterid ~ '-docker') }}"
|
|
|
- aws_bucket_region: "{{ aws_region | default(lookup('env', 'S3_REGION') | default('us-east-1', true)) }}"
|
|
|
- aws_create_bucket: "{{ aws_create | default(True) }}"
|
|
|
- aws_tmp_path: "{{ aws_tmp_pathfile | default('/root/config.yml')}}"
|
|
|
- aws_delete_tmp_file: "{{ aws_delete_tmp | default(True) }}"
|
|
|
-
|
|
|
- tasks:
|
|
|
-
|
|
|
- - name: Check for AWS creds
|
|
|
- fail:
|
|
|
- msg: "Couldn't find {{ item }} creds in ENV"
|
|
|
- when: "{{ item }} == ''"
|
|
|
- with_items:
|
|
|
- - aws_access_key
|
|
|
- - aws_secret_key
|
|
|
-
|
|
|
- - name: Scale down registry
|
|
|
- command: oc scale --replicas=0 dc/docker-registry
|
|
|
-
|
|
|
- - name: Create S3 bucket
|
|
|
- when: aws_create_bucket | bool
|
|
|
- local_action:
|
|
|
- module: s3 bucket="{{ aws_bucket_name }}" mode=create
|
|
|
-
|
|
|
- - name: Set up registry environment variable
|
|
|
- command: oc env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registryconfig/config.yml
|
|
|
-
|
|
|
- - name: Generate docker registry config
|
|
|
- template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
|
|
|
-
|
|
|
- - name: Determine if new secrets are needed
|
|
|
- command: oc get secrets
|
|
|
- register: secrets
|
|
|
-
|
|
|
- - name: Create registry secrets
|
|
|
- command: oc secrets new dockerregistry /root/config.yml
|
|
|
- when: "'dockerregistry' not in secrets.stdout"
|
|
|
-
|
|
|
- - name: Load lib_openshift modules
|
|
|
- include_role:
|
|
|
- name: lib_openshift
|
|
|
-
|
|
|
- - name: Add secrets to registry service account
|
|
|
- oc_serviceaccount_secret:
|
|
|
- service_account: registry
|
|
|
- secret: dockerregistry
|
|
|
- namespace: default
|
|
|
- state: present
|
|
|
-
|
|
|
- - name: Determine if deployment config contains secrets
|
|
|
- command: oc volume dc/docker-registry --list
|
|
|
- register: dc
|
|
|
-
|
|
|
- - name: Add secrets to registry deployment config
|
|
|
- command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry
|
|
|
- when: "'dockersecrets' not in dc.stdout"
|
|
|
-
|
|
|
- - name: Wait for deployment config to take effect before scaling up
|
|
|
- pause: seconds=30
|
|
|
-
|
|
|
- - name: Scale up registry
|
|
|
- command: oc scale --replicas=1 dc/docker-registry
|
|
|
-
|
|
|
- - name: Delete temporary config file
|
|
|
- file: path={{ aws_tmp_path }} state=absent
|
|
|
- when: aws_delete_tmp_file | bool
|
Scott Dodson