Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #3260 from ashcrow/1395168

Copies CloudFront pem file to registry hosts
Andrew Butcher 8 years ago
parent
880547d938 10ef2f9312
commit
af24a2d389
3 changed files with 34 additions and 0 deletions
Split View Show Diff Stats
  1. 6 0
      inventory/byo/hosts.origin.example
  2. 7 0
      inventory/byo/hosts.ose.example
  3. 21 0
      roles/openshift_hosted/tasks/registry/storage/s3.yml

+ 6 - 0
inventory/byo/hosts.origin.example
View File 

@@ -386,6 +386,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 
 #openshift_hosted_registry_pullthrough=true
 
 #openshift_hosted_registry_acceptschema2=true
 
 #openshift_hosted_registry_enforcequota=true
 
+#
 
+# Additional CloudFront Options. When using CloudFront all three
 
+# of the followingg variables must be defined.
 
+#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/
 
+#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem
 
+#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid
 
 
 # Metrics deployment
 
 # See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html

+ 7 - 0
inventory/byo/hosts.ose.example
View File 

@@ -358,6 +358,7 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 
 #openshift_hosted_registry_storage_volume_size=10Gi
 
 #
 
 # AWS S3
 
+#
 
 # S3 bucket must already exist.
 
 #openshift_hosted_registry_storage_kind=object
 
 #openshift_hosted_registry_storage_provider=s3
 
@@ -386,6 +387,12 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 
 #openshift_hosted_registry_pullthrough=true
 
 #openshift_hosted_registry_acceptschema2=true
 
 #openshift_hosted_registry_enforcequota=true
 
+#
 
+# Additional CloudFront Options. When using CloudFront all three
 
+# of the followingg variables must be defined.
 
+#openshift_hosted_registry_storage_s3_cloudfront_baseurl=https://myendpoint.cloudfront.net/
 
+#openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile=/full/path/to/secret.pem
 
+#openshift_hosted_registry_storage_s3_cloudfront_keypairid=yourpairid
 
 
 # Metrics deployment
 
 # See: https://docs.openshift.com/enterprise/latest/install_config/cluster_metrics.html

+ 21 - 0
roles/openshift_hosted/tasks/registry/storage/s3.yml
View File 

@@ -10,3 +10,24 @@
 
       openshift_hosted_registry_storage_s3_bucket and
 
       openshift_hosted_registry_storage_s3_region are required
 
   when: openshift.hosted.registry.storage.s3.bucket | default(none) is none or openshift.hosted.registry.storage.s3.region | default(none) is none
 
+
 
+# If cloudfront is being used, fail if we don't have all the required variables
 
+- assert:
 
+    that:
 
+      - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile | default(none) is not none"
 
+      - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_keypairid | default(none) is not none"
 
+    msg: >
 
+      When openshift_hosted_registry_storage_s3_cloudfront_baseurl is provided
 
+      openshift_hosted_registry_storage_s3_cloudfront_keypairid and
 
+      openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile are required
 
+
 
+# Copy the cloudfront.pem to the host if the baseurl is given
 
+- name: Copy cloudfront.pem to the registry
 
+  copy:
 
+    src: "{{ openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile }}"
 
+    dest: /etc/s3-cloudfront/cloudfront.pem
 
+    backup: true
 
+    owner: root
 
+    group: root
 
+    mode: 0600
 
+  when: openshift_hosted_registry_storage_s3_cloudfront_baseurl | default(none) is not none