Browse Source

Bug 1317755 - Set insecure-registry for internal registry by default

Jason DeTiberus 9 years ago
parent
commit
bc114a192e

+ 10 - 0
playbooks/common/openshift-node/config.yml

@@ -115,6 +115,11 @@
   vars:
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
     openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+    # TODO: configure these based on
+    # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of
+    # hardcoding
+    openshift_docker_hosted_registry_insecure: True
+    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}"
   roles:
   - openshift_node
 
@@ -123,6 +128,11 @@
   vars:
     openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}"
     openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}"
+    # TODO: configure these based on
+    # hostvars[groups.oo_first_master.0].openshift.hosted.registry instead of
+    # hardcoding
+    openshift_docker_hosted_registry_insecure: True
+    openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}"
   roles:
   - openshift_node
 

+ 1 - 1
roles/docker/handlers/main.yml

@@ -4,7 +4,7 @@
   service:
     name: docker
     state: restarted
-  when: not docker_service_status_changed | default(false)
+  when: not docker_service_status_changed | default(false) | bool
 
 - name: restart udev
   service:

+ 2 - 0
roles/docker/tasks/main.yml

@@ -76,3 +76,5 @@
   when: docker_check.stat.isreg
   notify:
     - restart docker
+
+- meta: flush_handlers

+ 12 - 5
roles/openshift_docker_facts/tasks/main.yml

@@ -13,11 +13,9 @@
       log_options: "{{ openshift_docker_log_options | default(None) }}"
       options: "{{ openshift_docker_options | default(None) }}"
       disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}"
-  - role: node
-    local_facts:
-      portal_net: "{{ openshift_master_portal_net | default(None) }}"
+      hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(None) }}"
+      hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}"
 
-# TODO: append openshift.node.portal_net to docker_insecure_registries
 - set_fact:
     docker_additional_registries: "{{ openshift.docker.additional_registries
                                       | default(omit) }}"
@@ -27,6 +25,15 @@
                                     | default(omit) }}"
     docker_log_driver: "{{ openshift.docker.log_driver | default(omit) }}"
     docker_log_options: "{{ openshift.docker.log_options | default(omit) }}"
-    docker_options: "{{ openshift.docker.options | default(omit) }}"
     docker_push_dockerhub: "{{ openshift.docker.disable_push_dockerhub
                                | default(omit) }}"
+
+- set_fact:
+    docker_options: >
+      --insecure-registry={{ openshift.docker.hosted_registry_network }}
+      {{ openshift.docker.options | default ('') }}
+  when: openshift.docker.hosted_registry_insecure | default(False) | bool
+
+- set_fact:
+    docker_options: "{{ openshift.docker.options | default(omit) }}"
+  when: not openshift.docker.hosted_registry_insecure | default(False) | bool

+ 4 - 1
roles/openshift_facts/library/openshift_facts.py

@@ -50,6 +50,10 @@ def migrate_docker_facts(facts):
                 old_param = 'docker_' + param
                 if old_param in facts[role]:
                     facts['docker'][param] = facts[role].pop(old_param)
+
+    if 'node' in facts and 'portal_net' in facts['node']:
+        facts['docker']['hosted_registry_insecure'] = True
+        facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net')
     return facts
 
 def migrate_local_facts(facts):
@@ -1402,7 +1406,6 @@ class OpenShiftFacts(object):
 
         if 'node' in roles:
             defaults['node'] = dict(labels={}, annotations={},
-                                    portal_net='172.30.0.0/16',
                                     iptables_sync_period='5s',
                                     set_node_ip=False)
 

+ 0 - 1
roles/openshift_node/tasks/main.yml

@@ -23,7 +23,6 @@
       iptables_sync_period: "{{ openshift_node_iptables_sync_period | default(None) }}"
       kubelet_args: "{{ openshift_node_kubelet_args | default(None) }}"
       labels: "{{ lookup('oo_option', 'openshift_node_labels') | default( openshift_node_labels | default(none), true) }}"
-      portal_net: "{{ openshift_master_portal_net | default(None) }}"
       registry_url: "{{ oreg_url | default(none) }}"
       schedulable: "{{ openshift_schedulable | default(openshift_scheduleable) | default(None) }}"
       sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}"