8 years ago · d4d197b83d
--- a/roles/openshift_hosted/meta/main.yml
+++ b/roles/openshift_hosted/meta/main.yml
@@ -4,7 +4,7 @@ galaxy_info:
 
				   description: OpenShift Embedded Router
			
 
				   company: Red Hat, Inc.
			
 
				   license: Apache License, Version 2.0
			
 
				-  min_ansible_version: 1.9
			
 
				+  min_ansible_version: 2.1
			
 
				   platforms:
			
 
				   - name: EL
			
 
				     versions:
			
--- a/roles/openshift_hosted/tasks/registry/storage/s3.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/s3.yml
@@ -21,13 +21,27 @@
 
				       openshift_hosted_registry_storage_s3_cloudfront_keypairid and
			
 
				       openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile are required
			
 
				 
			
 
				-# Copy the cloudfront.pem to the host if the baseurl is given
			
 
				-- name: Copy cloudfront.pem to the registry
			
 
				-  copy:
			
 
				-    src: "{{ openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile }}"
			
 
				-    dest: /etc/s3-cloudfront/cloudfront.pem
			
 
				-    backup: true
			
 
				-    owner: root
			
 
				-    group: root
			
 
				-    mode: 0600
			
 
				+
			
 
				+# Inject the cloudfront private key as a secret when required
			
 
				+- block:
			
 
				+
			
 
				+    - name: Create registry secret for cloudfront
			
 
				+      oc_secret:
			
 
				+        state: present
			
 
				+        namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
			
 
				+        name: docker-registry-s3-cloudfront
			
 
				+        contents:
			
 
				+          path: cloudfront.pem
			
 
				+          data: "{{ lookup('file', openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile) }}"
			
 
				+
			
 
				+    - name: Add cloudfront secret to the registry deployment config
			
 
				+      command: >
			
 
				+        oc volume dc/docker-registry --add --name=cloudfront-vol
			
 
				+        --namespace="{{ openshift.hosted.registry.namespace | default('default') }}"
			
 
				+        -m /etc/origin --type=secret --secret-name=docker-registry-s3-cloudfront
			
 
				+      register: cloudfront_vol_attach
			
 
				+      failed_when:
			
 
				+        - "'already exists' not in cloudfront_vol_attach.stderr"
			
 
				+        - "cloudfront_vol_attach.rc != 0"
			
 
				+
			
 
				   when: openshift_hosted_registry_storage_s3_cloudfront_baseurl | default(none) is not none
			
--- a/roles/openshift_hosted/templates/registry_config.j2
+++ b/roles/openshift_hosted/templates/registry_config.j2
@@ -78,7 +78,7 @@ middleware:
 
				   - name: cloudfront
			
 
				     options:
			
 
				       baseurl: {{ openshift_hosted_registry_storage_s3_cloudfront_baseurl }}
			
 
				-      privatekey: {{ openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile }}
			
 
				+      privatekey: /etc/origin/cloudfront.pem
			
 
				       keypairid: {{ openshift_hosted_registry_storage_s3_cloudfront_keypairid }}
			
 
				 {% elif openshift.common.version_gte_3_3_or_1_3 | bool %}
			
 
				   storage: