Merge pull request #10404 from mcanevet/registry_insecureskipverify

Add openshift_hosted_registry_storage_swift_insecureskipverify parameter

playbooks/openstack/configuration.md

@@ -975,6 +975,7 @@ And the following in `inventory/group_vars/OSEv3.yml`:
 * `openshift_hosted_registry_storage_swift_tenantid`: "{{ lookup('env','OS_PROJECT_ID') }}" _# can also specify tenant_
 * `openshift_hosted_registry_storage_swift_domain`: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}" _# optional; can also specifiy domainid_
 * `openshift_hosted_registry_storage_swift_domainid`: "{{ lookup('env','OS_USER_DOMAIN_ID') }}" _# optional; can also specifiy domain_
+* `openshift_hosted_registry_storage_swift_insecureskipverify`: "false" # optional; true to skip TLS verification
 
 Note that the exact environment variable names may vary depending on the contents of
 your OpenStack RC file. If you use Keystone v2, you may not need to set all of these

roles/openshift_hosted/templates/registry_config.j2

@@ -1,6 +1,6 @@
 version: 0.1
 log:
-  level: {{ openshift_hosted_registry_log_level }} 
+  level: {{ openshift_hosted_registry_log_level }}
 http:
   addr: :5000
 storage:
@@ -56,6 +56,9 @@ storage:
 {%   if openshift_hosted_registry_storage_swift_domainid is defined %}
     domainid: {{ openshift_hosted_registry_storage_swift_domainid }}
 {%   endif -%}
+{%   if openshift_hosted_registry_storage_swift_insecureskipverify | default(false) | bool %}
+    insecureskipverify: {{ openshift_hosted_registry_storage_swift_insecureskipverify }}
+{%   endif -%}
 {% elif openshift_hosted_registry_storage_provider | default('') == 'gcs' %}
   gcs:
     bucket: {{ openshift_hosted_registry_storage_gcs_bucket }}