Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Adding support for a route with certs and reencrypt.

Kenny Woodson 8 years ago
parent
1629eb0af6
commit
e009038173
4 changed files with 49 additions and 3 deletions
Split View Show Diff Stats
  1. 7 1
      roles/lib_openshift/library/oc_route.py
  2. 7 1
      roles/lib_openshift/src/class/oc_route.py
  3. 4 0
      roles/openshift_hosted/tasks/registry/registry.yml
  4. 31 1
      roles/openshift_hosted/tasks/registry/secure.yml

+ 7 - 1
roles/lib_openshift/library/oc_route.py
View File 

@@ -1594,7 +1594,13 @@ class OCRoute(OpenShiftCLI):
 
 
     def update(self):
 
         '''update the object'''
 
-        # need to update the tls information and the service name
 
+        # when the host attribute is being updated, we need to delete and recreate
 
+        if self.config.host != self.route.host:
 
+            import time
 
+            self.delete()
 
+            time.sleep(3)
 
+            return self.create()
 
+
 
         return self._replace_content(self.kind, self.config.name, self.config.data)
 
 
     def needs_update(self):

+ 7 - 1
roles/lib_openshift/src/class/oc_route.py
View File 

@@ -55,7 +55,13 @@ class OCRoute(OpenShiftCLI):
 
 
     def update(self):
 
         '''update the object'''
 
-        # need to update the tls information and the service name
 
+        # when the host attribute is being updated, we need to delete and recreate
 
+        if self.config.host != self.route.host:
 
+            import time
 
+            self.delete()
 
+            time.sleep(3)
 
+            return self.create()
 
+
 
         return self._replace_content(self.kind, self.config.name, self.config.data)
 
 
     def needs_update(self):

+ 4 - 0
roles/openshift_hosted/tasks/registry/registry.yml
View File 

@@ -40,6 +40,9 @@
 
     openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
 
     openshift_hosted_registry_volumes: []
 
     openshift_hosted_registry_env_vars: {}
 
+    openshift_hosted_registry_route_certificates: "{{ openshift.hosted.registry.route.certificates | default(false) }}"
 
+    openshift_hosted_registry_route_host: "{{ openshift.hosted.registry.route.host | default(false) }}"
 
+    openshift_hosted_registry_route_termination: "{{ openshift.hosted.registry.route.termination | default('passthrough') }}"
 
     openshift_hosted_registry_edits:
 
     # These edits are being specified only to prevent 'changed' on rerun
 
     - key: spec.strategy.rollingParams
 
@@ -89,6 +92,7 @@
 
 
 - name: Create OpenShift registry
 
   oc_adm_registry:
 
+#debug: True
 
     name: "{{ openshift_hosted_registry_name }}"
 
     namespace: "{{ openshift_hosted_registry_namespace }}"
 
     selector: "{{ openshift_hosted_registry_selector }}"

+ 31 - 1
roles/openshift_hosted/tasks/registry/secure.yml
View File 

@@ -2,14 +2,43 @@
 
 - name: Set fact docker_registry_route_hostname
 
   set_fact:
 
     docker_registry_route_hostname: "{{ 'docker-registry-default.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true)) }}"
 
+  run_once: true
 
+
 
+#- name: Create passthrough route for docker-registry
 
+#  oc_route:
 
+#    name: docker-registry
 
+#    namespace: "{{ openshift_hosted_registry_namespace }}"
 
+#    service_name: docker-registry
 
+#    tls_termination: passthrough
 
+#    host: "{{ docker_registry_route_hostname }}"
 
+#  run_once: true
 
+- name: Get the certificate contents for registry
 
+  local_action:
 
+    module: slurp
 
+    src: "{{ item }}"
 
+  register: openshift_hosted_registry_certificate_content
 
+  with_items:
 
+  - "{{ (openshift_hosted_registry_route_certificates | default({'certfile':none})).certfile }}"
 
+  - "{{ (openshift_hosted_registry_route_certificates | default({'keyfile':none})).keyfile }}"
 
+  - "{{ (openshift_hosted_registry_route_certificates | default({'cafile':none})).cafile }}"
 
+  when: openshift_hosted_registry_route_certificates
 
+
 
+- debug: var=openshift_hosted_registry_certificate_content
 
+  when: openshift_hosted_registry_route_certificates
 
 
 - name: Create passthrough route for docker-registry
 
   oc_route:
 
     name: docker-registry
 
     namespace: "{{ openshift_hosted_registry_namespace }}"
 
     service_name: docker-registry
 
-    tls_termination: passthrough
 
     host: "{{ docker_registry_route_hostname }}"
 
+    tls_termination: "{{ openshift_hosted_registry_route_termination }}"
 
+    host: "{{ openshift_hosted_registry_route_host | default(docker_registry_route_hostname) }}"
 
+    cert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content,omit) }}"
 
+    key_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
 
+    cacert_content: "{{ openshift_hosted_registry_certificate_content is defined | ternary(openshift_hosted_registry_certificate_content.results[0].content, omit) }}"
 
+    dest_cacert_path: "{{ openshift_hosted_registry_certificate_content is defined | ternary('/etc/origin/master/ca.crt', omit) }}"
 
+  run_once: true
 
 
 - name: Retrieve registry service IP
 
   oc_service:
 
@@ -17,6 +46,7 @@
 
     name: docker-registry
 
     state: list
 
   register: docker_registry_service_ip
 
+  run_once: true
 
 
 - name: Create registry certificates
 
   oc_adm_ca_server_cert: