Use pull-secret to pull release and MCD images

roles/openshift_node40/defaults/main.yml

@@ -1,3 +1,5 @@
 ---
 openshift_release_image: "registry.svc.ci.openshift.org/openshift/origin-release:v4.0"
 ign_file: "/tmp/bootstrap.ign"
+pull_secret: "{{ files_dir }}/pull-secret"
+tls_verify: false

roles/openshift_node40/tasks/config.yml

@@ -22,6 +22,19 @@
     state: yes
     persistent: yes
 
+- name: create temp directory
+  command: mktemp -d /tmp/openshift-ansible-XXXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Copy pull secret in the directory
+  copy:
+    src: "{{ pull_secret }}"
+    dest: "{{ mktemp.stdout }}/pull-secret.json"
+
+- name: Pull release image
+  command: "podman pull --tls-verify={{ tls_verify }} --authfile {{ mktemp.stdout }}/pull-secret.json {{ openshift_release_image }}"
+
 - name: Get machine controller daemon image from release image
   command: "podman run --rm {{ openshift_release_image }} image machine-config-daemon"
   register: release_image_mcd
@@ -40,6 +53,9 @@
   when: openshift_bootstrap_endpoint is defined
 
 - block:
+  - name: Pull MCD image
+    command: "podman pull --tls-verify={{ tls_verify }} --authfile {{ mktemp.stdout }}/pull-secret.json {{ release_image_mcd.stdout }}"
+
   - name: Apply ignition manifest
     command: "podman run {{ podman_mounts }} {{ podman_flags }} {{ mcd_command }}"
     vars: