Merge pull request #281 from jwhonce/wip/insecure_registry

Infrastructure - Set OpenShift Registry

roles/openshift_facts/library/openshift_facts.py

@@ -705,7 +705,7 @@ class OpenShiftFacts(object):
             defaults['master'] = master
 
         if 'node' in roles:
-            node = dict(pod_cidr='', labels={}, annotations={})
+            node = dict(pod_cidr='', labels={}, annotations={}, portal_net='172.30.0.0/16')
             node['resources_cpu'] = self.system_facts['processor_cores']
             node['resources_memory'] = int(
                 int(self.system_facts['memtotal_mb']) * 1024 * 1024 * 0.75

roles/openshift_node/tasks/main.yml

@@ -20,6 +20,7 @@
       annotations: "{{ openshift_node_annotations | default(none) }}"
       registry_url: "{{ oreg_url | default(none) }}"
       debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}"
+      portal_net: "{{ openshift_master_portal_net | default(None) }}"
 
 - name: Install OpenShift Node package
   yum: pkg=openshift-node state=present
@@ -56,6 +57,17 @@
   notify:
   - restart openshift-node
 
+- stat: path=/etc/sysconfig/docker
+  register: docker_check
+
+  # TODO: Enable secure registry when code available in origin
+- name: Secure OpenShift Registry
+  lineinfile:
+    dest: /etc/sysconfig/docker
+    regexp: '^OPTIONS=.*'
+    line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} --selinux-enabled'"
+  when: docker_check.stat.isreg
+
 - name: Allow NFS access for VMs
   seboolean: name=virt_use_nfs state=yes persistent=yes