---
# There might be other settings in this file besides auth; we want to ensure it
# will always be bind-mounted into the node for system containers (atomic).
- name: Check for credentials file for registry auth
  stat:
    path: "{{ oreg_auth_credentials_path }}"
    get_checksum: false
    get_attributes: false
    get_mime: false
  when: oreg_auth_user is defined
  register: node_oreg_auth_credentials_stat

# docker_creds is a custom module from lib_utils
# 'docker login' requires a docker.service running on the local host, this is an
# alternative implementation that operates directly on config.json
- name: Create credentials for registry auth
  docker_creds:
    path: "{{ oreg_auth_credentials_path }}"
    registry: "{{ oreg_host }}"
    username: "{{ oreg_auth_user }}"
    password: "{{ oreg_auth_password }}"
    # Test that we can actually connect with provided info
    test_login: "{{ oreg_test_login | default(True) }}"
    proxy_vars: "{{ l_docker_creds_proxy_vars }}"
    image_name: "{{ l_docker_creds_image_name }}"
  when:
    - oreg_auth_user is defined
  register: node_oreg_auth_credentials_create
  retries: 3
  delay: 5
  until: node_oreg_auth_credentials_create is succeeded

- name: Create credentials for any additional registries
  docker_creds:
    path: "{{ oreg_auth_credentials_path }}"
    registry: "{{ item.host }}"
    username: "{{ item.user | default('openshift') }}"
    password: "{{ item.password }}"
    # Test that we can actually connect with provided info
    test_login: "{{ item.test_login | default(omit) }}"
    proxy_vars: "{{ l_docker_creds_proxy_vars }}"
    image_name: "{{ item.image_name | default('openshift3/ose-pod') }}"
    tls_verify: "{{ item.tls_verify | default(omit) }}"
  when:
    - openshift_additional_registry_credentials is defined
  register: node_additional_registry_creds
  retries: 3
  delay: 5
  until: node_additional_registry_creds is succeeded
  with_items:
    "{{ openshift_additional_registry_credentials }}"

# Container images may need the registry credentials
- name: Setup ro mount of /root/.docker for containerized hosts
  set_fact:
    l_bind_docker_reg_auth: True
  when:
    - openshift_is_atomic | bool
    - oreg_auth_user is defined or openshift_additional_registry_credentials is defined or node_oreg_auth_credentials_stat.stat.exists