---
# There might be other settings in this file besides auth; we want to ensure it
# will always be bind-mounted into the node for system containers (atomic).
- name: Check for credentials file for registry auth
  stat:
    path: "{{ oreg_auth_credentials_path }}"
    get_checksum: false
    get_attributes: false
    get_mime: false
  when: oreg_auth_user is defined
  register: node_oreg_auth_credentials_stat

# docker_creds is a custom module from lib_utils
# 'docker login' requires a docker.service running on the local host, this is an
# alternative implementation that operates directly on config.json
- name: Create credentials for registry auth
  docker_creds:
    path: "{{ oreg_auth_credentials_path }}"
    registry: "{{ oreg_host }}"
    username: "{{ oreg_auth_user }}"
    password: "{{ oreg_auth_password }}"
    # Test that we can actually connect with provided info
    test_login: "{{ oreg_test_login | default(True) }}"
    proxy_vars: "{{ l_docker_creds_proxy_vars }}"
    image_name: "{{ l_docker_creds_image_name }}"
  when:
    - oreg_auth_user is defined
  register: node_oreg_auth_credentials_create
  retries: 3
  delay: 5
  until: node_oreg_auth_credentials_create is succeeded

# Container images may need the registry credentials
- name: Setup ro mount of /root/.docker for containerized hosts
  set_fact:
    l_bind_docker_reg_auth: True
  when:
    - openshift_is_atomic | bool
    - oreg_auth_user is defined
    - >
        (node_oreg_auth_credentials_stat.stat.exists
        or node_oreg_auth_credentials_create.changed) | bool