Startsida Utforska Hjälp
Registrera dig Logga in
shixiong
/
okd
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 027b9e70b9
Grenar Taggar
okd
/
roles
/
openshift_node
/
tasks
/
registry_auth.yml

registry_auth.yml 2.3 KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. ---
    2. 

  2. # There might be other settings in this file besides auth; we want to ensure it
    3. 

  3. # will always be bind-mounted into the node for system containers (atomic).
    4. 

  4. - name: Check for credentials file for registry auth
    5. 

  5.   stat:
    6. 

  6.     path: "{{ oreg_auth_credentials_path }}"
    7. 

  7.     get_checksum: false
    8. 

  8.     get_attributes: false
    9. 

  9.     get_mime: false
    10. 

  10.   when: oreg_auth_user is defined
    11. 

  11.   register: node_oreg_auth_credentials_stat
    12. 

  12. 

  13. # docker_creds is a custom module from lib_utils
    14. 

  14. # 'docker login' requires a docker.service running on the local host, this is an
    15. 

  15. # alternative implementation that operates directly on config.json
    16. 

  16. - name: Create credentials for registry auth
    17. 

  17.   docker_creds:
    18. 

  18.     path: "{{ oreg_auth_credentials_path }}"
    19. 

  19.     registry: "{{ oreg_host }}"
    20. 

  20.     username: "{{ oreg_auth_user }}"
    21. 

  21.     password: "{{ oreg_auth_password }}"
    22. 

  22.     # Test that we can actually connect with provided info
    23. 

  23.     test_login: "{{ oreg_test_login | default(True) }}"
    24. 

  24.     proxy_vars: "{{ l_docker_creds_proxy_vars }}"
    25. 

  25.     test_image: "{{ l_docker_creds_test_image }}"
    26. 

  26.   when:
    27. 

  27.     - oreg_auth_user is defined
    28. 

  28.   register: node_oreg_auth_credentials_create
    29. 

  29.   retries: 3
    30. 

  30.   delay: 5
    31. 

  31.   until: node_oreg_auth_credentials_create is succeeded
    32. 

  32. 

  33. - name: Create credentials for any additional registries
    34. 

  34.   docker_creds:
    35. 

  35.     path: "{{ oreg_auth_credentials_path }}"
    36. 

  36.     registry: "{{ item.host }}"
    37. 

  37.     username: "{{ item.user | default('openshift') }}"
    38. 

  38.     password: "{{ item.password }}"
    39. 

  39.     # Test that we can actually connect with provided info
    40. 

  40.     test_login: "{{ item.test_login | default(omit) }}"
    41. 

  41.     proxy_vars: "{{ l_docker_creds_proxy_vars }}"
    42. 

  42.     test_image: "{{ item.test_image | default('openshift3/ose-pod') }}"
    43. 

  43.     tls_verify: "{{ item.tls_verify | default(omit) }}"
    44. 

  44.   when:
    45. 

  45.     - openshift_additional_registry_credentials != []
    46. 

  46.   register: node_additional_registry_creds
    47. 

  47.   retries: 3
    48. 

  48.   delay: 5
    49. 

  49.   until: node_additional_registry_creds is succeeded
    50. 

  50.   with_items:
    51. 

  51.     "{{ openshift_additional_registry_credentials }}"
    52. 

  52. 

  53. # Container images may need the registry credentials
    54. 

  54. - name: Setup ro mount of /root/.docker for containerized hosts
    55. 

  55.   set_fact:
    56. 

  56.     l_bind_docker_reg_auth: True
    57. 

  57.   when:
    58. 

  58.     - openshift_is_atomic | bool
    59. 

  59.     - oreg_auth_user is defined or openshift_additional_registry_credentials != [] or node_oreg_auth_credentials_stat.stat.exists
    60.