Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4b102facfb
Branches Tags
okd
/
playbooks
/
common
/
openshift-cluster
/
node_docker_ca.yml

node_docker_ca.yml 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. ---
    2. 

  2. - name: Configure CA certificate for secure registry
    3. 

  3.   hosts: oo_nodes_to_config
    4. 

  4.   tags:
    5. 

  5.   - hosted
    6. 

  6.   tasks:
    7. 

  7.   - name: Create temp directory for kubeconfig
    8. 

  8.     command: mktemp -d /tmp/openshift-ansible-XXXXXX
    9. 

  9.     register: mktemp
    10. 

  10.     when: openshift_hosted_manage_registry | default(true) | bool
    11. 

  11.     changed_when: false
    12. 

  12.     delegate_to: "{{ groups.oo_first_master.0 }}"
    13. 

  13.     run_once: true
    14. 

  14. 

  15.   - set_fact:
    16. 

  16.       openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
    17. 

  17.     when: openshift_hosted_manage_registry | default(true) | bool
    18. 

  18.     delegate_to: "{{ groups.oo_first_master.0 }}"
    19. 

  19.     run_once: true
    20. 

  20. 

  21.   - name: Copy the admin client config(s)
    22. 

  22.     command: >
    23. 

  23.       cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
    24. 

  24.     when: openshift_hosted_manage_registry | default(true) | bool
    25. 

  25.     changed_when: false
    26. 

  26.     delegate_to: "{{ groups.oo_first_master.0 }}"
    27. 

  27.     run_once: true
    28. 

  28. 

  29.   - name: Retrieve docker-registry route
    30. 

  30.     command: >
    31. 

  31.       {{ openshift.common.client_binary }} get route docker-registry
    32. 

  32.       -o jsonpath='{.spec.host}'
    33. 

  33.       --config={{ openshift_hosted_kubeconfig }}
    34. 

  34.       -n default
    35. 

  35.     register: docker_registry_route
    36. 

  36.     when: openshift_hosted_manage_registry | default(true) | bool
    37. 

  37.     changed_when: false
    38. 

  38.     delegate_to: "{{ groups.oo_first_master.0 }}"
    39. 

  39.     run_once: true
    40. 

  40. 

  41.   - name: Retrieve registry service IP
    42. 

  42.     command: >
    43. 

  43.       {{ openshift.common.client_binary }} get svc/docker-registry
    44. 

  44.       -o jsonpath='{.spec.clusterIP}'
    45. 

  45.       --config={{ openshift_hosted_kubeconfig }}
    46. 

  46.       -n default
    47. 

  47.     register: docker_registry_service_ip
    48. 

  48.     when: openshift_hosted_manage_registry | default(true) | bool
    49. 

  49.     changed_when: false
    50. 

  50.     delegate_to: "{{ groups.oo_first_master.0 }}"
    51. 

  51.     run_once: true
    52. 

  52. 

  53.   - name: Create registry CA directories
    54. 

  54.     file:
    55. 

  55.       path: "/etc/docker/certs.d/{{ item }}"
    56. 

  56.       state: directory
    57. 

  57.     with_items:
    58. 

  58.     - "{{ docker_registry_service_ip.stdout }}:5000"
    59. 

  59.     - "{{ docker_registry_route.stdout }}"
    60. 

  60.     - "docker-registry.default.svc.cluster.local:5000"
    61. 

  61.     when: openshift_hosted_manage_registry | default(true) | bool
    62. 

  62. 

  63.   - name: Copy CA to registry CA directories
    64. 

  64.     copy:
    65. 

  65.       src: "{{ openshift.common.config_base }}/node/ca.crt"
    66. 

  66.       dest: "/etc/docker/certs.d/{{ item }}"
    67. 

  67.       remote_src: yes
    68. 

  68.       force: yes
    69. 

  69.     with_items:
    70. 

  70.     - "{{ docker_registry_service_ip.stdout }}:5000"
    71. 

  71.     - "{{ docker_registry_route.stdout }}"
    72. 

  72.     - "docker-registry.default.svc.cluster.local:5000"
    73. 

  73.     when: openshift_hosted_manage_registry | default(true) | bool
    74. 

  74.     notify:
    75. 

  75.     - Wait for docker-registry deployment
    76. 

  76.     - Wait for registry-console deployment
    77. 

  77.     - Restart docker
    78. 

  78. 

  79.   handlers:
    80. 

  80.   # Restarting docker before deployments have begun will block the
    81. 

  81.   # deployments from ever starting so try waiting for the registry to
    82. 

  82.   # become available.
    83. 

  83.   - name: Wait for docker-registry deployment
    84. 

  84.     command: >
    85. 

  85.       {{ openshift.common.client_binary }} get dc/docker-registry
    86. 

  86.       -o jsonpath='{.status.availableReplicas}'
    87. 

  87.       --config={{ openshift_hosted_kubeconfig }}
    88. 

  88.       -n default
    89. 

  89.     delegate_to: "{{ groups.oo_first_master.0}}"
    90. 

  90.     register: l_docker_registry_available_replicas
    91. 

  91.     until: l_docker_registry_available_replicas.stdout | default("0") != "0"
    92. 

  92.     retries: 30
    93. 

  93.     delay: 1
    94. 

  94.     failed_when: false
    95. 

  95.     changed_when: false
    96. 

  96.     run_once: true
    97. 

  97. 

  98.   - name: Wait for registry-console deployment
    99. 

  99.     command: >
    100. 

  100.       {{ openshift.common.client_binary }} get dc/registry-console
    101. 

  101.       -o jsonpath='{.status.availableReplicas}'
    102. 

  102.       --config={{ openshift_hosted_kubeconfig }}
    103. 

  103.       -n default
    104. 

  104.     delegate_to: "{{ groups.oo_first_master.0 }}"
    105. 

  105.     register: l_registry_console_available_replicas
    106. 

  106.     until: l_registry_console_available_replicas.stdout | default("0") != "0"
    107. 

  107.     retries: 30
    108. 

  108.     delay: 1
    109. 

  109.     failed_when: false
    110. 

  110.     changed_when: false
    111. 

  111.     run_once: true
    112. 

  112. 

  113.   - name: Restart docker
    114. 

  114.     service:
    115. 

  115.       name: docker
    116. 

  116.       state: restarted
    117. 

  117. 

  118. - name: Delete temp directory
    119. 

  119.   hosts: oo_first_master
    120. 

  120.   tags:
    121. 

  121.   - hosted
    122. 

  122.   tasks:
    123. 

  123.   - name: Delete temp directory
    124. 

  124.     file:
    125. 

  125.       name: "{{ mktemp.stdout }}"
    126. 

  126.       state: absent
    127. 

  127.     when: openshift_hosted_manage_registry | default(true) | bool
    128. 

  128.     changed_when: False
    129.