首頁 探索 說明
註冊 登入
shixiong
/
okd
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 57dfae185d
分支列表 標籤列表
okd
/
roles
/
openshift_hosted
/
tasks
/
registry
/
storage
/
object_storage.yml

object_storage.yml 4.5 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114 
  1. - fail:
    2. 

  2.     msg: >
    3. 

  3.       Object Storage Provider: {{ openshift.hosted.registry.storage.provider }}
    4. 

  4.       is not currently supported
    5. 

  5.   when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift']
    6. 

  6. 

  7. - fail:
    8. 

  8.     msg: >
    9. 

  9.       Support for provider: "{{ openshift.hosted.registry.storage.provider }}"
    10. 

  10.       not implemented yet
    11. 

  11.   when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift']
    12. 

  12. 

  13. - include: s3.yml
    14. 

  14.   when: openshift.hosted.registry.storage.provider == 's3'
    15. 

  15. 

  16. - name: Test if docker registry config secret exists
    17. 

  17.   command: >
    18. 

  18.     {{ openshift.common.client_binary }}
    19. 

  19.     --config={{ openshift_hosted_kubeconfig }}
    20. 

  20.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    21. 

  21.     get secrets {{ registry_config_secret_name }} -o json
    22. 

  22.   register: secrets
    23. 

  23.   changed_when: false
    24. 

  24.   failed_when: false
    25. 

  25. 

  26. - set_fact:
    27. 

  27.     registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}"
    28. 

  28. 

  29. - set_fact:
    30. 

  30.     registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}"
    31. 

  31. 

  32. - set_fact:
    33. 

  33.     same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}"
    34. 

  34.   when: secrets.rc == 0
    35. 

  35. 

  36. - name: Update registry config secret
    37. 

  37.   command: >
    38. 

  38.     {{ openshift.common.client_binary }}
    39. 

  39.     --config={{ openshift_hosted_kubeconfig }}
    40. 

  40.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    41. 

  41.     patch secret/{{ registry_config_secret_name }}
    42. 

  42.     -p '{"data": {"config.yml": "{{ registry_config }}"}}'
    43. 

  43.   register: update_config_secret
    44. 

  44.   when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool
    45. 

  45. 

  46. - name: Create registry config secret
    47. 

  47.   shell: >
    48. 

  48.     echo '{{ registry_config_secret |to_json }}' |
    49. 

  49.     {{ openshift.common.client_binary }}
    50. 

  50.     --config={{ openshift_hosted_kubeconfig }}
    51. 

  51.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    52. 

  52.     create -f -
    53. 

  53.   when: secrets.rc == 1
    54. 

  54. 

  55. - name: Determine if service account contains secrets
    56. 

  56.   command: >
    57. 

  57.     {{ openshift.common.client_binary }}
    58. 

  58.     --config={{ openshift_hosted_kubeconfig }}
    59. 

  59.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    60. 

  60.     get serviceaccounts registry
    61. 

  61.     -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
    62. 

  62.   register: serviceaccount
    63. 

  63.   changed_when: false
    64. 

  64. 

  65. - name: Add secrets to registry service account
    66. 

  66.   command: >
    67. 

  67.     {{ openshift.common.client_binary }}
    68. 

  68.     --config={{ openshift_hosted_kubeconfig }}
    69. 

  69.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    70. 

  70.     secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
    71. 

  71.   when: serviceaccount.stdout == ''
    72. 

  72. 

  73. - name: Determine if deployment config contains secrets
    74. 

  74.   command: >
    75. 

  75.     {{ openshift.common.client_binary }}
    76. 

  76.     --config={{ openshift_hosted_kubeconfig }}
    77. 

  77.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    78. 

  78.     set volumes dc/docker-registry --list
    79. 

  79.   register: volume
    80. 

  80.   changed_when: false
    81. 

  81. 

  82. - name: Add secrets to registry deployment config
    83. 

  83.   command: >
    84. 

  84.     {{ openshift.common.client_binary }}
    85. 

  85.     --config={{ openshift_hosted_kubeconfig }}
    86. 

  86.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    87. 

  87.     set volumes dc/docker-registry --add --name=docker-config -m /etc/registry
    88. 

  88.     --type=secret --secret-name={{ registry_config_secret_name }}
    89. 

  89.   when: registry_config_secret_name not in volume.stdout
    90. 

  90. 

  91. - name: Determine if registry environment variable needs to be created
    92. 

  92.   command: >
    93. 

  93.     {{ openshift.common.client_binary }}
    94. 

  94.     --config={{ openshift_hosted_kubeconfig }}
    95. 

  95.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    96. 

  96.     set env --list dc/docker-registry
    97. 

  97.   register: oc_env
    98. 

  98.   changed_when: false
    99. 

  99. 

  100. - name: Add registry environment variable
    101. 

  101.   command: >
    102. 

  102.     {{ openshift.common.client_binary }}
    103. 

  103.     --config={{ openshift_hosted_kubeconfig }}
    104. 

  104.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    105. 

  105.     set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml
    106. 

  106.   when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout"
    107. 

  107. 

  108. - name: Redeploy registry
    109. 

  109.   command: >
    110. 

  110.     {{ openshift.common.client_binary }}
    111. 

  111.     --config={{ openshift_hosted_kubeconfig }}
    112. 

  112.     --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    113. 

  113.     deploy dc/docker-registry --latest
    114. 

  114.   when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool
    115.