Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
shixiong
/
okd
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: a21189c1f0
Atzari Tagi
okd
/
playbooks
/
adhoc
/
s3_registry
/
s3_registry.yml

s3_registry.yml 2.4 KB
Vēsture Neapstrādāts

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. ---
    2. 

  2. # This playbook creates an S3 bucket named after your cluster and configures the docker-registry service to use the bucket as its backend storage.
    3. 

  3. # Usage:
    4. 

  4. #  ansible-playbook s3_registry.yml -e clusterid="mycluster"
    5. 

  5. #
    6. 

  6. # The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
    7. 

  7. # The 'clusterid' is the short name of your cluster.
    8. 

  8. 

  9. - hosts: tag_clusterid_{{ clusterid }}:&tag_host-type_openshift-master
    10. 

  10.   remote_user: root
    11. 

  11.   gather_facts: False
    12. 

  12. 

  13.   vars:
    14. 

  14.     aws_access_key: "{{ lookup('env', 'S3_ACCESS_KEY_ID') }}"
    15. 

  15.     aws_secret_key: "{{ lookup('env', 'S3_SECRET_ACCESS_KEY') }}"
    16. 

  16. 

  17.   tasks:
    18. 

  18. 

  19.   - name: Check for AWS creds
    20. 

  20.     fail: 
    21. 

  21.       msg: "Couldn't find {{ item }} creds in ENV"
    22. 

  22.     when: "{{ item }} == ''"
    23. 

  23.     with_items:
    24. 

  24.     - aws_access_key
    25. 

  25.     - aws_secret_key
    26. 

  26. 

  27.   - name: Scale down registry
    28. 

  28.     command: oc scale --replicas=0 dc/docker-registry
    29. 

  29. 

  30.   - name: Create S3 bucket
    31. 

  31.     local_action:
    32. 

  32.       module: s3 bucket="{{ clusterid }}-docker" mode=create
    33. 

  33. 

  34.   - name: Set up registry environment variable
    35. 

  35.     command: oc env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registryconfig/config.yml
    36. 

  36. 

  37.   - name: Generate docker registry config
    38. 

  38.     template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
    39. 

  39. 

  40.   - name: Determine if new secrets are needed
    41. 

  41.     command: oc get secrets
    42. 

  42.     register: secrets
    43. 

  43. 

  44.   - name: Create registry secrets
    45. 

  45.     command: oc secrets new dockerregistry /root/config.yml
    46. 

  46.     when: "'dockerregistry' not in secrets.stdout"
    47. 

  47. 

  48.   - name: Determine if service account contains secrets
    49. 

  49.     command: oc describe serviceaccount/registry
    50. 

  50.     register: serviceaccount
    51. 

  51. 

  52.   - name: Add secrets to registry service account
    53. 

  53.     command: oc secrets add serviceaccount/registry secrets/dockerregistry
    54. 

  54.     when: "'dockerregistry' not in serviceaccount.stdout"
    55. 

  55. 

  56.   - name: Determine if deployment config contains secrets
    57. 

  57.     command: oc volume dc/docker-registry --list
    58. 

  58.     register: dc
    59. 

  59. 

  60.   - name: Add secrets to registry deployment config
    61. 

  61.     command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry
    62. 

  62.     when: "'dockersecrets' not in dc.stdout"
    63. 

  63. 

  64.   - name: Wait for deployment config to take effect before scaling up
    65. 

  65.     pause: seconds=30
    66. 

  66. 

  67.   - name: Scale up registry
    68. 

  68.     command: oc scale --replicas=1 dc/docker-registry
    69. 

  69. 

  70.   - name: Delete temporary config file
    71. 

  71.     file: path=/root/config.yml state=absent
    72.