Página inicial Explorar Ajuda
Registrar Entrar
shixiong
/
okd
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: abb188800b
Branches Tags
okd
/
roles
/
openshift_hosted
/
tasks
/
secure
/
passthrough.yml

passthrough.yml 2.1 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445 
  1. ---
    2. 

  2. # Generate a self-signed certificate when there is no user-supplied certificate
    3. 

  3. - name: Configure self-signed certificate file paths
    4. 

  4.   set_fact:
    5. 

  5.     docker_registry_cert_path: "/etc/origin/master/registry.crt"
    6. 

  6.     docker_registry_key_path: "/etc/origin/master/registry.key"
    7. 

  7.     docker_registry_cacert_path: "/etc/origin/master/ca.crt"
    8. 

  8.     docker_registry_self_signed: true
    9. 

  9.   when:
    10. 

  10.   - "'certfile' not in openshift_hosted_registry_routecertificates"
    11. 

  11.   - "'keyfile' not in openshift_hosted_registry_routecertificates"
    12. 

  12. 

  13. # Retrieve user supplied certificate files if they are provided
    14. 

  14. - when:
    15. 

  15.   - "'certfile' in openshift_hosted_registry_routecertificates"
    16. 

  16.   - "'keyfile' in openshift_hosted_registry_routecertificates"
    17. 

  17.   block:
    18. 

  18.   - name: Configure provided certificate file paths
    19. 

  19.     set_fact:
    20. 

  20.       docker_registry_cert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
    21. 

  21.       docker_registry_key_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
    22. 

  22.       docker_registry_self_signed: false
    23. 

  23. 

  24.   # Since we end up bundling the cert, cacert and key in a .pem file, the 'cafile'
    25. 

  25.   # is optional
    26. 

  26.   - name: Configure provided ca certificate file path
    27. 

  27.     set_fact:
    28. 

  28.       docker_registry_cacert_path: "/etc/origin/master/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
    29. 

  29.     when: "'cafile' in openshift_hosted_registry_routecertificates"
    30. 

  30. 

  31.   - name: Retrieve provided certificate files
    32. 

  32.     copy:
    33. 

  33.       backup: True
    34. 

  34.       dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}"
    35. 

  35.       src: "{{ item.value }}"
    36. 

  36.     when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value
    37. 

  37.     with_dict: "{{ openshift_hosted_registry_routecertificates }}"
    38. 

  38. 

  39. - name: Configure a passthrough route for docker-registry
    40. 

  40.   oc_route:
    41. 

  41.     name: docker-registry
    42. 

  42.     namespace: "{{ openshift_hosted_registry_namespace }}"
    43. 

  43.     service_name: docker-registry
    44. 

  44.     tls_termination: "{{ openshift_hosted_registry_routetermination }}"
    45. 

  45.     host: "{{ openshift_hosted_registry_routehost | default(omit, true) }}"
    46.