shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
							---
- fail:
    msg: >
      Object Storage Provider: {{ openshift.hosted.registry.storage.provider }}
      is not currently supported
  when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift']

- fail:
    msg: >
      Support for provider: "{{ openshift.hosted.registry.storage.provider }}"
      not implemented yet
  when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift']

- include: s3.yml
  when: openshift.hosted.registry.storage.provider == 's3'

- name: Test if docker registry config secret exists
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    get secrets {{ registry_config_secret_name }} -o json
  register: secrets
  changed_when: false
  failed_when: false

- set_fact:
    registry_config: "{{ lookup('template', 'registry_config.j2') | b64encode }}"

- set_fact:
    registry_config_secret: "{{ lookup('template', 'registry_config_secret.j2') | from_yaml }}"

- set_fact:
    same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}"
  when: secrets.rc == 0

- name: Update registry config secret
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    patch secret/{{ registry_config_secret_name }}
    -p '{"data": {"config.yml": "{{ registry_config }}"}}'
  register: update_config_secret
  when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool

- name: Create registry config secret
  shell: >
    echo '{{ registry_config_secret |to_json }}' |
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    create -f -
  when: secrets.rc == 1

- name: Determine if service account contains secrets
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    get serviceaccounts registry
    -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
  register: serviceaccount
  changed_when: false

- name: Add secrets to registry service account
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
  when: serviceaccount.stdout == ''

- name: Determine if deployment config contains secrets
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set volumes dc/docker-registry --list
  register: volume
  changed_when: false

- name: Add secrets to registry deployment config
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set volumes dc/docker-registry --add --name=docker-config -m /etc/registry
    --type=secret --secret-name={{ registry_config_secret_name }}
  when: registry_config_secret_name not in volume.stdout

- name: Determine if registry environment variable needs to be created
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set env --list dc/docker-registry
  register: oc_env
  changed_when: false

- name: Add registry environment variable
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml
  when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout"

- name: Redeploy registry
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    deploy dc/docker-registry --latest
  when: secrets.rc == 0 and not update_config_secret | skipped and update_config_secret.rc == 0 and same_storage_provider | bool