shixiong
/
okd


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
							---
- name: setup firewall
  include: firewall.yml
  static: yes

- when: openshift.hosted.registry.replicas | default(none) is none
  block:
  - name: Retrieve list of openshift nodes matching registry selector
    oc_obj:
      state: list
      kind: node
      selector: "{{ openshift.hosted.registry.selector | default(omit) }}"
    register: registry_nodes

  - name: set_fact l_node_count to number of nodes matching registry selector
    set_fact:
      l_node_count: "{{ registry_nodes.results.results[0]['items'] | length }}"

  # Determine the default number of registry/router replicas to use if no count
  # has been specified.
  # If no registry nodes defined, the default should be 0.
  - name: set_fact l_default_replicas when l_node_count == 0
    set_fact:
      l_default_replicas: 0
    when: l_node_count | int == 0

  # If registry nodes are defined and the registry storage kind is
  # defined, default should be the number of registry nodes, otherwise
  # just 1:
  - name: set_fact l_default_replicas when l_node_count > 0
    set_fact:
      l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}"
    when: l_node_count | int > 0


- name: set openshift_hosted facts
  set_fact:
    openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
    openshift_hosted_registry_name: docker-registry
    openshift_hosted_registry_serviceaccount: registry
    openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
    openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}"
    openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
    openshift_hosted_registry_volumes: []
    openshift_hosted_registry_env_vars: {}
    openshift_hosted_registry_edits:
    # These edits are being specified only to prevent 'changed' on rerun
    - key: spec.strategy.rollingParams
      value:
        intervalSeconds: 1
        maxSurge: "25%"
        maxUnavailable: "25%"
        timeoutSeconds: 600
        updatePeriodSeconds: 1
      action: put
    openshift_hosted_registry_force:
    - False

- name: Update registry environment variables when pushing via dns
  set_fact:
    openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'OPENSHIFT_DEFAULT_REGISTRY':'docker-registry.default.svc:5000'}) }}"
  when: openshift_push_via_dns | default(false) | bool

- name: Update registry proxy settings for dc/docker-registry
  set_fact:
    openshift_hosted_registry_env_vars: "{{ {'HTTPS_PROXY': (openshift.common.https_proxy | default('')),
                                             'HTTP_PROXY':  (openshift.common.http_proxy  | default('')),
                                             'NO_PROXY':    (openshift.common.no_proxy    | default(''))}
                                           | combine(openshift_hosted_registry_env_vars) }}"
  when: (openshift.common.https_proxy | default(False)) or (openshift.common.http_proxy | default('')) != ''

- name: Create the registry service account
  oc_serviceaccount:
    name: "{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"

- name: Grant the registry service account access to the appropriate scc
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    resource_kind: scc
    resource_name: hostnetwork

- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    resource_kind: cluster-role
    resource_name: system:registry

- name: create the default registry service
  oc_service:
    namespace: "{{ openshift_hosted_registry_namespace }}"
    name: "{{ openshift_hosted_registry_name }}"
    ports:
    - name: 5000-tcp
      port: 5000
      protocol: TCP
      targetPort: 5000
    selector:
      docker-registry: default
    session_affinity: ClientIP
    service_type: ClusterIP

- include: secure.yml
  static: no
  run_once: true
  when:
  - not (openshift.docker.hosted_registry_insecure | default(false) | bool)

- include: storage/object_storage.yml
  static: no
  when:
  - openshift.hosted.registry.storage.kind | default(none) == 'object'

- name: Update openshift_hosted facts for persistent volumes
  set_fact:
    openshift_hosted_registry_volumes: "{{ openshift_hosted_registry_volumes | union(pvc_volume_mounts) }}"
  vars:
    pvc_volume_mounts:
    - name: registry-storage
      type: persistentVolumeClaim
      claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-claim"
  when:
  - openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack', 'glusterfs']

- name: Create OpenShift registry
  oc_adm_registry:
    name: "{{ openshift_hosted_registry_name }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    selector: "{{ openshift_hosted_registry_selector }}"
    replicas: "{{ openshift_hosted_registry_replicas }}"
    service_account: "{{ openshift_hosted_registry_serviceaccount }}"
    images: "{{ openshift_hosted_registry_images }}"
    env_vars: "{{ openshift_hosted_registry_env_vars }}"
    volume_mounts: "{{ openshift_hosted_registry_volumes }}"
    edits: "{{ openshift_hosted_registry_edits }}"
    force: "{{ True|bool in openshift_hosted_registry_force }}"

- when: openshift_hosted_registry_wait | bool
  block:
  - name: Ensure OpenShift registry correctly rolls out (best-effort today)
    command: |
      oc rollout status deploymentconfig {{ openshift_hosted_registry_name }} \
                        --namespace {{ openshift_hosted_registry_namespace }} \
                        --config {{ openshift.common.config_base }}/master/admin.kubeconfig
    async: 600
    poll: 15
    failed_when: false

  - name: Determine the latest version of the OpenShift registry deployment
    command: |
      {{ openshift.common.client_binary }} get deploymentconfig {{ openshift_hosted_registry_name }} \
             --namespace {{ openshift_hosted_registry_namespace }} \
             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
             -o jsonpath='{ .status.latestVersion }'
    register: openshift_hosted_registry_latest_version

  - name: Sanity-check that the OpenShift registry rolled out correctly
    command: |
      {{ openshift.common.client_binary }} get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \
             --namespace {{ openshift_hosted_registry_namespace }} \
             --config {{ openshift.common.config_base }}/master/admin.kubeconfig \
             -o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
    register: openshift_hosted_registry_rc_phase
    until: "'Running' not in openshift_hosted_registry_rc_phase.stdout"
    delay: 15
    retries: 40
    failed_when: "'Failed' in openshift_hosted_registry_rc_phase.stdout"

- include: storage/glusterfs.yml
  when:
  - openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap