shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129
							---
- block:

  - name: Retrieve list of openshift nodes matching registry selector
    oc_obj:
      state: list
      kind: node
      selector: "{{ openshift.hosted.registry.selector | default(omit) }}"
    register: registry_nodes

  - name: set_fact l_node_count to number of nodes matching registry selector
    set_fact:
      l_node_count: "{{ registry_nodes.results.results[0]['items'] | length }}"

  # Determine the default number of registry/router replicas to use if no count
  # has been specified.
  # If no registry nodes defined, the default should be 0.
  - name: set_fact l_default_replicas when l_node_count == 0
    set_fact:
      l_default_replicas: 0
    when: l_node_count | int == 0

  # If registry nodes are defined and the registry storage kind is
  # defined, default should be the number of registry nodes, otherwise
  # just 1:
  - name: set_fact l_default_replicas when l_node_count > 0
    set_fact:
      l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}"
    when: l_node_count | int > 0

  when: openshift.hosted.registry.replicas | default(none) is none

- name: set openshift_hosted facts
  set_fact:
    openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
    openshift_hosted_registry_name: docker-registry
    openshift_hosted_registry_serviceaccount: registry
    openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
    openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}"
    openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
    openshift_hosted_registry_volumes: []
    openshift_hosted_registry_env_vars: {}
    openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routecertificates, {}) }}"
    openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}"
    openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}"
    openshift_hosted_registry_edits:
    # These edits are being specified only to prevent 'changed' on rerun
    - key: spec.strategy.rollingParams
      value:
        intervalSeconds: 1
        maxSurge: "25%"
        maxUnavailable: "25%"
        timeoutSeconds: 600
        updatePeriodSeconds: 1
      action: put
    openshift_hosted_registry_force:
    - False

- name: Create the registry service account
  oc_serviceaccount:
    name: "{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"

- name: Grant the registry service account access to the appropriate scc
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    resource_kind: scc
    resource_name: hostnetwork

- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    resource_kind: cluster-role
    resource_name: system:registry

- name: create the default registry service
  oc_service:
    namespace: "{{ openshift_hosted_registry_namespace }}"
    name: "{{ openshift_hosted_registry_name }}"
    ports:
    - name: 5000-tcp
      port: 5000
      protocol: TCP
      targetPort: 5000
    selector:
      docker-registry: default
    session_affinity: ClientIP
    service_type: ClusterIP

- include: secure.yml
  static: no
  run_once: true
  when:
  - not (openshift.docker.hosted_registry_insecure | default(false) | bool)

- include: storage/object_storage.yml
  static: no
  when:
  - openshift.hosted.registry.storage.kind | default(none) == 'object'

- name: Update openshift_hosted facts for persistent volumes
  set_fact:
    openshift_hosted_registry_volumes: "{{ openshift_hosted_registry_volumes | union(pvc_volume_mounts) }}"
  vars:
    pvc_volume_mounts:
    - name: registry-storage
      type: persistentVolumeClaim
      claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-claim"
  when:
  - openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack', 'glusterfs']

- name: Create OpenShift registry
  oc_adm_registry:
    name: "{{ openshift_hosted_registry_name }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    selector: "{{ openshift_hosted_registry_selector }}"
    replicas: "{{ openshift_hosted_registry_replicas }}"
    service_account: "{{ openshift_hosted_registry_serviceaccount }}"
    images: "{{ openshift_hosted_registry_images }}"
    env_vars: "{{ openshift_hosted_registry_env_vars }}"
    volume_mounts: "{{ openshift_hosted_registry_volumes }}"
    edits: "{{ openshift_hosted_registry_edits }}"
    force: "{{ True|bool in openshift_hosted_registry_force }}"

- include: storage/glusterfs.yml
  when:
  - openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap