summaryrefslogtreecommitdiffstats
path: root/roles/cockpit-ui
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2016-09-04 23:02:08 -0400
committerGitHub <noreply@github.com>2016-09-04 23:02:08 -0400
commit5ca0a74fb271678708268c940fd52ccd15d207ca (patch)
tree9ebe1aedcabccef7968d7aa99dcce5905e618f77 /roles/cockpit-ui
parent88ef051955288fbfaedebe35a12b64d00ac285a1 (diff)
parent9c114231850ac265e7414afefbf78da194d0a8e4 (diff)
downloadopenshift-5ca0a74fb271678708268c940fd52ccd15d207ca.tar.gz
openshift-5ca0a74fb271678708268c940fd52ccd15d207ca.tar.bz2
openshift-5ca0a74fb271678708268c940fd52ccd15d207ca.tar.xz
openshift-5ca0a74fb271678708268c940fd52ccd15d207ca.zip
Merge pull request #2409 from abutcher/secure-registry
Secure registry for atomic registry deployment
Diffstat (limited to 'roles/cockpit-ui')
-rw-r--r--roles/cockpit-ui/tasks/main.yml49
1 files changed, 39 insertions, 10 deletions
diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml
index c752bcff1..9fc15ee8b 100644
--- a/roles/cockpit-ui/tasks/main.yml
+++ b/roles/cockpit-ui/tasks/main.yml
@@ -1,31 +1,53 @@
---
-- name: Expose docker-registry
+- name: Create temp directory for kubeconfig
+ command: mktemp -d /tmp/openshift-ansible-XXXXXX
+ register: mktemp
+ changed_when: False
+
+- set_fact:
+ openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig"
+
+- name: Copy the admin client config(s)
command: >
- {{ openshift.common.client_binary }} expose service docker-registry -n default
- register: expose_docker_registry
- changed_when: "'already exists' not in expose_docker_registry.stderr"
- failed_when: "'already exists' not in expose_docker_registry.stderr and expose_docker_registry.rc != 0"
+ cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }}
+ changed_when: False
+
+- name: Create passthrough route for docker-registry
+ command: >
+ {{ openshift.common.client_binary }} create route passthrough
+ --service docker-registry
+ --config={{ openshift_hosted_kubeconfig }}
+ -n default
+ register: create_docker_registry_route
+ changed_when: "'already exists' not in create_docker_registry_route.stderr"
+ failed_when: "'already exists' not in create_docker_registry_route.stderr and create_docker_registry_route.rc != 0"
- name: Create passthrough route for registry-console
command: >
{{ openshift.common.client_binary }} create route passthrough
--service registry-console
--port registry-console
+ --config={{ openshift_hosted_kubeconfig }}
-n default
register: create_registry_console_route
changed_when: "'already exists' not in create_registry_console_route.stderr"
failed_when: "'already exists' not in create_registry_console_route.stderr and create_registry_console_route.rc != 0"
- name: Retrieve docker-registry route
- command: "{{ openshift.common.client_binary }} get route docker-registry -n default --template='{{ '{{' }} .spec.host {{ '}}' }}'"
+ command: >
+ {{ openshift.common.client_binary }} get route docker-registry
+ --template='{{ '{{' }} .spec.host {{ '}}' }}'
+ --config={{ openshift_hosted_kubeconfig }}
+ -n default
register: docker_registry_route
- failed_when: false
changed_when: false
- name: Retrieve cockpit kube url
- command: "{{ openshift.common.client_binary }} get route registry-console -n default --template='https://{{ '{{' }} .spec.host {{ '}}' }}'"
+ command: >
+ {{ openshift.common.client_binary }} get route registry-console
+ --template='https://{{ '{{' }} .spec.host {{ '}}' }}'
+ -n default
register: registry_console_cockpit_kube_url
- failed_when: false
changed_when: false
- set_fact:
@@ -36,9 +58,16 @@
{{ openshift.common.client_binary }} new-app --template=registry-console
{{ cockpit_image_prefix }}
-p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}"
- -p REGISTRY_HOST="{{ docker_registry_route.stdout }}:80"
+ -p REGISTRY_HOST="{{ docker_registry_route.stdout }}"
-p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}"
+ --config={{ openshift_hosted_kubeconfig }}
-n default
register: deploy_registry_console
changed_when: "'already exists' not in deploy_registry_console.stderr"
failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0"
+
+- name: Delete temp directory
+ file:
+ name: "{{ mktemp.stdout }}"
+ state: absent
+ changed_when: False