diff options
author | Scott Dodson <sdodson@redhat.com> | 2016-09-04 23:02:08 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-09-04 23:02:08 -0400 |
commit | 5ca0a74fb271678708268c940fd52ccd15d207ca (patch) | |
tree | 9ebe1aedcabccef7968d7aa99dcce5905e618f77 /roles/cockpit-ui | |
parent | 88ef051955288fbfaedebe35a12b64d00ac285a1 (diff) | |
parent | 9c114231850ac265e7414afefbf78da194d0a8e4 (diff) | |
download | openshift-5ca0a74fb271678708268c940fd52ccd15d207ca.tar.gz openshift-5ca0a74fb271678708268c940fd52ccd15d207ca.tar.bz2 openshift-5ca0a74fb271678708268c940fd52ccd15d207ca.tar.xz openshift-5ca0a74fb271678708268c940fd52ccd15d207ca.zip |
Merge pull request #2409 from abutcher/secure-registry
Secure registry for atomic registry deployment
Diffstat (limited to 'roles/cockpit-ui')
-rw-r--r-- | roles/cockpit-ui/tasks/main.yml | 49 |
1 files changed, 39 insertions, 10 deletions
diff --git a/roles/cockpit-ui/tasks/main.yml b/roles/cockpit-ui/tasks/main.yml index c752bcff1..9fc15ee8b 100644 --- a/roles/cockpit-ui/tasks/main.yml +++ b/roles/cockpit-ui/tasks/main.yml @@ -1,31 +1,53 @@ --- -- name: Expose docker-registry +- name: Create temp directory for kubeconfig + command: mktemp -d /tmp/openshift-ansible-XXXXXX + register: mktemp + changed_when: False + +- set_fact: + openshift_hosted_kubeconfig: "{{ mktemp.stdout }}/admin.kubeconfig" + +- name: Copy the admin client config(s) command: > - {{ openshift.common.client_binary }} expose service docker-registry -n default - register: expose_docker_registry - changed_when: "'already exists' not in expose_docker_registry.stderr" - failed_when: "'already exists' not in expose_docker_registry.stderr and expose_docker_registry.rc != 0" + cp {{ openshift_master_config_dir }}/admin.kubeconfig {{ openshift_hosted_kubeconfig }} + changed_when: False + +- name: Create passthrough route for docker-registry + command: > + {{ openshift.common.client_binary }} create route passthrough + --service docker-registry + --config={{ openshift_hosted_kubeconfig }} + -n default + register: create_docker_registry_route + changed_when: "'already exists' not in create_docker_registry_route.stderr" + failed_when: "'already exists' not in create_docker_registry_route.stderr and create_docker_registry_route.rc != 0" - name: Create passthrough route for registry-console command: > {{ openshift.common.client_binary }} create route passthrough --service registry-console --port registry-console + --config={{ openshift_hosted_kubeconfig }} -n default register: create_registry_console_route changed_when: "'already exists' not in create_registry_console_route.stderr" failed_when: "'already exists' not in create_registry_console_route.stderr and create_registry_console_route.rc != 0" - name: Retrieve docker-registry route - command: "{{ openshift.common.client_binary }} get route docker-registry -n default --template='{{ '{{' }} .spec.host {{ '}}' }}'" + command: > + {{ openshift.common.client_binary }} get route docker-registry + --template='{{ '{{' }} .spec.host {{ '}}' }}' + --config={{ openshift_hosted_kubeconfig }} + -n default register: docker_registry_route - failed_when: false changed_when: false - name: Retrieve cockpit kube url - command: "{{ openshift.common.client_binary }} get route registry-console -n default --template='https://{{ '{{' }} .spec.host {{ '}}' }}'" + command: > + {{ openshift.common.client_binary }} get route registry-console + --template='https://{{ '{{' }} .spec.host {{ '}}' }}' + -n default register: registry_console_cockpit_kube_url - failed_when: false changed_when: false - set_fact: @@ -36,9 +58,16 @@ {{ openshift.common.client_binary }} new-app --template=registry-console {{ cockpit_image_prefix }} -p OPENSHIFT_OAUTH_PROVIDER_URL="{{ openshift.master.public_api_url }}" - -p REGISTRY_HOST="{{ docker_registry_route.stdout }}:80" + -p REGISTRY_HOST="{{ docker_registry_route.stdout }}" -p COCKPIT_KUBE_URL="{{ registry_console_cockpit_kube_url.stdout }}" + --config={{ openshift_hosted_kubeconfig }} -n default register: deploy_registry_console changed_when: "'already exists' not in deploy_registry_console.stderr" failed_when: "'already exists' not in deploy_registry_console.stderr and deploy_registry_console.rc != 0" + +- name: Delete temp directory + file: + name: "{{ mktemp.stdout }}" + state: absent + changed_when: False |