diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-09-26 09:29:53 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-26 09:29:53 -0700 |
commit | 8c6192e10192b75af79b82e5e9f21cdc560a6e14 (patch) | |
tree | 52cea806c342cd9a06d8628acf6eaf1595eb9f12 /roles/openshift_hosted/tasks/secure/passthrough.yml | |
parent | 4ac743b8fd26e02af6e230af2cbbe82dd2d4617a (diff) | |
parent | 82d61ae9e23c2ae1f722ed3b458a6e39721e71fd (diff) | |
download | openshift-8c6192e10192b75af79b82e5e9f21cdc560a6e14.tar.gz openshift-8c6192e10192b75af79b82e5e9f21cdc560a6e14.tar.bz2 openshift-8c6192e10192b75af79b82e5e9f21cdc560a6e14.tar.xz openshift-8c6192e10192b75af79b82e5e9f21cdc560a6e14.zip |
Merge pull request #5472 from mgugino-upstream-stage/split-hosted-v2
Automatic merge from submit-queue
Refactor openshift_hosted plays and role (version 2)
Currently, openshift_hosted role duplicates some logic
across separate task chains. This commit cleans up
the openshift_hosted role and converts it to be
primarily used with include_role to give better
logic to the playbooks that utilize this role.
This commit also refactors the playbook that calls
various openshift_hosted roles into individual playbooks.
This allows more granularity for advanced users.
-----
This version of the patch set rolls back some of the refactoring (removal of running fact roles as a dependency) and focuses on just realigning the roles and plays.
Original PR: https://github.com/openshift/openshift-ansible/pull/5284
Once this merges, I will close the old PR. Leaving it open for now for reference.
Diffstat (limited to 'roles/openshift_hosted/tasks/secure/passthrough.yml')
-rw-r--r-- | roles/openshift_hosted/tasks/secure/passthrough.yml | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/roles/openshift_hosted/tasks/secure/passthrough.yml b/roles/openshift_hosted/tasks/secure/passthrough.yml new file mode 100644 index 000000000..5b44fda10 --- /dev/null +++ b/roles/openshift_hosted/tasks/secure/passthrough.yml @@ -0,0 +1,45 @@ +--- +# Generate a self-signed certificate when there is no user-supplied certificate +- name: Configure self-signed certificate file paths + set_fact: + docker_registry_cert_path: "{{ openshift_master_config_dir }}/registry.crt" + docker_registry_key_path: "{{ openshift_master_config_dir }}/registry.key" + docker_registry_cacert_path: "{{ openshift_master_config_dir }}/ca.crt" + docker_registry_self_signed: true + when: + - "'certfile' not in openshift_hosted_registry_routecertificates" + - "'keyfile' not in openshift_hosted_registry_routecertificates" + +# Retrieve user supplied certificate files if they are provided +- when: + - "'certfile' in openshift_hosted_registry_routecertificates" + - "'keyfile' in openshift_hosted_registry_routecertificates" + block: + - name: Configure provided certificate file paths + set_fact: + docker_registry_cert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}" + docker_registry_key_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}" + docker_registry_self_signed: false + + # Since we end up bundling the cert, cacert and key in a .pem file, the 'cafile' + # is optional + - name: Configure provided ca certificate file path + set_fact: + docker_registry_cacert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}" + when: "'cafile' in openshift_hosted_registry_routecertificates" + + - name: Retrieve provided certificate files + copy: + backup: True + dest: "{{ openshift_master_config_dir }}/named_certificates/{{ item.value | basename }}" + src: "{{ item.value }}" + when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value + with_dict: "{{ openshift_hosted_registry_routecertificates }}" + +- name: Configure a passthrough route for docker-registry + oc_route: + name: docker-registry + namespace: "{{ openshift_hosted_registry_namespace }}" + service_name: docker-registry + tls_termination: "{{ openshift_hosted_registry_routetermination }}" + host: "{{ openshift_hosted_registry_routehost | default(omit, true) }}" |