summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted/tasks
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-02-17 09:34:24 -0500
committerGitHub <noreply@github.com>2017-02-17 09:34:24 -0500
commitf39408aada18ab6cf6f87d00f11ddeb3984816b9 (patch)
treeb1f9e0aef5932770dedb8417f2919ce26bf5f91c /roles/openshift_hosted/tasks
parent49a59bc96e30e1d966a6581003e5d99f6909cc4b (diff)
parentd4d197b83decbea47756a8381eec2a5d74d451ff (diff)
downloadopenshift-f39408aada18ab6cf6f87d00f11ddeb3984816b9.tar.gz
openshift-f39408aada18ab6cf6f87d00f11ddeb3984816b9.tar.bz2
openshift-f39408aada18ab6cf6f87d00f11ddeb3984816b9.tar.xz
openshift-f39408aada18ab6cf6f87d00f11ddeb3984816b9.zip
Merge pull request #3369 from ashcrow/attach-cloudfront
WIP: Register cloudfront privkey when required
Diffstat (limited to 'roles/openshift_hosted/tasks')
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/s3.yml32
1 files changed, 23 insertions, 9 deletions
diff --git a/roles/openshift_hosted/tasks/registry/storage/s3.yml b/roles/openshift_hosted/tasks/registry/storage/s3.yml
index f73d9f0ae..7d51594bd 100644
--- a/roles/openshift_hosted/tasks/registry/storage/s3.yml
+++ b/roles/openshift_hosted/tasks/registry/storage/s3.yml
@@ -21,13 +21,27 @@
openshift_hosted_registry_storage_s3_cloudfront_keypairid and
openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile are required
-# Copy the cloudfront.pem to the host if the baseurl is given
-- name: Copy cloudfront.pem to the registry
- copy:
- src: "{{ openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile }}"
- dest: /etc/s3-cloudfront/cloudfront.pem
- backup: true
- owner: root
- group: root
- mode: 0600
+
+# Inject the cloudfront private key as a secret when required
+- block:
+
+ - name: Create registry secret for cloudfront
+ oc_secret:
+ state: present
+ namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
+ name: docker-registry-s3-cloudfront
+ contents:
+ path: cloudfront.pem
+ data: "{{ lookup('file', openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile) }}"
+
+ - name: Add cloudfront secret to the registry deployment config
+ command: >
+ oc volume dc/docker-registry --add --name=cloudfront-vol
+ --namespace="{{ openshift.hosted.registry.namespace | default('default') }}"
+ -m /etc/origin --type=secret --secret-name=docker-registry-s3-cloudfront
+ register: cloudfront_vol_attach
+ failed_when:
+ - "'already exists' not in cloudfront_vol_attach.stderr"
+ - "cloudfront_vol_attach.rc != 0"
+
when: openshift_hosted_registry_storage_s3_cloudfront_baseurl | default(none) is not none