diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-11-15 05:44:04 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-15 05:44:04 -0800 |
commit | 692d5d6c24c955fbd8982588f2a0b71c88d6a805 (patch) | |
tree | 3253b4902dbe29f1f1edb5501760574d9b60f7fe /roles/openshift_node | |
parent | d4b6e2cf22856069d3956b08ec7feaf73380c2d1 (diff) | |
parent | 0de92e0e4c85c876436ae21f61daee31c870705e (diff) | |
download | openshift-692d5d6c24c955fbd8982588f2a0b71c88d6a805.tar.gz openshift-692d5d6c24c955fbd8982588f2a0b71c88d6a805.tar.bz2 openshift-692d5d6c24c955fbd8982588f2a0b71c88d6a805.tar.xz openshift-692d5d6c24c955fbd8982588f2a0b71c88d6a805.zip |
Merge pull request #6094 from mgugino-upstream-stage/syscontainers-docker-login-module
Automatic merge from submit-queue.
Alternative method to create docker registry auth creds
Currently, the command 'docker login' is run when using
oreg with authentication.
On some hosts, such as hosts configured to use system containers,
the docker service is not running. 'docker login' will fail
without the docker service running.
This commit adds a module to idempotently add credentials
to the registry credentials file without the use of
'docker login'
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1511374
Diffstat (limited to 'roles/openshift_node')
-rw-r--r-- | roles/openshift_node/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/openshift_node/tasks/registry_auth.yml | 19 |
2 files changed, 20 insertions, 0 deletions
diff --git a/roles/openshift_node/defaults/main.yml b/roles/openshift_node/defaults/main.yml index 85ad33ad3..89d154ad7 100644 --- a/roles/openshift_node/defaults/main.yml +++ b/roles/openshift_node/defaults/main.yml @@ -85,6 +85,7 @@ oreg_host: "{{ oreg_url.split('/')[0] if (oreg_url is defined and '.' in oreg_ur oreg_auth_credentials_path: "{{ openshift_node_data_dir }}/.docker" oreg_auth_credentials_replace: False l_bind_docker_reg_auth: False +openshift_docker_alternative_creds: "{{ (openshift_docker_use_system_container | default(False)) or (openshift_use_crio_only | default(False)) }}" # NOTE # r_openshift_node_*_default may be defined external to this role. diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index 5e5e4f94a..f5428867a 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -8,6 +8,7 @@ - name: Create credentials for registry auth command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: + - not (openshift_docker_alternative_creds | default(False)) - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: node_oreg_auth_credentials_create @@ -17,6 +18,24 @@ notify: - restart node +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for registry auth (alternative) + docker_creds: + path: "{{ oreg_auth_credentials_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | bool + - oreg_auth_user is defined + - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: node_oreg_auth_credentials_create + notify: + - restart node + # Container images may need the registry credentials - name: Setup ro mount of /root/.docker for containerized hosts set_fact: |