summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted/tasks/registry/storage
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_hosted/tasks/registry/storage')
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/object_storage.yml114
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml18
-rw-r--r--roles/openshift_hosted/tasks/registry/storage/s3.yml12
3 files changed, 144 insertions, 0 deletions
diff --git a/roles/openshift_hosted/tasks/registry/storage/object_storage.yml b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
new file mode 100644
index 000000000..9db67ecc6
--- /dev/null
+++ b/roles/openshift_hosted/tasks/registry/storage/object_storage.yml
@@ -0,0 +1,114 @@
+- fail:
+ msg: >
+ Object Storage Provider: {{ openshift.hosted.registry.storage.provider }}
+ is not currently supported
+ when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift']
+
+- fail:
+ msg: >
+ Support for provider: "{{ openshift.hosted.registry.storage.provider }}"
+ not implemented yet
+ when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift']
+
+- include: s3.yml
+ when: openshift.hosted.registry.storage.provider == 's3'
+
+- name: Test if docker registry config secret exists
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ get secrets {{ registry_config_secret_name }} -o json
+ register: secrets
+ changed_when: false
+ failed_when: false
+
+- set_fact:
+ registry_config: "{{ lookup('template', '../templates/registry_config.j2') | b64encode }}"
+
+- set_fact:
+ registry_config_secret: "{{ lookup('template', '../templates/registry_config_secret.j2') | from_yaml }}"
+
+- set_fact:
+ same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}"
+ when: secrets.rc == 0
+
+- name: Update registry config secret
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ patch secret/{{ registry_config_secret_name }}
+ -p '{"data": {"config.yml": "{{ registry_config }}"}}'
+ register: update_config_secret
+ when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool
+
+- name: Create registry config secret
+ shell: >
+ echo '{{ registry_config_secret |to_json }}' |
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ create -f -
+ when: secrets.rc == 1
+
+- name: Determine if service account contains secrets
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ get serviceaccounts registry
+ -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
+ register: serviceaccount
+ changed_when: false
+
+- name: Add secrets to registry service account
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
+ when: serviceaccount.stdout == ''
+
+- name: Determine if deployment config contains secrets
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ set volumes dc/docker-registry --list
+ register: volume
+ changed_when: false
+
+- name: Add secrets to registry deployment config
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ set volumes dc/docker-registry --add --name=docker-config -m /etc/registry
+ --type=secret --secret-name={{ registry_config_secret_name }}
+ when: registry_config_secret_name not in volume.stdout
+
+- name: Determine if registry environment variable needs to be created
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ set env --list dc/docker-registry
+ register: oc_env
+ changed_when: false
+
+- name: Add registry environment variable
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml
+ when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout"
+
+- name: Redeploy registry
+ command: >
+ {{ openshift.common.client_binary }}
+ --config={{ openshift_hosted_kubeconfig }}
+ --namespace={{ openshift.hosted.registry.namespace | default('default') }}
+ deploy dc/docker-registry --latest
+ when: secrets.rc == 0 and update_config_secret.rc == 0 and same_storage_provider | bool
diff --git a/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml
new file mode 100644
index 000000000..6bf859e82
--- /dev/null
+++ b/roles/openshift_hosted/tasks/registry/storage/persistent_volume.yml
@@ -0,0 +1,18 @@
+---
+- set_fact:
+ registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim"
+
+- name: Determine if volume is already attached to dc/docker-registry
+ command: "{{ openshift.common.client_binary }} get -o template dc/docker-registry --template=\\{\\{.spec.template.spec.volumes\\}\\} --output-version=v1"
+ changed_when: false
+ register: registry_volumes_output
+
+- set_fact:
+ volume_attached: "{{ registry_volume_claim in registry_volumes_output.stdout }}"
+
+- name: Add volume to dc/docker-registry
+ command: >
+ {{ openshift.common.client_binary }} volume dc/docker-registry
+ --add --overwrite -t persistentVolumeClaim --claim-name={{ registry_volume_claim }}
+ --name=registry-storage
+ when: not volume_attached | bool
diff --git a/roles/openshift_hosted/tasks/registry/storage/s3.yml b/roles/openshift_hosted/tasks/registry/storage/s3.yml
new file mode 100644
index 000000000..707be9c00
--- /dev/null
+++ b/roles/openshift_hosted/tasks/registry/storage/s3.yml
@@ -0,0 +1,12 @@
+---
+- fail:
+ msg: >
+ openshift_hosted_registry_storage_s3_accesskey and
+ openshift_hosted_registry_storage_s3_secretkey are required
+ when: openshift.hosted.registry.storage.s3.accesskey | default(none) is none or openshift.hosted.registry.storage.s3.secretkey | default(none) is none
+
+- fail:
+ msg: >
+ openshift_hosted_registry_storage_s3_bucket and
+ openshift_hosted_registry_storage_s3_region are required
+ when: openshift.hosted.registry.storage.s3.bucket | default(none) is none or openshift.hosted.registry.storage.s3.region | default(none) is none
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 09:13:07 +0000