diff options
Diffstat (limited to 'roles/openshift_node/tasks')
-rw-r--r-- | roles/openshift_node/tasks/bootstrap.yml | 1 | ||||
-rw-r--r-- | roles/openshift_node/tasks/config.yml | 1 | ||||
-rw-r--r-- | roles/openshift_node/tasks/registry_auth.yml | 19 |
3 files changed, 21 insertions, 0 deletions
diff --git a/roles/openshift_node/tasks/bootstrap.yml b/roles/openshift_node/tasks/bootstrap.yml index 8cf41ab4c..b8be50f6c 100644 --- a/roles/openshift_node/tasks/bootstrap.yml +++ b/roles/openshift_node/tasks/bootstrap.yml @@ -34,6 +34,7 @@ - name: include aws sysconfig credentials include: aws.yml static: yes + when: not (openshift_node_use_instance_profiles | default(False)) #- name: update the ExecStart to have bootstrap # lineinfile: diff --git a/roles/openshift_node/tasks/config.yml b/roles/openshift_node/tasks/config.yml index c08f43118..2fea33454 100644 --- a/roles/openshift_node/tasks/config.yml +++ b/roles/openshift_node/tasks/config.yml @@ -49,6 +49,7 @@ - name: include aws provider credentials include: aws.yml static: yes + when: not (openshift_node_use_instance_profiles | default(False)) # Necessary because when you're on a node that's also a master the master will be # restarted after the node restarts docker and it will take up to 60 seconds for diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index 5e5e4f94a..f5428867a 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -8,6 +8,7 @@ - name: Create credentials for registry auth command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: + - not (openshift_docker_alternative_creds | default(False)) - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool register: node_oreg_auth_credentials_create @@ -17,6 +18,24 @@ notify: - restart node +# docker_creds is a custom module from lib_utils +# 'docker login' requires a docker.service running on the local host, this is an +# alternative implementation for non-docker hosts. This implementation does not +# check the registry to determine whether or not the credentials will work. +- name: Create credentials for registry auth (alternative) + docker_creds: + path: "{{ oreg_auth_credentials_path }}" + registry: "{{ oreg_host }}" + username: "{{ oreg_auth_user }}" + password: "{{ oreg_auth_password }}" + when: + - openshift_docker_alternative_creds | bool + - oreg_auth_user is defined + - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: node_oreg_auth_credentials_create + notify: + - restart node + # Container images may need the registry credentials - name: Setup ro mount of /root/.docker for containerized hosts set_fact: |