summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted/tasks/registry/registry.yml
Commit message (Collapse)AuthorAgeFilesLines
* Workaround Ansible Jinja2 delimiter warningRussell Teague2017-09-121-1/+1
| | | | | | | This workaround prevents the warnings on using Jinja2 templating delimiters in `when:` conditions in cases where a variable is used as the conditional. This has been fixed in Ansible 2.4. https://github.com/ansible/ansible/pull/25092
* Merge pull request #5148 from kwoodson/registry_proxy_updatesOpenShift Bot2017-09-061-0/+8
|\ | | | | Merged by openshift-bot
| * Adding proxy env vars for dc/docker-registryKenny Woodson2017-08-211-0/+8
| |
* | Merge pull request #5011 from kwoodson/provisionScott Dodson2017-08-231-28/+30
|\ \ | | | | | | AWS Provisioning with scale groups.
| * | First attempt at provisioning.Kenny Woodson2017-08-211-28/+30
| |/
* | Merge pull request #4254 from dmsimard/registry_certsScott Dodson2017-08-211-3/+0
|\ \ | |/ |/| Refactor openshift_hosted's docker-registry route setup
| * Refactor openshift_hosted's docker-registry route setupDavid Moreau-Simard2017-07-231-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have identified an issue where a docker-registry service set up as 'reencrypt' with a provided certificate and a self-signed certificate on the pod does not authorize users to push images. If the docker-registry service is set up as 'passthrough' with the same provided certificate, everything works. In light of this, this commit essentially adds support for configuring provided certificates with a passthrough route while maintaining backwards compatibility with the other use cases. The default remains 'passthrough' with self-generated certificates. Other miscellaneous changes include: - Move fact setup that were only used in secure.yml there - Omit the hostname for the route if there are none to configure, oc_route takes care of handling the default - Replace hardcoded /etc/origin/master by openshift_master_config_dir
* | First attempt at refactor of os_firewallKenny Woodson2017-08-081-2/+5
|/
* Set OPENSHIFT_DEFAULT_REGISTRY in registry dc.Andrew Butcher2017-06-301-0/+5
|
* registry: look for the oc executable in /usr/local/bin and ~/binGiuseppe Scrivano2017-06-271-2/+2
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Make rollout status check best-effort, add pollSteve Kuznetsov2017-06-131-1/+24
| | | | | | | | | | | | | | We cannot rely on the `watch.Until` call in the `rollout status` subcommand for the time being, so we need to ignore the result of this call. This will make the rollout status check best-effort, so we need to follow it with a poll for the actual status of the rollout, which we can extract from the `openshift.io/deployment.phase` annotation on the ReplicationControllers. This annotation can have only three values -- `Running`, `Complete` and `Failed`. If we poll on this attribute until we stop seeing `Running`, we can then inspect the last result for `Failed`; if it's present, we have failed the deployment. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* Verify the rollout status of the hosted router and registrySteve Kuznetsov2017-06-091-0/+6
| | | | | | | | | | | | | | When deploying the hosted router and registry components, we need to ensure that they correctly roll out. The previous checks were weak in that they either simply waited for a set amount of time and/or did one replica check. They would fail if the router or registry took longer to deploy or if there were un-ready or failing replicas. The `oc rollout` command group contains the `status` endpoint for internalizing all of the logic for determining when a rollout has succeeded or failed, so simply using this client call will ensure that the router and registry correctly deploy. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
* GlusterFS: Allow swapping an existing registry's backend storageJose A. Rivera2017-05-041-1/+1
| | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* hosted registry: Fix typoJose A. Rivera2017-05-041-1/+1
| | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* Allow for GlusterFS to provide registry storageJose A. Rivera2017-04-101-1/+5
| | | | Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
* Refactor and remove openshift_serviceaccountRussell Teague2017-03-131-2/+14
|
* Add oc_adm_policy_user task cluster-role policyRussell Teague2017-03-021-0/+7
|
* Correct config for hosted registryRussell Teague2017-03-021-1/+2
|
* Merge pull request #3493 from kwoodson/registry_reencyrpt_routeScott Dodson2017-03-011-0/+3
|\ | | | | Adding support for a route with reencrypt and certificates.
| * Defaulting variables properly to avoid undefined route in dict error.Kenny Woodson2017-03-011-3/+3
| |
| * Modified base debug statements. Fixed oc_secret debug/verbose flag. Added ↵Kenny Woodson2017-02-281-1/+0
| | | | | | | | reencrypt for route.
| * Adding support for a route with certs and reencrypt.Kenny Woodson2017-02-281-0/+4
| |
* | Merge pull request #3515 from mtnbikenc/registry-pvc-fixRussell Teague2017-02-281-2/+3
|\ \ | |/ |/| BZ1427009: Correct fact creation for pvc
| * Correct fact creation for pvcRussell Teague2017-02-271-2/+3
| |
* | Create hosted registry serviceRussell Teague2017-02-271-0/+13
|/
* openshift_hosted: Update tasks to use oc_ modulesRussell Teague2017-02-241-51/+75
|
* Default hosted_registry_insecure true when insecure registry present in ↵Andrew Butcher2016-10-261-1/+1
| | | | existing /etc/sysconfig/docker.
* Switch from "oadm" to "oc adm" and fix bug in binary sync.Devan Goodwin2016-10-191-1/+1
| | | | | | | | Found bug syncing binaries to containerized hosts where if a symlink was pre-existing, but pointing to the wrong destination, it would not be corrected. Switched to using oc adm instead of oadm.
* Don't secure registry or deploy registry console when infra replics == 0Andrew Butcher2016-10-041-0/+1
|
* Secure registry improvements.Andrew Butcher2016-09-291-1/+0
| | | | | | * Convert oc template calls to jsonpath. * Wait for deployments to finish before restarting docker. * Re-organize node ca configuration.
* Secure registry for atomic registry deployment (deployment_subtype=registry).Andrew Butcher2016-09-021-1/+7
|
* Move storage includes up to main.Andrew Butcher2016-08-081-0/+2
|
* Rename router and registry node list variables.Andrew Butcher2016-08-021-2/+2
|
* Fix registry/router being created despite no infra nodes.Devan Goodwin2016-07-271-3/+19
| | | | | | Fix a bug with determining the correct number of replicas to use, and guarding the creation of the router/registry on whether or not replicas is > 0.
* Default nodes matching selectors when not collected.Andrew Butcher2016-07-211-1/+1
|
* Set registry replicas = 1 when no storage specified.Andrew Butcher2016-07-121-1/+1
|
* Various hosted component improvementsAndrew Butcher2016-07-071-0/+40
* [openshift_projects] Add openshift_projects role * [openshift_hosted] hosted deployments use openshift_hosted_infra_selector if openshift_hosted_<component>_selector is not defined * [openshift_hosted] move openshift_projects, openshift_serviceaccounts and openshift_metrics to dependencies of openshift_hosted * [router] improve router deployment - add router option to force subdomain - add CA to router certificate options * [registry] move registry config into openshift_hosted role - additional registry fixes/tweaks - add s3 storage support for registry * [serviceaccount] fix up serviceaccount creation
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 20:05:41 +0000