From 6c6635df9d2fb57b1e70bfc63b7301b7e7c28d72 Mon Sep 17 00:00:00 2001
From: Stefanie Forrester <sedgar@redhat.com>
Date: Thu, 17 Sep 2015 15:01:51 -0700
Subject: Added S3 docker-registry config script

---
 playbooks/adhoc/s3_registry/s3_registry.j2  | 20 +++++++++++
 playbooks/adhoc/s3_registry/s3_registry.yml | 55 +++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)
 create mode 100644 playbooks/adhoc/s3_registry/s3_registry.j2
 create mode 100644 playbooks/adhoc/s3_registry/s3_registry.yml

diff --git a/playbooks/adhoc/s3_registry/s3_registry.j2 b/playbooks/adhoc/s3_registry/s3_registry.j2
new file mode 100644
index 000000000..eb8660f6c
--- /dev/null
+++ b/playbooks/adhoc/s3_registry/s3_registry.j2
@@ -0,0 +1,20 @@
+version: 0.1
+log:
+  level: debug
+http:
+  addr: :5000
+storage:
+  cache:
+    layerinfo: inmemory
+  s3:
+    accesskey: {{ accesskey }}
+    secretkey: {{ secretkey }}
+    region: us-east-1
+    bucket: {{ bucketname }}
+    encrypt: true
+    secure: true
+    v4auth: true
+    rootdirectory: /registry
+middleware:
+  repository:
+    - name: openshift
diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml
new file mode 100644
index 000000000..61280df0b
--- /dev/null
+++ b/playbooks/adhoc/s3_registry/s3_registry.yml
@@ -0,0 +1,55 @@
+---
+# This playbook creates an S3 bucket, if it doesn't already exist, and configures the docker registry service to use the bucket as its backend storage.
+# Usage:
+#  ansible-playbook s3_registry.yml -e bucketname="mybucket" -e accesskey="S3 aws access key" -e secretkey="S3 aws secret key" -e master="master fqdn or IP" -i "master,"
+#
+# Example:
+#  ansible-playbook s3_registry.yml -e accesskey="asdf" -e secretkey="hjkl" -e bucketname="testbucket" -e master="54.173.148.238" -i "54.173.148.238,"
+#
+# The bucket name can be anything, but generally should correspond with your cluster name.
+# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
+# The 'master' param is the fqdn or public IP of your cluster's master.
+# The -i param allows this playbook to be run on your master, even if it's not yet in your main inventory file. (The comma is mandatory).
+
+- hosts: "{{ master }}"
+  remote_user: root
+  gather_facts: False
+
+  tasks:
+
+  - name: Create S3 bucket
+    local_action:
+      module: s3 bucket={{ bucketname|quote }} mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }}
+
+  - name: Generate docker registry config
+    template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
+
+  - name: Determine if new secrets are needed
+    command: oc get secrets
+    register: secrets
+
+  - name: Create registry secrets
+    command: oc secrets new dockerregistry /root/config.yml
+    when: "'dockerregistry' not in secrets.stdout"
+
+  - name: Determine if service account contains secrets
+    command: oc describe serviceaccount/registry
+    register: serviceaccount
+
+  - name: Add secrets to registry service account
+    command: oc secrets add serviceaccount/registry secrets/dockerregistry
+    when: "'dockerregistry' not in serviceaccount.stdout"
+
+  - name: Determine if deployment config contains secrets
+    command: oc volume dc/docker-registry --list
+    register: dc
+
+  - name: Add secrets to registry deployment config
+    command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry
+    when: "'dockersecrets' not in dc.stdout"
+
+  - name: Scale up registry
+    command: oc scale --replicas=1 dc/docker-registry
+
+  - name: Delete temporary config file
+    file: path=/root/config.yml state=absent
-- 
cgit v1.2.3


From 9deff4bd696168111316dc366c1b193e02e08c8b Mon Sep 17 00:00:00 2001
From: Stefanie Forrester <sedgar@redhat.com>
Date: Thu, 24 Sep 2015 11:56:30 -0700
Subject: added dynamic inventory support for single-master clusters

---
 playbooks/adhoc/s3_registry/s3_registry.j2  |  2 +-
 playbooks/adhoc/s3_registry/s3_registry.yml | 15 +++++----------
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/playbooks/adhoc/s3_registry/s3_registry.j2 b/playbooks/adhoc/s3_registry/s3_registry.j2
index eb8660f6c..026b24456 100644
--- a/playbooks/adhoc/s3_registry/s3_registry.j2
+++ b/playbooks/adhoc/s3_registry/s3_registry.j2
@@ -10,7 +10,7 @@ storage:
     accesskey: {{ accesskey }}
     secretkey: {{ secretkey }}
     region: us-east-1
-    bucket: {{ bucketname }}
+    bucket: {{ clusterid }}-docker
     encrypt: true
     secure: true
     v4auth: true
diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml
index 61280df0b..30b873db3 100644
--- a/playbooks/adhoc/s3_registry/s3_registry.yml
+++ b/playbooks/adhoc/s3_registry/s3_registry.yml
@@ -1,17 +1,12 @@
 ---
-# This playbook creates an S3 bucket, if it doesn't already exist, and configures the docker registry service to use the bucket as its backend storage.
+# This playbook creates an S3 bucket named after your cluster and configures the docker-registry service to use the bucket as its backend storage.
 # Usage:
-#  ansible-playbook s3_registry.yml -e bucketname="mybucket" -e accesskey="S3 aws access key" -e secretkey="S3 aws secret key" -e master="master fqdn or IP" -i "master,"
+#  ansible-playbook s3_registry.yml -e accesskey="S3 aws access key" -e secretkey="S3 aws secret key" -e clusterid="mycluster"
 #
-# Example:
-#  ansible-playbook s3_registry.yml -e accesskey="asdf" -e secretkey="hjkl" -e bucketname="testbucket" -e master="54.173.148.238" -i "54.173.148.238,"
-#
-# The bucket name can be anything, but generally should correspond with your cluster name.
 # The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role.
-# The 'master' param is the fqdn or public IP of your cluster's master.
-# The -i param allows this playbook to be run on your master, even if it's not yet in your main inventory file. (The comma is mandatory).
+# The 'clusterid' is the short name of your cluster.
 
-- hosts: "{{ master }}"
+- hosts: security_group_{{ clusterid }}_master
   remote_user: root
   gather_facts: False
 
@@ -19,7 +14,7 @@
 
   - name: Create S3 bucket
     local_action:
-      module: s3 bucket={{ bucketname|quote }} mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }}
+      module: s3 bucket="{{ clusterid }}-docker" mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }}
 
   - name: Generate docker registry config
     template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600
-- 
cgit v1.2.3