From 6826f27769563d30194818a0f13b9da086ddf7ab Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 26 Sep 2016 10:36:02 -0400
Subject: Further secure registry improvements

- Default to hosted_registry_insecure=False
- Add openshift ca to system ca-trust.
- Update ca trust in openshift_node_certificates rather than docker_ca_trust
---
 playbooks/common/openshift-node/config.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'playbooks/common/openshift-node')

diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index f718dbfbd..364a62dd0 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -60,12 +60,12 @@
     when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
             openshift_generate_no_proxy_hosts | default(True) | bool }}"
   roles:
+  - role: openshift_common
   - role: openshift_clock
   - role: openshift_docker
   - role: openshift_node_certificates
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
   - role: openshift_cloud_provider
-  - role: openshift_common
   - role: openshift_node_dnsmasq
     when: openshift.common.use_dnsmasq
   - role: os_firewall
@@ -99,12 +99,12 @@
     when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and
             openshift_generate_no_proxy_hosts | default(True) | bool }}"
   roles:
+  - role: openshift_common
   - role: openshift_clock
   - role: openshift_docker
   - role: openshift_node_certificates
     openshift_ca_host: "{{ groups.oo_first_master.0 }}"
   - role: openshift_cloud_provider
-  - role: openshift_common
   - role: openshift_node_dnsmasq
     when: openshift.common.use_dnsmasq
   - role: os_firewall
-- 
cgit v1.2.3