From 6fbc26e857146cbbee32b8df66b65fdd66730dab Mon Sep 17 00:00:00 2001 From: Scott Dodson Date: Fri, 16 Jun 2017 13:14:39 -0400 Subject: Enable push to registry via dns only on clean 3.6 installs We cannot assume that 3.5 to 3.6 upgrades were signed with the correct certs --- roles/openshift_master/tasks/main.yml | 3 +++ roles/openshift_master/templates/atomic-openshift-master.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'roles/openshift_master') diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 035c15fef..630d70a7e 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -128,6 +128,9 @@ when: openshift.master.request_header_ca is defined and item.kind == 'RequestHeaderIdentityProvider' and item.clientCA | default('') != '' with_items: "{{ openshift.master.identity_providers }}" +- set_fact: + openshift_push_via_dns: "{{ openshift_use_dnsmasq | default(true) and openshift.common.version_gte_3_6 and r_openshift_master_clean_install }}" + - name: Install the systemd units include: systemd_units.yml diff --git a/roles/openshift_master/templates/atomic-openshift-master.j2 b/roles/openshift_master/templates/atomic-openshift-master.j2 index 6c9e1336a..156bb49d6 100644 --- a/roles/openshift_master/templates/atomic-openshift-master.j2 +++ b/roles/openshift_master/templates/atomic-openshift-master.j2 @@ -1,6 +1,6 @@ OPTIONS=--loglevel={{ openshift.master.debug_level | default(2) }} CONFIG_FILE={{ openshift_master_config_file }} -{% if openshift_use_dnsmasq | default(true) and openshift_push_via_dns | default(false) %} +{% if openshift_push_via_dns %} OPENSHIFT_DEFAULT_REGISTRY=docker-registry.default.svc:5000 {% endif %} {% if openshift.common.is_containerized | bool %} -- cgit v1.2.3