From db30a2eb386930e0b20c8106e334d605e2ae770a Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Mon, 11 Sep 2017 13:07:35 -0400 Subject: Fix: authenticated registry support for containerized hosts Currently, openshift-anisble supports authentication to container registries to pull down openshift container images. The openshift_verison role uses the docker cli to gather image information from container registries before authentication credentials are provided by openshift-ansible. This commit creates the necessary token to authenticate to private registries during openshift_version. The token is generated by the role 'docker' on all hosts where docker is installed/configured when oreg_auth_users is defined. This commit also adds a read-only mount into the openshift master and node container services. This mount is '/var/lib/origin/.docker:/root/.docker:ro'. This is because the container images do not currently read the values in '/var/lib/origin/.docker' as this may be a bug upstream. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341 --- roles/openshift_node/tasks/main.yml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'roles/openshift_node/tasks/main.yml') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 22ff6dfd2..ff8d1942c 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -76,20 +76,7 @@ include: config.yml when: not openshift_node_bootstrap -- name: Check for credentials file for registry auth - stat: - path: "{{oreg_auth_credentials_path }}" - when: - - oreg_auth_user is defined - register: node_oreg_auth_credentials_stat - -- name: Create credentials for registry auth - command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" - when: - - oreg_auth_user is defined - - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool - notify: - - restart node +- include: registry_auth.yml - name: Configure AWS Cloud Provider Settings lineinfile: -- cgit v1.2.3