From 17c6b4c5da76ecff6f8c68254ab6424d0d9a736e Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Fri, 12 Jun 2015 11:19:29 -0700 Subject: Infrastructure - Set OpenShift Registry * TODO: update to secure when 'add volume' feature available in origin --- roles/openshift_node/tasks/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index c5202650f..7dd76e0b8 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -56,6 +56,17 @@ notify: - restart openshift-node +- stat: path=/etc/sysconfig/docker + register: docker_check + + # TODO: Enable secure registry when code available in origin +- name: Secure OpenShift Registry + lineinfile: + dest: /etc/sysconfig/docker + regexp: '^OPTIONS=.*' + line: "OPTIONS='--insecure-registry=172.30.0.0/16 --selinux-enabled'" + when: docker_check.stat.isreg + - name: Allow NFS access for VMs seboolean: name=virt_use_nfs state=yes persistent=yes -- cgit v1.2.3 From ccf7dfedb636c2fc7392f1c2ec1f1d06f0d0c5b5 Mon Sep 17 00:00:00 2001 From: Jhon Honce Date: Fri, 12 Jun 2015 13:43:46 -0700 Subject: * Make portal_net configurable when wetting up the nodes OpenShift Registry --- roles/openshift_node/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'roles/openshift_node/tasks') diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 7dd76e0b8..15d18f510 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -20,6 +20,7 @@ annotations: "{{ openshift_node_annotations | default(none) }}" registry_url: "{{ oreg_url | default(none) }}" debug_level: "{{ openshift_node_debug_level | default(openshift.common.debug_level) }}" + portal_net: "{{ openshift_master_portal_net | default(None) }}" - name: Install OpenShift Node package yum: pkg=openshift-node state=present @@ -64,7 +65,7 @@ lineinfile: dest: /etc/sysconfig/docker regexp: '^OPTIONS=.*' - line: "OPTIONS='--insecure-registry=172.30.0.0/16 --selinux-enabled'" + line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} --selinux-enabled'" when: docker_check.stat.isreg - name: Allow NFS access for VMs -- cgit v1.2.3