From 33da79e7389a3fceeaf735663fd8051a0a2fe057 Mon Sep 17 00:00:00 2001 From: Andrew Butcher Date: Tue, 25 Oct 2016 13:45:56 -0400 Subject: Default hosted_registry_insecure true when insecure registry present in existing /etc/sysconfig/docker. --- roles/openshift_docker_facts/tasks/main.yml | 2 +- roles/openshift_facts/library/openshift_facts.py | 23 ++++++++++++++++++++-- roles/openshift_hosted/tasks/registry/registry.yml | 2 +- 3 files changed, 23 insertions(+), 4 deletions(-) (limited to 'roles') diff --git a/roles/openshift_docker_facts/tasks/main.yml b/roles/openshift_docker_facts/tasks/main.yml index 0c8a36d65..c690c5243 100644 --- a/roles/openshift_docker_facts/tasks/main.yml +++ b/roles/openshift_docker_facts/tasks/main.yml @@ -13,7 +13,7 @@ log_options: "{{ openshift_docker_log_options | default(None) }}" options: "{{ openshift_docker_options | default(None) }}" disable_push_dockerhub: "{{ openshift_disable_push_dockerhub | default(None) }}" - hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(False) }}" + hosted_registry_insecure: "{{ openshift_docker_hosted_registry_insecure | default(openshift.docker.hosted_registry_insecure | default(False)) }}" hosted_registry_network: "{{ openshift_docker_hosted_registry_network | default(None) }}" - set_fact: diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index f281b1303..bf23786c2 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -55,7 +55,6 @@ def migrate_docker_facts(facts): facts['docker'][param] = facts[role].pop(old_param) if 'node' in facts and 'portal_net' in facts['node']: - facts['docker']['hosted_registry_insecure'] = True facts['docker']['hosted_registry_network'] = facts['node'].pop('portal_net') # log_options was originally meant to be a comma separated string, but @@ -1138,6 +1137,24 @@ def get_docker_version_info(): } return result +def get_hosted_registry_insecure(): + """ Parses OPTIONS from /etc/sysconfig/docker to determine if the + registry is currently insecure. + """ + hosted_registry_insecure = None + if os.path.exists('/etc/sysconfig/docker'): + try: + ini_str = unicode('[root]\n' + open('/etc/sysconfig/docker', 'r').read(), 'utf-8') + ini_fp = io.StringIO(ini_str) + config = ConfigParser.RawConfigParser() + config.readfp(ini_fp) + options = config.get('root', 'OPTIONS') + if 'insecure-registry' in options: + hosted_registry_insecure = True + except: + pass + return hosted_registry_insecure + def get_openshift_version(facts): """ Get current version of openshift on the host. @@ -1790,13 +1807,15 @@ class OpenShiftFacts(object): if 'docker' in roles: docker = dict(disable_push_dockerhub=False, - hosted_registry_insecure=True, options='--log-driver=json-file --log-opt max-size=50m') version_info = get_docker_version_info() if version_info is not None: docker['api_version'] = version_info['api_version'] docker['version'] = version_info['version'] docker['gte_1_10'] = LooseVersion(version_info['version']) >= LooseVersion('1.10') + hosted_registry_insecure = get_hosted_registry_insecure() + if hosted_registry_insecure is not None: + docker['hosted_registry_insecure'] = hosted_registry_insecure defaults['docker'] = docker if 'clock' in roles: diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index c29df1873..93b701ebc 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -53,7 +53,7 @@ - include: secure.yml static: no - when: replicas | int > 0 + when: replicas | int > 0 and not (openshift.docker.hosted_registry_insecure | default(false) | bool) - include: storage/object_storage.yml static: no -- cgit v1.2.3