-
Notifications
You must be signed in to change notification settings - Fork 2.3k
/
Copy pathregistry.yml
166 lines (147 loc) · 7.19 KB
/
registry.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
---
- name: setup firewall
include: firewall.yml
static: yes
- when: openshift.hosted.registry.replicas | default(none) is none
block:
- name: Retrieve list of openshift nodes matching registry selector
oc_obj:
state: list
kind: node
selector: "{{ openshift.hosted.registry.selector | default(omit) }}"
register: registry_nodes
- name: set_fact l_node_count to number of nodes matching registry selector
set_fact:
l_node_count: "{{ registry_nodes.results.results[0]['items'] | length }}"
# Determine the default number of registry/router replicas to use if no count
# has been specified.
# If no registry nodes defined, the default should be 0.
- name: set_fact l_default_replicas when l_node_count == 0
set_fact:
l_default_replicas: 0
when: l_node_count | int == 0
# If registry nodes are defined and the registry storage kind is
# defined, default should be the number of registry nodes, otherwise
# just 1:
- name: set_fact l_default_replicas when l_node_count > 0
set_fact:
l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}"
when: l_node_count | int > 0
- name: set openshift_hosted facts
set_fact:
openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
openshift_hosted_registry_name: docker-registry
openshift_hosted_registry_serviceaccount: registry
openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}"
openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
openshift_hosted_registry_volumes: []
openshift_hosted_registry_env_vars: {}
openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routecertificates, {}) }}"
openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}"
openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}"
openshift_hosted_registry_edits:
# These edits are being specified only to prevent 'changed' on rerun
- key: spec.strategy.rollingParams
value:
intervalSeconds: 1
maxSurge: "25%"
maxUnavailable: "25%"
timeoutSeconds: 600
updatePeriodSeconds: 1
action: put
openshift_hosted_registry_force:
- False
- name: Update registry environment variables when pushing via dns
set_fact:
openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'OPENSHIFT_DEFAULT_REGISTRY':'docker-registry.default.svc:5000'}) }}"
when: openshift_push_via_dns | default(false) | bool
- name: Create the registry service account
oc_serviceaccount:
name: "{{ openshift_hosted_registry_serviceaccount }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
- name: Grant the registry service account access to the appropriate scc
oc_adm_policy_user:
user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
resource_kind: scc
resource_name: hostnetwork
- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
oc_adm_policy_user:
user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
resource_kind: cluster-role
resource_name: system:registry
- name: create the default registry service
oc_service:
namespace: "{{ openshift_hosted_registry_namespace }}"
name: "{{ openshift_hosted_registry_name }}"
ports:
- name: 5000-tcp
port: 5000
protocol: TCP
targetPort: 5000
selector:
docker-registry: default
session_affinity: ClientIP
service_type: ClusterIP
- include: secure.yml
static: no
run_once: true
when:
- not (openshift.docker.hosted_registry_insecure | default(false) | bool)
- include: storage/object_storage.yml
static: no
when:
- openshift.hosted.registry.storage.kind | default(none) == 'object'
- name: Update openshift_hosted facts for persistent volumes
set_fact:
openshift_hosted_registry_volumes: "{{ openshift_hosted_registry_volumes | union(pvc_volume_mounts) }}"
vars:
pvc_volume_mounts:
- name: registry-storage
type: persistentVolumeClaim
claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-claim"
when:
- openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack', 'glusterfs']
- name: Create OpenShift registry
oc_adm_registry:
name: "{{ openshift_hosted_registry_name }}"
namespace: "{{ openshift_hosted_registry_namespace }}"
selector: "{{ openshift_hosted_registry_selector }}"
replicas: "{{ openshift_hosted_registry_replicas }}"
service_account: "{{ openshift_hosted_registry_serviceaccount }}"
images: "{{ openshift_hosted_registry_images }}"
env_vars: "{{ openshift_hosted_registry_env_vars }}"
volume_mounts: "{{ openshift_hosted_registry_volumes }}"
edits: "{{ openshift_hosted_registry_edits }}"
force: "{{ True|bool in openshift_hosted_registry_force }}"
- name: Ensure OpenShift registry correctly rolls out (best-effort today)
command: |
oc rollout status deploymentconfig {{ openshift_hosted_registry_name }} \
--namespace {{ openshift_hosted_registry_namespace }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig
async: 600
poll: 15
failed_when: false
- name: Determine the latest version of the OpenShift registry deployment
command: |
{{ openshift.common.client_binary }} get deploymentconfig {{ openshift_hosted_registry_name }} \
--namespace {{ openshift_hosted_registry_namespace }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-o jsonpath='{ .status.latestVersion }'
register: openshift_hosted_registry_latest_version
- name: Sanity-check that the OpenShift registry rolled out correctly
command: |
{{ openshift.common.client_binary }} get replicationcontroller {{ openshift_hosted_registry_name }}-{{ openshift_hosted_registry_latest_version.stdout }} \
--namespace {{ openshift_hosted_registry_namespace }} \
--config {{ openshift.common.config_base }}/master/admin.kubeconfig \
-o jsonpath='{ .metadata.annotations.openshift\.io/deployment\.phase }'
register: openshift_hosted_registry_rc_phase
until: "'Running' not in openshift_hosted_registry_rc_phase.stdout"
delay: 15
retries: 40
failed_when: "'Failed' in openshift_hosted_registry_rc_phase.stdout"
- include: storage/glusterfs.yml
when:
- openshift.hosted.registry.storage.kind | default(none) == 'glusterfs' or openshift.hosted.registry.storage.glusterfs.swap