diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2017-10-24 11:59:31 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-10-24 11:59:31 -0700 |
| commit | abb5b1c5b899a121b8d2990b33880c93cd46ac88 (patch) | |
| tree | 9c6d410862ea50c783212e262cc162b0800df0cf | |
| parent | d9cfebd1196815542c945e3f217581bbbfc61eaa (diff) | |
| parent | 1f0690622de8f26667d40a838298e63ffd3887f5 (diff) | |
| download | openshift-abb5b1c5b899a121b8d2990b33880c93cd46ac88.tar.gz openshift-abb5b1c5b899a121b8d2990b33880c93cd46ac88.tar.bz2 openshift-abb5b1c5b899a121b8d2990b33880c93cd46ac88.tar.xz openshift-abb5b1c5b899a121b8d2990b33880c93cd46ac88.zip | |
Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgrades
Automatic merge from submit-queue.
Enable oreg_auth credential replace during upgrades
Currently, upgrades run a docker image pull prior to
upgrading masters and nodes for containerized installs.
If using a secure registry, and a user wishes to upgrade
their credentials due to expiry, the image pull will fail.
This commit ensures docker login credentials are updated
during upgrades, if necessary.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml | 6 | ||||
| -rw-r--r-- | roles/docker/tasks/package_docker.yml | 12 | ||||
| -rw-r--r-- | roles/docker/tasks/registry_auth.yml | 12 |
3 files changed, 19 insertions, 11 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index b9b3d323a..13fa37b09 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -4,6 +4,12 @@ msg: Verify OpenShift is already installed when: openshift.common.version is not defined +- name: Update oreg_auth docker login credentials if necessary + include_role: + name: docker + tasks_from: registry_auth.yml + when: oreg_auth_user is defined + - name: Verify containers are available for upgrade command: > docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml index d6aee0513..b16413f72 100644 --- a/roles/docker/tasks/package_docker.yml +++ b/roles/docker/tasks/package_docker.yml @@ -153,16 +153,6 @@ - set_fact: docker_service_status_changed: "{{ (r_docker_package_docker_start_result | changed) and (r_docker_already_running_result.stdout != 'ActiveState=active' ) }}" -- name: Check for credentials file for registry auth - stat: - path: "{{ docker_cli_auth_config_path }}/config.json" - when: oreg_auth_user is defined - register: docker_cli_auth_credentials_stat - -- name: Create credentials for docker cli registry auth - command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" - when: - - oreg_auth_user is defined - - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool +- include: registry_auth.yml - meta: flush_handlers diff --git a/roles/docker/tasks/registry_auth.yml b/roles/docker/tasks/registry_auth.yml new file mode 100644 index 000000000..65ed60efa --- /dev/null +++ b/roles/docker/tasks/registry_auth.yml @@ -0,0 +1,12 @@ +--- +- name: Check for credentials file for registry auth + stat: + path: "{{ docker_cli_auth_config_path }}/config.json" + when: oreg_auth_user is defined + register: docker_cli_auth_credentials_stat + +- name: Create credentials for docker cli registry auth + command: "docker --config={{ docker_cli_auth_config_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" + when: + - oreg_auth_user is defined + - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool |