diff options
| author | Michael Gugino <mgugino@redhat.com> | 2017-09-22 10:37:54 -0400 |
|---|---|---|
| committer | Michael Gugino <mgugino@redhat.com> | 2017-09-22 10:42:24 -0400 |
| commit | 3d9af759fe9e69f0b4a83e69e16d7a5bd0d56b6f (patch) | |
| tree | ddc0ac274ee50464a5e2bc82ab1259708bb27ba4 /roles/openshift_node/tasks | |
| parent | 91c1c6fc7323ca885956102248b2e5b18e5332c3 (diff) | |
| download | openshift-3d9af759fe9e69f0b4a83e69e16d7a5bd0d56b6f.tar.gz openshift-3d9af759fe9e69f0b4a83e69e16d7a5bd0d56b6f.tar.bz2 openshift-3d9af759fe9e69f0b4a83e69e16d7a5bd0d56b6f.tar.xz openshift-3d9af759fe9e69f0b4a83e69e16d7a5bd0d56b6f.zip | |
Fix registry_auth logic for upgrades
Currently, the logic for registry authentication is
not implemented correctly to account for upgrades of
containerized hosts.
Additionally, the logic to account for multiple runs
of openshift-ansible might cause registry authentication
credentials to not be mounted inside of containerized hosts.
This commit adds the necessary logic to ensure containerized
hosts retain registry credentials.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1494470
Diffstat (limited to 'roles/openshift_node/tasks')
| -rw-r--r-- | roles/openshift_node/tasks/registry_auth.yml | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/roles/openshift_node/tasks/registry_auth.yml b/roles/openshift_node/tasks/registry_auth.yml index f370bb260..3d2831742 100644 --- a/roles/openshift_node/tasks/registry_auth.yml +++ b/roles/openshift_node/tasks/registry_auth.yml @@ -5,21 +5,20 @@ when: oreg_auth_user is defined register: node_oreg_auth_credentials_stat -# Container images may need the registry credentials -- name: Setup ro mount of /root/.docker for containerized hosts - set_fact: - l_bind_docker_reg_auth: True +- name: Create credentials for registry auth + command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" when: - - openshift.common.is_containerized | bool - oreg_auth_user is defined - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool + register: node_oreg_auth_credentials_create notify: - restart node -- name: Create credentials for registry auth - command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}" +# Container images may need the registry credentials +- name: Setup ro mount of /root/.docker for containerized hosts + set_fact: + l_bind_docker_reg_auth: True when: + - openshift.common.is_containerized | bool - oreg_auth_user is defined - - (not node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool - notify: - - restart node + - (node_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or oreg_auth_credentials_replace.changed) | bool |