summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/openshift_node/handlers/main.yml3
-rw-r--r--roles/openshift_node/tasks/main.yml42
2 files changed, 45 insertions, 0 deletions
diff --git a/roles/openshift_node/handlers/main.yml b/roles/openshift_node/handlers/main.yml
index 953a1421b..8b5acefbf 100644
--- a/roles/openshift_node/handlers/main.yml
+++ b/roles/openshift_node/handlers/main.yml
@@ -1,3 +1,6 @@
---
- name: restart openshift-node
service: name=openshift-node state=restarted
+
+- name: restart docker
+ service: name=docker state=restarted
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index adffca252..18f0ce064 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -70,6 +70,48 @@
line: "OPTIONS='--insecure-registry={{ openshift.node.portal_net }} \
{% if ansible_selinux and ansible_selinux.status == '''enabled''' %}--selinux-enabled{% endif %}'"
when: docker_check.stat.isreg
+ notify:
+ - restart docker
+
+- set_fact:
+ docker_additional_registries: "registry.access.redhat.com,{{ lookup('oo_option', 'docker_additional_registries') }}"
+ when: deployment_type == 'enterprise'
+- set_fact:
+ docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
+ when: deployment_type != 'enterprise'
+
+- name: Add personal registries
+ lineinfile:
+ dest: /etc/sysconfig/docker
+ regexp: '^ADD_REGISTRY=.*'
+ line: "ADD_REGISTRY='{{ docker_additional_registries | oo_split()
+ | oo_prepend_strings_in_list('--add-registry ') | join(' ') }}'"
+ when: docker_check.stat.isreg and
+ docker_additional_registries != ''
+ notify:
+ - restart docker
+
+- name: Block registries
+ lineinfile:
+ dest: /etc/sysconfig/docker
+ regexp: '^BLOCK_REGISTRY=.*'
+ line: "BLOCK_REGISTRY='{{ lookup('oo_option', 'docker_blocked_registries') | oo_split()
+ | oo_prepend_strings_in_list('--block-registry ') | join(' ') }}'"
+ when: docker_check.stat.isreg and
+ lookup('oo_option', 'docker_blocked_registries') != ''
+ notify:
+ - restart docker
+
+- name: Grant access to additional insecure registries
+ lineinfile:
+ dest: /etc/sysconfig/docker
+ regexp: '^INSECURE_REGISTRY=.*'
+ line: "INSECURE_REGISTRY='{{ lookup('oo_option', 'docker_insecure_registries') | oo_split()
+ | oo_prepend_strings_in_list('--insecure-registry ') | join(' ') }}'"
+ when: docker_check.stat.isreg and
+ lookup('oo_option', 'docker_insecure_registries') != ''
+ notify:
+ - restart docker
- name: Allow NFS access for VMs
seboolean: name=virt_use_nfs state=yes persistent=yes