--- - name: setup firewall import_tasks: firewall.yml vars: l_openshift_hosted_firewall_enabled: "{{ r_openshift_hosted_registry_firewall_enabled }}" l_openshift_hosted_use_firewalld: "{{ r_openshift_hosted_registry_use_firewalld }}" l_openshift_hosted_fw_allow: "{{ r_openshift_hosted_registry_os_firewall_allow }}" l_openshift_hosted_fw_deny: "{{ r_openshift_hosted_registry_os_firewall_deny }}" - when: openshift_hosted_registry_replicas | default(none) is none block: - name: Retrieve list of openshift nodes matching registry selector oc_obj: state: list kind: node selector: "{{ openshift_hosted_registry_selector }}" register: registry_nodes - name: set_fact l_node_count to number of nodes matching registry selector set_fact: l_node_count: "{{ registry_nodes.results.results[0]['items'] | length }}" # Determine the default number of registry/router replicas to use if no count # has been specified. # If no registry nodes defined, the default should be 0. - name: set_fact l_default_replicas when l_node_count == 0 set_fact: l_default_replicas: 0 when: l_node_count | int == 0 # If registry nodes are defined and the registry storage kind is # defined, default should be the number of registry nodes, otherwise # just 1: - name: set_fact l_default_replicas when l_node_count > 0 set_fact: l_default_replicas: "{{ l_node_count if openshift_hosted_registry_storage_kind | default(none) is not none else 1 }}" when: l_node_count | int > 0 - name: set openshift_hosted facts set_fact: # This determines the gluster_ips to use for the registry by looping over the glusterfs_registry group openshift_hosted_registry_storage_glusterfs_ips: "{%- set gluster_ips = [] %}{% if groups.glusterfs_registry is defined %}{% for node in groups.glusterfs_registry %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% elif groups.glusterfs is defined %}{% for node in groups.glusterfs %}{%- set _ = gluster_ips.append(hostvars[node].glusterfs_ip | default(hostvars[node].openshift.common.ip)) %}{% endfor %}{{ gluster_ips }}{% else %}{{ openshift_hosted_registry_storage_glusterfs_ips }}{% endif %}" - name: Update registry environment variables when pushing via dns set_fact: openshift_hosted_registry_env_vars: "{{ openshift_hosted_registry_env_vars | combine({'REGISTRY_OPENSHIFT_SERVER_ADDR':'docker-registry.default.svc:5000'}) }}" when: openshift_push_via_dns | bool - name: Update registry proxy settings for dc/docker-registry set_fact: openshift_hosted_registry_env_vars: "{{ {'HTTPS_PROXY': (openshift.common.https_proxy | default('')), 'HTTP_PROXY': (openshift.common.http_proxy | default('')), 'NO_PROXY': (openshift.common.no_proxy | default(''))} | combine(openshift_hosted_registry_env_vars) }}" when: (openshift.common.https_proxy | default(False)) or (openshift.common.http_proxy | default('')) != '' - name: Create the registry service account oc_serviceaccount: name: "{{ openshift_hosted_registry_serviceaccount }}" namespace: "{{ openshift_hosted_registry_namespace }}" - name: Grant the registry service account access to the appropriate scc oc_adm_policy_user: user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}" namespace: "{{ openshift_hosted_registry_namespace }}" resource_kind: scc resource_name: hostnetwork - name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry oc_adm_policy_user: user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}" namespace: "{{ openshift_hosted_registry_namespace }}" resource_kind: cluster-role resource_name: system:registry - name: create the default registry service oc_service: namespace: "{{ openshift_hosted_registry_namespace }}" name: "{{ openshift_hosted_registry_name }}" ports: - name: 5000-tcp port: 5000 protocol: TCP targetPort: 5000 selector: docker-registry: default session_affinity: ClientIP service_type: ClusterIP clusterip: '{{ openshift_hosted_registry_clusterip | default(omit) }}' - include_tasks: secure.yml run_once: true when: - not (openshift_docker_hosted_registry_insecure | default(False)) | bool - include_tasks: storage/object_storage.yml when: - openshift_hosted_registry_storage_kind | default(none) == 'object' - name: Update openshift_hosted facts for persistent volumes set_fact: openshift_hosted_registry_volumes: "{{ openshift_hosted_registry_volumes | union(pvc_volume_mounts) }}" vars: pvc_volume_mounts: - name: registry-storage type: persistentVolumeClaim claim_name: "{{ openshift_hosted_registry_storage_volume_name }}-claim" when: - openshift_hosted_registry_storage_kind | default(none) in ['nfs', 'openstack', 'glusterfs'] - include_tasks: storage/glusterfs_endpoints.yml when: - openshift_hosted_registry_storage_glusterfs_ips|length > 0 - openshift_hosted_registry_storage_kind | default(none) in ['glusterfs'] - openshift_hosted_registry_storage_class is not defined - name: Create OpenShift registry oc_adm_registry: name: "{{ openshift_hosted_registry_name }}" namespace: "{{ openshift_hosted_registry_namespace }}" selector: "{{ openshift_hosted_registry_selector }}" replicas: "{{ openshift_hosted_registry_replicas | default(l_default_replicas) }}" service_account: "{{ openshift_hosted_registry_serviceaccount }}" images: "{{ openshift_hosted_registry_registryurl }}" env_vars: "{{ openshift_hosted_registry_env_vars }}" volume_mounts: "{{ openshift_hosted_registry_volumes }}" edits: "{{ openshift_hosted_registry_edits }}" force: "{{ True|bool in openshift_hosted_registry_force }}" # TODO(michaelgugino) remove this set fact. It is currently necessary due to # custom module not properly templating variables. - name: setup registry list set_fact: r_openshift_hosted_registry_list: - name: "{{ openshift_hosted_registry_name }}" namespace: "{{ openshift_hosted_registry_namespace }}"