roles/openshift_hosted/tasks/registry/registry.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

---
- block:

  - name: Retrieve list of openshift nodes matching registry selector
    oc_obj:
      state: list
      kind: node
      selector: "{{ openshift.hosted.registry.selector | default(omit) }}"
    register: registry_nodes

  - name: set_fact l_node_count to number of nodes matching registry selector
    set_fact:
      l_node_count: "{{ registry_nodes.results.results[0]['items'] | length }}"

  # Determine the default number of registry/router replicas to use if no count
  # has been specified.
  # If no registry nodes defined, the default should be 0.
  - name: set_fact l_default_replicas when l_node_count == 0
    set_fact:
      l_default_replicas: 0
    when: l_node_count | int == 0

  # If registry nodes are defined and the registry storage kind is
  # defined, default should be the number of registry nodes, otherwise
  # just 1:
  - name: set_fact l_default_replicas when l_node_count > 0
    set_fact:
      l_default_replicas: "{{ l_node_count if openshift.hosted.registry.storage.kind | default(none) is not none else 1 }}"
    when: l_node_count | int > 0

  when: openshift.hosted.registry.replicas | default(none) is none

- name: set openshift_hosted facts
  set_fact:
    openshift_hosted_registry_replicas: "{{ openshift.hosted.registry.replicas | default(l_default_replicas) }}"
    openshift_hosted_registry_name: docker-registry
    openshift_hosted_registry_serviceaccount: registry
    openshift_hosted_registry_namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
    openshift_hosted_registry_selector: "{{ openshift.hosted.registry.selector }}"
    openshift_hosted_registry_images: "{{ openshift.hosted.registry.registryurl | default('openshift3/ose-${component}:${version}')}}"
    openshift_hosted_registry_volumes: []
    openshift_hosted_registry_env_vars: {}
    openshift_hosted_registry_routecertificates: "{{ ('routecertificates' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routecertificates, {}) }}"
    openshift_hosted_registry_routehost: "{{ ('routehost' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routehost, False) }}"
    openshift_hosted_registry_routetermination: "{{ ('routetermination' in openshift.hosted.registry.keys()) | ternary(openshift.hosted.registry.routetermination, 'passthrough') }}"
    openshift_hosted_registry_edits:
    # These edits are being specified only to prevent 'changed' on rerun
    - key: spec.strategy.rollingParams
      value:
        intervalSeconds: 1
        maxSurge: "25%"
        maxUnavailable: "25%"
        timeoutSeconds: 600
        updatePeriodSeconds: 1
      action: put
    openshift_hosted_registry_force:
    - False

- name: Create the registry service account
  oc_serviceaccount:
    name: "{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"

- name: Grant the registry serivce account access to the appropriate scc
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    resource_kind: scc
    resource_name: hostnetwork

- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
  oc_adm_policy_user:
    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    resource_kind: cluster-role
    resource_name: system:registry

- name: create the default registry service
  oc_service:
    namespace: "{{ openshift_hosted_registry_namespace }}"
    name: "{{ openshift_hosted_registry_name }}"
    ports:
    - name: 5000-tcp
      port: 5000
      protocol: TCP
      targetPort: 5000
    selector:
      docker-registry: default
    session_affinity: ClientIP
    service_type: ClusterIP

- include: secure.yml
  static: no
  run_once: true
  when:
  - not (openshift.docker.hosted_registry_insecure | default(false) | bool)

- include: storage/object_storage.yml
  static: no
  when:
  - openshift.hosted.registry.storage.kind | default(none) == 'object'

- name: Update openshift_hosted facts for persistent volumes
  set_fact:
    openshift_hosted_registry_volumes: "{{ openshift_hosted_registry_volumes | union(pvc_volume_mounts) }}"
  vars:
    pvc_volume_mounts:
    - name: registry-storage
      type: persistentVolumeClaim
      claim_name: "{{ openshift.hosted.registry.storage.volume.name }}-claim"
  when:
  - openshift.hosted.registry.storage.kind | default(none) in ['nfs', 'openstack']

- name: Create OpenShift registry
  oc_adm_registry:
    name: "{{ openshift_hosted_registry_name }}"
    namespace: "{{ openshift_hosted_registry_namespace }}"
    selector: "{{ openshift_hosted_registry_selector }}"
    replicas: "{{ openshift_hosted_registry_replicas }}"
    service_account: "{{ openshift_hosted_registry_serviceaccount }}"
    images: "{{ openshift_hosted_registry_images }}"
    env_vars: "{{ openshift_hosted_registry_env_vars }}"
    volume_mounts: "{{ openshift_hosted_registry_volumes }}"
    edits: "{{ openshift_hosted_registry_edits }}"
    force: "{{ True|bool in openshift_hosted_registry_force }}"