roles/openshift_hosted/tasks/registry/storage/object_storage.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

---
- fail:
    msg: >
      Object Storage Provider: {{ openshift.hosted.registry.storage.provider }}
      is not currently supported
  when: openshift.hosted.registry.storage.provider not in ['azure_blob', 's3', 'swift']

- fail:
    msg: >
      Support for provider: "{{ openshift.hosted.registry.storage.provider }}"
      not implemented yet
  when: openshift.hosted.registry.storage.provider in ['azure_blob', 'swift']

- include: s3.yml
  when: openshift.hosted.registry.storage.provider == 's3'

- name: Test if docker registry config secret exists
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    get secrets {{ registry_config_secret_name }} -o json
  register: secrets
  changed_when: false
  failed_when: false

- set_fact:
    registry_config: "{{ lookup('template', 'registry_config.j2') | b64encode }}"

- set_fact:
    registry_config_secret: "{{ lookup('template', 'registry_config_secret.j2') | from_yaml }}"

- set_fact:
    same_storage_provider: "{{ (secrets.stdout|from_json)['metadata']['annotations']['provider'] | default(none) == openshift.hosted.registry.storage.provider }}"
  when: secrets.rc == 0

- name: Update registry config secret
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    patch secret/{{ registry_config_secret_name }}
    -p '{"data": {"config.yml": "{{ registry_config }}"}}'
  register: update_config_secret
  when: secrets.rc == 0 and (secrets.stdout|from_json)['data']['config.yml'] != registry_config and same_storage_provider | bool

- name: Create registry config secret
  shell: >
    echo '{{ registry_config_secret |to_json }}' |
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    create -f -
  when: secrets.rc == 1

- name: Determine if service account contains secrets
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    get serviceaccounts registry
    -o jsonpath='{.secrets[?(@.name=="{{ registry_config_secret_name }}")].name}'
  register: serviceaccount
  changed_when: false

- name: Add secrets to registry service account
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    secrets add serviceaccount/registry secrets/{{ registry_config_secret_name }}
  when: serviceaccount.stdout == ''

- name: Determine if deployment config contains secrets
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set volumes dc/docker-registry --list
  register: volume
  changed_when: false

- name: Add secrets to registry deployment config
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set volumes dc/docker-registry --add --name=docker-config -m /etc/registry
    --type=secret --secret-name={{ registry_config_secret_name }}
  when: registry_config_secret_name not in volume.stdout

- name: Determine if registry environment variable needs to be created
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set env --list dc/docker-registry
  register: oc_env
  changed_when: false

- name: Add registry environment variable
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    set env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registry/config.yml
  when: "'REGISTRY_CONFIGURATION_PATH' not in oc_env.stdout"

- name: Redeploy registry
  command: >
    {{ openshift.common.client_binary }}
    --config={{ openshift_hosted_kubeconfig }}
    --namespace={{ openshift.hosted.registry.namespace | default('default') }}
    deploy dc/docker-registry --latest
  when: secrets.rc == 0 and not update_config_secret | skipped and update_config_secret.rc == 0 and same_storage_provider | bool