summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted/tasks/registry/storage/s3.yml
blob: 7d51594bdcf5cb2395c5e7260f47621caea84e86 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

---
- fail:
    msg: >
      openshift_hosted_registry_storage_s3_accesskey and
      openshift_hosted_registry_storage_s3_secretkey are required
  when: openshift.hosted.registry.storage.s3.accesskey | default(none) is none or openshift.hosted.registry.storage.s3.secretkey | default(none) is none

- fail:
    msg: >
      openshift_hosted_registry_storage_s3_bucket and
      openshift_hosted_registry_storage_s3_region are required
  when: openshift.hosted.registry.storage.s3.bucket | default(none) is none or openshift.hosted.registry.storage.s3.region | default(none) is none

# If cloudfront is being used, fail if we don't have all the required variables
- assert:
    that:
      - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile | default(none) is not none"
      - "openshift_hosted_registry_storage_s3_cloudfront_baseurl is not defined or openshift_hosted_registry_storage_s3_cloudfront_keypairid | default(none) is not none"
    msg: >
      When openshift_hosted_registry_storage_s3_cloudfront_baseurl is provided
      openshift_hosted_registry_storage_s3_cloudfront_keypairid and
      openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile are required


# Inject the cloudfront private key as a secret when required
- block:

    - name: Create registry secret for cloudfront
      oc_secret:
        state: present
        namespace: "{{ openshift.hosted.registry.namespace | default('default') }}"
        name: docker-registry-s3-cloudfront
        contents:
          path: cloudfront.pem
          data: "{{ lookup('file', openshift_hosted_registry_storage_s3_cloudfront_privatekeyfile) }}"

    - name: Add cloudfront secret to the registry deployment config
      command: >
        oc volume dc/docker-registry --add --name=cloudfront-vol
        --namespace="{{ openshift.hosted.registry.namespace | default('default') }}"
        -m /etc/origin --type=secret --secret-name=docker-registry-s3-cloudfront
      register: cloudfront_vol_attach
      failed_when:
        - "'already exists' not in cloudfront_vol_attach.stderr"
        - "cloudfront_vol_attach.rc != 0"

  when: openshift_hosted_registry_storage_s3_cloudfront_baseurl | default(none) is not none
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-18 09:04:15 +0000