roles/openshift_hosted/tasks/secure/passthrough.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

---
# Generate a self-signed certificate when there is no user-supplied certificate
- name: Configure self-signed certificate file paths
  set_fact:
    docker_registry_cert_path: "{{ openshift_master_config_dir }}/registry.crt"
    docker_registry_key_path: "{{ openshift_master_config_dir }}/registry.key"
    docker_registry_cacert_path: "{{ openshift_master_config_dir }}/ca.crt"
    docker_registry_self_signed: true
  when:
  - "'certfile' not in openshift_hosted_registry_routecertificates"
  - "'keyfile' not in openshift_hosted_registry_routecertificates"

# Retrieve user supplied certificate files if they are provided
- when:
  - "'certfile' in openshift_hosted_registry_routecertificates"
  - "'keyfile' in openshift_hosted_registry_routecertificates"
  block:
  - name: Configure provided certificate file paths
    set_fact:
      docker_registry_cert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['certfile'] | basename }}"
      docker_registry_key_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['keyfile'] | basename }}"
      docker_registry_self_signed: false

  # Since we end up bundling the cert, cacert and key in a .pem file, the 'cafile'
  # is optional
  - name: Configure provided ca certificate file path
    set_fact:
      docker_registry_cacert_path: "{{ openshift_master_config_dir }}/named_certificates/{{ openshift_hosted_registry_routecertificates['cafile'] | basename }}"
    when: "'cafile' in openshift_hosted_registry_routecertificates"

  - name: Retrieve provided certificate files
    copy:
      backup: True
      dest: "{{ openshift_master_config_dir }}/named_certificates/{{ item.value | basename }}"
      src: "{{ item.value }}"
    when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value
    with_dict: "{{ openshift_hosted_registry_routecertificates }}"

- name: Configure a passthrough route for docker-registry
  oc_route:
    name: docker-registry
    namespace: "{{ openshift_hosted_registry_namespace }}"
    service_name: docker-registry
    tls_termination: "{{ openshift_hosted_registry_routetermination }}"
    host: "{{ openshift_hosted_registry_routehost | default(omit, true) }}"