diff options
author | Stefanie Forrester <dak1n1@users.noreply.github.com> | 2015-09-24 12:04:18 -0700 |
---|---|---|
committer | Stefanie Forrester <dak1n1@users.noreply.github.com> | 2015-09-24 12:04:18 -0700 |
commit | 34465b6edd45ea34b98563cd772cb28eb2265bde (patch) | |
tree | 88a1f5914571121127226aeee53278a4cb1944ae | |
parent | fd024841598adf3c77e57f13a17ff34a9955d43a (diff) | |
parent | 9deff4bd696168111316dc366c1b193e02e08c8b (diff) | |
download | openshift-34465b6edd45ea34b98563cd772cb28eb2265bde.tar.gz openshift-34465b6edd45ea34b98563cd772cb28eb2265bde.tar.bz2 openshift-34465b6edd45ea34b98563cd772cb28eb2265bde.tar.xz openshift-34465b6edd45ea34b98563cd772cb28eb2265bde.zip |
Merge pull request #590 from dak1n1/s3
Added S3 docker-registry config script
-rw-r--r-- | playbooks/adhoc/s3_registry/s3_registry.j2 | 20 | ||||
-rw-r--r-- | playbooks/adhoc/s3_registry/s3_registry.yml | 50 |
2 files changed, 70 insertions, 0 deletions
diff --git a/playbooks/adhoc/s3_registry/s3_registry.j2 b/playbooks/adhoc/s3_registry/s3_registry.j2 new file mode 100644 index 000000000..026b24456 --- /dev/null +++ b/playbooks/adhoc/s3_registry/s3_registry.j2 @@ -0,0 +1,20 @@ +version: 0.1 +log: + level: debug +http: + addr: :5000 +storage: + cache: + layerinfo: inmemory + s3: + accesskey: {{ accesskey }} + secretkey: {{ secretkey }} + region: us-east-1 + bucket: {{ clusterid }}-docker + encrypt: true + secure: true + v4auth: true + rootdirectory: /registry +middleware: + repository: + - name: openshift diff --git a/playbooks/adhoc/s3_registry/s3_registry.yml b/playbooks/adhoc/s3_registry/s3_registry.yml new file mode 100644 index 000000000..30b873db3 --- /dev/null +++ b/playbooks/adhoc/s3_registry/s3_registry.yml @@ -0,0 +1,50 @@ +--- +# This playbook creates an S3 bucket named after your cluster and configures the docker-registry service to use the bucket as its backend storage. +# Usage: +# ansible-playbook s3_registry.yml -e accesskey="S3 aws access key" -e secretkey="S3 aws secret key" -e clusterid="mycluster" +# +# The AWS access/secret keys should be the keys of a separate user (not your main user), containing only the necessary S3 access role. +# The 'clusterid' is the short name of your cluster. + +- hosts: security_group_{{ clusterid }}_master + remote_user: root + gather_facts: False + + tasks: + + - name: Create S3 bucket + local_action: + module: s3 bucket="{{ clusterid }}-docker" mode=create aws_access_key={{ accesskey|quote }} aws_secret_key={{ secretkey|quote }} + + - name: Generate docker registry config + template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600 + + - name: Determine if new secrets are needed + command: oc get secrets + register: secrets + + - name: Create registry secrets + command: oc secrets new dockerregistry /root/config.yml + when: "'dockerregistry' not in secrets.stdout" + + - name: Determine if service account contains secrets + command: oc describe serviceaccount/registry + register: serviceaccount + + - name: Add secrets to registry service account + command: oc secrets add serviceaccount/registry secrets/dockerregistry + when: "'dockerregistry' not in serviceaccount.stdout" + + - name: Determine if deployment config contains secrets + command: oc volume dc/docker-registry --list + register: dc + + - name: Add secrets to registry deployment config + command: oc volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry + when: "'dockersecrets' not in dc.stdout" + + - name: Scale up registry + command: oc scale --replicas=1 dc/docker-registry + + - name: Delete temporary config file + file: path=/root/config.yml state=absent |