diff options
author | Michael Gugino <mgugino@redhat.com> | 2017-09-11 13:07:35 -0400 |
---|---|---|
committer | Michael Gugino <mgugino@redhat.com> | 2017-09-11 22:15:48 -0400 |
commit | db30a2eb386930e0b20c8106e334d605e2ae770a (patch) | |
tree | 3629e6380df5b3e5fa325aee9d1aa871c2b56588 /roles/docker/defaults/main.yml | |
parent | 4acdef4af89bf2ccc43f9643a2e72a969d11ed04 (diff) | |
download | openshift-db30a2eb386930e0b20c8106e334d605e2ae770a.tar.gz openshift-db30a2eb386930e0b20c8106e334d605e2ae770a.tar.bz2 openshift-db30a2eb386930e0b20c8106e334d605e2ae770a.tar.xz openshift-db30a2eb386930e0b20c8106e334d605e2ae770a.zip |
Fix: authenticated registry support for containerized hosts
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
Diffstat (limited to 'roles/docker/defaults/main.yml')
-rw-r--r-- | roles/docker/defaults/main.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index ed97d539c..7e206ded1 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1 +1,6 @@ --- +docker_cli_auth_config_path: '/root/.docker' + +oreg_url: '' +oreg_host: "{{ oreg_url.split('/')[0] if '.' in oreg_url.split('/')[0] else '' }}" +oreg_auth_credentials_replace: False |