From 79984668190f25310d907fb175f82c875387d30b Mon Sep 17 00:00:00 2001 From: Devan Goodwin Date: Mon, 11 Apr 2016 09:34:15 -0300 Subject: Support setting imagePolicyConfig JSON in inventory. For flexibility this is another pure JSON field to translate directly to yaml in the master config. Also updated to more safely handle JSON inventory variables as this uncovered a bug with booleans where you end up with a string containing json in your yaml. --- inventory/byo/hosts.aep.example | 4 ++++ inventory/byo/hosts.origin.example | 4 ++++ inventory/byo/hosts.ose.example | 4 ++++ roles/openshift_facts/library/openshift_facts.py | 16 +++++++++++----- roles/openshift_master/templates/master.yaml.v1.j2 | 3 +++ roles/openshift_master_facts/tasks/main.yml | 1 + 6 files changed, 27 insertions(+), 5 deletions(-) diff --git a/inventory/byo/hosts.aep.example b/inventory/byo/hosts.aep.example index 43b646c93..bedaffbdc 100644 --- a/inventory/byo/hosts.aep.example +++ b/inventory/byo/hosts.aep.example @@ -58,6 +58,10 @@ deployment_type=atomic-enterprise # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# Configure imagePolicyConfig in the master config +# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig +#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} + # Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example index 8b8dbade0..3ecf898fb 100644 --- a/inventory/byo/hosts.origin.example +++ b/inventory/byo/hosts.origin.example @@ -59,6 +59,10 @@ deployment_type=origin # See: https://docs.openshift.org/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# Configure imagePolicyConfig in the master config +# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig +#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} + # Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration # For enterprise deployment types we ensure that registry.access.redhat.com is diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example index 4c6aae0bd..126d44487 100644 --- a/inventory/byo/hosts.ose.example +++ b/inventory/byo/hosts.ose.example @@ -57,6 +57,10 @@ deployment_type=openshift-enterprise # Configure loggingPublicURL in the master config for aggregate logging # See: https://docs.openshift.com/enterprise/latest/install_config/aggregate_logging.html #openshift_master_logging_public_url=https://kibana.example.com +# +# Configure imagePolicyConfig in the master config +# See: https://godoc.org/github.com/openshift/origin/pkg/cmd/server/api#ImagePolicyConfig +#openshift_master_image_policy_config={"maxImagesBulkImportedPerRepository": 3, "disableScheduledImport": true} # Docker Configuration # Add additional, insecure, and blocked registries to global docker configuration diff --git a/roles/openshift_facts/library/openshift_facts.py b/roles/openshift_facts/library/openshift_facts.py index 32e608e86..4313790bf 100755 --- a/roles/openshift_facts/library/openshift_facts.py +++ b/roles/openshift_facts/library/openshift_facts.py @@ -1142,17 +1142,23 @@ def merge_facts(orig, new, additive_facts_to_overwrite, protected_facts_to_overw protected_facts = ['ha', 'master_count'] # Facts we do not ever want to merge. These originate in inventory variables - # and typically contain JSON dicts. We don't ever want to trigger a merge + # and contain JSON dicts. We don't ever want to trigger a merge # here, just completely overwrite with the new if they are present there. - overwrite_facts = ['admission_plugin_config', - 'kube_admission_plugin_config'] + inventory_json_facts = ['admission_plugin_config', + 'kube_admission_plugin_config', + 'image_policy_config'] facts = dict() for key, value in orig.iteritems(): # Key exists in both old and new facts. if key in new: - if key in overwrite_facts: - facts[key] = copy.deepcopy(new[key]) + if key in inventory_json_facts: + # Watchout for JSON facts that sometimes load as strings. + # (can happen if the JSON contains a boolean) + if isinstance(new[key], str): + facts[key] = yaml.safe_load(new[key]) + else: + facts[key] = copy.deepcopy(new[key]) # Continue to recurse if old and new fact is a dictionary. elif isinstance(value, dict) and isinstance(new[key], dict): # Collect the subset of additive facts to overwrite if diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index e89fdc0ce..1009aa318 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -89,6 +89,9 @@ etcdStorageConfig: imageConfig: format: {{ openshift.master.registry_url }} latest: false +{% if 'image_policy_config' in openshift.master %} +imagePolicyConfig:{{ openshift.master.image_policy_config | to_padded_yaml(level=1) }} +{% endif %} kind: MasterConfig kubeletClientInfo: {# TODO: allow user specified kubelet port #} diff --git a/roles/openshift_master_facts/tasks/main.yml b/roles/openshift_master_facts/tasks/main.yml index f43b8c59d..4d7c04065 100644 --- a/roles/openshift_master_facts/tasks/main.yml +++ b/roles/openshift_master_facts/tasks/main.yml @@ -72,3 +72,4 @@ oauth_template: "{{ openshift_master_oauth_template | default(None) }}" # deprecated in origin 1.2 / OSE 3.2 oauth_templates: "{{ openshift_master_oauth_templates | default(None) }}" oauth_always_show_provider_selection: "{{ openshift_master_oauth_always_show_provider_selection | default(None) }}" + image_policy_config: "{{ openshift_master_image_policy_config | default(None) }}" -- cgit v1.2.3