diff --git a/reference-architecture/aws-ansible/playbooks/openshift-install.yaml b/reference-architecture/aws-ansible/playbooks/openshift-install.yaml index fea180487..a73135791 100644 --- a/reference-architecture/aws-ansible/playbooks/openshift-install.yaml +++ b/reference-architecture/aws-ansible/playbooks/openshift-install.yaml @@ -39,11 +39,3 @@ - prerequisite - include: openshift-setup.yaml - -- hosts: primary_master - gather_facts: no - become: yes - vars_files: - - vars/main.yaml - roles: - - openshift-registry diff --git a/reference-architecture/aws-ansible/playbooks/openshift-setup.yaml b/reference-architecture/aws-ansible/playbooks/openshift-setup.yaml index fcee56e3d..89fda0534 100644 --- a/reference-architecture/aws-ansible/playbooks/openshift-setup.yaml +++ b/reference-architecture/aws-ansible/playbooks/openshift-setup.yaml @@ -43,3 +43,14 @@ - openshift osm_use_cockpit: false containerized: false + openshift_hosted_registry_storage_kind: object + openshift_hosted_registry_storage_provider: s3 + openshift_hosted_registry_storage_s3_accesskey: "{{ hostvars['localhost']['s3user_id'] }}" + openshift_hosted_registry_storage_s3_secretkey: "{{ hostvars['localhost']['s3user_secret'] }}" + openshift_hosted_registry_storage_s3_bucket: "{{ hostvars['localhost']['s3_bucket_name'] }}" + openshift_hosted_registry_storage_s3_region: "{{ hostvars['localhost']['region'] }}" + openshift_hosted_registry_storage_s3_chunksize: 26214400 + openshift_hosted_registry_storage_s3_rootdirectory: /registry + openshift_hosted_registry_pullthrough: true + openshift_hosted_registry_acceptschema2: true + openshift_hosted_registry_enforcequota: true diff --git a/reference-architecture/aws-ansible/playbooks/roles/openshift-registry/tasks/main.yaml b/reference-architecture/aws-ansible/playbooks/roles/openshift-registry/tasks/main.yaml deleted file mode 100644 index 3c77b11e6..000000000 --- a/reference-architecture/aws-ansible/playbooks/roles/openshift-registry/tasks/main.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -- name: Switch to default project - command: "{{ openshift.common.client_binary }} project default" - -- name: set the selector for the default namespace - command: "{{ openshift.common.client_binary }} annotate namespace default openshift.io/node-selector=role=infra --overwrite" - ignore_errors: true - -- name: Check whether a registry exists or not - command: "{{openshift.common.admin_binary }} registry --dry-run" - register: registry_out - ignore_errors: true - -- name: Install registry - command: "{{openshift.common.admin_binary }} registry --selector='role=infra' --replicas=2 --config=/etc/origin/master/admin.kubeconfig --service-account=registry" - when: registry_out | failed - ignore_errors: true - -- name: Make sure registry deployment version is non-zero - shell: "{{ openshift.common.client_binary }} get --no-headers dc/docker-registry | awk '{print $3}'" - register: deployer_waiter_out - until: '"0" not in deployer_waiter_out.stdout' - retries: 15 - delay: 10 - -- name: Determine registry deployment version - shell: "{{ openshift.common.client_binary }} get --no-headers dc/docker-registry | awk '{print $2}'" - register: registry_version_out - -- name: Wait for registry to be running - shell: "{{ openshift.common.client_binary }} get pod | grep -v deploy | awk '/docker-registry-{{ registry_version_out.stdout }}/{ print $3 }' | head -1" - register: deployer_output - until: deployer_output.stdout | search("Running") - retries: 30 - delay: 30 - -- name: Disable config change trigger on registry DC - command: "{{ openshift.common.client_binary }} patch dc/docker-registry -p '{\"spec\":{\"triggers\":[]}}'" - -- name: Set up registry environment variable - command: "{{ openshift.common.client_binary }} env dc/docker-registry REGISTRY_CONFIGURATION_PATH=/etc/registryconfig/config.yml" - -- name: Generate docker registry config - template: src="s3_registry.j2" dest="/root/config.yml" owner=root mode=0600 - -- name: Determine if new secrets are needed - command: "{{ openshift.common.client_binary }} get secrets" - register: secrets - -- name: Create registry secrets - command: "{{ openshift.common.client_binary }} secrets new dockerregistry /root/config.yml" - when: "'dockerregistry' not in secrets.stdout" - -- name: Determine if service account contains secrets - command: "{{ openshift.common.client_binary }} describe serviceaccount/registry" - register: serviceaccount - -- name: Add secrets to registry service account - command: "{{ openshift.common.client_binary }} secrets add serviceaccount/registry secrets/dockerregistry" - when: "'dockerregistry' not in serviceaccount.stdout" - -- name: Determine if deployment config contains secrets - command: "{{ openshift.common.client_binary }} volume dc/docker-registry --list" - register: dc - -- name: Add volume to registry deployment config - command: "{{ openshift.common.client_binary }} volume dc/docker-registry --add --name=dockersecrets -m /etc/registryconfig --type=secret --secret-name=dockerregistry" - when: "'dockersecrets' not in dc.stdout" - -- name: Deploy latest configuration of registry DC - command: "{{ openshift.common.client_binary }} deploy docker-registry --latest" - register: deploy_latest - -- name: Re-enable config trigger on docker-registry - command: "{{ openshift.common.client_binary }} patch dc/docker-registry -p '{\"spec\":{\"triggers\":[{\"type\":\"ConfigChange\"}]}}'" - when: deploy_latest | success - -- name: Determine registry deployment version - shell: "{{ openshift.common.client_binary }} get --no-headers dc/docker-registry | awk '{print $2}'" - register: registry_version2_out - -- name: Wait for registry to be running - shell: "{{ openshift.common.client_binary }} get pod | grep -v deploy | awk '/docker-registry-{{ registry_version2_out.stdout }}/{ print $3 }' | head -1" - register: deployer_output - until: deployer_output.stdout | search("Running") - retries: 30 - delay: 30 diff --git a/reference-architecture/aws-ansible/playbooks/roles/openshift-registry/templates/s3_registry.j2 b/reference-architecture/aws-ansible/playbooks/roles/openshift-registry/templates/s3_registry.j2 deleted file mode 100644 index 612dac636..000000000 --- a/reference-architecture/aws-ansible/playbooks/roles/openshift-registry/templates/s3_registry.j2 +++ /dev/null @@ -1,31 +0,0 @@ -version: 0.1 -log: - level: debug -http: - addr: :5000 -storage: - cache: - layerinfo: inmemory - s3: - accesskey: "{{ hostvars['localhost']['s3user_id'] }}" - secretkey: "{{ hostvars['localhost']['s3user_secret'] }}" - region: "{{ region }}" - bucket: "{{ hostvars['localhost']['s3_bucket_name'] }}" - encrypt: true - secure: true - v4auth: true - rootdirectory: /registry - chunksize: "26214400" -auth: - openshift: - realm: openshift -middleware: - registry: - - name: openshift - repository: - - name: openshift - options: - pullthrough: True - storage: - - name: openshift - diff --git a/reference-architecture/aws-ansible/playbooks/roles/prerequisite/tasks/main.yaml b/reference-architecture/aws-ansible/playbooks/roles/prerequisite/tasks/main.yaml index 0027b49cd..890df7607 100644 --- a/reference-architecture/aws-ansible/playbooks/roles/prerequisite/tasks/main.yaml +++ b/reference-architecture/aws-ansible/playbooks/roles/prerequisite/tasks/main.yaml @@ -16,20 +16,3 @@ with_items: - NetworkManager when: not openshift.common.is_atomic | bool - -- name: Make directory due to using AWS intance roles - file: - dest: "/etc/origin/cloudprovider" - state: directory - recurse: yes - mode: 0660 - owner: root - group: root - -- name: touch file due to using AWS instance roles - file: - dest: "/etc/origin/cloudprovider/aws.conf" - state: touch - mode: 0660 - owner: root - group: root