Browse Source

Introduce docker_insecure_registries parameter

Introduce docker_insecure_registries that is an array of host/port
combiniations of docker insecure registries. The default value will
be the previous parameter that were hardcoded, but now we can easily
override it in undercloud.conf.

Note: the feature is already supported for the containerized undercloud
but was only missing in instack-undercloud. This patch will be
backported.

Depends-On: I14fda3481ac88429648bed8edb2f4469b33be957
Change-Id: I402ebb80b1d755cdb0c3c28fd542121bc60cb144
Closes-Bug: #1767373
Emilien Macchi 11 months ago
parent
commit
2ee1ebfd34

+ 1
- 1
elements/puppet-stack-config/puppet-stack-config.yaml.template View File

@@ -795,7 +795,7 @@ tripleo::profile::base::docker::docker_options: '--log-driver=journald --signatu
795 795
 tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
796 796
 {{/DOCKER_REGISTRY_MIRROR}}
797 797
 tripleo::profile::base::docker::debug: "%{hiera('debug')}"
798
-tripleo::profile::base::docker::insecure_registries: ['{{LOCAL_IP}}:8787','{{UNDERCLOUD_ADMIN_HOST}}:8787']
798
+tripleo::profile::base::docker::insecure_registries: {{DOCKER_INSECURE_REGISTRIES}}
799 799
 
800 800
 # Keepalived
801 801
 tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"

+ 7
- 0
instack_undercloud/tests/test_undercloud.py View File

@@ -592,6 +592,13 @@ class TestGenerateEnvironment(BaseTestCase):
592 592
         self.assertEqual('http://foo/bar',
593 593
                          env['DOCKER_REGISTRY_MIRROR'])
594 594
 
595
+    def test_docker_insecure_registries(self):
596
+        self.conf.config(docker_insecure_registries=['http://foo/bar:8787'])
597
+        env = undercloud._generate_environment('.')
598
+        insecure_registries = json.loads(env['DOCKER_INSECURE_REGISTRIES'])
599
+        # Spot check one service
600
+        self.assertEqual(['http://foo/bar:8787'], insecure_registries)
601
+
595 602
     def test_generate_endpoints(self):
596 603
         env = undercloud._generate_environment('.')
597 604
         endpoint_vars = {k: v for (k, v) in env.items()

+ 17
- 3
instack_undercloud/undercloud.py View File

@@ -353,6 +353,11 @@ _opts = [
353 353
                 help=('Whether to enable docker container images to be build '
354 354
                       'on the undercloud.')
355 355
                 ),
356
+    cfg.ListOpt('docker_insecure_registries',
357
+                default=[],
358
+                help=('Array of host/port combiniations of docker insecure '
359
+                      'registries.')
360
+                ),
356 361
     cfg.StrOpt('ipa_otp',
357 362
                default='',
358 363
                help=('One Time Password to register Undercloud node with '
@@ -1437,12 +1442,21 @@ def _generate_environment(instack_root):
1437 1442
 
1438 1443
     instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()
1439 1444
 
1440
-    if CONF.docker_registry_mirror:
1441
-        instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
1442
-
1443 1445
     instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP']
1444 1446
     instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0]
1445 1447
     instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP'])
1448
+
1449
+    if CONF.docker_registry_mirror:
1450
+        instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
1451
+    if CONF.docker_insecure_registries:
1452
+        instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
1453
+                CONF.docker_insecure_registries)
1454
+    else:
1455
+        # For backward compatibility with previous defaults
1456
+        instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
1457
+                [instack_env['LOCAL_IP'] + ':' + '8787',
1458
+                 CONF.undercloud_admin_host + ':' + '8787'])
1459
+
1446 1460
     # We're not in a chroot so this doesn't make sense, and it causes weird
1447 1461
     # errors if it's set.
1448 1462
     if instack_env.get('DIB_YUM_REPO_CONF'):

+ 7
- 0
releasenotes/notes/insecure_registries-58ffd10f75112b31.yaml View File

@@ -0,0 +1,7 @@
1
+---
2
+features:
3
+  - |
4
+    Introduce docker_insecure_registries that is an array of host/port
5
+    combiniations of docker insecure registries. The default value will
6
+    be the previous parameter that were hardcoded, but now we can easily
7
+    override it in undercloud.conf.

+ 7
- 2
undercloud.conf.sample View File

@@ -120,8 +120,9 @@
120 120
 
121 121
 # Path to network config override template. If set, this template will
122 122
 # be used to configure the networking via os-net-config. Must be in
123
-# json format. If you wish to disable os-net-config you can use an
124
-# set this location to point to an empty file.
123
+# json format. Templated tags can be used within the template, see
124
+# instack-undercloud/elements/undercloud-stack-config/net-
125
+# config.json.template for example tags (string value)
125 126
 #net_config_override =
126 127
 
127 128
 # Network interface on which inspection dnsmasq will listen.  If in
@@ -187,6 +188,10 @@
187 188
 # undercloud. (boolean value)
188 189
 #enable_container_images_build = true
189 190
 
191
+# Array of host/port combiniations of docker insecure registries.
192
+# (string value)
193
+#docker_insecure_registries =
194
+
190 195
 # One Time Password to register Undercloud node with an IPA server.
191 196
 # Required when enable_novajoin = True. (string value)
192 197
 #ipa_otp =

Loading…
Cancel
Save