Introduce docker_insecure_registries parameter
Introduce docker_insecure_registries that is an array of host/port combiniations of docker insecure registries. The default value will be the previous parameter that were hardcoded, but now we can easily override it in undercloud.conf. Note: the feature is already supported for the containerized undercloud but was only missing in instack-undercloud. This patch will be backported. Depends-On: I14fda3481ac88429648bed8edb2f4469b33be957 Change-Id: I402ebb80b1d755cdb0c3c28fd542121bc60cb144 Closes-Bug: #1767373
This commit is contained in:
parent
64c9d2e610
commit
2ee1ebfd34
|
@ -795,7 +795,7 @@ tripleo::profile::base::docker::docker_options: '--log-driver=journald --signatu
|
||||||
tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
|
tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
|
||||||
{{/DOCKER_REGISTRY_MIRROR}}
|
{{/DOCKER_REGISTRY_MIRROR}}
|
||||||
tripleo::profile::base::docker::debug: "%{hiera('debug')}"
|
tripleo::profile::base::docker::debug: "%{hiera('debug')}"
|
||||||
tripleo::profile::base::docker::insecure_registries: ['{{LOCAL_IP}}:8787','{{UNDERCLOUD_ADMIN_HOST}}:8787']
|
tripleo::profile::base::docker::insecure_registries: {{DOCKER_INSECURE_REGISTRIES}}
|
||||||
|
|
||||||
# Keepalived
|
# Keepalived
|
||||||
tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
|
tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
|
||||||
|
|
|
@ -592,6 +592,13 @@ class TestGenerateEnvironment(BaseTestCase):
|
||||||
self.assertEqual('http://foo/bar',
|
self.assertEqual('http://foo/bar',
|
||||||
env['DOCKER_REGISTRY_MIRROR'])
|
env['DOCKER_REGISTRY_MIRROR'])
|
||||||
|
|
||||||
|
def test_docker_insecure_registries(self):
|
||||||
|
self.conf.config(docker_insecure_registries=['http://foo/bar:8787'])
|
||||||
|
env = undercloud._generate_environment('.')
|
||||||
|
insecure_registries = json.loads(env['DOCKER_INSECURE_REGISTRIES'])
|
||||||
|
# Spot check one service
|
||||||
|
self.assertEqual(['http://foo/bar:8787'], insecure_registries)
|
||||||
|
|
||||||
def test_generate_endpoints(self):
|
def test_generate_endpoints(self):
|
||||||
env = undercloud._generate_environment('.')
|
env = undercloud._generate_environment('.')
|
||||||
endpoint_vars = {k: v for (k, v) in env.items()
|
endpoint_vars = {k: v for (k, v) in env.items()
|
||||||
|
|
|
@ -353,6 +353,11 @@ _opts = [
|
||||||
help=('Whether to enable docker container images to be build '
|
help=('Whether to enable docker container images to be build '
|
||||||
'on the undercloud.')
|
'on the undercloud.')
|
||||||
),
|
),
|
||||||
|
cfg.ListOpt('docker_insecure_registries',
|
||||||
|
default=[],
|
||||||
|
help=('Array of host/port combiniations of docker insecure '
|
||||||
|
'registries.')
|
||||||
|
),
|
||||||
cfg.StrOpt('ipa_otp',
|
cfg.StrOpt('ipa_otp',
|
||||||
default='',
|
default='',
|
||||||
help=('One Time Password to register Undercloud node with '
|
help=('One Time Password to register Undercloud node with '
|
||||||
|
@ -1437,12 +1442,21 @@ def _generate_environment(instack_root):
|
||||||
|
|
||||||
instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()
|
instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()
|
||||||
|
|
||||||
if CONF.docker_registry_mirror:
|
|
||||||
instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
|
|
||||||
|
|
||||||
instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP']
|
instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP']
|
||||||
instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0]
|
instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0]
|
||||||
instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP'])
|
instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP'])
|
||||||
|
|
||||||
|
if CONF.docker_registry_mirror:
|
||||||
|
instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
|
||||||
|
if CONF.docker_insecure_registries:
|
||||||
|
instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
|
||||||
|
CONF.docker_insecure_registries)
|
||||||
|
else:
|
||||||
|
# For backward compatibility with previous defaults
|
||||||
|
instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
|
||||||
|
[instack_env['LOCAL_IP'] + ':' + '8787',
|
||||||
|
CONF.undercloud_admin_host + ':' + '8787'])
|
||||||
|
|
||||||
# We're not in a chroot so this doesn't make sense, and it causes weird
|
# We're not in a chroot so this doesn't make sense, and it causes weird
|
||||||
# errors if it's set.
|
# errors if it's set.
|
||||||
if instack_env.get('DIB_YUM_REPO_CONF'):
|
if instack_env.get('DIB_YUM_REPO_CONF'):
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Introduce docker_insecure_registries that is an array of host/port
|
||||||
|
combiniations of docker insecure registries. The default value will
|
||||||
|
be the previous parameter that were hardcoded, but now we can easily
|
||||||
|
override it in undercloud.conf.
|
|
@ -120,8 +120,9 @@
|
||||||
|
|
||||||
# Path to network config override template. If set, this template will
|
# Path to network config override template. If set, this template will
|
||||||
# be used to configure the networking via os-net-config. Must be in
|
# be used to configure the networking via os-net-config. Must be in
|
||||||
# json format. If you wish to disable os-net-config you can use an
|
# json format. Templated tags can be used within the template, see
|
||||||
# set this location to point to an empty file.
|
# instack-undercloud/elements/undercloud-stack-config/net-
|
||||||
|
# config.json.template for example tags (string value)
|
||||||
#net_config_override =
|
#net_config_override =
|
||||||
|
|
||||||
# Network interface on which inspection dnsmasq will listen. If in
|
# Network interface on which inspection dnsmasq will listen. If in
|
||||||
|
@ -187,6 +188,10 @@
|
||||||
# undercloud. (boolean value)
|
# undercloud. (boolean value)
|
||||||
#enable_container_images_build = true
|
#enable_container_images_build = true
|
||||||
|
|
||||||
|
# Array of host/port combiniations of docker insecure registries.
|
||||||
|
# (string value)
|
||||||
|
#docker_insecure_registries =
|
||||||
|
|
||||||
# One Time Password to register Undercloud node with an IPA server.
|
# One Time Password to register Undercloud node with an IPA server.
|
||||||
# Required when enable_novajoin = True. (string value)
|
# Required when enable_novajoin = True. (string value)
|
||||||
#ipa_otp =
|
#ipa_otp =
|
||||||
|
|
Loading…
Reference in New Issue