Introduce docker_insecure_registries parameter

Introduce docker_insecure_registries that is an array of host/port
combiniations of docker insecure registries. The default value will
be the previous parameter that were hardcoded, but now we can easily
override it in undercloud.conf.

Note: the feature is already supported for the containerized undercloud
but was only missing in instack-undercloud. This patch will be
backported.

Depends-On: I14fda3481ac88429648bed8edb2f4469b33be957
Change-Id: I402ebb80b1d755cdb0c3c28fd542121bc60cb144
Closes-Bug: #1767373
This commit is contained in:
Emilien Macchi 2018-04-27 13:58:47 -07:00
parent 64c9d2e610
commit 2ee1ebfd34
5 changed files with 39 additions and 6 deletions

View File

@ -795,7 +795,7 @@ tripleo::profile::base::docker::docker_options: '--log-driver=journald --signatu
tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}} tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
{{/DOCKER_REGISTRY_MIRROR}} {{/DOCKER_REGISTRY_MIRROR}}
tripleo::profile::base::docker::debug: "%{hiera('debug')}" tripleo::profile::base::docker::debug: "%{hiera('debug')}"
tripleo::profile::base::docker::insecure_registries: ['{{LOCAL_IP}}:8787','{{UNDERCLOUD_ADMIN_HOST}}:8787'] tripleo::profile::base::docker::insecure_registries: {{DOCKER_INSECURE_REGISTRIES}}
# Keepalived # Keepalived
tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}" tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"

View File

@ -592,6 +592,13 @@ class TestGenerateEnvironment(BaseTestCase):
self.assertEqual('http://foo/bar', self.assertEqual('http://foo/bar',
env['DOCKER_REGISTRY_MIRROR']) env['DOCKER_REGISTRY_MIRROR'])
def test_docker_insecure_registries(self):
self.conf.config(docker_insecure_registries=['http://foo/bar:8787'])
env = undercloud._generate_environment('.')
insecure_registries = json.loads(env['DOCKER_INSECURE_REGISTRIES'])
# Spot check one service
self.assertEqual(['http://foo/bar:8787'], insecure_registries)
def test_generate_endpoints(self): def test_generate_endpoints(self):
env = undercloud._generate_environment('.') env = undercloud._generate_environment('.')
endpoint_vars = {k: v for (k, v) in env.items() endpoint_vars = {k: v for (k, v) in env.items()

View File

@ -353,6 +353,11 @@ _opts = [
help=('Whether to enable docker container images to be build ' help=('Whether to enable docker container images to be build '
'on the undercloud.') 'on the undercloud.')
), ),
cfg.ListOpt('docker_insecure_registries',
default=[],
help=('Array of host/port combiniations of docker insecure '
'registries.')
),
cfg.StrOpt('ipa_otp', cfg.StrOpt('ipa_otp',
default='', default='',
help=('One Time Password to register Undercloud node with ' help=('One Time Password to register Undercloud node with '
@ -1437,12 +1442,21 @@ def _generate_environment(instack_root):
instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings() instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()
if CONF.docker_registry_mirror:
instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP'] instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP']
instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0] instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0]
instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP']) instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP'])
if CONF.docker_registry_mirror:
instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
if CONF.docker_insecure_registries:
instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
CONF.docker_insecure_registries)
else:
# For backward compatibility with previous defaults
instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
[instack_env['LOCAL_IP'] + ':' + '8787',
CONF.undercloud_admin_host + ':' + '8787'])
# We're not in a chroot so this doesn't make sense, and it causes weird # We're not in a chroot so this doesn't make sense, and it causes weird
# errors if it's set. # errors if it's set.
if instack_env.get('DIB_YUM_REPO_CONF'): if instack_env.get('DIB_YUM_REPO_CONF'):

View File

@ -0,0 +1,7 @@
---
features:
- |
Introduce docker_insecure_registries that is an array of host/port
combiniations of docker insecure registries. The default value will
be the previous parameter that were hardcoded, but now we can easily
override it in undercloud.conf.

View File

@ -120,8 +120,9 @@
# Path to network config override template. If set, this template will # Path to network config override template. If set, this template will
# be used to configure the networking via os-net-config. Must be in # be used to configure the networking via os-net-config. Must be in
# json format. If you wish to disable os-net-config you can use an # json format. Templated tags can be used within the template, see
# set this location to point to an empty file. # instack-undercloud/elements/undercloud-stack-config/net-
# config.json.template for example tags (string value)
#net_config_override = #net_config_override =
# Network interface on which inspection dnsmasq will listen. If in # Network interface on which inspection dnsmasq will listen. If in
@ -187,6 +188,10 @@
# undercloud. (boolean value) # undercloud. (boolean value)
#enable_container_images_build = true #enable_container_images_build = true
# Array of host/port combiniations of docker insecure registries.
# (string value)
#docker_insecure_registries =
# One Time Password to register Undercloud node with an IPA server. # One Time Password to register Undercloud node with an IPA server.
# Required when enable_novajoin = True. (string value) # Required when enable_novajoin = True. (string value)
#ipa_otp = #ipa_otp =