Allow Docker to use insecure registry when deployed by Kayobe

Kolla Ansible has recently updated the default Docker configuration to
stop using an insecure registry [1]. To avoid breaking existing Kayobe
deployments, automatically set docker_registry_insecure to true if we
deploy a registry without TLS.

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/805449

Change-Id: Ifec7102812b5503cb02f207098192e99e7193d49

ansible/group_vars/all/kolla

@@ -65,6 +65,11 @@ kolla_docker_namespace: "openstack.kolla"
 # Url of docker registry to use for Kolla images.
 kolla_docker_registry: "{{ docker_registry }}"
 
+# Whether docker should be configured to use an insecure registry for Kolla
+# images. Default is false, unless docker_registry_enabled is true and
+# docker_registry_enable_tls is false.
+kolla_docker_registry_insecure: "{{ docker_registry_enabled | bool and not docker_registry_enable_tls | bool }}"
+
 # Username to use to access a docker registry.
 kolla_docker_registry_username:
 

ansible/roles/kolla-ansible/defaults/main.yml

@@ -104,6 +104,11 @@ kolla_docker_namespace:
 # Url of docker registry to use for Kolla images.
 kolla_docker_registry:
 
+# Whether docker should be configured to use an insecure registry for Kolla
+# images. Default is false, unless docker_registry_enabled is true and
+# docker_registry_enable_tls is false.
+kolla_docker_registry_insecure:
+
 # Username to use to access a docker registry.
 kolla_docker_registry_username:
 

ansible/roles/kolla-ansible/templates/kolla/globals.yml

@@ -65,6 +65,9 @@ docker_registry_username: "{{ kolla_docker_registry_username }}"
 {% endif %}
 docker_storage_driver: "{{ docker_storage_driver }}"
 docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }}
+{% if kolla_docker_registry_insecure | bool %}
+docker_registry_insecure: "yes"
+{% endif %}
 
 #docker_configure_for_zun: "no"
 

doc/source/configuration/reference/kolla-ansible.rst

@@ -120,6 +120,10 @@ accessed.
 ``kolla_docker_registry``
     URL of docker registry to use for Kolla images. Default is not set, in
     which case Dockerhub will be used.
+``kolla_docker_registry_insecure``
+    Whether docker should be configured to use an insecure registry for Kolla
+    images. Default is false, unless ``docker_registry_enabled`` is true and
+    ``docker_registry_enable_tls`` is false.
 ``kolla_docker_namespace``
     Docker namespace to use for Kolla images. Default is ``kolla``.
 ``kolla_docker_registry_username``

etc/kayobe/kolla.yml

@@ -75,6 +75,11 @@
 # Docker namespace to use for Kolla images. Default is 'kolla'.
 #kolla_docker_namespace:
 
+# Whether docker should be configured to use an insecure registry for Kolla
+# images. Default is false, unless docker_registry_enabled is true and
+# docker_registry_enable_tls is false.
+#kolla_docker_registry_insecure:
+
 # Username to use to access a docker registry. Default is not set, in which
 # case the registry will be used without authentication.
 #kolla_docker_registry_username:

releasenotes/notes/docker-registry-insecure-b0f529b9eb85737e.yaml

@@ -0,0 +1,14 @@
+---
+features:
+  - |
+    Adds a new variable ``kolla_docker_registry_insecure`` to configure whether
+    Docker should use an insecure registry for Kolla images.
+upgrade:
+  - |
+    The default configuration of Docker, as set by Kolla Ansible, has changed
+    to stop using an insecure registry for Kolla images. To avoid breaking
+    existing deployments, ``kolla_docker_registry_insecure`` is automatically
+    set to ``true`` if Kayobe is configured to deploy an insecure registry
+    service. If using an insecure registry not deployed by Kayobe, you will
+    need to set the value of ``kolla_docker_registry_insecure`` to ``true`` or
+    configure TLS for your registry.