openstack/kayobe
Code Issues Proposed changes

Allow Docker to use insecure registry when deployed by Kayobe

Browse Source 
Kolla Ansible has recently updated the default Docker configuration to
stop using an insecure registry [1]. To avoid breaking existing Kayobe
deployments, automatically set docker_registry_insecure to true if we
deploy a registry without TLS.

[1] https://review.opendev.org/c/openstack/kolla-ansible/+/805449

Change-Id: Ifec7102812b5503cb02f207098192e99e7193d49
This commit is contained in:
Pierre Riteau 2021-10-04 12:05:09 +02:00
parent 96a9d861cf
commit 2e2c96e394
6 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ansible/group_vars/all/kolla
View File

@ -65,6 +65,11 @@ kolla_docker_namespace: "openstack.kolla"
# Url of docker registry to use for Kolla images. # Url of docker registry to use for Kolla images.
kolla_docker_registry: "{{ docker_registry }}" kolla_docker_registry: "{{ docker_registry }}"
# Whether docker should be configured to use an insecure registry for Kolla
# images. Default is false, unless docker_registry_enabled is true and
# docker_registry_enable_tls is false.
kolla_docker_registry_insecure: "{{ docker_registry_enabled | bool and not docker_registry_enable_tls | bool }}"
# Username to use to access a docker registry. # Username to use to access a docker registry.
kolla_docker_registry_username: kolla_docker_registry_username:

5
ansible/roles/kolla-ansible/defaults/main.yml
View File

@ -104,6 +104,11 @@ kolla_docker_namespace:
# Url of docker registry to use for Kolla images. # Url of docker registry to use for Kolla images.
kolla_docker_registry: kolla_docker_registry:
# Whether docker should be configured to use an insecure registry for Kolla
# images. Default is false, unless docker_registry_enabled is true and
# docker_registry_enable_tls is false.
kolla_docker_registry_insecure:
# Username to use to access a docker registry. # Username to use to access a docker registry.
kolla_docker_registry_username: kolla_docker_registry_username:

3
ansible/roles/kolla-ansible/templates/kolla/globals.yml
View File

@ -65,6 +65,9 @@ docker_registry_username: "{{ kolla_docker_registry_username }}"
{% endif %} {% endif %}
docker_storage_driver: "{{ docker_storage_driver }}" docker_storage_driver: "{{ docker_storage_driver }}"
docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }} docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }}
{% if kolla_docker_registry_insecure | bool %}
docker_registry_insecure: "yes"
{% endif %}
#docker_configure_for_zun: "no" #docker_configure_for_zun: "no"

4
doc/source/configuration/reference/kolla-ansible.rst
View File

@ -120,6 +120,10 @@ accessed.
``kolla_docker_registry`` ``kolla_docker_registry``
URL of docker registry to use for Kolla images. Default is not set, in URL of docker registry to use for Kolla images. Default is not set, in
which case Dockerhub will be used. which case Dockerhub will be used.
``kolla_docker_registry_insecure``
Whether docker should be configured to use an insecure registry for Kolla
images. Default is false, unless ``docker_registry_enabled`` is true and
``docker_registry_enable_tls`` is false.
``kolla_docker_namespace`` ``kolla_docker_namespace``
Docker namespace to use for Kolla images. Default is ``kolla``. Docker namespace to use for Kolla images. Default is ``kolla``.
``kolla_docker_registry_username`` ``kolla_docker_registry_username``

5
etc/kayobe/kolla.yml
View File

@ -75,6 +75,11 @@
# Docker namespace to use for Kolla images. Default is 'kolla'. # Docker namespace to use for Kolla images. Default is 'kolla'.
#kolla_docker_namespace: #kolla_docker_namespace:
# Whether docker should be configured to use an insecure registry for Kolla
# images. Default is false, unless docker_registry_enabled is true and
# docker_registry_enable_tls is false.
#kolla_docker_registry_insecure:
# Username to use to access a docker registry. Default is not set, in which # Username to use to access a docker registry. Default is not set, in which
# case the registry will be used without authentication. # case the registry will be used without authentication.
#kolla_docker_registry_username: #kolla_docker_registry_username:

14
releasenotes/notes/docker-registry-insecure-b0f529b9eb85737e.yaml Normal file
View File

@ -0,0 +1,14 @@
---
features:
- |
Adds a new variable ``kolla_docker_registry_insecure`` to configure whether
Docker should use an insecure registry for Kolla images.
upgrade:
- |
The default configuration of Docker, as set by Kolla Ansible, has changed
to stop using an insecure registry for Kolla images. To avoid breaking
existing deployments, ``kolla_docker_registry_insecure`` is automatically
set to ``true`` if Kayobe is configured to deploy an insecure registry
service. If using an insecure registry not deployed by Kayobe, you will
need to set the value of ``kolla_docker_registry_insecure`` to ``true`` or
configure TLS for your registry.