Browse Source

Add support for v2 registries.conf

https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md#version-2

This allows for mirrors to be configured for specific hosts however it
is incompatibilty with the default v1 configuration so we have to nuke
the existing configuration.  Additionally it uses TOML which there is
currently no ansible module to manage.

Change-Id: Ic35155f04bf05913b9e9b8eaa22fe6c02515396c
changes/84/719584/6
Alex Schultz 2 years ago
parent
commit
bf80fe922b
  1. 25
      tripleo_ansible/roles/tripleo_podman/defaults/main.yml
  2. 16
      tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml
  3. 27
      tripleo_ansible/roles/tripleo_podman/templates/registries.conf.j2

25
tripleo_ansible/roles/tripleo_podman/defaults/main.yml

@ -24,3 +24,28 @@ tripleo_podman_packages: "{{ _tripleo_podman_packages | default([]) }}"
tripleo_podman_purge_packages: "{{ _tripleo_podman_purge_packages | default([]) }}"
tripleo_podman_tls_verify: true
tripleo_podman_debug: false
tripleo_podman_unqualified_search_registries:
- registry.redhat.io
- registry.access.redhat.com
- registry.fedoraproject.org
- registry.centos.org
- docker.io
tripleo_podman_insecure_registries: "{{ tripleo_container_registry_insecure_registries }}"
# tripleo_podman_registries requires a list of dictionaries
# Example:
# tripleo_podman_registries:
# - prefix: docker.io
# insecure: false
# location: docker.io
# mirrors:
# - location: 192.168.0.1:8787
# insecure: true
# - prefix: registry.redhat.io
# insecure: false
# location: registry.redhat.io
# mirrors:
# - location: 192.168.0.2:8787
# insecure: false
# - prefix: registry.fedoraproject.org
# blocked: true
tripleo_podman_registries: []

16
tripleo_ansible/roles/tripleo_podman/tasks/tripleo_podman_install.yml

@ -48,11 +48,11 @@
when:
- podman_bridge_config.stat.exists | bool
- name: configure insecure registries /etc/containers/registries.conf
ini_file:
path: /etc/containers/registries.conf
section: 'registries.insecure'
option: registries
value: "{{ tripleo_container_registry_insecure_registries }}"
when:
- (tripleo_container_registry_insecure_registries | length) > 0
- name: Write containers registries.conf
template:
src: registries.conf.j2
dest: /etc/containers/registries.conf
owner: root
group: root
setype: etc_t
mode: '0644'

27
tripleo_ansible/roles/tripleo_podman/templates/registries.conf.j2

@ -0,0 +1,27 @@
# This file is managed via tripleo-ansible
unqualified-search-registries = {{ tripleo_podman_unqualified_search_registries | list }}
# registries configuration
{% for reg in tripleo_podman_registries %}
[[registry]]
prefix = "{{ reg.prefix }}"
location = "{{ reg.location | default(reg.prefix) }}"
insecure = {{ reg.insecure | default(False) | bool | ternary('true', 'false') }}
blocked = {{ reg.blocked | default(False) | bool | ternary('true', 'false') }}
{% if 'mirrors' in reg %}
{% for mirror in reg.mirrors %}
[[registry.mirror]]
location = "{{ mirror.location }}"
insecure = {{ mirror.insecure | default(False) | bool | ternary('true', 'false') }}
{% endfor %}
{% endif %}
{% endfor %}
# insecure registry list
{% for reg in tripleo_podman_insecure_registries %}
[[registry]]
prefix = "{{ reg }}"
insecure = true
location = "{{ reg }}"
{% endfor %}
Loading…
Cancel
Save