[Queens] Enable container auth support

In queens we didn't use the ansible-role-container-registry so we need to port the ansible logic that we use into puppet for the docker service configuration. Closes-Bug: #1833584 Depends-On: https://review.opendev.org/#/c/670082/ Change-Id: I5ee8f8b17ad3424a3bf9d4a420d6c65ab977c6b7
2019-08-06 16:41:25 -06:00 · 2019-08-06 16:41:25 -06:00 · ce0cc752d9
parent 8c5cf23f38
commit ce0cc752d9
1 changed files with 22 additions and 0 deletions
--- a/puppet/services/docker.yaml
+++ b/puppet/services/docker.yaml
@ -68,6 +68,23 @@ parameters:
    default: ''
    description: User added to the docker group in order to use container commands.
    type: string
+  ContainerImageRegistryLogin:
+    type: boolean
+    default: false
+    description: Flag to enable container registry login actions during the deployment.
+                 Setting this to true will cause login calls to be performed during the
+                 deployment.
+  ContainerImageRegistryCredentials:
+    type: json
+    hidden: true
+    default: {}
+    description: |
+      Mapping of image registry hosts to login credentials. Must be in the following example format
+
+        docker.io:
+          username: pa55word
+        '192.0.2.1:8787':
+          registry_username: password

 conditions:
  insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]}
@ -75,6 +92,7 @@ conditions:
  service_debug_unset: {equals : [{get_param: DockerDebug}, '']}
  deployment_user_is_empty: {equals : [{get_param: DeploymentUser}, '']}
  additional_sockets_is_empty: {equals : [{get_param: DockerAdditionalSockets}, []]}
+  container_registry_login: {equals: [{get_param: ContainerImageRegistryLogin}, true]}

 outputs:
  role_data:
@ -111,6 +129,10 @@ outputs:
            - additional_sockets_is_empty
            - {}
            - tripleo::profile::base::docker::additional_sockets: {get_param: DockerAdditionalSockets}
+          - if:
+            - container_registry_login
+            - tripleo::profile::base::docker::registry_credentials: {get_param: ContainerImageRegistryCredentials }
+            - {}
      step_config: |
        include ::tripleo::profile::base::docker
      upgrade_tasks: