Allow using registry authentication to pull ceph related containers

Ceph ansible now supports authenticated registry and allows users to
pass and process the required parameters (username/password) when the
CephAuthRegistry boolean is true.
This review reflects this change in tripleo adding these new parameters
and pass them to ceph-ansible.

Change-Id: I2567546a0fcf2f82d72dcf6d39e66653e63970bd
This commit is contained in:
fmount 2019-09-13 12:10:32 +02:00 committed by fpantano
parent 282386e0b5
commit f453997668

View File

@ -213,6 +213,17 @@ parameters:
deployment not to fail. Used to catch deployment errors early.
Set this value to 0 to disable this check.
type: number
ContainerImageRegistryCredentials:
type: json
hidden: true
default: {}
description: |
Mapping of image registry hosts to login credentials. Must be in the following example format
docker.io:
username: pa55word
'192.0.2.1:8787':
registry_username: password
parameter_groups:
- label: deprecated
@ -239,6 +250,26 @@ conditions:
yaql:
data: {get_param: CephConfigOverrides}
expression: $.data.keys().any(predicate => $ in ['global', 'mon', 'mgr', 'osd', 'mds', 'client'])
ceph_authenticated_registry:
and:
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "").isEmpty()
- not:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns:
yaql:
expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*?)/(.*)').split($location)[1]
data: {get_param: ContainerCephDaemonImage}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "").isEmpty()
resources:
ContainerImageUrlParts:
@ -310,6 +341,23 @@ resources:
ceph_docker_registry: {get_attr: [ContainerImageUrlParts, value, host]}
ceph_docker_image: {get_attr: [ContainerImageUrlParts, value, image]}
ceph_docker_image_tag: {get_attr: [ContainerImageUrlParts, value, image_tag]}
ceph_docker_registry_auth:
if:
- ceph_authenticated_registry
- true
- false
ceph_docker_registry_username:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).keys().last(default => "")
ceph_docker_registry_password:
yaql:
data:
cred: {get_param: ContainerImageRegistryCredentials}
ns: {get_attr: [ContainerImageUrlParts, value, host]}
expression: let(c => $.data.cred) -> $c.get($.data.ns, {}).values().last(default => "")
public_network:
list_join:
- ','