From eaab7d2c08a9fce1ac32821f14ccef046049305d Mon Sep 17 00:00:00 2001
From: Jerry Sun <jerry.sun@windriver.com>
Date: Mon, 17 Dec 2018 16:13:23 -0500
Subject: [PATCH] Docker Registry Can't Deploy On Workers

The flag marking the registry as "insecure" is missing on the computes.
This creates certificate issues and fails deployments on computes when
using images from the local Docker registry. This commit adds the
"insecure" flag to mark the registry as insecure on the compute nodes.
This will go away once proper authentication is implemented for
Docker registry.

Story: 2004520
Task: 28312

Change-Id: Ib8d9fad435eda85e1eaebc5fd71b0ff3d60f3dd8
Signed-off-by: Jerry Sun <jerry.sun@windriver.com>
---
 puppet-manifests/src/manifests/worker.pp      |  1 +
 .../platform/manifests/dockerdistribution.pp  | 29 +++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/puppet-manifests/src/manifests/worker.pp b/puppet-manifests/src/manifests/worker.pp
index 57b3a33587..daac8854a3 100644
--- a/puppet-manifests/src/manifests/worker.pp
+++ b/puppet-manifests/src/manifests/worker.pp
@@ -32,6 +32,7 @@ include ::platform::grub
 include ::platform::collectd
 include ::platform::filesystem::compute
 include ::platform::docker
+include ::platform::dockerdistribution::compute
 include ::platform::kubernetes::worker
 include ::platform::multipath
 include ::platform::client
diff --git a/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp b/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
index b330c37bff..bd6dc1d4d3 100644
--- a/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
+++ b/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
@@ -44,6 +44,35 @@ class platform::dockerdistribution::config
   }
 }
 
+# compute also needs the "insecure" flag in order to deploy images from
+# the registry. This will go away when proper authentication is implemented
+class platform::dockerdistribution::compute
+  inherits ::platform::dockerdistribution::params {
+  include ::platform::kubernetes::params
+  $enabled = $::platform::kubernetes::params::enabled
+  if $enabled {
+    include ::platform::network::mgmt::params
+
+    $docker_registry_ip = $::platform::network::mgmt::params::controller_address
+
+    # currently docker registry is running insecure mode
+    # when proper authentication is implemented, this would go away
+    file { "/etc/docker":
+      ensure  => 'directory',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0700',
+    } ->
+    file { "/etc/docker/daemon.json":
+      ensure  => present,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => template('platform/insecuredockerregistry.conf.erb'),
+    }
+  }
+}
+
 class platform::dockerdistribution
   inherits ::platform::dockerdistribution::params {