From b73b0b8a4df78058ef3cc81657f192a4d16a1a52 Mon Sep 17 00:00:00 2001 From: Kevin TIBI Date: Fri, 10 Nov 2017 14:25:37 +0000 Subject: [PATCH] add CA conf for private registry --- ansible/group_vars/all/docker | 6 ++++++ ansible/roles/docker/defaults/main.yml | 6 ++++++ ansible/roles/docker/handlers/main.yml | 6 ++++++ ansible/roles/docker/tasks/config.yml | 8 ++++++++ etc/kayobe/docker.yml | 6 ++++++ 5 files changed, 32 insertions(+) diff --git a/ansible/group_vars/all/docker b/ansible/group_vars/all/docker index 508902319..567d4f2e0 100644 --- a/ansible/group_vars/all/docker +++ b/ansible/group_vars/all/docker @@ -17,3 +17,9 @@ docker_storage_volume_thinpool_meta: docker-thinpoolmeta # Size of the docker storage metadata LVM volume (see lvol module size # argument). docker_storage_volume_thinpool_meta_size: 1%VG + +# URL of docker registry +docker_registry: + +# CA of docker registry +docker_registry_ca: diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml index dded0133d..bf7b7a3fb 100644 --- a/ansible/roles/docker/defaults/main.yml +++ b/ansible/roles/docker/defaults/main.yml @@ -25,5 +25,11 @@ docker_storage_thinpool_autoextend_threshold: 80 # Percentage by which to extend thin-provisioned docker storage volumes. docker_storage_thinpool_autoextend_percent: 20 +# URL of docker registry +docker_registry: + +# CA of docker registry +docker_registry_ca: + # MTU to pass through to containers not using net=host docker_daemon_mtu: 1500 diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml index de4135375..8a285ad69 100644 --- a/ansible/roles/docker/handlers/main.yml +++ b/ansible/roles/docker/handlers/main.yml @@ -4,3 +4,9 @@ name: docker state: restarted become: True + +- name: reload docker service + service: + name: docker + state: reloaded + become: True diff --git a/ansible/roles/docker/tasks/config.yml b/ansible/roles/docker/tasks/config.yml index af3704bda..12032cca0 100644 --- a/ansible/roles/docker/tasks/config.yml +++ b/ansible/roles/docker/tasks/config.yml @@ -5,3 +5,11 @@ dest: /etc/docker/daemon.json become: True notify: restart docker service + +- name: Ensure the CA file for private registry exists + copy: + src: "{{ docker_registry_ca }}" + dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt" + become: True + when: docker_registry is not none and docker_registry_ca is not none + notify: reload docker service diff --git a/etc/kayobe/docker.yml b/etc/kayobe/docker.yml index abc07a7cc..6f92d0121 100644 --- a/etc/kayobe/docker.yml +++ b/etc/kayobe/docker.yml @@ -22,6 +22,12 @@ # argument). #docker_storage_volume_thinpool_meta_size: +# URL of docker registry +#docker_registry: + +# CA of docker registry +#docker_registry_ca: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes