From e3e450650b4ddfaeeb8539e031be59dbb3b1f884 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Evrard <jean-philippe@evrard.me>
Date: Tue, 11 Dec 2018 21:20:41 +0100
Subject: [PATCH] Add docker insecure registries feature

This allows projects to configure insecure registries.
It's especially useful when building/pushing images locally.

Change-Id: I52220b3972f1703f09759f9886176a02b03fb2c5
---
 roles/install-docker/README.rst               | 7 +++++++
 roles/install-docker/templates/daemon.json.j2 | 1 +
 2 files changed, 8 insertions(+)

diff --git a/roles/install-docker/README.rst b/roles/install-docker/README.rst
index 7d540a20e..e820cb1e8 100644
--- a/roles/install-docker/README.rst
+++ b/roles/install-docker/README.rst
@@ -32,3 +32,10 @@ An ansible role to install docker and configure it to use mirrors if available.
    Undefined will install the latest.  This will look something like
    ``18.06.1~ce~3-0~ubuntu``.  Only supported when using upstream
    docker repos.
+
+.. zuul:rolevar:: docker_insecure_registries
+   :default: undefined
+
+   Declare this with a list of insecure registries to define the
+   registries which are allowed to communicate with HTTP only or
+   HTTPS with no valid certificate.
diff --git a/roles/install-docker/templates/daemon.json.j2 b/roles/install-docker/templates/daemon.json.j2
index 1e6f15870..252081880 100644
--- a/roles/install-docker/templates/daemon.json.j2
+++ b/roles/install-docker/templates/daemon.json.j2
@@ -1,3 +1,4 @@
 {
+  {% if docker_insecure_registries is defined -%}"insecure-registries": {{ docker_insecure_registries | to_json }},{% endif %}
   "registry-mirrors": ["{{ docker_mirror }}"]
 }