summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEmilien Macchi <emilien@redhat.com>2018-04-27 13:58:47 -0700
committerEmilien Macchi <emilien@redhat.com>2018-04-28 21:59:56 +0000
commit2ee1ebfd34d72a91311ed7683c272b070fde61ea (patch)
treedc9b1a36b51269f5de8dd1f4733c529948d72887
parent64c9d2e61019f80e626bf8345f294900cd489c7c (diff)
Introduce docker_insecure_registries parameter
Introduce docker_insecure_registries that is an array of host/port combiniations of docker insecure registries. The default value will be the previous parameter that were hardcoded, but now we can easily override it in undercloud.conf. Note: the feature is already supported for the containerized undercloud but was only missing in instack-undercloud. This patch will be backported. Depends-On: I14fda3481ac88429648bed8edb2f4469b33be957 Change-Id: I402ebb80b1d755cdb0c3c28fd542121bc60cb144 Closes-Bug: #1767373
Notes
Notes (review): Verified+1: RDO Third Party CI <dmsimard+rdothirdparty@redhat.com> Code-Review+2: Bogdan Dobrelya <bdobreli@redhat.com> Code-Review+2: Alex Schultz <aschultz@redhat.com> Workflow+1: Alex Schultz <aschultz@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 01 May 2018 12:25:43 +0000 Reviewed-on: https://review.openstack.org/564885 Project: openstack/instack-undercloud Branch: refs/heads/master
-rw-r--r--elements/puppet-stack-config/puppet-stack-config.yaml.template2
-rw-r--r--instack_undercloud/tests/test_undercloud.py7
-rw-r--r--instack_undercloud/undercloud.py20
-rw-r--r--releasenotes/notes/insecure_registries-58ffd10f75112b31.yaml7
-rw-r--r--undercloud.conf.sample9
5 files changed, 39 insertions, 6 deletions
diff --git a/elements/puppet-stack-config/puppet-stack-config.yaml.template b/elements/puppet-stack-config/puppet-stack-config.yaml.template
index a9a3744..591c2ba 100644
--- a/elements/puppet-stack-config/puppet-stack-config.yaml.template
+++ b/elements/puppet-stack-config/puppet-stack-config.yaml.template
@@ -795,7 +795,7 @@ tripleo::profile::base::docker::docker_options: '--log-driver=journald --signatu
795tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}} 795tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
796{{/DOCKER_REGISTRY_MIRROR}} 796{{/DOCKER_REGISTRY_MIRROR}}
797tripleo::profile::base::docker::debug: "%{hiera('debug')}" 797tripleo::profile::base::docker::debug: "%{hiera('debug')}"
798tripleo::profile::base::docker::insecure_registries: ['{{LOCAL_IP}}:8787','{{UNDERCLOUD_ADMIN_HOST}}:8787'] 798tripleo::profile::base::docker::insecure_registries: {{DOCKER_INSECURE_REGISTRIES}}
799 799
800# Keepalived 800# Keepalived
801tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}" 801tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
diff --git a/instack_undercloud/tests/test_undercloud.py b/instack_undercloud/tests/test_undercloud.py
index f163c41..d4ae4d3 100644
--- a/instack_undercloud/tests/test_undercloud.py
+++ b/instack_undercloud/tests/test_undercloud.py
@@ -592,6 +592,13 @@ class TestGenerateEnvironment(BaseTestCase):
592 self.assertEqual('http://foo/bar', 592 self.assertEqual('http://foo/bar',
593 env['DOCKER_REGISTRY_MIRROR']) 593 env['DOCKER_REGISTRY_MIRROR'])
594 594
595 def test_docker_insecure_registries(self):
596 self.conf.config(docker_insecure_registries=['http://foo/bar:8787'])
597 env = undercloud._generate_environment('.')
598 insecure_registries = json.loads(env['DOCKER_INSECURE_REGISTRIES'])
599 # Spot check one service
600 self.assertEqual(['http://foo/bar:8787'], insecure_registries)
601
595 def test_generate_endpoints(self): 602 def test_generate_endpoints(self):
596 env = undercloud._generate_environment('.') 603 env = undercloud._generate_environment('.')
597 endpoint_vars = {k: v for (k, v) in env.items() 604 endpoint_vars = {k: v for (k, v) in env.items()
diff --git a/instack_undercloud/undercloud.py b/instack_undercloud/undercloud.py
index aad7006..bd72ebc 100644
--- a/instack_undercloud/undercloud.py
+++ b/instack_undercloud/undercloud.py
@@ -353,6 +353,11 @@ _opts = [
353 help=('Whether to enable docker container images to be build ' 353 help=('Whether to enable docker container images to be build '
354 'on the undercloud.') 354 'on the undercloud.')
355 ), 355 ),
356 cfg.ListOpt('docker_insecure_registries',
357 default=[],
358 help=('Array of host/port combiniations of docker insecure '
359 'registries.')
360 ),
356 cfg.StrOpt('ipa_otp', 361 cfg.StrOpt('ipa_otp',
357 default='', 362 default='',
358 help=('One Time Password to register Undercloud node with ' 363 help=('One Time Password to register Undercloud node with '
@@ -1437,12 +1442,21 @@ def _generate_environment(instack_root):
1437 1442
1438 instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings() 1443 instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()
1439 1444
1440 if CONF.docker_registry_mirror:
1441 instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
1442
1443 instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP'] 1445 instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP']
1444 instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0] 1446 instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0]
1445 instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP']) 1447 instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP'])
1448
1449 if CONF.docker_registry_mirror:
1450 instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
1451 if CONF.docker_insecure_registries:
1452 instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
1453 CONF.docker_insecure_registries)
1454 else:
1455 # For backward compatibility with previous defaults
1456 instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
1457 [instack_env['LOCAL_IP'] + ':' + '8787',
1458 CONF.undercloud_admin_host + ':' + '8787'])
1459
1446 # We're not in a chroot so this doesn't make sense, and it causes weird 1460 # We're not in a chroot so this doesn't make sense, and it causes weird
1447 # errors if it's set. 1461 # errors if it's set.
1448 if instack_env.get('DIB_YUM_REPO_CONF'): 1462 if instack_env.get('DIB_YUM_REPO_CONF'):
diff --git a/releasenotes/notes/insecure_registries-58ffd10f75112b31.yaml b/releasenotes/notes/insecure_registries-58ffd10f75112b31.yaml
new file mode 100644
index 0000000..f111b55
--- /dev/null
+++ b/releasenotes/notes/insecure_registries-58ffd10f75112b31.yaml
@@ -0,0 +1,7 @@
1---
2features:
3 - |
4 Introduce docker_insecure_registries that is an array of host/port
5 combiniations of docker insecure registries. The default value will
6 be the previous parameter that were hardcoded, but now we can easily
7 override it in undercloud.conf.
diff --git a/undercloud.conf.sample b/undercloud.conf.sample
index 9696746..e549341 100644
--- a/undercloud.conf.sample
+++ b/undercloud.conf.sample
@@ -120,8 +120,9 @@
120 120
121# Path to network config override template. If set, this template will 121# Path to network config override template. If set, this template will
122# be used to configure the networking via os-net-config. Must be in 122# be used to configure the networking via os-net-config. Must be in
123# json format. If you wish to disable os-net-config you can use an 123# json format. Templated tags can be used within the template, see
124# set this location to point to an empty file. 124# instack-undercloud/elements/undercloud-stack-config/net-
125# config.json.template for example tags (string value)
125#net_config_override = 126#net_config_override =
126 127
127# Network interface on which inspection dnsmasq will listen. If in 128# Network interface on which inspection dnsmasq will listen. If in
@@ -187,6 +188,10 @@
187# undercloud. (boolean value) 188# undercloud. (boolean value)
188#enable_container_images_build = true 189#enable_container_images_build = true
189 190
191# Array of host/port combiniations of docker insecure registries.
192# (string value)
193#docker_insecure_registries =
194
190# One Time Password to register Undercloud node with an IPA server. 195# One Time Password to register Undercloud node with an IPA server.
191# Required when enable_novajoin = True. (string value) 196# Required when enable_novajoin = True. (string value)
192#ipa_otp = 197#ipa_otp =