Introduce docker_insecure_registries parameter
Introduce docker_insecure_registries that is an array of host/port combiniations of docker insecure registries. The default value will be the previous parameter that were hardcoded, but now we can easily override it in undercloud.conf. Note: the feature is already supported for the containerized undercloud but was only missing in instack-undercloud. This patch will be backported. Depends-On: I14fda3481ac88429648bed8edb2f4469b33be957 Change-Id: I402ebb80b1d755cdb0c3c28fd542121bc60cb144 Closes-Bug: #1767373
This commit is contained in:
parent
64c9d2e610
commit
2ee1ebfd34
|
@ -795,7 +795,7 @@ tripleo::profile::base::docker::docker_options: '--log-driver=journald --signatu
|
|||
tripleo::profile::base::docker::registry_mirror: {{DOCKER_REGISTRY_MIRROR}}
|
||||
{{/DOCKER_REGISTRY_MIRROR}}
|
||||
tripleo::profile::base::docker::debug: "%{hiera('debug')}"
|
||||
tripleo::profile::base::docker::insecure_registries: ['{{LOCAL_IP}}:8787','{{UNDERCLOUD_ADMIN_HOST}}:8787']
|
||||
tripleo::profile::base::docker::insecure_registries: {{DOCKER_INSECURE_REGISTRIES}}
|
||||
|
||||
# Keepalived
|
||||
tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}"
|
||||
|
|
|
@ -592,6 +592,13 @@ class TestGenerateEnvironment(BaseTestCase):
|
|||
self.assertEqual('http://foo/bar',
|
||||
env['DOCKER_REGISTRY_MIRROR'])
|
||||
|
||||
def test_docker_insecure_registries(self):
|
||||
self.conf.config(docker_insecure_registries=['http://foo/bar:8787'])
|
||||
env = undercloud._generate_environment('.')
|
||||
insecure_registries = json.loads(env['DOCKER_INSECURE_REGISTRIES'])
|
||||
# Spot check one service
|
||||
self.assertEqual(['http://foo/bar:8787'], insecure_registries)
|
||||
|
||||
def test_generate_endpoints(self):
|
||||
env = undercloud._generate_environment('.')
|
||||
endpoint_vars = {k: v for (k, v) in env.items()
|
||||
|
|
|
@ -353,6 +353,11 @@ _opts = [
|
|||
help=('Whether to enable docker container images to be build '
|
||||
'on the undercloud.')
|
||||
),
|
||||
cfg.ListOpt('docker_insecure_registries',
|
||||
default=[],
|
||||
help=('Array of host/port combiniations of docker insecure '
|
||||
'registries.')
|
||||
),
|
||||
cfg.StrOpt('ipa_otp',
|
||||
default='',
|
||||
help=('One Time Password to register Undercloud node with '
|
||||
|
@ -1437,12 +1442,21 @@ def _generate_environment(instack_root):
|
|||
|
||||
instack_env['SYSCTL_SETTINGS'] = _generate_sysctl_settings()
|
||||
|
||||
if CONF.docker_registry_mirror:
|
||||
instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
|
||||
|
||||
instack_env['PUBLIC_INTERFACE_IP'] = instack_env['LOCAL_IP']
|
||||
instack_env['LOCAL_IP'] = instack_env['LOCAL_IP'].split('/')[0]
|
||||
instack_env['LOCAL_IP_WRAPPED'] = _wrap_ipv6(instack_env['LOCAL_IP'])
|
||||
|
||||
if CONF.docker_registry_mirror:
|
||||
instack_env['DOCKER_REGISTRY_MIRROR'] = CONF.docker_registry_mirror
|
||||
if CONF.docker_insecure_registries:
|
||||
instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
|
||||
CONF.docker_insecure_registries)
|
||||
else:
|
||||
# For backward compatibility with previous defaults
|
||||
instack_env['DOCKER_INSECURE_REGISTRIES'] = json.dumps(
|
||||
[instack_env['LOCAL_IP'] + ':' + '8787',
|
||||
CONF.undercloud_admin_host + ':' + '8787'])
|
||||
|
||||
# We're not in a chroot so this doesn't make sense, and it causes weird
|
||||
# errors if it's set.
|
||||
if instack_env.get('DIB_YUM_REPO_CONF'):
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Introduce docker_insecure_registries that is an array of host/port
|
||||
combiniations of docker insecure registries. The default value will
|
||||
be the previous parameter that were hardcoded, but now we can easily
|
||||
override it in undercloud.conf.
|
|
@ -120,8 +120,9 @@
|
|||
|
||||
# Path to network config override template. If set, this template will
|
||||
# be used to configure the networking via os-net-config. Must be in
|
||||
# json format. If you wish to disable os-net-config you can use an
|
||||
# set this location to point to an empty file.
|
||||
# json format. Templated tags can be used within the template, see
|
||||
# instack-undercloud/elements/undercloud-stack-config/net-
|
||||
# config.json.template for example tags (string value)
|
||||
#net_config_override =
|
||||
|
||||
# Network interface on which inspection dnsmasq will listen. If in
|
||||
|
@ -187,6 +188,10 @@
|
|||
# undercloud. (boolean value)
|
||||
#enable_container_images_build = true
|
||||
|
||||
# Array of host/port combiniations of docker insecure registries.
|
||||
# (string value)
|
||||
#docker_insecure_registries =
|
||||
|
||||
# One Time Password to register Undercloud node with an IPA server.
|
||||
# Required when enable_novajoin = True. (string value)
|
||||
#ipa_otp =
|
||||
|
|
Loading…
Reference in New Issue