Switch to podman_image module
By default the podman_image module has validate_certs enabled which forces the --tls-verify flag. This prevents *any* insecure registry from working. This is different from the default mechanism where SSL registries are required unless explicitly defined in the insecure registries list in /etc/containers/registries.conf. The undercloud is an insecure registry so we don't want to force --tls-verify. Change-Id: I47221977ceeddcfa8e2d3da719692ffe87379ac4
This commit is contained in:
parent
24fb2e3f5e
commit
bbee30c907
|
@ -137,10 +137,18 @@ outputs:
|
|||
- when:
|
||||
- (step|int) == 1
|
||||
block:
|
||||
# TODO(mwhahaha): figure out the bug in podman_image
|
||||
# NOTE(mwhahaha): validate_certs is a misnomer because what it
|
||||
# actually does is enable the --tls-verify flag which forces
|
||||
# registries to only be over HTTPS. By default, podman will only
|
||||
# use HTTPS registries but has a way to configure specific insecure
|
||||
# and non-HTTPS registries. The --tls-verify flag prevents this
|
||||
# fallback from functioning. We rely on this fallback for the
|
||||
# undercloud registry.
|
||||
- name: Pre-fetch all the containers
|
||||
become: true
|
||||
shell: podman pull "{{ container_image }}"
|
||||
podman_image:
|
||||
name: "{{ container_image }}"
|
||||
validate_certs: false
|
||||
loop_control:
|
||||
loop_var: container_image
|
||||
loop: "{{ lookup('file', tripleo_role_name + '/docker_config.yaml', errors='ignore') | default('{}', True) | from_yaml | recursive_get_key_from_dict(key='image') | unique }}"
|
||||
|
|
Loading…
Reference in New Issue