Rocky: enable container auth support

Squash of adding container enginene support and the subsequent fix 1) Add container engine authentication support See I98a527f363056767fea45ab4828ae61c01de20ca. This is only the docker support as podman was added in Stein 2) Convert the heat json format to a py dict This change converts a heat json format option to a py dict within a jinja expresion. Closes-Bug: #1835657 Related-Bug: #1833584 Change-Id: I4b44214cd7007dc31ad5f4e0a0d7a3a531a9f20e Signed-off-by: Kevin Carter <kecarter@redhat.com> (cherry picked from commit 6e07f2a767) (cherry picked from commit d6bd20d5b4)
2019-07-10 10:46:25 -04:00 · 2019-07-10 10:46:25 -04:00 · 59e4b8140a
parent 6311584c5a
commit 59e4b8140a
2 changed files with 41 additions and 0 deletions
--- a/puppet/services/docker.yaml
+++ b/puppet/services/docker.yaml
@ -74,6 +74,23 @@ parameters:
    description: Flag to disable docker reconfiguration during stack update.
    tags:
      - role_specific
+  ContainerImageRegistryLogin:
+    type: boolean
+    default: false
+    description: Flag to enable container registry login actions during the deployment.
+                 Setting this to true will cause login calls to be performed during the
+                 deployment.
+  ContainerImageRegistryCredentials:
+    type: json
+    hidden: true
+    default: {}
+    description: |
+      Mapping of image registry hosts to login credentials. Must be in the following example format
+
+        docker.io:
+          username: pa55word
+        '192.0.2.1:8787':
+          registry_username: password

 resources:
  # Merging role-specific parameters (RoleParameters) with the default parameters.
@ -122,9 +139,23 @@ outputs:
              container_registry_mirror: {get_param: DockerRegistryMirror}
              container_registry_network_options: {get_param: DockerNetworkOptions}
              container_registry_skip_reconfiguration: {get_attr: [RoleParametersValue, value, DockerSkipUpdateReconfiguration]}
+              container_registry_login: {get_param: ContainerImageRegistryLogin}
+              # default that is overwritten by the heat -> dict conversion
+              container_registry_logins: {}
+              container_registry_logins_json: {get_param: ContainerImageRegistryCredentials}
+          - name: Convert logins json to dict
+            set_fact:
+              container_registry_logins: "{{ container_registry_logins_json | from_json }}"
+            when:
+              - container_registry_login | bool
+              - (container_registry_logins_json | length) > 0
          - include_role:
              name: container-registry
              tasks_from: docker
+          - include_role:
+              name: container-registry
+              tasks_from: docker-login
+            when: container_registry_login|bool
      service_config_settings:
        neutron_l3:
          docker_additional_sockets: {get_param: DockerAdditionalSockets}
--- a/releasenotes/notes/add-container-registry-login-08d6a87586c84a99.yaml
+++ b/releasenotes/notes/add-container-registry-login-08d6a87586c84a99.yaml
@ -0,0 +1,10 @@
+---
+features:
+  - |
+    `ContainerImageRegistryLogin` has been added to indicate if login calls
+    should be issued by the container engine on deployment. The default is
+    set to `false`.
+  - |
+    Values specified in `ContainerImageRegistryCredentials` will now be used to
+    issue a login call when deploying the container engine on the hosts if
+    `ContainerImageRegistryLogin` is set to `true`