Update containerd registry.local configuration
As part of bootstrap, k8s.gcr.io/pause:3.2 is pulled via crictl from registry.local with explicitly provided credentials. If this image is manually removed or removed due to garbage collection, containerd is unable to pull it from registry.local. Lookup the registry credentials so that they can be applied to the registry.local auth configuration in containerd's config.toml. This will allow containerd pull access when needed. Change-Id: I5095abbe44c4e9bab36726a336654284482e44b4 Depends-On: https://review.opendev.org/#/c/733941/ Closes-Bug: #1881353 Signed-off-by: Robert Church <robert.church@windriver.com>
This commit is contained in:
parent
28a4cc50ab
commit
d9f0a9896f
|
@ -88,6 +88,29 @@
|
|||
environment:
|
||||
CNI_BIN_DIR: "{{ kubelet_cni_bin_dir }}"
|
||||
|
||||
- name: Get local registry credentials
|
||||
vars:
|
||||
script_content: |
|
||||
import keyring
|
||||
password = keyring.get_password("CGCS", "admin")
|
||||
if not password:
|
||||
raise Exception("Local registry password not found.")
|
||||
print dict(username='admin', password=str(password))
|
||||
shell: "{{ script_content }}"
|
||||
args:
|
||||
executable: /usr/bin/python
|
||||
register: local_registry_credentials_output
|
||||
|
||||
- set_fact:
|
||||
local_registry_credentials: "{{ local_registry_credentials_output.stdout }}"
|
||||
|
||||
- name: Update config.toml with registry auth
|
||||
command: "sed -i -e 's|<%= @registry_auth %>|$REG_AUTH|g' /etc/containerd/config.toml"
|
||||
args:
|
||||
warn: false
|
||||
environment:
|
||||
REG_AUTH: "{{ (local_registry_credentials['username'] + ':' + local_registry_credentials['password']) | b64encode }}"
|
||||
|
||||
- name: Determine the stream_server_address for containerd
|
||||
set_fact:
|
||||
stream_server_address: "{{ '127.0.0.1' if ipv6_addressing == False else '::1' }}"
|
||||
|
|
|
@ -134,21 +134,24 @@
|
|||
when: item.username is defined
|
||||
no_log: true
|
||||
|
||||
- name: Get local registry credentials
|
||||
vars:
|
||||
script_content: |
|
||||
import keyring
|
||||
password = keyring.get_password("CGCS", "admin")
|
||||
if not password:
|
||||
raise Exception("Local registry password not found.")
|
||||
print dict(username='admin', password=str(password))
|
||||
shell: "{{ script_content }}"
|
||||
args:
|
||||
executable: /usr/bin/python
|
||||
register: local_registry_credentials_output
|
||||
# Retrieve local registry credentials unless it has been already
|
||||
- block:
|
||||
- name: Get local registry credentials
|
||||
vars:
|
||||
script_content: |
|
||||
import keyring
|
||||
password = keyring.get_password("CGCS", "admin")
|
||||
if not password:
|
||||
raise Exception("Local registry password not found.")
|
||||
print dict(username='admin', password=str(password))
|
||||
shell: "{{ script_content }}"
|
||||
args:
|
||||
executable: /usr/bin/python
|
||||
register: local_registry_credentials_output
|
||||
|
||||
- set_fact:
|
||||
local_registry_credentials: "{{ local_registry_credentials_output.stdout }}"
|
||||
- set_fact:
|
||||
local_registry_credentials: "{{ local_registry_credentials_output.stdout }}"
|
||||
when: local_registry_credentials is not defined
|
||||
|
||||
- name: Download images and push to local registry
|
||||
script: download_images.py {{ download_images }}
|
||||
|
|
Loading…
Reference in New Issue