aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJiri Stransky <jistr@redhat.com>2017-08-10 18:16:46 +0200
committerJiri Stransky <jistr@redhat.com>2017-08-17 16:55:50 +0200
commit8c39646bc2822181bd2f60aa9ae5fffef496698e (patch)
tree98123072276d3d0db756007d76b804f7a5ec2133
parent4600841dbcc0ee970256a6e2f35056c3e624bf98 (diff)
Allow configuring multiple insecure registries
If we're using local registries, we may want to use different registries e.g. for Ceph and for OpenStack. We allow multiple registries in general for this purpose, and we should also allow it in the insecure registry configuration. Change-Id: I5cddd20a123a85516577bde1b793a30d43171285 Related-Bug: #1709310
-rw-r--r--manifests/profile/base/docker.pp24
-rw-r--r--spec/classes/tripleo_profile_base_docker_spec.rb13
2 files changed, 31 insertions, 6 deletions
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index d230366..8cb4cdd 100644
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -19,10 +19,11 @@
#
# === Parameters
#
-# [*insecure_registry_address*]
-# The host/port combiniation of the insecure registry. This is used to configure
-# /etc/sysconfig/docker so that a local (insecure) registry can be accessed.
-# Example: 127.0.0.1:8787 (defaults to unset)
+# [*insecure_registries*]
+# An array of host/port combiniations of insecure registries. This is used to configure
+# /etc/sysconfig/docker so that local (insecure) registries can be accessed.
+# Example: ['127.0.0.1:8787']
+# (defaults to unset)
#
# [*registry_mirror*]
# Configure a registry-mirror in the /etc/docker/daemon.json file.
@@ -45,6 +46,11 @@
#
# DEPRECATED PARAMETERS
#
+# [*insecure_registry_address*]
+# DEPRECATED: The host/port combiniation of the insecure registry. This is used to configure
+# /etc/sysconfig/docker so that a local (insecure) registry can be accessed.
+# Example: 127.0.0.1:8787 (defaults to unset)
+#
# [*docker_namespace*]
# DEPRECATED: The namespace to be used when setting INSECURE_REGISTRY
# this will be split on "/" to derive the docker registry
@@ -55,13 +61,14 @@
# is enabled (defaults to false)
#
class tripleo::profile::base::docker (
- $insecure_registry_address = undef,
+ $insecure_registries = undef,
$registry_mirror = false,
$docker_options = '--log-driver=journald --signature-verification=false --iptables=false',
$configure_storage = true,
$storage_options = '-s overlay2',
$step = Integer(hiera('step')),
# DEPRECATED PARAMETERS
+ $insecure_registry_address = undef,
$docker_namespace = undef,
$insecure_registry = false,
) {
@@ -92,14 +99,19 @@ class tripleo::profile::base::docker (
}
if $insecure_registry {
- warning('The $insecure_registry and $docker_namespace are deprecated. Use $insecure_registry_address instead.')
+ warning('The $insecure_registry and $docker_namespace are deprecated. Use $insecure_registries instead.')
if $docker_namespace == undef {
fail('You must provide a $docker_namespace in order to configure insecure registry')
}
$namespace = strip($docker_namespace.split('/')[0])
$registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'" ]
} elsif $insecure_registry_address {
+ warning('The $insecure_registry_address parameter is deprecated. Use $insecure_registries instead.')
$registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${insecure_registry_address}\"'" ]
+ } elsif $insecure_registries {
+ $registry_changes = [ join(['set INSECURE_REGISTRY \'"--insecure-registry ',
+ join($insecure_registries, ' --insecure-registry '),
+ '"\''], '') ]
} else {
$registry_changes = [ 'rm INSECURE_REGISTRY' ]
}
diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
index 2a15362..146d784 100644
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -50,6 +50,19 @@ describe 'tripleo::profile::base::docker' do
}
end
+ context 'with step 1 and insecure_registries configured' do
+ let(:params) { {
+ :insecure_registries => ['foo:8787', 'bar'],
+ :step => 1,
+ } }
+
+ it {
+ is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([
+ "set INSECURE_REGISTRY '\"--insecure-registry foo:8787 --insecure-registry bar\"'",
+ ])
+ }
+ end
+
context 'with step 1 and insecure_registry configured but no docker_namespace' do
let(:params) { {
:insecure_registry => true,