From 8c39646bc2822181bd2f60aa9ae5fffef496698e Mon Sep 17 00:00:00 2001 From: Jiri Stransky Date: Thu, 10 Aug 2017 18:16:46 +0200 Subject: Allow configuring multiple insecure registries If we're using local registries, we may want to use different registries e.g. for Ceph and for OpenStack. We allow multiple registries in general for this purpose, and we should also allow it in the insecure registry configuration. Change-Id: I5cddd20a123a85516577bde1b793a30d43171285 Related-Bug: #1709310 --- manifests/profile/base/docker.pp | 24 ++++++++++++++++++------ spec/classes/tripleo_profile_base_docker_spec.rb | 13 +++++++++++++ 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index d230366..8cb4cdd 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -19,10 +19,11 @@ # # === Parameters # -# [*insecure_registry_address*] -# The host/port combiniation of the insecure registry. This is used to configure -# /etc/sysconfig/docker so that a local (insecure) registry can be accessed. -# Example: 127.0.0.1:8787 (defaults to unset) +# [*insecure_registries*] +# An array of host/port combiniations of insecure registries. This is used to configure +# /etc/sysconfig/docker so that local (insecure) registries can be accessed. +# Example: ['127.0.0.1:8787'] +# (defaults to unset) # # [*registry_mirror*] # Configure a registry-mirror in the /etc/docker/daemon.json file. @@ -45,6 +46,11 @@ # # DEPRECATED PARAMETERS # +# [*insecure_registry_address*] +# DEPRECATED: The host/port combiniation of the insecure registry. This is used to configure +# /etc/sysconfig/docker so that a local (insecure) registry can be accessed. +# Example: 127.0.0.1:8787 (defaults to unset) +# # [*docker_namespace*] # DEPRECATED: The namespace to be used when setting INSECURE_REGISTRY # this will be split on "/" to derive the docker registry @@ -55,13 +61,14 @@ # is enabled (defaults to false) # class tripleo::profile::base::docker ( - $insecure_registry_address = undef, + $insecure_registries = undef, $registry_mirror = false, $docker_options = '--log-driver=journald --signature-verification=false --iptables=false', $configure_storage = true, $storage_options = '-s overlay2', $step = Integer(hiera('step')), # DEPRECATED PARAMETERS + $insecure_registry_address = undef, $docker_namespace = undef, $insecure_registry = false, ) { @@ -92,14 +99,19 @@ class tripleo::profile::base::docker ( } if $insecure_registry { - warning('The $insecure_registry and $docker_namespace are deprecated. Use $insecure_registry_address instead.') + warning('The $insecure_registry and $docker_namespace are deprecated. Use $insecure_registries instead.') if $docker_namespace == undef { fail('You must provide a $docker_namespace in order to configure insecure registry') } $namespace = strip($docker_namespace.split('/')[0]) $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'" ] } elsif $insecure_registry_address { + warning('The $insecure_registry_address parameter is deprecated. Use $insecure_registries instead.') $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${insecure_registry_address}\"'" ] + } elsif $insecure_registries { + $registry_changes = [ join(['set INSECURE_REGISTRY \'"--insecure-registry ', + join($insecure_registries, ' --insecure-registry '), + '"\''], '') ] } else { $registry_changes = [ 'rm INSECURE_REGISTRY' ] } diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb index 2a15362..146d784 100644 --- a/spec/classes/tripleo_profile_base_docker_spec.rb +++ b/spec/classes/tripleo_profile_base_docker_spec.rb @@ -50,6 +50,19 @@ describe 'tripleo::profile::base::docker' do } end + context 'with step 1 and insecure_registries configured' do + let(:params) { { + :insecure_registries => ['foo:8787', 'bar'], + :step => 1, + } } + + it { + is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([ + "set INSECURE_REGISTRY '\"--insecure-registry foo:8787 --insecure-registry bar\"'", + ]) + } + end + context 'with step 1 and insecure_registry configured but no docker_namespace' do let(:params) { { :insecure_registry => true, -- cgit 1.2.3-korg