From: David Galloway Date: Fri, 8 Jan 2021 16:30:34 +0000 (-0500) Subject: container-host: Install mirror cert in both podman and docker paths X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F602%2Fhead;p=ceph-cm-ansible.git container-host: Install mirror cert in both podman and docker paths Fixes: https://tracker.ceph.com/issues/48715 Signed-off-by: David Galloway --- diff --git a/roles/container-host/README.rst b/roles/container-host/README.rst index aa0b247..b7611cb 100644 --- a/roles/container-host/README.rst +++ b/roles/container-host/README.rst @@ -11,7 +11,7 @@ Variables ``container_packages: []`` is the list of container packages to install. We default to podman on RedHat based distros and docker.io on Debian-based distros. -The following variables are used to optionally configure a docker.io mirror CA certificate. The role will use ``/etc/containers/certs.d`` if ``podman`` is installed and ``/etc/docker/certs.d`` if ``docker`` is installed.:: +The following variables are used to optionally configure a docker.io mirror CA certificate. The role will install the certificate in both ``/etc/containers/certs.d`` (for podman) and ``/etc/docker/certs.d`` (for docker).:: # Defined in all.yml in secrets repo container_mirror: docker-mirror.front.sepia.ceph.com:5000 @@ -22,9 +22,6 @@ The following variables are used to optionally configure a docker.io mirror CA c ... -----END CERTIFICATE----- - # Automatically determined in roles/container-host/tasks/main.yml - container_mirror_cert_path: "/etc/docker/certs.d/{{ container_mirror }}" - Tags ++++ diff --git a/roles/container-host/tasks/container_mirror.yml b/roles/container-host/tasks/container_mirror.yml index 699c006..254e21c 100644 --- a/roles/container-host/tasks/container_mirror.yml +++ b/roles/container-host/tasks/container_mirror.yml @@ -1,13 +1,15 @@ --- -- name: "Create {{ container_mirror_cert_path }}" +- name: "Create container_mirror_cert_paths" file: - path: "{{ container_mirror_cert_path }}" + path: "{{ item }}" state: directory + with_items: "{{ container_mirror_cert_paths }}" - name: "Copy {{ container_mirror }} self-signed cert" copy: - dest: "{{ container_mirror_cert_path }}/docker-mirror.crt" + dest: "{{ item }}/docker-mirror.crt" content: "{{ container_mirror_cert }}" + with_items: "{{ container_mirror_cert_paths }}" - name: Install registries-conf-ctl pip: diff --git a/roles/container-host/tasks/main.yml b/roles/container-host/tasks/main.yml index aac2ad6..03ed807 100644 --- a/roles/container-host/tasks/main.yml +++ b/roles/container-host/tasks/main.yml @@ -21,7 +21,6 @@ when: container_packages|length > 0 - set_fact: - container_mirror_cert_path: "/etc/containers/certs.d/{{ container_mirror }}" container_service_conf: "/etc/containers/registries.conf" when: - "'podman' in container_packages" @@ -29,7 +28,6 @@ - container-mirror - set_fact: - container_mirror_cert_path: "/etc/docker/certs.d/{{ container_mirror }}" container_service_conf: "/etc/docker/daemon.json" when: - "'docker.io' in container_packages" @@ -41,6 +39,5 @@ when: - container_mirror is defined - container_mirror_cert is defined - - container_mirror_cert_path is defined tags: - container-mirror diff --git a/roles/container-host/vars/main.yml b/roles/container-host/vars/main.yml new file mode 100644 index 0000000..e84dc53 --- /dev/null +++ b/roles/container-host/vars/main.yml @@ -0,0 +1,4 @@ +--- +container_mirror_cert_paths: + - "/etc/docker/certs.d/{{ container_mirror }}" + - "/etc/containers/certs.d/{{ container_mirror }}"