From 796fb9424fcbcd73faf103537055a44479a74a0c Mon Sep 17 00:00:00 2001
From: Zack Cerza <zack@redhat.com>
Date: Thu, 20 Jun 2019 14:52:33 -0600
Subject: [PATCH] Allow skipping image verification

For the prometheus and grafana containers, in some specific
circumstances it's desirable to skip verification of the container
image. Allow passing that value in via group_vars.

Resolves: rhbz#1636136
Signed-off-by: Zack Cerza <zack@redhat.com>
---
 ansible/roles/ceph-grafana/defaults/main.yml            | 1 +
 ansible/roles/ceph-grafana/tasks/setup_container.yml    | 1 +
 ansible/roles/ceph-prometheus/defaults/main.yml         | 1 +
 ansible/roles/ceph-prometheus/tasks/setup_container.yml | 1 +
 4 files changed, 4 insertions(+)

diff --git a/ansible/roles/ceph-grafana/defaults/main.yml b/ansible/roles/ceph-grafana/defaults/main.yml
index ed5f5e5..6eb03f5 100644
--- a/ansible/roles/ceph-grafana/defaults/main.yml
+++ b/ansible/roles/ceph-grafana/defaults/main.yml
@@ -15,6 +15,7 @@ defaults:
     uid: 472
     datasource: Local
     pull_image: true
+    trust_image_content: false
     # You need to change these in the web UI on an already deployed machine, first
     # New deployments work fine
     admin_user: admin
diff --git a/ansible/roles/ceph-grafana/tasks/setup_container.yml b/ansible/roles/ceph-grafana/tasks/setup_container.yml
index 35d1f19..24c3cb8 100644
--- a/ansible/roles/ceph-grafana/tasks/setup_container.yml
+++ b/ansible/roles/ceph-grafana/tasks/setup_container.yml
@@ -40,6 +40,7 @@
       - name: "{{ docker.network_name }}"
     keep_volumes: true
     pull: "{{ grafana.pull_image }}"
+    trust_image_content: "{{ grafana.trust_image_content }}"
     cpu_period: "{{ grafana.container_cpu_period }}"
     # As of ansible-2.5.2, this module doesn't support the equivalent of the
     # --cpus flag, so we must use period/quota for now
diff --git a/ansible/roles/ceph-prometheus/defaults/main.yml b/ansible/roles/ceph-prometheus/defaults/main.yml
index f1692be..af63f82 100644
--- a/ansible/roles/ceph-prometheus/defaults/main.yml
+++ b/ansible/roles/ceph-prometheus/defaults/main.yml
@@ -10,6 +10,7 @@ defaults:
     # for containerized deployments.
     etc_hosts: {}
     pull_image: true
+    trust_image_content: false
     version: latest
     data_dir: /var/lib/cephmetrics
     user_id: '65534'  # This is the UID used by the prom/prometheus docker image
diff --git a/ansible/roles/ceph-prometheus/tasks/setup_container.yml b/ansible/roles/ceph-prometheus/tasks/setup_container.yml
index 1c8d8e6..f356b21 100644
--- a/ansible/roles/ceph-prometheus/tasks/setup_container.yml
+++ b/ansible/roles/ceph-prometheus/tasks/setup_container.yml
@@ -22,6 +22,7 @@
     user: "{{ prometheus.user_id }}"
     keep_volumes: true
     pull: "{{ prometheus.pull_image }}"
+    trust_image_content: "{{ prometheus.trust_image_content }}"
     cpu_period: "{{ prometheus.container_cpu_period }}"
     # As of ansible-2.5.2, this module doesn't support the equivalent of the
     # --cpus flag, so we must use period/quota for now
-- 
2.47.3