From b10ed9e363dfe01592c2782c7578e43637a62e12 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Fri, 8 Jan 2021 11:30:34 -0500 Subject: [PATCH] container-host: Install mirror cert in both podman and docker paths Fixes: https://tracker.ceph.com/issues/48715 Signed-off-by: David Galloway --- roles/container-host/README.rst | 5 +---- roles/container-host/tasks/container_mirror.yml | 8 +++++--- roles/container-host/tasks/main.yml | 3 --- roles/container-host/vars/main.yml | 4 ++++ 4 files changed, 10 insertions(+), 10 deletions(-) create mode 100644 roles/container-host/vars/main.yml diff --git a/roles/container-host/README.rst b/roles/container-host/README.rst index aa0b2476..b7611cb1 100644 --- a/roles/container-host/README.rst +++ b/roles/container-host/README.rst @@ -11,7 +11,7 @@ Variables ``container_packages: []`` is the list of container packages to install. We default to podman on RedHat based distros and docker.io on Debian-based distros. -The following variables are used to optionally configure a docker.io mirror CA certificate. The role will use ``/etc/containers/certs.d`` if ``podman`` is installed and ``/etc/docker/certs.d`` if ``docker`` is installed.:: +The following variables are used to optionally configure a docker.io mirror CA certificate. The role will install the certificate in both ``/etc/containers/certs.d`` (for podman) and ``/etc/docker/certs.d`` (for docker).:: # Defined in all.yml in secrets repo container_mirror: docker-mirror.front.sepia.ceph.com:5000 @@ -22,9 +22,6 @@ The following variables are used to optionally configure a docker.io mirror CA c ... -----END CERTIFICATE----- - # Automatically determined in roles/container-host/tasks/main.yml - container_mirror_cert_path: "/etc/docker/certs.d/{{ container_mirror }}" - Tags ++++ diff --git a/roles/container-host/tasks/container_mirror.yml b/roles/container-host/tasks/container_mirror.yml index 699c006b..254e21c7 100644 --- a/roles/container-host/tasks/container_mirror.yml +++ b/roles/container-host/tasks/container_mirror.yml @@ -1,13 +1,15 @@ --- -- name: "Create {{ container_mirror_cert_path }}" +- name: "Create container_mirror_cert_paths" file: - path: "{{ container_mirror_cert_path }}" + path: "{{ item }}" state: directory + with_items: "{{ container_mirror_cert_paths }}" - name: "Copy {{ container_mirror }} self-signed cert" copy: - dest: "{{ container_mirror_cert_path }}/docker-mirror.crt" + dest: "{{ item }}/docker-mirror.crt" content: "{{ container_mirror_cert }}" + with_items: "{{ container_mirror_cert_paths }}" - name: Install registries-conf-ctl pip: diff --git a/roles/container-host/tasks/main.yml b/roles/container-host/tasks/main.yml index aac2ad68..03ed8070 100644 --- a/roles/container-host/tasks/main.yml +++ b/roles/container-host/tasks/main.yml @@ -21,7 +21,6 @@ when: container_packages|length > 0 - set_fact: - container_mirror_cert_path: "/etc/containers/certs.d/{{ container_mirror }}" container_service_conf: "/etc/containers/registries.conf" when: - "'podman' in container_packages" @@ -29,7 +28,6 @@ - container-mirror - set_fact: - container_mirror_cert_path: "/etc/docker/certs.d/{{ container_mirror }}" container_service_conf: "/etc/docker/daemon.json" when: - "'docker.io' in container_packages" @@ -41,6 +39,5 @@ when: - container_mirror is defined - container_mirror_cert is defined - - container_mirror_cert_path is defined tags: - container-mirror diff --git a/roles/container-host/vars/main.yml b/roles/container-host/vars/main.yml new file mode 100644 index 00000000..e84dc53f --- /dev/null +++ b/roles/container-host/vars/main.yml @@ -0,0 +1,4 @@ +--- +container_mirror_cert_paths: + - "/etc/docker/certs.d/{{ container_mirror }}" + - "/etc/containers/certs.d/{{ container_mirror }}" -- 2.47.3