Install Registry by Default #2475
Conversation
|
@abutcher PTAL |
smunilla
force-pushed
the
registry_all_the_time
branch
from
4929128
to
8f337d7
Compare
|
aos-ci-test |
|
8f337d7 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-305/8f337d71cf67424d6ea83f68ef906e39bc96a208.txt |
|
8f337d7 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-305/8f337d71cf67424d6ea83f68ef906e39bc96a208.txt |
|
8f337d7 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-305/8f337d71cf67424d6ea83f68ef906e39bc96a208.txt |
|
CI isn't landing the registry right. Time to figure out what's up. |
smunilla
changed the title
|
Nevermind, the template probably wasn't created. |
smunilla
force-pushed
the
registry_all_the_time
branch
2 times, most recently
from
aed95bc
to
45085e5
Compare
|
aos-ci-test |
|
3854cbb - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-310/3854cbba742cd40dce12c96074274b6cfef7c261.txt |
|
3854cbb - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-310/3854cbba742cd40dce12c96074274b6cfef7c261.txt |
|
3854cbb - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-310/3854cbba742cd40dce12c96074274b6cfef7c261.txt |
|
aos-ci-test |
|
7798cf6 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-314/7798cf60ebe7fc8e333089361cc123b4d2ffc455.txt |
|
7798cf6 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-314/7798cf60ebe7fc8e333089361cc123b4d2ffc455.txt |
|
7798cf6 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-314/7798cf60ebe7fc8e333089361cc123b4d2ffc455.txt |
smunilla
force-pushed
the
registry_all_the_time
branch
from
7798cf6
to
c9b5475
Compare
|
aos-ci-test |
|
c9b5475 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-315/c9b5475eaaf6fa28a66e8eac3e05b53ae6a4abca.txt |
|
c9b5475 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-315/c9b5475eaaf6fa28a66e8eac3e05b53ae6a4abca.txt |
|
c9b5475 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-315/c9b5475eaaf6fa28a66e8eac3e05b53ae6a4abca.txt |
smunilla
force-pushed
the
registry_all_the_time
branch
from
be6e404
to
fe99fb5
Compare
smunilla
changed the title
|
aos-ci-test |
|
@sdodson Mind looking this over? |
|
fe99fb5 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-318/fe99fb5f23bfd8b0c0a37b3a97f97da2eb2bdac6.txt |
|
8fe13aa - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.2_containerized, aos-ci-jenkins/OS_3.2_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-320/8fe13aa61a11f5ed314634b9f75df0f9ae411918.txt |
|
ca33e37 - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-302/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
|
ca33e37 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.2_NOT_containerized, aos-ci-jenkins/OS_3.2_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
|
ca33e37 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_containerized, aos-ci-jenkins/OS_3.3_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
|
ca33e37 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_NOT_containerized, aos-ci-jenkins/OS_3.3_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
| @@ -0,0 +1,128 @@ | |||
| --- | |||
| - name: Configure CA certificate for secure registry | |||
There was a problem hiding this comment.
I'd like to see this logic pushed down into a role, rather than a playbook. Ideally, we'd be able to apply this as part of the node/docker config.
@abutcher maybe we need to deploy the registry prior to configuring the nodes, that would provide the needed info for node configuration.
There was a problem hiding this comment.
@detiber We only need to know the service IP and route here so that should work.
There was a problem hiding this comment.
This playbook is gone now that we're adding the OpenShift CA to the system trusted roots for each node.
|
ca33e37 - State: error - All Test Contexts: "aos-ci-jenkins/OS_3.2_containerized, aos-ci-jenkins/OS_3.2_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
|
aos-ci-test |
|
3fa1207 - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-309/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
|
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
|
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_NOT_containerized, aos-ci-jenkins/OS_3.3_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
|
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
|
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_containerized, aos-ci-jenkins/OS_3.3_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
Instead of restricting cockpit-ui to Atomic Registry installations, install it by default everywhere. Fixes Bug 1371459
* Convert oc template calls to jsonpath. * Wait for deployments to finish before restarting docker. * Re-organize node ca configuration.
smunilla
force-pushed
the
registry_all_the_time
branch
from
143f537
to
8e52176
Compare
|
@sdodson PTAL when ya can |
- Default to hosted_registry_insecure=False - Add openshift ca to system ca-trust. - Update ca trust in openshift_node_certificates rather than docker_ca_trust
smunilla
force-pushed
the
registry_all_the_time
branch
from
8e52176
to
6826f27
Compare
|
aos-ci-test |
|
6826f27 - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-323/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
|
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_NOT_containerized, aos-ci-jenkins/OS_3.3_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
|
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
|
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_containerized, aos-ci-jenkins/OS_3.3_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
|
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
Instead of restricting cockpit-ui to Atomic Registry installations, install it by default everywhere.
deployment_subtype=registryis no longer required to deploy the Atomic Registry but can be used to create a standalone registry deployment (no web console, etc). This requires securing the registry by default.Any users maintaining their own registry and/or users which don't want to deploy Atomic Registry may disable management of the registry by adding the following variable to their inventory.