New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Install Registry by Default #2475
Conversation
@abutcher PTAL |
4929128
to
8f337d7
Compare
aos-ci-test |
8f337d7 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-305/8f337d71cf67424d6ea83f68ef906e39bc96a208.txt |
8f337d7 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-305/8f337d71cf67424d6ea83f68ef906e39bc96a208.txt |
8f337d7 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-305/8f337d71cf67424d6ea83f68ef906e39bc96a208.txt |
CI isn't landing the registry right. Time to figure out what's up. |
Nevermind, the template probably wasn't created. |
aed95bc
to
45085e5
Compare
aos-ci-test |
3854cbb - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-310/3854cbba742cd40dce12c96074274b6cfef7c261.txt |
3854cbb - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-310/3854cbba742cd40dce12c96074274b6cfef7c261.txt |
3854cbb - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-310/3854cbba742cd40dce12c96074274b6cfef7c261.txt |
aos-ci-test |
7798cf6 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-314/7798cf60ebe7fc8e333089361cc123b4d2ffc455.txt |
7798cf6 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-314/7798cf60ebe7fc8e333089361cc123b4d2ffc455.txt |
7798cf6 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-314/7798cf60ebe7fc8e333089361cc123b4d2ffc455.txt |
7798cf6
to
c9b5475
Compare
aos-ci-test |
c9b5475 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_NOT_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-315/c9b5475eaaf6fa28a66e8eac3e05b53ae6a4abca.txt |
c9b5475 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.3_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-315/c9b5475eaaf6fa28a66e8eac3e05b53ae6a4abca.txt |
c9b5475 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-315/c9b5475eaaf6fa28a66e8eac3e05b53ae6a4abca.txt |
be6e404
to
fe99fb5
Compare
aos-ci-test |
@sdodson Mind looking this over? |
fe99fb5 - State: error - All Test Contexts: aos-ci-jenkins/OS_3.2_containerized - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-318/fe99fb5f23bfd8b0c0a37b3a97f97da2eb2bdac6.txt |
8fe13aa - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.2_containerized, aos-ci-jenkins/OS_3.2_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-320/8fe13aa61a11f5ed314634b9f75df0f9ae411918.txt |
ca33e37 - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-302/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
ca33e37 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.2_NOT_containerized, aos-ci-jenkins/OS_3.2_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
ca33e37 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_containerized, aos-ci-jenkins/OS_3.3_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
ca33e37 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_NOT_containerized, aos-ci-jenkins/OS_3.3_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
@@ -0,0 +1,128 @@ | |||
--- | |||
- name: Configure CA certificate for secure registry |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to see this logic pushed down into a role, rather than a playbook. Ideally, we'd be able to apply this as part of the node/docker config.
@abutcher maybe we need to deploy the registry prior to configuring the nodes, that would provide the needed info for node configuration.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@detiber We only need to know the service IP and route here so that should work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This playbook is gone now that we're adding the OpenShift CA to the system trusted roots for each node.
ca33e37 - State: error - All Test Contexts: "aos-ci-jenkins/OS_3.2_containerized, aos-ci-jenkins/OS_3.2_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.2,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-321/ca33e378ee3eac6ad982c14b954c426ed8602452.txt |
aos-ci-test |
3fa1207 - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-309/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_NOT_containerized, aos-ci-jenkins/OS_3.3_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
3fa1207 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_containerized, aos-ci-jenkins/OS_3.3_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-328/3fa1207ff21048a2180ae628546a6a8465a87032.txt |
Instead of restricting cockpit-ui to Atomic Registry installations, install it by default everywhere. Fixes Bug 1371459
* Convert oc template calls to jsonpath. * Wait for deployments to finish before restarting docker. * Re-organize node ca configuration.
143f537
to
8e52176
Compare
@sdodson PTAL when ya can |
- Default to hosted_registry_insecure=False - Add openshift ca to system ca-trust. - Update ca trust in openshift_node_certificates rather than docker_ca_trust
8e52176
to
6826f27
Compare
aos-ci-test |
6826f27 - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-323/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_NOT_containerized, aos-ci-jenkins/OS_3.3_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.3_containerized, aos-ci-jenkins/OS_3.3_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.3,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
6826f27 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-342/6826f27769563d30194818a0f13b9da086ddf7ab.txt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry for the late review, looks good to me
Instead of restricting cockpit-ui to Atomic Registry installations, install it by default everywhere.
deployment_subtype=registry
is no longer required to deploy the Atomic Registry but can be used to create a standalone registry deployment (no web console, etc). This requires securing the registry by default.Any users maintaining their own registry and/or users which don't want to deploy Atomic Registry may disable management of the registry by adding the following variable to their inventory.