diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index 0f54a0518..d0fdfa4e2 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -571,6 +571,7 @@ dummy: #ceph_docker_image: "ceph/daemon" #ceph_docker_image_tag: latest #ceph_docker_registry: docker.io +#ceph_docker_registry_auth: false ## Client only docker image - defaults to {{ ceph_docker_image }} #ceph_client_docker_image: "{{ ceph_docker_image }}" #ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}" diff --git a/group_vars/rhcs.yml.sample b/group_vars/rhcs.yml.sample index a33f8ff8e..e9929ad0f 100644 --- a/group_vars/rhcs.yml.sample +++ b/group_vars/rhcs.yml.sample @@ -570,7 +570,8 @@ ceph_rhcs_version: 4 #docker: false ceph_docker_image: "rhceph/rhceph-4-rhel8" ceph_docker_image_tag: "latest" -ceph_docker_registry: "registry.access.redhat.com" +ceph_docker_registry: "registry.redhat.io" +ceph_docker_registry_auth: true ## Client only docker image - defaults to {{ ceph_docker_image }} #ceph_client_docker_image: "{{ ceph_docker_image }}" #ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}" @@ -716,14 +717,14 @@ ceph_docker_registry: "registry.access.redhat.com" #dashboard_rgw_api_scheme: '' #dashboard_rgw_api_admin_resource: '' #dashboard_rgw_api_no_ssl_verify: False -node_exporter_container_image: registry.access.redhat.com/openshift4/ose-prometheus-node-exporter:v4.1 +node_exporter_container_image: registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.1 #node_exporter_port: 9100 #grafana_admin_user: admin #grafana_admin_password: admin # We only need this for SSL (https) connections #grafana_crt: '' #grafana_key: '' -grafana_container_image: registry.access.redhat.com/openshift4/ose-grafana:v4.1 +grafana_container_image: registry.redhat.io/openshift4/ose-grafana:v4.1 #grafana_container_cpu_period: 100000 #grafana_container_cpu_cores: 2 # container_memory is in GB @@ -736,7 +737,7 @@ grafana_container_image: registry.access.redhat.com/openshift4/ose-grafana:v4.1 # - grafana-piechart-panel #grafana_allow_embedding: True #grafana_port: 3000 -prometheus_container_image: registry.access.redhat.com/openshift4/ose-prometheus:v4.1 +prometheus_container_image: registry.redhat.io/openshift4/ose-prometheus:v4.1 #prometheus_container_cpu_period: 100000 #prometheus_container_cpu_cores: 2 # container_memory is in GB @@ -745,7 +746,7 @@ prometheus_container_image: registry.access.redhat.com/openshift4/ose-prometheus #prometheus_conf_dir: /etc/prometheus #prometheus_user_id: '65534' # This is the UID used by the prom/prometheus container image #prometheus_port: 9090 -alertmanager_container_image: registry.access.redhat.com/openshift4/ose-prometheus-alertmanager:v4.1 +alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alertmanager:v4.1 #alertmanager_container_cpu_period: 100000 #alertmanager_container_cpu_cores: 2 # container_memory is in GB diff --git a/rhcs_edits.txt b/rhcs_edits.txt index c2681dad7..9fba033c5 100644 --- a/rhcs_edits.txt +++ b/rhcs_edits.txt @@ -4,9 +4,10 @@ fetch_directory: ~/ceph-ansible-keys ceph_rhcs_version: 4 ceph_docker_image: "rhceph/rhceph-4-rhel8" ceph_docker_image_tag: "latest" -ceph_docker_registry: "registry.access.redhat.com" -node_exporter_container_image: registry.access.redhat.com/openshift4/ose-prometheus-node-exporter:v4.1 -grafana_container_image: registry.access.redhat.com/openshift4/ose-grafana:v4.1 -prometheus_container_image: registry.access.redhat.com/openshift4/ose-prometheus:v4.1 -alertmanager_container_image: registry.access.redhat.com/openshift4/ose-prometheus-alertmanager:v4.1 +ceph_docker_registry: "registry.redhat.io" +ceph_docker_registry_auth: true +node_exporter_container_image: registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.1 +grafana_container_image: registry.redhat.io/openshift4/ose-grafana:v4.1 +prometheus_container_image: registry.redhat.io/openshift4/ose-prometheus:v4.1 +alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alertmanager:v4.1 # END OF FILE, DO NOT TOUCH ME! diff --git a/roles/ceph-container-common/tasks/main.yml b/roles/ceph-container-common/tasks/main.yml index aff88656e..7859ec2e6 100644 --- a/roles/ceph-container-common/tasks/main.yml +++ b/roles/ceph-container-common/tasks/main.yml @@ -15,6 +15,12 @@ ceph_docker_version: "{{ ceph_docker_version.stdout.split(' ')[2] }}" when: container_binary == 'docker' +- name: container registry authentication + command: '{{ container_binary }} login -u {{ ceph_docker_registry_username }} -p {{ ceph_docker_registry_password }} {{ ceph_docker_registry }}' + changed_when: false + no_log: true + when: ceph_docker_registry_auth | bool + - name: include fetch_image.yml include_tasks: fetch_image.yml tags: fetch_container_image diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index 27b7f650c..84a275720 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -563,6 +563,7 @@ docker: false ceph_docker_image: "ceph/daemon" ceph_docker_image_tag: latest ceph_docker_registry: docker.io +ceph_docker_registry_auth: false ## Client only docker image - defaults to {{ ceph_docker_image }} ceph_client_docker_image: "{{ ceph_docker_image }}" ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}" diff --git a/roles/ceph-validate/tasks/main.yml b/roles/ceph-validate/tasks/main.yml index 916503570..997fb57c1 100644 --- a/roles/ceph-validate/tasks/main.yml +++ b/roles/ceph-validate/tasks/main.yml @@ -116,4 +116,11 @@ fail: msg: "you must add at least one node in the [grafana-server] hosts group" when: groups[grafana_server_group_name] | length < 1 - when: dashboard_enabled | bool \ No newline at end of file + when: dashboard_enabled | bool + +- name: validate container registry credentials + fail: + msg: 'ceph_docker_registry_username and/or ceph_docker_registry_password variables need to be set' + when: + - ceph_docker_registry_auth | bool + - ceph_docker_registry_username is not defined or ceph_docker_registry_password is not defined