container: Allow to use registry authentication

The registry.redhat.io regsitry requires authentication so before pulling
the RHCS 4 container images from the registry we need to do the login
step.
This is done via the new ceph_docker_registry_auth variable. The
default value is false but true for RHCS setup.
When set to true, you need to provide the username and password
for the registry via the associated variables.
This patch also updates the ceph_docker_registry value for RHCS setup.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1748911

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit 9f4a99fb24)
pull/4461/head
Dimitri Savineau 2019-09-10 15:33:44 -04:00 committed by Guillaume Abrioux
parent 436077b95c
commit 9d3fbcf47e
6 changed files with 28 additions and 11 deletions

View File

@ -571,6 +571,7 @@ dummy:
#ceph_docker_image: "ceph/daemon" #ceph_docker_image: "ceph/daemon"
#ceph_docker_image_tag: latest #ceph_docker_image_tag: latest
#ceph_docker_registry: docker.io #ceph_docker_registry: docker.io
#ceph_docker_registry_auth: false
## Client only docker image - defaults to {{ ceph_docker_image }} ## Client only docker image - defaults to {{ ceph_docker_image }}
#ceph_client_docker_image: "{{ ceph_docker_image }}" #ceph_client_docker_image: "{{ ceph_docker_image }}"
#ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}" #ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}"

View File

@ -570,7 +570,8 @@ ceph_rhcs_version: 4
#docker: false #docker: false
ceph_docker_image: "rhceph/rhceph-4-rhel8" ceph_docker_image: "rhceph/rhceph-4-rhel8"
ceph_docker_image_tag: "latest" ceph_docker_image_tag: "latest"
ceph_docker_registry: "registry.access.redhat.com" ceph_docker_registry: "registry.redhat.io"
ceph_docker_registry_auth: true
## Client only docker image - defaults to {{ ceph_docker_image }} ## Client only docker image - defaults to {{ ceph_docker_image }}
#ceph_client_docker_image: "{{ ceph_docker_image }}" #ceph_client_docker_image: "{{ ceph_docker_image }}"
#ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}" #ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}"
@ -716,14 +717,14 @@ ceph_docker_registry: "registry.access.redhat.com"
#dashboard_rgw_api_scheme: '' #dashboard_rgw_api_scheme: ''
#dashboard_rgw_api_admin_resource: '' #dashboard_rgw_api_admin_resource: ''
#dashboard_rgw_api_no_ssl_verify: False #dashboard_rgw_api_no_ssl_verify: False
node_exporter_container_image: registry.access.redhat.com/openshift4/ose-prometheus-node-exporter:v4.1 node_exporter_container_image: registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.1
#node_exporter_port: 9100 #node_exporter_port: 9100
#grafana_admin_user: admin #grafana_admin_user: admin
#grafana_admin_password: admin #grafana_admin_password: admin
# We only need this for SSL (https) connections # We only need this for SSL (https) connections
#grafana_crt: '' #grafana_crt: ''
#grafana_key: '' #grafana_key: ''
grafana_container_image: registry.access.redhat.com/openshift4/ose-grafana:v4.1 grafana_container_image: registry.redhat.io/openshift4/ose-grafana:v4.1
#grafana_container_cpu_period: 100000 #grafana_container_cpu_period: 100000
#grafana_container_cpu_cores: 2 #grafana_container_cpu_cores: 2
# container_memory is in GB # container_memory is in GB
@ -736,7 +737,7 @@ grafana_container_image: registry.access.redhat.com/openshift4/ose-grafana:v4.1
# - grafana-piechart-panel # - grafana-piechart-panel
#grafana_allow_embedding: True #grafana_allow_embedding: True
#grafana_port: 3000 #grafana_port: 3000
prometheus_container_image: registry.access.redhat.com/openshift4/ose-prometheus:v4.1 prometheus_container_image: registry.redhat.io/openshift4/ose-prometheus:v4.1
#prometheus_container_cpu_period: 100000 #prometheus_container_cpu_period: 100000
#prometheus_container_cpu_cores: 2 #prometheus_container_cpu_cores: 2
# container_memory is in GB # container_memory is in GB
@ -745,7 +746,7 @@ prometheus_container_image: registry.access.redhat.com/openshift4/ose-prometheus
#prometheus_conf_dir: /etc/prometheus #prometheus_conf_dir: /etc/prometheus
#prometheus_user_id: '65534' # This is the UID used by the prom/prometheus container image #prometheus_user_id: '65534' # This is the UID used by the prom/prometheus container image
#prometheus_port: 9090 #prometheus_port: 9090
alertmanager_container_image: registry.access.redhat.com/openshift4/ose-prometheus-alertmanager:v4.1 alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alertmanager:v4.1
#alertmanager_container_cpu_period: 100000 #alertmanager_container_cpu_period: 100000
#alertmanager_container_cpu_cores: 2 #alertmanager_container_cpu_cores: 2
# container_memory is in GB # container_memory is in GB

View File

@ -4,9 +4,10 @@ fetch_directory: ~/ceph-ansible-keys
ceph_rhcs_version: 4 ceph_rhcs_version: 4
ceph_docker_image: "rhceph/rhceph-4-rhel8" ceph_docker_image: "rhceph/rhceph-4-rhel8"
ceph_docker_image_tag: "latest" ceph_docker_image_tag: "latest"
ceph_docker_registry: "registry.access.redhat.com" ceph_docker_registry: "registry.redhat.io"
node_exporter_container_image: registry.access.redhat.com/openshift4/ose-prometheus-node-exporter:v4.1 ceph_docker_registry_auth: true
grafana_container_image: registry.access.redhat.com/openshift4/ose-grafana:v4.1 node_exporter_container_image: registry.redhat.io/openshift4/ose-prometheus-node-exporter:v4.1
prometheus_container_image: registry.access.redhat.com/openshift4/ose-prometheus:v4.1 grafana_container_image: registry.redhat.io/openshift4/ose-grafana:v4.1
alertmanager_container_image: registry.access.redhat.com/openshift4/ose-prometheus-alertmanager:v4.1 prometheus_container_image: registry.redhat.io/openshift4/ose-prometheus:v4.1
alertmanager_container_image: registry.redhat.io/openshift4/ose-prometheus-alertmanager:v4.1
# END OF FILE, DO NOT TOUCH ME! # END OF FILE, DO NOT TOUCH ME!

View File

@ -15,6 +15,12 @@
ceph_docker_version: "{{ ceph_docker_version.stdout.split(' ')[2] }}" ceph_docker_version: "{{ ceph_docker_version.stdout.split(' ')[2] }}"
when: container_binary == 'docker' when: container_binary == 'docker'
- name: container registry authentication
command: '{{ container_binary }} login -u {{ ceph_docker_registry_username }} -p {{ ceph_docker_registry_password }} {{ ceph_docker_registry }}'
changed_when: false
no_log: true
when: ceph_docker_registry_auth | bool
- name: include fetch_image.yml - name: include fetch_image.yml
include_tasks: fetch_image.yml include_tasks: fetch_image.yml
tags: fetch_container_image tags: fetch_container_image

View File

@ -563,6 +563,7 @@ docker: false
ceph_docker_image: "ceph/daemon" ceph_docker_image: "ceph/daemon"
ceph_docker_image_tag: latest ceph_docker_image_tag: latest
ceph_docker_registry: docker.io ceph_docker_registry: docker.io
ceph_docker_registry_auth: false
## Client only docker image - defaults to {{ ceph_docker_image }} ## Client only docker image - defaults to {{ ceph_docker_image }}
ceph_client_docker_image: "{{ ceph_docker_image }}" ceph_client_docker_image: "{{ ceph_docker_image }}"
ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}" ceph_client_docker_image_tag: "{{ ceph_docker_image_tag }}"

View File

@ -116,4 +116,11 @@
fail: fail:
msg: "you must add at least one node in the [grafana-server] hosts group" msg: "you must add at least one node in the [grafana-server] hosts group"
when: groups[grafana_server_group_name] | length < 1 when: groups[grafana_server_group_name] | length < 1
when: dashboard_enabled | bool when: dashboard_enabled | bool
- name: validate container registry credentials
fail:
msg: 'ceph_docker_registry_username and/or ceph_docker_registry_password variables need to be set'
when:
- ceph_docker_registry_auth | bool
- ceph_docker_registry_username is not defined or ceph_docker_registry_password is not defined