feat: install registry CA if registry is secure

Provide more control over install the registry `CA` by adding an
additional conditional using the existing `_registry_insecure` variable
for either `Podman` or `Docker`.

Change-Id: If1ba49e23e1b3acc57bcc6313a8688f29fce4e37
Signed-off-by: Jack Hodgkiss <jack@stackhpc.com>

releasenotes/notes/improve-container-registry-ca-conditional-0247b0014379ba82.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    The tasks related to installing CA file for private registry will now
+    only run if either ``docker_registry_insecure`` or
+    ``podman_registry_insecure`` is set to false.

roles/docker/tasks/config.yml

@@ -99,7 +99,10 @@
     mode: "0700"
     state: directory
   become: true
-  when: docker_registry is not none and docker_registry_ca is not none
+  when: >
+    docker_registry is not none and
+    docker_registry_ca is not none and
+    not docker_registry_insecure | bool
 
 - name: Ensure the CA file for private registry exists
   copy:
@@ -109,7 +112,10 @@
     group: root
     mode: "0600"
   become: true
-  when: docker_registry is not none and docker_registry_ca is not none
+  when: >
+    docker_registry is not none and
+    docker_registry_ca is not none and
+    not docker_registry_insecure | bool
   notify:
     - Restart docker
 

roles/podman/tasks/config.yml

@@ -63,6 +63,7 @@
   when:
     - podman_registry is not none
     - podman_registry_ca is not none
+    - not podman_registry_insecure | bool
 
 - name: Ensure the CA file for private registry exists
   copy:
@@ -75,3 +76,4 @@
   when:
     - podman_registry is not none
     - podman_registry_ca is not none
+    - not podman_registry_insecure | bool