openstack/kayobe
Code Issues Proposed changes
Files
411e148450fa267eaff6e243ad1f6411f173f982
kayobe/ansible/roles/docker-registry/defaults/main.yml
Mark Goddard 411e148450 Docker registry TLS 
Adds support for enabling TLS on the Docker registry.

Change-Id: Idac6a1dfb17f4a22b3043531d1181a5585cafe6a
Story: 2007952
Task: 40428
2020-07-24 09:11:45 +01:00

75 lines
2.9 KiB
YAML
Raw Blame History

---
# Roughly follows kolla-ansible's service deployment patterns.
# Action to perform. One of 'deploy', 'destroy', 'pull', 'reconfigure',
# 'stop', 'upgrade'.
docker_registry_action: deploy
# Whether a docker registry is enabled.
docker_registry_enabled: true
# Dict of environment variables to provide to the docker registry container.
# This allows to configure the registry by overriding specific configuration
# options, as described at https://docs.docker.com/registry/configuration/
# For example, the registry can be configured as a pull through cache to Docker
# Hub by setting REGISTRY_PROXY_REMOTEURL to "https://registry-1.docker.io".
# Note that it is not possible to push to a registry configured as a
# pull through cache.
docker_registry_env: {}
# Dict of environment variables to provide to the docker registry container
# when TLS is enabled.
docker_registry_env_tls:
REGISTRY_HTTP_TLS_CERTIFICATE: "{{ docker_registry_config_path }}/cert.pem"
REGISTRY_HTTP_TLS_KEY: "{{ docker_registry_config_path }}/key.pem"
# Service deployment definition.
docker_registry_services:
docker_registry:
container_name: docker_registry
env: "{{ docker_registry_env }}"
env: "{{ (docker_registry_env_tls if docker_registry_enable_tls | bool else {}) | combine(docker_registry_env) }}"
enabled: "{{ docker_registry_enabled }}"
image: "{{ docker_registry_image_full }}"
ports:
- "{{ docker_registry_port }}:5000"
volumes: "{{ docker_registry_volumes | select | list }}"
# The port on which the docker registry server should listen.
docker_registry_port: 5000
# The name or path to use for the docker volume that backs the registry.
# Defaults to ``docker_registry``.
docker_registry_datadir_volume: docker_registry
# Path in which to store docker registry configuration.
docker_registry_config_path: "/etc/docker/registry"
# Whether to enable TLS for the registry.
docker_registry_enable_tls: false
# Path to a TLS certificate to use when TLS is enabled.
docker_registry_cert_path:
# Path to a TLS key to use when TLS is enabled.
docker_registry_key_path:
####################
# Docker
####################
# NOTE: Namespace 'library' causes image task to always be changed and
# container to never update to new images.
docker_registry_namespace: ""
docker_registry_image: "{{ docker_registry_namespace ~ '/' if docker_registry_namespace else '' }}registry"
docker_registry_tag: "latest"
docker_registry_image_full: "{{ docker_registry_image }}:{{ docker_registry_tag }}"
# List of volumes to be mounted to the docker registry container.
docker_registry_volumes:
- "/etc/localtime:/etc/localtime:ro"
- "{{ docker_registry_datadir_volume }}:/var/lib/registry"
- "{% if docker_registry_enable_tls | bool %}{{ docker_registry_config_path }}:{{ docker_registry_config_path }}:ro{% endif %}"
docker_registry_restart_policy: "unless-stopped"
#docker_registry_restart_retries:
View Git Blame Copy Permalink