From 0638862a574613d1b6a87afb70d0d3ba985f24de Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Wed, 27 Sep 2023 14:19:21 +0100 Subject: [PATCH] Add option to skip kolla docker registry login This change adds a variable that can be used to disable kolla docker registry login attempts, even when the registry username and password are set. This is required for deployments using a non-standard containerised registry deployed on the seed during the deploy-container step, since it takes place after the registry login attempt. Change-Id: Ie17ef9ce1147cbaec2e42db932c7d59293b49b1b (cherry picked from commit 57d7764114052b6f69c4eb58a1b6b206067cce74) --- .../roles/deploy-containers/defaults/main.yml | 2 ++ .../roles/deploy-containers/tasks/main.yml | 3 +-- .../reference/seed-custom-containers.rst | 23 +++++++++++++++++++ ...ocker-registry-login-f5b0ba858a35ea39.yaml | 9 ++++++++ 4 files changed, 35 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/skip-kolla-docker-registry-login-f5b0ba858a35ea39.yaml diff --git a/ansible/roles/deploy-containers/defaults/main.yml b/ansible/roles/deploy-containers/defaults/main.yml index 84c77a7e4..9130164e9 100644 --- a/ansible/roles/deploy-containers/defaults/main.yml +++ b/ansible/roles/deploy-containers/defaults/main.yml @@ -11,3 +11,5 @@ deploy_containers_defaults: restart_policy: "unless-stopped" deploy_containers_docker_api_timeout: 120 + +deploy_containers_registry_attempt_login: "{{ kolla_docker_registry_username is truthy and kolla_docker_registry_password is truthy }}" diff --git a/ansible/roles/deploy-containers/tasks/main.yml b/ansible/roles/deploy-containers/tasks/main.yml index c1ec533a3..a16e6d8d7 100644 --- a/ansible/roles/deploy-containers/tasks/main.yml +++ b/ansible/roles/deploy-containers/tasks/main.yml @@ -6,8 +6,7 @@ password: "{{ kolla_docker_registry_password }}" reauthorize: yes when: - - kolla_docker_registry_username is truthy - - kolla_docker_registry_password is truthy + - deploy_containers_registry_attempt_login | bool - name: Deploy containers (loop) include_tasks: deploy.yml diff --git a/doc/source/configuration/reference/seed-custom-containers.rst b/doc/source/configuration/reference/seed-custom-containers.rst index 4d4ef8e11..8c9738ff0 100644 --- a/doc/source/configuration/reference/seed-custom-containers.rst +++ b/doc/source/configuration/reference/seed-custom-containers.rst @@ -60,3 +60,26 @@ List of Kayobe applied defaults to required docker_container variables: .. literalinclude:: ../../../../ansible/roles/deploy-containers/defaults/main.yml :language: yaml + +Docker registry +=============== + +Seed containers can be pulled from a docker registry deployed on the seed, +since the docker registry deployment step precedes the custom container +deployment step. + +It is also possible to deploy a custom containerised docker registry as a +custom seed container. In this case, basic authentication login attempts can be +disabled by setting + +.. code-block:: yaml + :caption: ``kolla.yml`` + + deploy_containers_registry_attempt_login: false + +Without this setting, the login will fail because the registry has not yet been +deployed. + +More information on deploying a docker registry can be found :ref:`here +`. + diff --git a/releasenotes/notes/skip-kolla-docker-registry-login-f5b0ba858a35ea39.yaml b/releasenotes/notes/skip-kolla-docker-registry-login-f5b0ba858a35ea39.yaml new file mode 100644 index 000000000..7d61e6f9d --- /dev/null +++ b/releasenotes/notes/skip-kolla-docker-registry-login-f5b0ba858a35ea39.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Attempts to log in to the kolla docker registry can be skipped by setting + ``deploy_containers_registry_attempt_login`` to false. + + This is required for deployments using a non-standard registry + deployed on the seed during the deploy-container step, since it takes + place after the registry login attempt.