diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index f2efd03656..bc4302e29a 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -89,6 +89,7 @@ docker_registry_email: docker_registry: docker_namespace: "kolla" docker_registry_username: +docker_registry_insecure: "{{ 'yes' if docker_registry else 'no' }}" # Valid options are [ never, on-failure, always, unless-stopped ] docker_restart_policy: "unless-stopped" diff --git a/ansible/roles/baremetal/templates/docker_systemd_service.j2 b/ansible/roles/baremetal/templates/docker_systemd_service.j2 index e9b89384c3..31b9ef5032 100644 --- a/ansible/roles/baremetal/templates/docker_systemd_service.j2 +++ b/ansible/roles/baremetal/templates/docker_systemd_service.j2 @@ -1,4 +1,4 @@ [Service] MountFlags=shared ExecStart= -ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %} +ExecStart=/usr/bin/{{ docker_binary_name|default("docker daemon", true) }}{% if docker_registry_insecure | bool %} --insecure-registry {{ docker_registry }}{% endif %}{% if docker_storage_driver %} --storage-driver {{ docker_storage_driver }}{% endif %}{% if docker_runtime_directory %} --graph {{ docker_runtime_directory }}{% endif %}{% if docker_custom_option %} {{ docker_custom_option }}{% endif %} diff --git a/releasenotes/notes/docker_insecure_registry-857bfb9c760aa3bf.yaml b/releasenotes/notes/docker_insecure_registry-857bfb9c760aa3bf.yaml new file mode 100644 index 0000000000..f65b7d4d52 --- /dev/null +++ b/releasenotes/notes/docker_insecure_registry-857bfb9c760aa3bf.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + Add option `docker_registry_insecure` to enable the SSL verification + for the docker registry. Default value is true when a private + registry is defined.