From b73b0b8a4df78058ef3cc81657f192a4d16a1a52 Mon Sep 17 00:00:00 2001
From: Kevin TIBI <kevin-externe.tibi@enedis.fr>
Date: Fri, 10 Nov 2017 14:25:37 +0000
Subject: [PATCH] add CA conf for private registry

---
 ansible/group_vars/all/docker          | 6 ++++++
 ansible/roles/docker/defaults/main.yml | 6 ++++++
 ansible/roles/docker/handlers/main.yml | 6 ++++++
 ansible/roles/docker/tasks/config.yml  | 8 ++++++++
 etc/kayobe/docker.yml                  | 6 ++++++
 5 files changed, 32 insertions(+)

diff --git a/ansible/group_vars/all/docker b/ansible/group_vars/all/docker
index 508902319..567d4f2e0 100644
--- a/ansible/group_vars/all/docker
+++ b/ansible/group_vars/all/docker
@@ -17,3 +17,9 @@ docker_storage_volume_thinpool_meta: docker-thinpoolmeta
 # Size of the docker storage metadata LVM volume (see lvol module size
 # argument).
 docker_storage_volume_thinpool_meta_size: 1%VG
+
+# URL of docker registry
+docker_registry:
+
+# CA of docker registry
+docker_registry_ca:
diff --git a/ansible/roles/docker/defaults/main.yml b/ansible/roles/docker/defaults/main.yml
index dded0133d..bf7b7a3fb 100644
--- a/ansible/roles/docker/defaults/main.yml
+++ b/ansible/roles/docker/defaults/main.yml
@@ -25,5 +25,11 @@ docker_storage_thinpool_autoextend_threshold: 80
 # Percentage by which to extend thin-provisioned docker storage volumes.
 docker_storage_thinpool_autoextend_percent: 20
 
+# URL of docker registry
+docker_registry:
+
+# CA of docker registry
+docker_registry_ca:
+
 # MTU to pass through to containers not using net=host
 docker_daemon_mtu: 1500
diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml
index de4135375..8a285ad69 100644
--- a/ansible/roles/docker/handlers/main.yml
+++ b/ansible/roles/docker/handlers/main.yml
@@ -4,3 +4,9 @@
     name: docker
     state: restarted
   become: True
+
+- name: reload docker service
+  service:
+    name: docker
+    state: reloaded
+  become: True
diff --git a/ansible/roles/docker/tasks/config.yml b/ansible/roles/docker/tasks/config.yml
index af3704bda..12032cca0 100644
--- a/ansible/roles/docker/tasks/config.yml
+++ b/ansible/roles/docker/tasks/config.yml
@@ -5,3 +5,11 @@
     dest: /etc/docker/daemon.json
   become: True
   notify: restart docker service
+
+- name: Ensure the CA file for private registry exists
+  copy:
+    src: "{{ docker_registry_ca }}"
+    dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
+  become: True
+  when: docker_registry is not none and docker_registry_ca is not none
+  notify: reload docker service
diff --git a/etc/kayobe/docker.yml b/etc/kayobe/docker.yml
index abc07a7cc..6f92d0121 100644
--- a/etc/kayobe/docker.yml
+++ b/etc/kayobe/docker.yml
@@ -22,6 +22,12 @@
 # argument).
 #docker_storage_volume_thinpool_meta_size:
 
+# URL of docker registry
+#docker_registry:
+
+# CA of docker registry
+#docker_registry_ca:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes