Support using local hashicorp consul/vault images

priteau · priteau · commit af893d1c1d7d · 2023-08-01T16:05:18.000+02:00
This requires an updated hashicorp collection.
diff --git a/etc/kayobe/ansible/vault-deploy-overcloud.yml b/etc/kayobe/ansible/vault-deploy-overcloud.yml
@@ -60,10 +60,15 @@
     - import_role:
         name: stackhpc.hashicorp.vault
       vars:
+        hashicorp_registry_url: "{{ overcloud_hashicorp_registry_url }}"
+        hashicorp_registry_username: "{{ overcloud_hashicorp_registry_username }}"
+        hashicorp_registry_password: "{{ overcloud_hashicorp_registry_password }}"
+        consul_docker_image: "{{ overcloud_consul_docker_image }}"
         consul_docker_tag: "{{ overcloud_consul_docker_tag }}"
         vault_config_dir: "/opt/kayobe/vault"
         vault_cluster_name: "overcloud"
         vault_ca_cert: "{{ '/etc/pki/tls/certs/ca-bundle.crt' if ansible_facts.os_family == 'RedHat' else '/usr/local/share/ca-certificates/OS-TLS-ROOT.crt' }}"
+        vault_docker_image: "{{ overcloud_vault_docker_image }}"
         vault_docker_tag: "{{ overcloud_vault_docker_tag }}"
         vault_tls_cert: "{% if kolla_internal_fqdn != kolla_internal_vip_address %}{{ kolla_internal_fqdn }}{% else %}overcloud{% endif %}.crt"
         vault_tls_key: "{% if kolla_internal_fqdn != kolla_internal_vip_address %}{{ kolla_internal_fqdn }}{% else %}overcloud{% endif %}.key"
diff --git a/etc/kayobe/inventory/group_vars/all/vault b/etc/kayobe/inventory/group_vars/all/vault
@@ -27,9 +27,20 @@ seed_vault_pki_roles:
       organization: ["StackHPC"]
       ou: ["OpenStack"]
 
+# Registry information for overcloud.
+overcloud_hashicorp_registry_url: "{{ stackhpc_docker_registry if stackhpc_sync_hashicorp_images | bool else '' }}"
+overcloud_hashicorp_registry_username: "{{ stackhpc_docker_registry_username if stackhpc_sync_hashicorp_images | bool else '' }}"
+overcloud_hashicorp_registry_password: "{{ stackhpc_docker_registry_password if stackhpc_sync_hashicorp_images | bool else '' }}"
+
+# Overcloud Consul container image.
+overcloud_consul_docker_image: "{{ stackhpc_docker_registry ~ '/' if stackhpc_sync_hashicorp_images | bool else '' }}hashicorp/consul"
+
 # Overcloud Consul container image tag.
 overcloud_consul_docker_tag: "1.16"
 
+# Overcloud Vault container image.
+overcloud_vault_docker_image: "{{ stackhpc_docker_registry ~ '/' if stackhpc_sync_hashicorp_images | bool else '' }}hashicorp/vault"
+
 # Overcloud Vault container image tag.
 overcloud_vault_docker_tag: "1.14"
 
diff --git a/etc/kayobe/pulp.yml b/etc/kayobe/pulp.yml
@@ -1217,12 +1217,47 @@ stackhpc_pulp_distribution_container_ceph:
     state: present
     required: "{{ stackhpc_sync_ceph_images | bool }}"
 
+# Whether to sync HashiCorp container images.
+stackhpc_sync_hashicorp_images: false
+
+# List of HashiCorp container image repositories.
+stackhpc_pulp_repository_container_repos_hashicorp:
+  - name: "hashicorp/consul"
+    url: "https://registry-1.docker.io"
+    policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
+    state: present
+    include_tags: "{{ overcloud_consul_docker_tag }}"
+    required: "{{ stackhpc_sync_hashicorp_images | bool }}"
+  - name: "hashicorp/vault"
+    url: "https://registry-1.docker.io"
+    policy: on_demand
+    proxy_url: "{{ pulp_proxy_url }}"
+    state: present
+    include_tags: "{{ overcloud_vault_docker_tag }}"
+    required: "{{ stackhpc_sync_hashicorp_images | bool }}"
+
+# List of HashiCorp container image distributions.
+stackhpc_pulp_distribution_container_hashicorp:
+  - name: consul
+    repository: hashicorp/consul
+    base_path: hashicorp/consul
+    state: present
+    required: "{{ stackhpc_sync_hashicorp_images | bool }}"
+  - name: vault
+    repository: hashicorp/vault
+    base_path: hashicorp/vault
+    state: present
+    required: "{{ stackhpc_sync_hashicorp_images | bool }}"
+
 # List of container image repositories.
 stackhpc_pulp_repository_container_repos: >-
   {{ (stackhpc_pulp_repository_container_repos_kolla +
-      stackhpc_pulp_repository_container_repos_ceph) | selectattr('required') }}
+      stackhpc_pulp_repository_container_repos_ceph +
+      stackhpc_pulp_repository_container_repos_hashicorp) | selectattr('required') }}
 
 # List of container image distributions.
 stackhpc_pulp_distribution_container: >-
   {{ (stackhpc_pulp_distribution_container_kolla +
-      stackhpc_pulp_distribution_container_ceph) | selectattr('required') }}
+      stackhpc_pulp_distribution_container_ceph +
+      stackhpc_pulp_distribution_container_hashicorp) | selectattr('required') }}
diff --git a/etc/kayobe/vault.yml b/etc/kayobe/vault.yml
@@ -14,9 +14,20 @@
 # Seed Vault PKI Roles definition
 # seed_vault_pki_roles: []
 
+# Registry information for overcloud.
+# overcloud_hashicorp_registry_url:
+# overcloud_hashicorp_registry_username:
+# overcloud_hashicorp_registry_password:
+
+# Overcloud Consul container image.
+# overcloud_consul_docker_image:
+
 # Overcloud Consul container image tag.
 # overcloud_consul_docker_tag:
 
+# Overcloud Vault container image.
+# overcloud_vault_docker_image:
+
 # Overcloud Vault container image tag.
 # overcloud_vault_docker_tag:
 
