Description of problem: According to https://github.com/openshift/openshift-ansible/pull/2409, we have roles/openshift_hosted/tasks/registry/secure.yml to secure the registry, but it is only called when deploying standalone atomic registry. It is better to spread it a little so that a normal OCP installation also could call this role to deploy a secure registry. E.g: could provide user a option, openshift_secure_registry=True Of course, we also need avoid new issues when both openshift_secure_registry=True and deployment_subtype=registry are set when implement this new feature. Version-Release number of selected component (if applicable): openshift-ansible-playbooks-3.3.22-1.git.0.6c888c2.el7.noarch How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
https://github.com/openshift/openshift-ansible/pull/2475
Verified this bug with openshift-ansible-3.3.30-1.git.0.b260e04.el7.noarch, and PASS. Now installer would deploy registry-console by default which is requiring a secure registry. So a secure docker-registry will be deployed by default.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:2122