From 8a03bb1bb4f6768c84a76571a75d9066b1087c1d Mon Sep 17 00:00:00 2001
From: "rongfu.leng" <lenronfu@gmail.com>
Date: Tue, 17 Jan 2023 15:42:32 +0800
Subject: [PATCH] add containerd config_path (#9566)

Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>

Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
---
 .../containerd/tasks/main.yml                 | 23 +++++++++++++++++++
 .../containerd/templates/config.toml.j2       |  3 +++
 2 files changed, 26 insertions(+)

diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index 03b9668d9..ecea9dd75 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -111,6 +111,29 @@
     mode: 0640
   notify: restart containerd
 
+- name: containerd ｜ Create registry directories
+  file:
+    path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}"
+    state: directory
+    mode: 0755
+    recurse: true
+  with_items: "{{ containerd_insecure_registries }}"
+  when: containerd_insecure_registries is defined
+
+- name: containerd ｜ Write hosts.toml file
+  blockinfile:
+    path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}/hosts.toml"
+    owner: "root"
+    mode: 0640
+    create: true
+    block: |
+      server = "{{ item.value }}"
+      [host."{{ item.value }}"]
+        capabilities = ["pull", "resolve", "push"]
+        skip_verify = true
+  with_items: "{{ containerd_insecure_registries }}"
+  when: containerd_insecure_registries is defined
+
 # you can sometimes end up in a state where everything is installed
 # but containerd was not started / enabled
 - name: containerd | Flush handlers
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index c1bda12b8..620bff546 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -47,6 +47,9 @@ oom_score = {{ containerd_oom_score }}
           runtime_type = "io.containerd.runsc.v1"
 {% endif %}
     [plugins."io.containerd.grpc.v1.cri".registry]
+{% if containerd_insecure_registries is defined and containerd_insecure_registries|length>0 %}
+      config_path = "{{ containerd_cfg_dir }}/certs.d"
+{% endif %}
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
 {% for registry, addr in containerd_registries.items() %}
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
-- 
GitLab