Puppet Class: docker::registry::web

Defined in:

modules/docker/manifests/registry/web.pp

Summary

configure the docker registry web site

Overview

Parameters:

• docker_username (String) —

  the docker username to use

• docker_password_hash (String) —

  the docker password hash to use

• allow_push_from (Array[Stdlib::Host]) —

  A list of host allowed to push

• ssl_settings (Array[String]) —

  an aray of ssl_settings

• use_puppet_certs (Boolean) (defaults to: false) —

  if true use puppet certs

• use_acme_chief_certs (Boolean) (defaults to: false) —

  if true use acme certs

• http_endpoint (Boolean) (defaults to: false) —

  if true configuer a plain text http endpoint

• http_allowed_hosts (Array[Stdlib::Host]) (defaults to: []) —

  A loist of host allowed to use http

• cors (Boolean) (defaults to: false) —

  configuer cors

• ssl_certificate_name (Optional[String]) (defaults to: undef) —

  The ssl certificate name to use

# File 'modules/docker/manifests/registry/web.pp', line 12

class docker::registry::web (
    String              $docker_username,
    String              $docker_password_hash,
    Array[Stdlib::Host] $allow_push_from,
    Array[String]       $ssl_settings,
    Boolean             $use_puppet_certs     = false,
    Boolean             $use_acme_chief_certs = false,
    Boolean             $http_endpoint        = false,
    Array[Stdlib::Host] $http_allowed_hosts   = [],
    Boolean             $cors                 = false,
    Optional[String]    $ssl_certificate_name = undef,
) {
    if (!$use_puppet_certs and ($ssl_certificate_name == undef)) {
        fail('Either puppet certs should be used, or an ssl cert name should be provided')
    }

    if $use_puppet_certs {
        # TODO: consider using profile::pki::get_cert
        puppet::expose_agent_certs { '/etc/nginx':
            ensure          => present,
            provide_private => true,
            require         => Class['nginx'],
        }
    }

    file { '/etc/nginx/htpasswd.registry':
        content => "${docker_username}:${docker_password_hash}",
        owner   => 'www-data',
        group   => 'www-data',
        mode    => '0440',
        before  => Service['nginx'],
        require => Package['nginx-common'],
    }
    nginx::site { 'registry':
        content => template('docker/registry-nginx.conf.erb'),
    }

    if $http_endpoint {
        nginx::site { 'registry-http':
            content => template('docker/registry-http-nginx.conf.erb'),
        }
    }

}