Puppet Class: docker_pusher

Defined in:
modules/docker_pusher/manifests/init.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class docker_pusher

Installs small push script used by CI

Parameters:

  • docker_pusher_user (String)
  • docker_registry_user (String)
  • docker_registry_password (String)


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'modules/docker_pusher/manifests/init.pp', line 5

class docker_pusher(
    String $docker_pusher_user,
    String $docker_registry_user,
    String $docker_registry_password,
) {
    # TODO: actually fetch the registry url from hiera.
    # TODO: currently we declare group ownership 'docker',
    # but don't allow reading from the group, which seems
    # pointless to me.
    docker::credentials {'/etc/docker-pusher/config.json':
        owner             => 'root',
        group             => 'root',
        registry          => 'docker-registry.discovery.wmnet',
        registry_username => $docker_registry_user,
        registry_password => $docker_registry_password,
        allow_group       => false
    }

    file { '/usr/local/bin/docker-pusher':
        ensure => 'present',
        owner  => 'root',
        group  => 'root',
        mode   => '0700',
        source => 'puppet:///modules/docker_pusher/docker_pusher.sh',
    }

    sudo::user { "sudo ${docker_pusher_user} docker-pusher":
        user       => $docker_pusher_user,
        privileges => [
            'ALL=(root) NOPASSWD: /usr/local/bin/docker-pusher *',
        ]
    }
}