Puppet Class: docker_registry_ha
- Defined in:
- modules/docker_registry_ha/manifests/init.pp
Overview
SPDX-License-Identifier: Apache-2.0
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
# File 'modules/docker_registry_ha/manifests/init.pp', line 2
class docker_registry_ha (
Stdlib::Httpurl $swift_url,
String $swift_user,
String $swift_password,
Pattern[/\/\/[a-zA-Z_]{3,}\/[a-zA-Z_]{3,}\/AUTH_[a-zA-Z_]+\/[a-z_]{3,}/] $swift_replication_configuration,
String $swift_container,
String $swift_replication_key,
Stdlib::Host $redis_host,
Stdlib::Port::Unprivileged $redis_port,
String $redis_passwd,
String $registry_shared_secret
){
# this could be removed when buster or next debian includes a 2.7+ version
apt::pin { 'strech_wikimedia_docker_registry_27':
package => 'docker-registry',
pin => 'version 2.7.0~rc0~wmf1-1',
priority => 1002,
}
package {'docker-registry':
ensure => present,
}
ensure_packages('python-swiftclient')
user { 'docker-registry':
ensure => present,
system => true,
home => '/nonexistent',
shell => '/bin/bash',
before => Package['docker-registry'],
}
file { '/etc/swift':
ensure => 'directory',
owner => 'root',
group => 'docker-registry',
mode => '0750',
}
$account_file = "/etc/swift/account_${swift_user}.env"
file { $account_file:
owner => 'root',
group => 'docker-registry',
mode => '0440',
content => "export ST_AUTH=${swift_url}/auth/v1.0\nexport ST_USER=${swift_user}\nexport ST_KEY=${swift_password}\n"
}
file { '/usr/local/bin/registry_ha_swift_container_replication.sh':
source => 'puppet:///modules/docker_registry_ha/registry_ha_swift_container_replication.sh',
mode => '0544',
owner => 'docker-registry',
group => 'docker-registry',
}
exec { 'create_swift_container_replication':
command => "/usr/local/bin/registry_ha_swift_container_replication.sh -x -a ${account_file} \
-r ${swift_replication_configuration} \
-k ${swift_replication_key} \
-c ${swift_container}",
unless => "/usr/local/bin/registry_ha_swift_container_replication.sh -t -a ${account_file} \
-c ${swift_container}",
cwd => '/tmp',
path => '/bin:/sbin:/usr/bin:/usr/sbin',
user => 'docker-registry'
}
file { '/etc/docker/registry/config.yml':
content => template('docker_registry_ha/registry-ha-config.yaml.erb'),
owner => 'docker-registry',
group => 'docker-registry',
mode => '0440',
notify => Service['docker-registry'],
}
service { 'docker-registry':
ensure => running,
require => File[
'/etc/docker/registry/config.yml'
],
}
rsyslog::input::file { 'registry-nginx-error':
path => '/var/log/nginx/error.log',
}
rsyslog::input::file { 'registry-nginx-access':
path => '/var/log/nginx/access.log',
}
}
|