Puppet Class: docker_registry_ha::web

Defined in:
modules/docker_registry_ha/manifests/web.pp

Overview

Parameters:

  • docker_username (String)
  • docker_password_hash (String)
  • allow_push_from (Array[Stdlib::Host])
  • ssl_settings (Array[String])
  • use_puppet_certs (Boolean) (defaults to: false)
  • ssl_certificate_name (Optional[String]) (defaults to: undef)
  • http_endpoint (Boolean) (defaults to: false)
  • http_allowed_hosts (Array[Stdlib::Host]) (defaults to: [])
  • read_only_mode (Boolean) (defaults to: false)


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'modules/docker_registry_ha/manifests/web.pp', line 1

class docker_registry_ha::web (
    String $docker_username,
    String $docker_password_hash,
    Array[Stdlib::Host] $allow_push_from,
    Array[String] $ssl_settings,
    Boolean $use_puppet_certs=false,
    Optional[String] $ssl_certificate_name=undef,
    Boolean $http_endpoint=false,
    Array[Stdlib::Host] $http_allowed_hosts=[],
    Boolean $read_only_mode=false,
) {
    if (!$use_puppet_certs and ($ssl_certificate_name == undef)) {
        fail('Either puppet certs should be used, or an ssl cert name should be provided')
    }

    if $use_puppet_certs {
        base::expose_puppet_certs { '/etc/nginx':
            ensure          => present,
            provide_private => true,
            require         => Class['nginx'],
        }
    }

    file { '/etc/nginx/htpasswd.registry':
        content => "${docker_username}:${docker_password_hash}",
        owner   => 'www-data',
        group   => 'www-data',
        mode    => '0440',
        before  => Service['nginx'],
        require => Package['nginx-common'],
    }
    nginx::site { 'registry':
        content => template('docker_registry_ha/registry-nginx.conf.erb'),
    }

    if $http_endpoint {
        nginx::site { 'registry-http':
            content => template('docker_registry_ha/registry-http-nginx.conf.erb'),
        }
    }

}