7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
# File 'modules/profile/manifests/toolforge/docker/registry.pp', line 7
class profile::toolforge::docker::registry(
String $user = lookup('docker::username'),
String $hash = lookup('docker::password_hash'),
Stdlib::Host $builder_host = lookup('docker::builder_host'),
Stdlib::Host $active_node = lookup('profile::toolforge::docker::registry::active_node'),
Stdlib::Host $standby_node = lookup('profile::toolforge::docker::registry::standby_node'),
String $ssl_certificate_name = lookup('profile::toolforge::docker::registry::ssl_certificate_name', {default_value => 'toolforge'}),
) {
acme_chief::cert { $ssl_certificate_name:
before => Class['docker::registry'],
puppet_rsc => Exec['nginx-reload'],
}
$builders = [ipresolve($builder_host, 4, $::nameservers[0])]
class { 'docker::registry':
storage_backend => 'filebackend',
datapath => '/srv/registry',
config => {
'storage' => {
'delete' => {
'enabled' => true,
},
},
},
}
class { 'sslcert::dhparam': } # deploys /etc/ssl/dhparam.pem, required by nginx
class { 'docker::registry::web':
docker_username => $user,
docker_password_hash => $hash,
allow_push_from => $builders,
use_acme_chief_certs => true,
ssl_certificate_name => $ssl_certificate_name,
ssl_settings => ssl_ciphersuite('nginx', 'compat'),
cors => true,
}
# This may deliberately be un-set for some cases, like toolsbeta
if $standby_node {
# make sure we have a backup server ready to take over
rsync::quickdatacopy { 'docker-registry-sync':
ensure => present,
auto_sync => true,
source_host => $active_node,
dest_host => $standby_node,
module_path => '/srv/registry',
progress => true,
delete => true,
}
}
}
|