159 lines
5.5 KiB
Puppet
159 lines
5.5 KiB
Puppet
# @summary
|
|
# Module to configure private docker registries from which to pull Docker images
|
|
#
|
|
# @param server
|
|
# The hostname and port of the private Docker registry. Ex: dockerreg:5000
|
|
#
|
|
# @param ensure
|
|
# Whether or not you want to login or logout of a repository
|
|
#
|
|
# @param username
|
|
# Username for authentication to private Docker registry.
|
|
# auth is not required.
|
|
#
|
|
# @param password
|
|
# Password for authentication to private Docker registry. Leave undef if
|
|
# auth is not required.
|
|
#
|
|
# @param pass_hash
|
|
# The hash to be used for receipt. If left as undef, a hash will be generated
|
|
#
|
|
# @param email
|
|
# Email for registration to private Docker registry. Leave undef if
|
|
# auth is not required.
|
|
#
|
|
# @param local_user
|
|
# The local user to log in as. Docker will store credentials in this
|
|
# users home directory
|
|
#
|
|
# @param local_user_home
|
|
# The local user home directory.
|
|
#
|
|
# @param receipt
|
|
# Required to be true for idempotency
|
|
#
|
|
# @param version
|
|
#
|
|
define docker::registry (
|
|
Optional[String] $server = $title,
|
|
Enum[present,absent] $ensure = 'present',
|
|
Optional[String] $username = undef,
|
|
Optional[String] $password = undef,
|
|
Optional[String] $pass_hash = undef,
|
|
Optional[String] $email = undef,
|
|
String $local_user = 'root',
|
|
Optional[String] $local_user_home = undef,
|
|
Optional[String] $version = $docker::version,
|
|
Boolean $receipt = true,
|
|
) {
|
|
include docker::params
|
|
|
|
$docker_command = $docker::params::docker_command
|
|
|
|
if $facts['os']['family'] == 'windows' {
|
|
$exec_environment = ["PATH=${facts['docker_program_files_path']}/Docker/",]
|
|
$exec_timeout = 3000
|
|
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
|
|
$exec_provider = 'powershell'
|
|
$password_env = '$env:password'
|
|
$exec_user = undef
|
|
} else {
|
|
$exec_environment = []
|
|
$exec_path = ['/bin', '/usr/bin',]
|
|
$exec_timeout = 0
|
|
$exec_provider = undef
|
|
$password_env = "\${password}"
|
|
$exec_user = $local_user
|
|
if $local_user_home {
|
|
$_local_user_home = $local_user_home
|
|
} else {
|
|
# set sensible default
|
|
$_local_user_home = ($local_user == 'root') ? {
|
|
true => '/root',
|
|
default => "/home/${local_user}",
|
|
}
|
|
}
|
|
}
|
|
|
|
if $ensure == 'present' {
|
|
if $username != undef and $password != undef and $email != undef and $version != undef and $version =~ /1[.][1-9]0?/ {
|
|
$auth_cmd = "${docker_command} login -u '${username}' -p \"${password_env}\" -e '${email}' ${server}"
|
|
$auth_environment = "password=${password}"
|
|
} elsif $username != undef and $password != undef {
|
|
$auth_cmd = "${docker_command} login -u '${username}' -p \"${password_env}\" ${server}"
|
|
$auth_environment = "password=${password}"
|
|
} else {
|
|
$auth_cmd = "${docker_command} login ${server}"
|
|
$auth_environment = ''
|
|
}
|
|
} else {
|
|
$auth_cmd = "${docker_command} logout ${server}"
|
|
$auth_environment = ''
|
|
}
|
|
|
|
$docker_auth = "${title}${auth_environment}${auth_cmd}${local_user}"
|
|
|
|
if $auth_environment != '' {
|
|
$exec_env = concat($exec_environment, $auth_environment, "docker_auth=${docker_auth}")
|
|
} else {
|
|
$exec_env = concat($exec_environment, "docker_auth=${docker_auth}")
|
|
}
|
|
|
|
if $receipt {
|
|
if $facts['os']['family'] != 'windows' {
|
|
# server may be an URI, which can contain /
|
|
$server_strip = regsubst($server, '/', '_', 'G')
|
|
|
|
# no - with pw_hash
|
|
$local_user_strip = regsubst($local_user, '[-_]', '', 'G')
|
|
|
|
$_pass_hash = $pass_hash ? {
|
|
Undef => pw_hash($docker_auth, 'SHA-512', $local_user_strip),
|
|
default => $pass_hash
|
|
}
|
|
|
|
$_auth_command = "${auth_cmd} || (rm -f \"/${_local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}\"; exit 1;)"
|
|
|
|
file { "/${_local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}":
|
|
ensure => $ensure,
|
|
content => $_pass_hash,
|
|
owner => $local_user,
|
|
group => $local_user,
|
|
notify => Exec["${title} auth"],
|
|
}
|
|
} else {
|
|
# server may be an URI, which can contain /
|
|
$server_strip = regsubst($server, '[/:]', '_', 'G')
|
|
$passfile = "${facts['docker_user_temp_path']}/registry-auth-puppet_receipt_${server_strip}_${local_user}"
|
|
$_auth_command = "if (-not (${auth_cmd})) { Remove-Item -Path ${passfile} -Force -Recurse -EA SilentlyContinue; exit 1 } else { exit 0 }" # lint:ignore:140chars
|
|
|
|
if $ensure == 'absent' {
|
|
file { $passfile:
|
|
ensure => $ensure,
|
|
notify => Exec["${title} auth"],
|
|
}
|
|
} elsif $ensure == 'present' {
|
|
exec { 'compute-hash':
|
|
command => stdlib::deferrable_epp('docker/windows/compute_hash.ps1.epp', { 'passfile' => $passfile }),
|
|
environment => Deferred('docker::env', [$exec_env]),
|
|
provider => $exec_provider,
|
|
logoutput => true,
|
|
unless => stdlib::deferrable_epp('docker/windows/check_hash.ps1.epp', { 'passfile' => $passfile }),
|
|
notify => Exec["${title} auth"],
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
$_auth_command = $auth_cmd
|
|
}
|
|
|
|
exec { "${title} auth":
|
|
environment => Deferred('docker::env', [$exec_env]),
|
|
command => Deferred('sprintf', [$_auth_command]),
|
|
user => $exec_user,
|
|
path => $exec_path,
|
|
timeout => $exec_timeout,
|
|
provider => $exec_provider,
|
|
refreshonly => $receipt,
|
|
}
|
|
}
|