Page MenuHomeSoftware Heritage

registry.pp
No OneTemporary

registry.pp

# == Class: docker
#
# Module to configure private docker registries from which to pull Docker images
# If the registry does not require authentication, this module is not required.
#
# === Parameters
# [*server*]
# The hostname and port of the private Docker registry. Ex: dockerreg:5000
#
# [*ensure*]
# Whether or not you want to login or logout of a repository
#
# [*username*]
# Username for authentication to private Docker registry.
# auth is not required.
#
# [*password*]
# Password for authentication to private Docker registry. Leave undef if
# auth is not required.
#
# [*pass_hash*]
# The hash to be used for receipt. If left as undef, a hash will be generated
#
# [*email*]
# Email for registration to private Docker registry. Leave undef if
# auth is not required.
#
# [*local_user*]
# The local user to log in as. Docker will store credentials in this
# users home directory
#
# [*receipt*]
# Required to be true for idempotency
#
define docker::registry(
Optional[String] $server = $title,
Optional[Pattern[/^present$|^absent$/]] $ensure = 'present',
Optional[String] $username = undef,
Optional[String] $password = undef,
Optional[String] $pass_hash = undef,
Optional[String] $email = undef,
Optional[String] $local_user = 'root',
Optional[String] $version = $docker::version,
Optional[Boolean] $receipt = true,
) {
include docker::params
$docker_command = $docker::params::docker_command
if $::osfamily == 'windows' {
$exec_environment = ["PATH=${::docker_program_files_path}/Docker/"]
$exec_timeout = 3000
$exec_path = ["${::docker_program_files_path}/Docker/"]
$exec_provider = 'powershell'
$password_env = '$env:password'
$exec_user = undef
} else {
$exec_environment = []
$exec_path = ['/bin', '/usr/bin']
$exec_timeout = 0
$exec_provider = undef
$password_env = "\${password}"
$exec_user = $local_user
$local_user_home = $facts['docker_home_dirs'][$local_user]
}
if $ensure == 'present' {
if $username != undef and $password != undef and $email != undef and $version != undef and $version =~ /1[.][1-9]0?/ {
$auth_cmd = "${docker_command} login -u '${username}' -p \"${password_env}\" -e '${email}' ${server}"
$auth_environment = "password=${password}"
}
elsif $username != undef and $password != undef {
$auth_cmd = "${docker_command} login -u '${username}' -p \"${password_env}\" ${server}"
$auth_environment = "password=${password}"
}
else {
$auth_cmd = "${docker_command} login ${server}"
$auth_environment = ''
}
}
else {
$auth_cmd = "${docker_command} logout ${server}"
$auth_environment = ''
}
$docker_auth = "${title}${auth_environment}${auth_cmd}${local_user}"
if $auth_environment != '' {
$exec_env = concat($exec_environment, $auth_environment, "docker_auth=${docker_auth}")
} else {
$exec_env = concat($exec_environment, "docker_auth=${docker_auth}")
}
if $receipt {
if $::osfamily != 'windows' {
# server may be an URI, which can contain /
$server_strip = regsubst($server, '/', '_', 'G')
# no - with pw_hash
$local_user_strip = regsubst($local_user, '[-_]', '', 'G')
$_pass_hash = $pass_hash ? {
Undef => pw_hash($docker_auth, 'SHA-512', $local_user_strip),
default => $pass_hash
}
$_auth_command = "${auth_cmd} || rm -f \"/${local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}\""
file { "/${local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}":
ensure => $ensure,
content => $_pass_hash,
owner => $local_user,
group => $local_user,
notify => Exec["${title} auth"],
}
} else {
# server may be an URI, which can contain /
$server_strip = regsubst($server, '[/:]', '_', 'G')
$passfile = "${::docker_user_temp_path}/registry-auth-puppet_receipt_${server_strip}_${local_user}"
# lint:ignore:140chars
$_auth_command = "if (-not (${auth_cmd})) { Remove-Item -Path ${passfile} -Force -Recurse -EA SilentlyContinue; exit 0 } else { exit 0 }"
# lint:endignore
if $ensure == 'absent' {
file { $passfile:
ensure => $ensure,
notify => Exec["${title} auth"],
}
} elsif $ensure == 'present' {
exec { 'compute-hash':
command => template('docker/windows/compute_hash.ps1.erb'),
environment => $exec_env,
provider => $exec_provider,
logoutput => true,
unless => template('docker/windows/check_hash.ps1.erb'),
notify => Exec["${title} auth"],
}
}
}
}
else {
$_auth_command = $auth_cmd
}
exec { "${title} auth":
environment => $exec_env,
command => $_auth_command,
user => $exec_user,
path => $exec_path,
timeout => $exec_timeout,
provider => $exec_provider,
refreshonly => $receipt,
}
}

File Metadata

Mime Type
text/plain
Expires
Wed, Jun 4, 7:14 PM (5 d, 56 m ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3357415

Event Timeline