[MediaWiki-commits] [Gerrit] operations/puppet[production]: [DO NOT MERGE] ci-staging: Docker registry for container builds

Wed, 29 Mar 2017 12:48:01 -0700 

Dduvall has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/345422 )

Change subject: [DO NOT MERGE] ci-staging: Docker registry for container builds
......................................................................

[DO NOT MERGE] ci-staging: Docker registry for container builds

Docker registry for hosting base and newly built container images. Down the 
road this may not be necessary as Ops has suggested that we may simply be able 
to share their registry, but we need something for testing our Build PoC.

Check hieradata files for values that must be provided via secret
hieradata on the puppetmaster and/or via horizon.

Bug: T161657
Change-Id: I03378f977f671d5a7e4aa54d631056325b31bed0
---
A hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml
A modules/role/manifests/ci/docker/registry.pp
2 files changed, 18 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/22/345422/1

diff --git a/hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml 
b/hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml
new file mode 100644
index 0000000..1f79f2f
--- /dev/null
+++ b/hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml
@@ -0,0 +1,7 @@
+---
+docker::registry::web::allow_push_from: [] # (add to puppetmaster secrets or 
horizon)
+docker::registry::web::docker_password_hash: # [htpasswd compat hash] (add to 
puppetmaster secrets)
+docker::registry::web::docker_username: ci-staging-docker
+docker::registry::web::http_allowed_hosts: [] # (add to puppetmaster secrets 
or horizon)
+docker::registry::web::http_endpoint: true
+docker::registry::web::use_puppet_certs: true
diff --git a/modules/role/manifests/ci/docker/registry.pp 
b/modules/role/manifests/ci/docker/registry.pp
new file mode 100644
index 0000000..d33b5c1
--- /dev/null
+++ b/modules/role/manifests/ci/docker/registry.pp
@@ -0,0 +1,11 @@
+class role::ci::docker::registry {
+    require ::role::labs::lvm::srv
+
+    include ::docker::registry
+    include ::sslcert::dhparam
+
+    class { '::docker::registry::web':
+        ssl_settings => ssl_ciphersuite('nginx', 'mid'),
+        require      => Class['::sslcert::dhparam'],
+    }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/345422
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I03378f977f671d5a7e4aa54d631056325b31bed0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dduvall <dduv...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to