Dduvall has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/345422 )
Change subject: [DO NOT MERGE] ci-staging: Docker registry for container builds ...................................................................... [DO NOT MERGE] ci-staging: Docker registry for container builds Docker registry for hosting base and newly built container images. Down the road this may not be necessary as Ops has suggested that we may simply be able to share their registry, but we need something for testing our Build PoC. Check hieradata files for values that must be provided via secret hieradata on the puppetmaster and/or via horizon. Bug: T161657 Change-Id: I03378f977f671d5a7e4aa54d631056325b31bed0 --- A hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml A modules/role/manifests/ci/docker/registry.pp 2 files changed, 18 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/22/345422/1 diff --git a/hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml b/hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml new file mode 100644 index 0000000..1f79f2f --- /dev/null +++ b/hieradata/labs/ci-staging/host/ci-staging-docker-registry.yaml @@ -0,0 +1,7 @@ +--- +docker::registry::web::allow_push_from: [] # (add to puppetmaster secrets or horizon) +docker::registry::web::docker_password_hash: # [htpasswd compat hash] (add to puppetmaster secrets) +docker::registry::web::docker_username: ci-staging-docker +docker::registry::web::http_allowed_hosts: [] # (add to puppetmaster secrets or horizon) +docker::registry::web::http_endpoint: true +docker::registry::web::use_puppet_certs: true diff --git a/modules/role/manifests/ci/docker/registry.pp b/modules/role/manifests/ci/docker/registry.pp new file mode 100644 index 0000000..d33b5c1 --- /dev/null +++ b/modules/role/manifests/ci/docker/registry.pp @@ -0,0 +1,11 @@ +class role::ci::docker::registry { + require ::role::labs::lvm::srv + + include ::docker::registry + include ::sslcert::dhparam + + class { '::docker::registry::web': + ssl_settings => ssl_ciphersuite('nginx', 'mid'), + require => Class['::sslcert::dhparam'], + } +} -- To view, visit https://gerrit.wikimedia.org/r/345422 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I03378f977f671d5a7e4aa54d631056325b31bed0 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dduvall <dduv...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits