Yuvipanda has uploaded a new change for review.
https://gerrit.wikimedia.org/r/282071
Change subject: docker: Don't setup credentials on all hosts
......................................................................
docker: Don't setup credentials on all hosts
Only on the docker builder hosts, since everyone else will
only be pulling, not pushing.
Change-Id: I9939bccb48f38b2c6a1f03655520525e2cd3b29a
---
M modules/docker/manifests/engine.pp
M modules/role/manifests/toollabs/docker/builder.pp
2 files changed, 31 insertions(+), 31 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/71/282071/1
diff --git a/modules/docker/manifests/engine.pp
b/modules/docker/manifests/engine.pp
index 480dceb..09b5670 100644
--- a/modules/docker/manifests/engine.pp
+++ b/modules/docker/manifests/engine.pp
@@ -17,37 +17,6 @@
require => Apt::Repository['docker'],
}
- $docker_username = hiera('docker::username')
- $docker_password = hiera('docker::password')
- $docker_registry = hiera('docker::registry')
-
- # uses strict_encode64 since encode64 adds newlines?!
- $docker_auth = inline_template("<%= require 'base64';
Base64.strict_encode64('${docker_username}:${docker_password}') -%>")
-
- $docker_config = {
- 'auths' => {
- "${docker_registry}" => {
- 'auth' => $docker_auth,
- }
- }
- }
-
- file { '/root/.docker':
- ensure => directory,
- owner => 'root',
- group => 'docker',
- mode => '0550',
- }
-
- file { '/root/.docker/config.json':
- content => ordered_json($docker_config),
- owner => 'root',
- group => 'docker',
- mode => '0440',
- notify => Service['docker'],
- require => File['/root/.docker'],
- }
-
if $declare_service {
service { 'docker':
ensure => running,
diff --git a/modules/role/manifests/toollabs/docker/builder.pp
b/modules/role/manifests/toollabs/docker/builder.pp
index aed670a..b0e1f7d 100644
--- a/modules/role/manifests/toollabs/docker/builder.pp
+++ b/modules/role/manifests/toollabs/docker/builder.pp
@@ -6,6 +6,37 @@
class { '::docker::baseimages': }
+ # This requires push privilages
+ $docker_username = hiera('docker::username')
+ $docker_password = hiera('docker::password')
+ $docker_registry = hiera('docker::registry')
+
+ # uses strict_encode64 since encode64 adds newlines?!
+ $docker_auth = inline_template("<%= require 'base64';
Base64.strict_encode64('${docker_username}:${docker_password}') -%>")
+
+ $docker_config = {
+ 'auths' => {
+ "${docker_registry}" => {
+ 'auth' => $docker_auth,
+ }
+ }
+ }
+
+ file { '/root/.docker':
+ ensure => directory,
+ owner => 'root',
+ group => 'docker',
+ mode => '0550',
+ }
+
+ file { '/root/.docker/config.json':
+ content => ordered_json($docker_config),
+ owner => 'root',
+ group => 'docker',
+ mode => '0440',
+ notify => Service['docker'],
+ require => File['/root/.docker'],
+ }
# Temporarily build kubernetes too! We'll eventually have this
# be done somewhere else.
include ::toollabs::kubebuilder
--
To view, visit https://gerrit.wikimedia.org/r/282071
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9939bccb48f38b2c6a1f03655520525e2cd3b29a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
