# docker-grid CHANGELOG
+0.5.0
+-----
+- adds the `docker-grid::registry-server` and `docker-grid::registry-docker-compose` recipes.
+
0.4.0
-----
- includes the `ssl_cert::server_key_pairs` recipe automatically.
docker-grid Cookbook
====================
-This cookbook sets up Docker engine.
+This cookbook sets up Docker engine etc.
## Contents
- [docker-grid::compose](#docker-gridcompose)
- [docker-grid::engine](#docker-gridengine)
- [docker-grid::registry](#docker-gridregistry)
+ - [docker-grid::registry-docker-compose](#docker-gridregistry-docker-compose)
+ - [docker-grid::registry-server](#docker-gridregistry-server)
- [Role Examples](#role-examples)
- [SSL server keys and certificates management by `ssl_cert` cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
- [License and Authors](#license-and-authors)
|`['docker-grid']['engine']['users_allow']`|Array|Non-root users allowed to manage Docker daemon.|`[]`|
|`['docker-grid']['registry']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, `node['docker-grid']['registry']['docker-compose']['config']` are are overridden by the following `common_name` attributes.|`false`|
|`['docker-grid']['registry']['ssl_cert']['common_name']`|String|Registry server common name for TLS|`node['fqdn']`|
+|`['docker-grid']['registry']['server']['config']`|Hash|Registry server configurations.|See `attributes/default.rb`|
|`['docker-grid']['registry']['docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/registry"`|
|`['docker-grid']['registry']['docker-compose']['host_data_volume']`|String|Data directory path on the host filesystem or `nil` (unset).|`'/var/lib/docker-registry'`|
|`['docker-grid']['registry']['docker-compose']['config_format_version']`|String|`docker-compose.yml` format version. `'1'` or `'2'`|`'1'`|
This recipe sets up Docker Compose configurations for the Docker registry service.
+#### docker-grid::registry-docker-compose
+
+This recipe is alias of the `docker-grid::registry` recipe.
+
+#### docker-grid::registry-server
+
+This recipe sets up a Docker registry service on real host.
+
### Role Examples
- `roles/docker.rb`: installs the `docker-engine` package.
)
```
-- `roles/docker-registry.rb`
+- `roles/docker-registry.rb`: on Docker.
```ruby
name 'docker-registry'
)
```
-- `roles/docker-registry-with-ssl-cert.rb`
+- `roles/docker-registry-with-ssl-cert.rb`: on Docker.
```ruby
name 'docker-registry-with-ssl-cert'
description 'Docker Registry Server'
+registry_fqdn = 'registry.docker.example.com'
+
run_list(
#'recipe[ssl_cert::server_key_pairs]', # docker-grid <= 0.3.9
'recipe[docker-grid::registry]',
)
-registry_fqdn = 'registry.docker.example.com'
-
override_attributes(
+ 'ssl_cert' => {
+ 'common_names' => [
+ registry_fqdn,
+ ],
+ },
'docker-grid' => {
'engine' => {
'version_on_centos' => '17.03.1.ce-1',
)
```
-- `roles/docker-registry-by-entire-config.rb`
+- `roles/docker-registry-by-entire-config.rb`: on Docker.
```ruby
name 'docker-registry-by-entire-config'
)
```
+- `roles/registry-server-with-ssl-cert.rb`: on real host.
+
+```ruby
+name 'registry-server-with-ssl-cert'
+description 'Docker Registry Server'
+
+registry_fqdn = 'registry.docker.example.com'
+
+run_list(
+ 'recipe[docker-grid::registry-server]',
+)
+
+override_attributes(
+ 'ssl_cert' => {
+ 'common_names' => [
+ registry_fqdn,
+ ],
+ },
+ 'docker-grid' => {
+ 'registry' => {
+ 'with_ssl_cert_cookbook' => true,
+ 'ssl_cert' => {
+ 'common_name' => registry_fqdn,
+ },
+ 'server' => {
+ 'config' => {
+ 'storage' => {
+ 'filesystem' => {
+ 'rootdirectory' => '/var/lib/docker-registry',
+ },
+ },
+ 'proxy' => {
+ 'remoteurl' => 'https://registry-1.docker.io',
+ },
+ },
+ },
+ },
+ },
+)
+```
+
### SSL server keys and certificates management by `ssl_cert` cookbook
- create vault items.
# are overridden by the following 'ca_name' and 'common_name' attributes.
#default['docker-grid']['registry']['ssl_cert']['ca_name'] = nil
default['docker-grid']['registry']['ssl_cert']['common_name'] = node['fqdn']
+# See https://docs.docker.com/registry/configuration/
+rootdirectory = node.value_for_platform(
+ ['centos', 'redhat'] => {
+ 'default' => '/var/lib/registry',
+ },
+ ['debian', 'ubuntu'] => {
+ 'default' => '/var/lib/docker-registry',
+ }
+)
+default['docker-grid']['registry']['server']['config'] = {
+ 'version' => '0.1',
+ 'log' => {
+ 'fields' => {
+ 'service' => 'registry',
+ },
+ },
+ 'storage' => {
+ 'cache' => {
+ # NOTE: Formerly, blobdescriptor was known as layerinfo.
+ # While these are equivalent, layerinfo has been deprecated.
+ 'blobdescriptor' => 'inmemory',
+ },
+ 'filesystem' => {
+ 'rootdirectory' => rootdirectory,
+ },
+ },
+ 'http' => {
+ 'addr' => ':5000',
+ 'headers' => {
+ 'X-Content-Type-Options' => [
+ 'nosniff',
+ ],
+ },
+ },
+ #'proxy' => {
+ # 'remoteurl' => 'https://registry-1.docker.io',
+ #},
+ 'health' => {
+ 'storagedriver' => {
+ 'enabled' => true,
+ 'interval' => '10s',
+ 'threshold' => 3,
+ },
+ },
+}
default['docker-grid']['registry']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/registry"
# ./docker-compose.yml
default['docker-grid']['registry']['docker-compose']['config_format_version'] = '1'
--- /dev/null
+#
+# Cookbook Name:: docker-grid
+# Recipe:: registry-docker-compose
+#
+# Copyright 2017, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe 'docker-grid::registry'
--- /dev/null
+#
+# Cookbook Name:: docker-grid
+# Recipe:: registry-server
+#
+# Copyright 2017, whitestar
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package 'docker-registry' do
+ action :install
+end
+
+service_name = node.value_for_platform(
+ ['centos', 'redhat'] => {
+ 'default' => 'docker-distribution',
+ },
+ ['debian', 'ubuntu'] => {
+ 'default' => 'docker-registry',
+ }
+)
+
+service service_name do
+ action [:enable, :start]
+ supports status: true, restart: true, reload: false
+end
+
+directory '/etc/docker' do
+ owner 'root'
+ group 'root'
+ mode '0755' # workaround: this directory mode is modified to 700 for containig key.json file.
+ action :create
+ only_if { Dir.exist?('/etc/docker') }
+end
+
+config = node['docker-grid']['registry']['server']['config']
+override_config = node.override['docker-grid']['registry']['server']['config']
+
+service_owner = node.value_for_platform(
+ ['centos', 'redhat'] => {
+ 'default' => 'root',
+ },
+ ['debian', 'ubuntu'] => {
+ 'default' => 'docker-registry',
+ }
+)
+
+directory config['storage']['filesystem']['rootdirectory'] do
+ owner service_owner
+ group service_owner
+ mode '0755'
+ action :create
+ recursive true
+end
+
+if node['docker-grid']['registry']['with_ssl_cert_cookbook']
+ include_recipe 'ssl_cert::server_key_pairs'
+ ::Chef::Recipe.send(:include, SSLCert::Helper)
+ cn = node['docker-grid']['registry']['ssl_cert']['common_name']
+
+ append_members_to_key_access_group(service_owner)
+ override_config['http']['tls']['certificate'] = server_cert_path(cn)
+ override_config['http']['tls']['key'] = server_key_path(cn)
+end
+
+conf_dir = node.value_for_platform(
+ ['centos', 'redhat'] => {
+ 'default' => '/etc/docker-distribution/registry',
+ },
+ ['debian', 'ubuntu'] => {
+ 'default' => '/etc/docker/registry',
+ }
+)
+
+template "#{conf_dir}/config.yml" do
+ source 'etc/docker/registry/config.yml'
+ owner 'root'
+ group 'root'
+ mode '0644'
+ notifies :restart, "service[#{service_name}]"
+end
log <<-"EOM"
Note: You must execute the following command manually.
See #{doc_url}
- - Start:
+ * Start:
$ cd #{app_dir}
$ docker-compose up -d
- - Stop
+ * Stop
$ docker-compose down
EOM
--- /dev/null
+<%
+config = node['docker-grid']['registry']['server']['config']
+
+require 'yaml'
+yaml_str = config.to_hash.to_yaml
+-%>
+<%= yaml_str %>