From d6c8850d0d2ff3c9cf2ae9f453d0c85c743ccfa7 Mon Sep 17 00:00:00 2001 From: whitestar Date: Fri, 25 Aug 2017 11:24:44 +0900 Subject: [PATCH] adds the `docker-grid::registry-server` and `docker-grid::registry-docker-compose` recipes. --- cookbooks/docker-grid/CHANGELOG.md | 4 + cookbooks/docker-grid/README.md | 69 ++++++++++++++-- cookbooks/docker-grid/attributes/default.rb | 45 +++++++++++ .../docker-grid/recipes/registry-docker-compose.rb | 20 +++++ cookbooks/docker-grid/recipes/registry-server.rb | 91 ++++++++++++++++++++++ cookbooks/docker-grid/recipes/registry.rb | 4 +- .../default/etc/docker/registry/config.yml | 7 ++ cookbooks/docker-grid/version | 2 +- 8 files changed, 233 insertions(+), 9 deletions(-) create mode 100644 cookbooks/docker-grid/recipes/registry-docker-compose.rb create mode 100644 cookbooks/docker-grid/recipes/registry-server.rb create mode 100644 cookbooks/docker-grid/templates/default/etc/docker/registry/config.yml diff --git a/cookbooks/docker-grid/CHANGELOG.md b/cookbooks/docker-grid/CHANGELOG.md index 2aa5138..52d13b5 100644 --- a/cookbooks/docker-grid/CHANGELOG.md +++ b/cookbooks/docker-grid/CHANGELOG.md @@ -1,5 +1,9 @@ # docker-grid CHANGELOG +0.5.0 +----- +- adds the `docker-grid::registry-server` and `docker-grid::registry-docker-compose` recipes. + 0.4.0 ----- - includes the `ssl_cert::server_key_pairs` recipe automatically. diff --git a/cookbooks/docker-grid/README.md b/cookbooks/docker-grid/README.md index 7a02f50..f35bbf2 100644 --- a/cookbooks/docker-grid/README.md +++ b/cookbooks/docker-grid/README.md @@ -1,7 +1,7 @@ docker-grid Cookbook ==================== -This cookbook sets up Docker engine. +This cookbook sets up Docker engine etc. ## Contents @@ -15,6 +15,8 @@ This cookbook sets up Docker engine. - [docker-grid::compose](#docker-gridcompose) - [docker-grid::engine](#docker-gridengine) - [docker-grid::registry](#docker-gridregistry) + - [docker-grid::registry-docker-compose](#docker-gridregistry-docker-compose) + - [docker-grid::registry-server](#docker-gridregistry-server) - [Role Examples](#role-examples) - [SSL server keys and certificates management by `ssl_cert` cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook) - [License and Authors](#license-and-authors) @@ -62,6 +64,7 @@ This cookbook sets up Docker engine. |`['docker-grid']['engine']['users_allow']`|Array|Non-root users allowed to manage Docker daemon.|`[]`| |`['docker-grid']['registry']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, `node['docker-grid']['registry']['docker-compose']['config']` are are overridden by the following `common_name` attributes.|`false`| |`['docker-grid']['registry']['ssl_cert']['common_name']`|String|Registry server common name for TLS|`node['fqdn']`| +|`['docker-grid']['registry']['server']['config']`|Hash|Registry server configurations.|See `attributes/default.rb`| |`['docker-grid']['registry']['docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/registry"`| |`['docker-grid']['registry']['docker-compose']['host_data_volume']`|String|Data directory path on the host filesystem or `nil` (unset).|`'/var/lib/docker-registry'`| |`['docker-grid']['registry']['docker-compose']['config_format_version']`|String|`docker-compose.yml` format version. `'1'` or `'2'`|`'1'`| @@ -89,6 +92,14 @@ This recipe sets up Docker engine. This recipe sets up Docker Compose configurations for the Docker registry service. +#### docker-grid::registry-docker-compose + +This recipe is alias of the `docker-grid::registry` recipe. + +#### docker-grid::registry-server + +This recipe sets up a Docker registry service on real host. + ### Role Examples - `roles/docker.rb`: installs the `docker-engine` package. @@ -170,7 +181,7 @@ override_attributes( ) ``` -- `roles/docker-registry.rb` +- `roles/docker-registry.rb`: on Docker. ```ruby name 'docker-registry' @@ -228,20 +239,25 @@ override_attributes( ) ``` -- `roles/docker-registry-with-ssl-cert.rb` +- `roles/docker-registry-with-ssl-cert.rb`: on Docker. ```ruby name 'docker-registry-with-ssl-cert' description 'Docker Registry Server' +registry_fqdn = 'registry.docker.example.com' + run_list( #'recipe[ssl_cert::server_key_pairs]', # docker-grid <= 0.3.9 'recipe[docker-grid::registry]', ) -registry_fqdn = 'registry.docker.example.com' - override_attributes( + 'ssl_cert' => { + 'common_names' => [ + registry_fqdn, + ], + }, 'docker-grid' => { 'engine' => { 'version_on_centos' => '17.03.1.ce-1', @@ -292,7 +308,7 @@ override_attributes( ) ``` -- `roles/docker-registry-by-entire-config.rb` +- `roles/docker-registry-by-entire-config.rb`: on Docker. ```ruby name 'docker-registry-by-entire-config' @@ -353,6 +369,47 @@ override_attributes( ) ``` +- `roles/registry-server-with-ssl-cert.rb`: on real host. + +```ruby +name 'registry-server-with-ssl-cert' +description 'Docker Registry Server' + +registry_fqdn = 'registry.docker.example.com' + +run_list( + 'recipe[docker-grid::registry-server]', +) + +override_attributes( + 'ssl_cert' => { + 'common_names' => [ + registry_fqdn, + ], + }, + 'docker-grid' => { + 'registry' => { + 'with_ssl_cert_cookbook' => true, + 'ssl_cert' => { + 'common_name' => registry_fqdn, + }, + 'server' => { + 'config' => { + 'storage' => { + 'filesystem' => { + 'rootdirectory' => '/var/lib/docker-registry', + }, + }, + 'proxy' => { + 'remoteurl' => 'https://registry-1.docker.io', + }, + }, + }, + }, + }, +) +``` + ### SSL server keys and certificates management by `ssl_cert` cookbook - create vault items. diff --git a/cookbooks/docker-grid/attributes/default.rb b/cookbooks/docker-grid/attributes/default.rb index 2d7460f..44e052f 100644 --- a/cookbooks/docker-grid/attributes/default.rb +++ b/cookbooks/docker-grid/attributes/default.rb @@ -130,6 +130,51 @@ default['docker-grid']['registry']['with_ssl_cert_cookbook'] = false # are overridden by the following 'ca_name' and 'common_name' attributes. #default['docker-grid']['registry']['ssl_cert']['ca_name'] = nil default['docker-grid']['registry']['ssl_cert']['common_name'] = node['fqdn'] +# See https://docs.docker.com/registry/configuration/ +rootdirectory = node.value_for_platform( + ['centos', 'redhat'] => { + 'default' => '/var/lib/registry', + }, + ['debian', 'ubuntu'] => { + 'default' => '/var/lib/docker-registry', + } +) +default['docker-grid']['registry']['server']['config'] = { + 'version' => '0.1', + 'log' => { + 'fields' => { + 'service' => 'registry', + }, + }, + 'storage' => { + 'cache' => { + # NOTE: Formerly, blobdescriptor was known as layerinfo. + # While these are equivalent, layerinfo has been deprecated. + 'blobdescriptor' => 'inmemory', + }, + 'filesystem' => { + 'rootdirectory' => rootdirectory, + }, + }, + 'http' => { + 'addr' => ':5000', + 'headers' => { + 'X-Content-Type-Options' => [ + 'nosniff', + ], + }, + }, + #'proxy' => { + # 'remoteurl' => 'https://registry-1.docker.io', + #}, + 'health' => { + 'storagedriver' => { + 'enabled' => true, + 'interval' => '10s', + 'threshold' => 3, + }, + }, +} default['docker-grid']['registry']['docker-compose']['app_dir'] = "#{node['docker-grid']['compose']['app_dir']}/registry" # ./docker-compose.yml default['docker-grid']['registry']['docker-compose']['config_format_version'] = '1' diff --git a/cookbooks/docker-grid/recipes/registry-docker-compose.rb b/cookbooks/docker-grid/recipes/registry-docker-compose.rb new file mode 100644 index 0000000..a9ab154 --- /dev/null +++ b/cookbooks/docker-grid/recipes/registry-docker-compose.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: docker-grid +# Recipe:: registry-docker-compose +# +# Copyright 2017, whitestar +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe 'docker-grid::registry' diff --git a/cookbooks/docker-grid/recipes/registry-server.rb b/cookbooks/docker-grid/recipes/registry-server.rb new file mode 100644 index 0000000..38cd3f1 --- /dev/null +++ b/cookbooks/docker-grid/recipes/registry-server.rb @@ -0,0 +1,91 @@ +# +# Cookbook Name:: docker-grid +# Recipe:: registry-server +# +# Copyright 2017, whitestar +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package 'docker-registry' do + action :install +end + +service_name = node.value_for_platform( + ['centos', 'redhat'] => { + 'default' => 'docker-distribution', + }, + ['debian', 'ubuntu'] => { + 'default' => 'docker-registry', + } +) + +service service_name do + action [:enable, :start] + supports status: true, restart: true, reload: false +end + +directory '/etc/docker' do + owner 'root' + group 'root' + mode '0755' # workaround: this directory mode is modified to 700 for containig key.json file. + action :create + only_if { Dir.exist?('/etc/docker') } +end + +config = node['docker-grid']['registry']['server']['config'] +override_config = node.override['docker-grid']['registry']['server']['config'] + +service_owner = node.value_for_platform( + ['centos', 'redhat'] => { + 'default' => 'root', + }, + ['debian', 'ubuntu'] => { + 'default' => 'docker-registry', + } +) + +directory config['storage']['filesystem']['rootdirectory'] do + owner service_owner + group service_owner + mode '0755' + action :create + recursive true +end + +if node['docker-grid']['registry']['with_ssl_cert_cookbook'] + include_recipe 'ssl_cert::server_key_pairs' + ::Chef::Recipe.send(:include, SSLCert::Helper) + cn = node['docker-grid']['registry']['ssl_cert']['common_name'] + + append_members_to_key_access_group(service_owner) + override_config['http']['tls']['certificate'] = server_cert_path(cn) + override_config['http']['tls']['key'] = server_key_path(cn) +end + +conf_dir = node.value_for_platform( + ['centos', 'redhat'] => { + 'default' => '/etc/docker-distribution/registry', + }, + ['debian', 'ubuntu'] => { + 'default' => '/etc/docker/registry', + } +) + +template "#{conf_dir}/config.yml" do + source 'etc/docker/registry/config.yml' + owner 'root' + group 'root' + mode '0644' + notifies :restart, "service[#{service_name}]" +end diff --git a/cookbooks/docker-grid/recipes/registry.rb b/cookbooks/docker-grid/recipes/registry.rb index f736d6b..b48c169 100644 --- a/cookbooks/docker-grid/recipes/registry.rb +++ b/cookbooks/docker-grid/recipes/registry.rb @@ -104,9 +104,9 @@ node.override['docker-grid']['registry']['docker-compose']['config'] = \ log <<-"EOM" Note: You must execute the following command manually. See #{doc_url} - - Start: + * Start: $ cd #{app_dir} $ docker-compose up -d - - Stop + * Stop $ docker-compose down EOM diff --git a/cookbooks/docker-grid/templates/default/etc/docker/registry/config.yml b/cookbooks/docker-grid/templates/default/etc/docker/registry/config.yml new file mode 100644 index 0000000..e25de5a --- /dev/null +++ b/cookbooks/docker-grid/templates/default/etc/docker/registry/config.yml @@ -0,0 +1,7 @@ +<% +config = node['docker-grid']['registry']['server']['config'] + +require 'yaml' +yaml_str = config.to_hash.to_yaml +-%> +<%= yaml_str %> diff --git a/cookbooks/docker-grid/version b/cookbooks/docker-grid/version index 1d0ba9e..8f0916f 100644 --- a/cookbooks/docker-grid/version +++ b/cookbooks/docker-grid/version @@ -1 +1 @@ -0.4.0 +0.5.0 -- 2.11.0