Puppet Class: dockerinstall::registry::gitlab

Inherits:
dockerinstall::registry::params
Defined in:
manifests/registry/gitlab.pp

Summary

Export GitLab certificate and tokens map for Registry authentication

Overview

Export GitLab certificate and tokens map for Registry authentication

Examples:

include dockerinstall::registry::gitlab

Parameters:

  • registry_cert_export (Boolean) (defaults to: true)

    Whether to write certificate content into local file system or export it to Puppet DB

  • registry_internal_certificate (Optional[String]) (defaults to: undef)

    Contents of the certificate that GitLab uses to sign the tokens. This parameter allows to setup custom certificate into file system path (‘registry_cert_path`) or export to Puppet DB.

  • registry_cert_path

    This is the path where ‘registry_internal_certificate` contents will be written to disk. default certificate location is /etc/docker/registry/tokenbundle.pem

  • token_map_export (Boolean) (defaults to: true)

    Whether to export Nginx tokens map into PuppetDB or not

  • token_map_setup (Boolean) (defaults to: true)

    Whether to setup Nginx tokens map locally or not (mutually exclusive with ‘token_map_export` with lower priority)

  • nginx_tokens_map (Stdlib::Unixpath) (defaults to: $dockerinstall::registry::params::nginx_tokens_map)

    Path to Nginx config which represents map of tokenns to project. This config file is used in ‘include` directive for map $uri $gitlab_token {} configuration directive. See nginx.org/en/docs/http/ngx_http_map_module.html#map Default is /etc/nginx/conf.d/mapping/gitlab-auth-token.conf

  • gitlab_host (Optional[Stdlib::Fqdn]) (defaults to: $dockerinstall::params::certname) 


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'manifests/registry/gitlab.pp', line 35

class dockerinstall::registry::gitlab (
  Boolean $registry_cert_export          = true,
  Optional[String]
          $registry_internal_certificate = undef,
  Boolean $token_map_export              = true,
  Boolean $token_map_setup               = true,
  Stdlib::Unixpath
          $nginx_tokens_map              = $dockerinstall::registry::params::nginx_tokens_map,
  Optional[Stdlib::Fqdn]
          $gitlab_host                   = $dockerinstall::params::certname,
) inherits dockerinstall::registry::params
{
  include dockerinstall::registry::setup::token

  $registry_cert_path  = $dockerinstall::registry::params::auth_token_rootcertbundle

  $registry_cert_content = $registry_internal_certificate ? {
    String  => $registry_internal_certificate,
    default => $facts['puppet_sslcert']['hostcert']['data'],
  }

  if $registry_cert_export {
    @@file { 'registry_rootcertbundle':
      path    => $registry_cert_path,
      content => $registry_cert_content,
      tag     => $gitlab_host,
    }
  }
  else {
    file { $registry_cert_path:
      content => $registry_cert_content,
    }
  }

  $gitlab_tokens = $facts['gitlab_auth_token']
  if $token_map_export {
    @@file { 'registry_tokens_map':
      ensure  => file,
      path    => $nginx_tokens_map,
      content => template('dockerinstall/registry/nginx/mapping/gitlab-auth-token.conf.erb'),
      tag     => $gitlab_host,
    }
  }
  elsif $token_map_setup {
    file { $nginx_tokens_map:
      ensure  => file,
      content => template('dockerinstall/registry/nginx/mapping/gitlab-auth-token.conf.erb'),
    }
  }
}