Class: Central::Cli::Registry::CreateCommand

Inherits:

Clamp::Command

• Object
• Clamp::Command
• Central::Cli::Registry::CreateCommand

Includes:

Common, StackOptions

Defined in:

lib/central/cli/registry/create_command.rb

Constant Summary

REGISTRY_VERSION =

'2.2.0'.freeze

Instance Method Summary

• #configure_registry_auth(password) ⇒ Object
• #execute ⇒ Object
• #vault_secret(name) ⇒ String
• #vault_secret_exists?(name) ⇒ Boolean

Methods included from StackOptions

included

Methods included from Common

#access_token=, #add_master, #api_url, #api_url=, #clear_current_stack, #client, #current_master, #current_master=, #current_master_index, #current_stack, #current_stack=, #ensure_custom_ssl_ca, #require_api_url, #require_current_stack, #require_token, #reset_client, #save_settings, #settings, #settings_filename

Instance Method Details

#configure_registry_auth(password) ⇒ Object

Parameters:

• password (String)

# File 'lib/central/cli/registry/create_command.rb', line 130

def configure_registry_auth(password)
  data = {
    username: 'admin',
    password: password,
    email: 'not@val.id',
    url: "http://registry.#{current_stack}.central.local/"
  }
  begin
    client(require_token).post("stacks/#{current_stack}/external_registries", data)
  rescue
    nil
  end
end

#execute ⇒ Object

# File 'lib/central/cli/registry/create_command.rb', line 18

def execute
  require_api_url
  token = require_token
  preferred_node = node
  secrets = []
  affinity = []
  stateful = true
  instances = 1

  registry = begin
               client(token).get("services/#{current_stack}/registry")
             rescue
               nil
             end
  abort('Registry already exists') if registry

  nodes = client(token).get("stacks/#{current_stack}/nodes")

  if s3_bucket
    %w(REGISTRY_STORAGE_S3_ACCESSKEY REGISTRY_STORAGE_S3_SECRETKEY).each do |secret|
      abort("#{secret} secret is missing from the vault") unless vault_secret_exists?(secret)
    end
    env = [
      'REGISTRY_STORAGE=s3',
      "REGISTRY_STORAGE_S3_REGION=#{s3_region}",
      "REGISTRY_STORAGE_S3_BUCKET=#{s3_bucket}",
      "REGISTRY_STORAGE_S3_ENCRYPT=#{s3_encrypt?}",
      "REGISTRY_STORAGE_S3_SECURE=#{s3_secure?}"
    ]
    secrets = [
      { secret: 'REGISTRY_STORAGE_S3_ACCESSKEY', name: 'REGISTRY_STORAGE_S3_ACCESSKEY', type: 'env' },
      { secret: 'REGISTRY_STORAGE_S3_SECRETKEY', name: 'REGISTRY_STORAGE_S3_SECRETKEY', type: 'env' }
    ]
    stateful = false
    instances = 2 if nodes['nodes'].size > 1
  elsif azure_account_name || azure_container_name
    abort('--azure-account-name is missing') if azure_account_name.nil?
    abort('--azure-container-name is missing') if azure_container_name.nil?
    abort('REGISTRY_STORAGE_AZURE_ACCOUNTKEY is not saved to vault') unless vault_secret_exists?('REGISTRY_STORAGE_AZURE_ACCOUNTKEY')
    env = [
      'REGISTRY_STORAGE=azure',
      "REGISTRY_STORAGE_AZURE_ACCOUNTNAME=#{azure_account_name}",
      "REGISTRY_STORAGE_AZURE_ACCOUNTKEY=#{azure_account_key}"
    ]
    secrets = [
      { secret: 'REGISTRY_STORAGE_AZURE_ACCOUNTKEY', name: 'REGISTRY_STORAGE_AZURE_ACCOUNTKEY', type: 'env' }
    ]
    stateful = false
    instances = 2 if nodes['nodes'].size > 1
  else
    env = [
      'REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry'
    ]
    if preferred_node
      node = nodes['nodes'].find { |n| n['connected'] && n['name'] == preferred_node }
      abort('Node not found') if node.nil?
      affinity << "node==#{node['name']}"
    end
  end

  if vault_secret_exists?('REGISTRY_AUTH_PASSWORD')
    secrets << { secret: 'REGISTRY_AUTH_PASSWORD', name: 'AUTH_PASSWORD', type: 'env' }
    configure_registry_auth(vault_secret('REGISTRY_AUTH_PASSWORD'))
  end
  if vault_secret_exists?('REGISTRY_HTTP_TLS_CERTIFICATE')
    secrets << { secret: 'REGISTRY_HTTP_TLS_CERTIFICATE', name: 'REGISTRY_HTTP_TLS_CERTIFICATE', type: 'env' }
    secrets << { secret: 'REGISTRY_HTTP_TLS_KEY', name: 'REGISTRY_HTTP_TLS_KEY', type: 'env' }
    env << 'REGISTRY_HTTP_ADDR=0.0.0.0:443'
  else
    env << 'REGISTRY_HTTP_ADDR=0.0.0.0:80'
  end
  env << "REGISTRY_HTTP_SECRET=#{SecureRandom.hex(24)}"

  data = {
    name: 'registry',
    stateful: stateful,
    container_count: instances,
    image: "fishyard/registry:#{REGISTRY_VERSION}",
    volumes: ['/registry'],
    env: env,
    secrets: secrets,
    affinity: affinity
  }
  client(token).post("stacks/#{current_stack}/services", data)
  client(token).post("services/#{current_stack}/registry/deploy", {})
  ShellSpinner 'Deploying registry service ' do
    sleep 1 until client(token).get("services/#{current_stack}/registry")['state'] != 'deploying'
  end
  puts "\n"
  puts "Docker Registry #{REGISTRY_VERSION} is now running at registry.#{current_stack}.central.local."
  puts 'Note: '
  puts '  - OpenVPN connection is needed to establish connection to this registry. See http://www.central.io/docs/using-central/vpn-access for details'
  puts "  - you must set '--insecure-registry registry.#{current_stack}.central.local' to your client docker daemon before you are able to push to this registry"
end

#vault_secret(name) ⇒ String

Parameters:

• name (String)

Returns:

• (String)

# File 'lib/central/cli/registry/create_command.rb', line 124

def vault_secret(name)
  secret = client(require_token).get("secrets/#{current_stack}/#{name}")
  secret['value']
end

#vault_secret_exists?(name) ⇒ Boolean

Parameters:

• name (String)

Returns:

• (Boolean)

# File 'lib/central/cli/registry/create_command.rb', line 115

def vault_secret_exists?(name)
  client(require_token).get("secrets/#{current_stack}/#{name}")
  true
rescue
  false
end