Giters

andrestc / ansible-docker-registry

An Ansible role for installing a private Docker Registry

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ansible-docker-registry

Build Status

An Ansible role for installing a private Docker Registry

Requirements

TODO

Role Variables

Default

  • domain: Specify a domain name (default: localhost)
  • log_level: Log level for the server (default: info)
  • storage_type: Accepts either local or s3 (default: local)
  • storage_path: File path to store registry uploads (default: /var/docker-registry)
  • use_nginx: Install Nginx and configure docker-registry vhost (default: true)
  • use_redis: Install and configure Redis server as a cache (default: true)
  • docker_registry_version: Specify what version of docker_registry needs to be installed (default: none)

SSL Settings

  • registry_port: Custom port to have nginx listen on (default: 80)
  • registry_ssl: Enable SSL on nginx (default: false)
  • registry_ssl_cert: Specify a SSL certificate to use (default: /etc/ssl/certs/docker_registry.crt)
  • registry_ssl_key: Specify a SSL key to use (default: /etc/ssl/private/docker_registry.key)
  • create_ssl_cert: Create a self-signed certificate if registry_ssl_cert is not present on the system (default: true)

OpenSSL cert settings

  • openssl_bits: Bit length of the private key (default: 2048)
  • openssl_countryName: Country Code (default: ES)
  • openssl_stateOrProvinceName: State or Province (default: Madrid)
  • openssl_localityName: Locality name (default: Madrid)
  • openssl_organizationName: Full company name (default: MyCompany)
  • openssl_organizationalUnitName: Company sub-division or a product name (default: Docker Registry)
  • openssl_commonName: Your domain name, or in case of wildcard certificates, use an astrisk, like this: *.mycompany.com (default: mycompany.com)

S3 Storage

  • s3_region: optional, will default to US Standard
  • s3_bucket: also provides the value for boto_bucket
  • s3_storage_path
  • s3_access_key
  • s3_secret_key

There are 2 ways to specify credentials for S3 storage:

1. Using access and secret keys:

By specifying s3_access_key and s3_secret_key.

2. Using IAM instance profiles

By omitting s3_access_key and s3_secret_key it will use an IAM instance profile that has been attached to that virtual machine for authorisation.

GCS Storage

  • gcs_bucket: Value for the bucket deing used.
  • gcs_storage_path: The path within th ebucket where to store data. (will be created if not exist).

There are 3 ways to specify credentials for GCS storage:

1. Using Google Cloud Platform OAuth:

  • gcs_oauth2: oauth2 value (default false)

2. Using Google Storage interoperability keys:

  • gcs_access_key: only used when gcs_oauth2 is false and use_gcs_default_credentials is undefined.
  • gcs_secret_key: only used when gcs_oauth2 is false and use_gcs_default_credentials is undefined.

3. Using Google service account authorization:

  • use_gcs_default_credentials: use a service account that has been attached to that virtual machine for authorisation value (default undefined)

Note on SSL

If using a self-signed certificate, or no SSL certificate for recent docker versions, you must start the docker daemon with --insecure-registry.

For boot2docker, see https://github.com/boot2docker/boot2docker#insecure-registry.

Example Playbook

- hosts: docker-registry
  roles:
     - { role: codingbunch.ansible-docker-registry }

License

MIT

Author Information

CodingBunch

About

An Ansible role for installing a private Docker Registry

License:MIT License