Add a receipt so auth_cmd exec only runs when parameters change.

garethr · Oct 2, 2017 · 51af918 · 51af918
1 parent d8587b2
commit 51af918
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -559,6 +559,20 @@ docker::registry { 'example.docker.io:5000':
 }
 ```
 
+By default the exec to add registries will run on every Puppet run.  To prevent this you can enable the use of a receipt.
+Caveat: If the values in config.json for this registry are modified outside of Puppet, puppet will not correct them unless the receipt file is removed from /root/.docker/
+
+Default: receipt => false
+
+```puppet
+docker::registry { 'example.docker.io:5000':
+  username => 'user',
+  password => 'secret',
+  email    => '[email protected]',
+  receipt  => true,
+}
+```
+
 You can logout of a registry if it is no longer required.
 
 ```puppet

diff --git a/manifests/registry.pp b/manifests/registry.pp
@@ -25,19 +25,27 @@
 # [*local_user*]
 #   The local user to log in as. Docker will store credentials in this
 #   users home directory
-#
+# 
+# [*receipt*]
+#   Creates a receipt file for this specific registry preventing the exec 
+#   modifing config.json from triggering every puppet run. 
+#   Caveat: if you modify the entry for this registry in 
+#   /root/.docker/config.json outside of puppet the exec won't trigger
+#   again unless the receipt is removed.
 #
 define docker::registry(
-  $server      = $title,
-  $ensure      = 'present',
-  $username    = undef,
-  $password    = undef,
-  $email       = undef,
-  $local_user  = 'root',
+  $server     = $title,
+  $ensure     = 'present',
+  $username   = undef,
+  $password   = undef,
+  $email      = undef,
+  $local_user = 'root',
+  $receipt    = false,
 ) {
   include docker::params
 
   validate_re($ensure, '^(present|absent)$')
+  validate_bool($receipt)
 
   $docker_command = $docker::params::docker_command
 
@@ -60,13 +68,23 @@
     $auth_environment = undef
   }
 
+  # Using Receipt?
+  if $receipt {
+    file { "/root/.docker/registry-auth-puppet_receipt_${title}":
+      ensure  => $ensure,
+      content => pw_hash("${title}${auth_environment}${auth_cmd}${local_user}", 'SHA-512', $local_user),
+      notify  => Exec["${title} auth"],
+    }
+  }
+
   exec { "${title} auth":
     environment => $auth_environment,
     command     => $auth_cmd,
     user        => $local_user,
     cwd         => '/root',
     path        => ['/bin', '/usr/bin'],
     timeout     => 0,
+    refreshonly => $receipt,
   }
 
 }