Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

distribution: use v2 #1025

Merged
merged 1 commit into from
Nov 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
distribution: use v2
  • Loading branch information
stavros-k committed Nov 26, 2024
commit 400d3f5dbccf6f951d3bc0f2a6d73c5fba75f146
6 changes: 3 additions & 3 deletions ix-dev/community/distribution/app.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ icon: https://media.sys.truenas.net/apps/distribution/icons/icon.svg
keywords:
- registry
- container
lib_version: 1.1.7
lib_version_hash: d05e43e25b7dc1736be6cc1efa4b9255368aa346e3e7a4350a38440f29b73186
lib_version: 2.0.21
lib_version_hash: e2faccd282b768e411919a7386a03e8491d1a7fda2da586dcf9af0d412733b8a
maintainers:
- email: [email protected]
name: truenas
Expand All @@ -30,4 +30,4 @@ sources:
- https://github.com/distribution/distribution
title: Distribution
train: community
version: 1.0.22
version: 1.1.0
38 changes: 38 additions & 0 deletions ix-dev/community/distribution/questions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ groups:
description: Configure Network for Distribution
- name: Storage Configuration
description: Configure Storage for Distribution
- name: Labels Configuration
description: Configure Labels for Distribution
- name: Resources Configuration
description: Configure Resources for Distribution

Expand Down Expand Up @@ -343,6 +345,42 @@ questions:
description: The domain to use for the SMB share.
schema:
type: string
- variable: labels
label: ""
group: Labels Configuration
schema:
type: list
default: []
items:
- variable: label
label: Label
schema:
type: dict
attrs:
- variable: key
label: Key
schema:
type: string
required: true
- variable: value
label: Value
schema:
type: string
required: true
- variable: containers
label: Containers
description: Containers where the label should be applied
schema:
type: list
items:
- variable: container
label: Container
schema:
type: string
required: true
enum:
- value: distribution
description: distribution
- variable: resources
label: ""
group: Resources Configuration
Expand Down
148 changes: 41 additions & 107 deletions ix-dev/community/distribution/templates/docker-compose.yaml
Original file line number Diff line number Diff line change
@@ -1,118 +1,52 @@
{# Stores storage items that contains info for volumes, vol mounts, perms dirs and perms mounts #}
{% set storage_items = namespace(items=[]) %}
{# Stores the top level volumes #}
{% set volumes = namespace(items={}) %}
{# Stores the container volume mounts #}
{% set volume_mounts = namespace(items=[]) %}
{# Stores the perms container volume mounts #}
{% set perms_mounts = namespace(items=[]) %}
{# Stores the perms container dirs #}
{% set perms_dirs = namespace(items=[]) %}
{% set tpl = ix_lib.base.render.Render(values) %}

{% set c1 = tpl.add_container(values.consts.distribution_container_name, "image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
{% set perms_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}

{% do c1.set_user(values.run_as.user, values.run_as.group) %}
{% do c1.healthcheck.set_test("wget", {"port": values.network.api_port, "scheme": "https" if values.network.certificate_id else "http"}) %}

{% do c1.environment.add_env("REGISTRY_HTTP_ADDR", "0.0.0.0:%d"|format(values.network.api_port)) %}
{% do c1.environment.add_env("REGISTRY_HTTP_SECRET", values.distribution.http_secret) %}

{% if values.storage.use_filesystem_backend %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=dict(values.storage.data, **{"mount_path": values.consts.data_path}),
values=values, perm_opts={"mount_path": "/mnt/distribution/config", "mode": "check", "uid": values.run_as.user, "gid": values.run_as.group}
)) %}
{% do c1.environment.add_env("REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY", values.consts.data_path) %}
{% do c1.add_storage(values.consts.data_path, values.storage.data) %}
{% do perm_container.add_or_skip_action(values.consts.data_path, values.storage.data, perms_config) %}
{% endif %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data={"type":"anonymous", "mount_path": "/tmp"})) %}

{% for store in values.storage.additional_storage %}
{% do storage_items.items.append(ix_lib.base.storage.storage_item(data=store, values=values,
perm_opts={"mount_path": "/mnt/distribution/dir_%s"|format(loop.index0), "mode": "check", "uid": values.run_as.user, "gid": values.run_as.group}
)) %}
{% endfor %}
{% if values.network.certificate_id %}
{% do c1.environment.add_env("REGISTRY_HTTP_TLS_CERTIFICATE", values.consts.ssl_cert_path) %}
{% do c1.environment.add_env("REGISTRY_HTTP_TLS_KEY", values.consts.ssl_key_path) %}

{# Add each item to the above lists #}
{% for item in storage_items.items %}
{% if item.vol and volumes.items.update(item.vol) %}{% endif %}
{% if item.vol_mount and volume_mounts.items.append(item.vol_mount) %}{% endif %}
{% if item.perms_item and (perms_dirs.items.append(item.perms_item.perm_dir), perms_mounts.items.append(item.perms_item.vol_mount)) %}{% endif %}
{% endfor %}
{% set cert = values.ix_certificates[values.network.certificate_id] %}
{% do c1.configs.add("private", cert.privatekey, values.consts.ssl_key_path) %}
{% do c1.configs.add("public", cert.certificate, values.consts.ssl_cert_path) %}
{% endif %}

{% if values.distribution.basic_auth_users or values.network.certificate_id %}
configs:
{% if values.distribution.basic_auth_users %}
htpasswd:
content: |
{%- for user in values.distribution.basic_auth_users %}
{{ ix_lib.base.security.htpasswd(user.username, user.password) }}
{%- endfor %}
{% endif %}
{% if values.network.certificate_id %}
private:
content: {{ values.ix_certificates[values.network.certificate_id].privatekey | tojson }}
public:
content: {{ values.ix_certificates[values.network.certificate_id].certificate | tojson }}
{% endif %}
{% if values.distribution.basic_auth_users %}
{% do c1.environment.add_env("REGISTRY_AUTH_HTPASSWD_REALM", "basic-realm") %}
{% do c1.environment.add_env("REGISTRY_AUTH_HTPASSWD_PATH", values.consts.htpasswd_path) %}
{% set users = namespace(x=[]) %}
{% for user in values.distribution.basic_auth_users %}
{% do users.x.append(tpl.funcs.htpasswd(user.username, user.password)) %}
{% endfor %}
{% do c1.configs.add("htpasswd", users.x | join("\n"), values.consts.htpasswd_path) %}
{% endif %}

{# Containers #}
services:
{{ values.consts.distribution_container_name }}:
user: {{ "%d:%d" | format(values.run_as.user, values.run_as.group) }}
image: {{ ix_lib.base.utils.get_image(images=values.images, name="image") }}
restart: unless-stopped
deploy:
resources: {{ ix_lib.base.resources.resources(values.resources) | tojson }}
devices: {{ ix_lib.base.resources.get_devices(values.resources) | tojson }}
{% if values.distribution.basic_auth_users or values.network.certificate_id %}
configs:
{% if values.network.certificate_id %}
- source: private
target: {{ values.consts.ssl_key_path }}
- source: public
target: {{ values.consts.ssl_cert_path }}
{% endif %}
{% if values.distribution.basic_auth_users %}
- source: htpasswd
target: {{ values.consts.htpasswd_path}}
{% endif %}
{% endif %}
{% if perms_dirs.items %}
depends_on:
{{ values.consts.perms_container_name }}:
condition: service_completed_successfully
{% endif %}
{% if values.network.host_network %}
network_mode: host
{% endif %}
cap_drop: {{ ix_lib.base.security.get_caps().drop | tojson }}
security_opt: {{ ix_lib.base.security.get_sec_opts() | tojson }}
{% if values.network.dns_opts %}
dns_opt: {{ ix_lib.base.network.dns_opts(values.network.dns_opts) | tojson }}
{% endif %}
{% set test = ix_lib.base.healthchecks.wget_test(port=values.network.api_port, path="/", config={"scheme": "https" if values.network.certificate_id else "http"}) %}
healthcheck: {{ ix_lib.base.healthchecks.check_health(test) | tojson }}
{% set app_env = {
"REGISTRY_HTTP_ADDR": "0.0.0.0:%d"|format(values.network.api_port),
"REGISTRY_HTTP_SECRET": values.distribution.http_secret,
} %}
{% if values.storage.use_filesystem_backend and app_env.update({"REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY": values.consts.data_path}) %}{% endif %}
{% if values.network.certificate_id %}
{% do app_env.update({
"REGISTRY_HTTP_TLS_CERTIFICATE": values.consts.ssl_cert_path,
"REGISTRY_HTTP_TLS_KEY": values.consts.ssl_key_path,
}) %}
{% endif %}
{% if values.distribution.basic_auth_users %}
{% do app_env.update({
"REGISTRY_AUTH_HTPASSWD_REALM": "basic-realm",
"REGISTRY_AUTH_HTPASSWD_PATH": values.consts.htpasswd_path,
}) %}
{% endif %}
environment: {{ ix_lib.base.environment.envs(app=app_env, user=values.distribution.additional_envs, values=values) | tojson }}
{% if not values.network.host_network %}
ports:
- {{ ix_lib.base.ports.get_port(port={"target": values.network.api_port, "published": values.network.api_port}) | tojson }}
{% endif %}
volumes: {{ volume_mounts.items | tojson }}
{% if perms_dirs.items %}
{{ values.consts.perms_container_name }}: {{ ix_lib.base.permissions.perms_container(items=perms_dirs.items, volumes=perms_mounts.items) | tojson }}
{% endif %}
{% do c1.environment.add_user_envs(values.distribution.additional_envs) %}

{% do c1.ports.add_port(values.network.api_port, values.network.api_port) %}

{% for store in values.storage.additional_storage %}
{% do c1.add_storage(store.mount_path, store) %}
{% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
{% endfor %}

{% if volumes.items %}
volumes: {{ volumes.items | tojson }}
{% if perm_container.has_actions() %}
{% do perm_container.activate() %}
{% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

x-portals: {{ ix_lib.base.metadata.get_portals([]) | tojson }}
x-notes: {{ ix_lib.base.metadata.get_notes("Distribution") | tojson }}
{{ tpl.render() | tojson }}

This file was deleted.

Loading