From 47deab918de090fa718aaffcdafb2ce6022f4ec0 Mon Sep 17 00:00:00 2001 From: sadmin91 Date: Wed, 29 Apr 2020 17:06:18 +0200 Subject: [PATCH 1/2] Support of insecure registry --- README.md | 3 +++ shepherd | 13 +++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 423a184..731d2df 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,8 @@ Alternatively you can specify a filter for the services you want updated using t You can enable private registry authentication by setting the `WITH_REGISTRY_AUTH` variable. +You can enable connection to insecure private registry by setting the `WITH_INSECURE_REGISTRY` variable. + You can enable notifications on service update with apprise, using the [apprise microservice](https://github.com/djmaze/apprise-microservice) and the `APPRISE_SIDECAR_URL` variable. See the file [docker-compose.apprise.yml](docker-compose.apprise.yml) for an example. Example: @@ -45,6 +47,7 @@ Example: --env SLEEP_TIME="5m" \ --env BLACKLIST_SERVICES="shepherd my-other-service" \ --env WITH_REGISTRY_AUTH="true" \ + --env WITH_INSECURE_REGISTRY="true" \ --env FILTER_SERVICES="label=com.mydomain.autodeploy" \ --env APPRISE_SIDECAR_URL="apprise-microservice:5000" \ --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \ diff --git a/shepherd b/shepherd index 8cb75a8..84e540c 100755 --- a/shepherd +++ b/shepherd @@ -9,13 +9,16 @@ update_services() { local blacklist="$1" local supports_detach_option=$2 local supports_registry_auth=$3 + local supports_insecure_registry=$4 local detach_option="" local registry_auth="" + local insecure_registry_flag="" local name local apprise_sidecar_url="${APPRISE_SIDECAR_URL:-}" [ $supports_detach_option = true ] && detach_option="--detach=false" [ $supports_registry_auth = true ] && registry_auth="--with-registry-auth" + [ "$supports_insecure_registry" = true ] && insecure_registry_flag="--insecure" for name in $(IFS=$'\n' docker service ls --quiet --filter "${FILTER_SERVICES}" --format '{{.Name}}'); do local image_with_digest image @@ -23,7 +26,7 @@ update_services() { image_with_digest="$(docker service inspect "$name" -f '{{.Spec.TaskTemplate.ContainerSpec.Image}}')" image=$(echo "$image_with_digest" | cut -d@ -f1) - if ! DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect $image > /dev/null; then + if ! DOCKER_CLI_EXPERIMENTAL=enabled docker manifest inspect $insecure_registry_flag $image > /dev/null; then echo "Error updating service $name! Image $image does not exist or it is not available" else echo "Trying to update service $name with image $image" @@ -63,10 +66,16 @@ main() { echo "Send registry authentication details to swarm agents" fi + supports_insecure_registry=false + if [[ ${WITH_INSECURE_REGISTRY+x} ]]; then + supports_insecure_registry=true + echo "Connection to insecure registry available" + fi + [[ "$blacklist" != "" ]] && echo "Excluding services: $blacklist" while true; do - update_services "$blacklist" "$supports_detach_option" "$supports_registry_auth" + update_services "$blacklist" "$supports_detach_option" "$supports_registry_auth" "$supports_insecure_registry" echo "Sleeping $sleep_time before next update" sleep "$sleep_time" done From 7bc092a8025e89eefd1beba5e29dd8fe31aec851 Mon Sep 17 00:00:00 2001 From: Boris MANCHETTE Date: Thu, 30 Apr 2020 12:49:11 +0200 Subject: [PATCH 2/2] Remove double quotes on supports_insecure_registry variable --- shepherd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shepherd b/shepherd index 84e540c..c99d5e1 100755 --- a/shepherd +++ b/shepherd @@ -18,7 +18,7 @@ update_services() { [ $supports_detach_option = true ] && detach_option="--detach=false" [ $supports_registry_auth = true ] && registry_auth="--with-registry-auth" - [ "$supports_insecure_registry" = true ] && insecure_registry_flag="--insecure" + [ $supports_insecure_registry = true ] && insecure_registry_flag="--insecure" for name in $(IFS=$'\n' docker service ls --quiet --filter "${FILTER_SERVICES}" --format '{{.Name}}'); do local image_with_digest image