chaos/salt-pillar
Archived
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cr, dr-mirror, gcr-mirror - the mirrors won't do

Browse Source
This commit is contained in:
do
2021-02-17 21:32:04 +01:00
parent 77b9025924
commit ca17236700
2 changed files with 58 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
base/hostconfig/adm01.sls
View File

@@ -1,19 +1,31 @@
pki: pki:
cns: cns:
- cr.lan - cr.lan
- gcr-mirror.lan
- dr-mirror.lan
- docker-registry.lan
systemd: systemd:
service: service:
container-container-registry: container-container-registry:
Unit: Unit:
Description: Container Registry Description: Container Registry
After: network-online.target local-fs.target After: network-online.target local-fs.target podman.socket
Before: haproxy.service Before: haproxy.service
Requires: io.podman.service
Service: Service:
ExecStart: /usr/bin/podman start -a container-registry ExecStart: /usr/bin/podman start -a container-registry
ExecStop: /usr/bin/podman stop container-registry ExecStop: /usr/bin/podman stop container-registry
Install: Install:
WantedBy: multi-user.target WantedBy: multi-user.target
container-dr-mirror:
Unit:
Description: docker.io mirror
After: network-online.target local-fs.target podman.socket
Before: haproxy.service
Service:
ExecStart: /usr/bin/podman start -a dr-mirror
ExecStop: /usr/bin/podman stop dr-mirror
Install:
WantedBy: multi-user.target
haproxy: haproxy:
enabled: True enabled: True
overwrite: True overwrite: True
@@ -81,9 +93,13 @@ haproxy:
- "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt" - "*:443 ssl crt /etc/pki/chain ca-file /etc/pki/intca.crt"
default_backend: container-registry default_backend: container-registry
acls: acls:
- host_cr hdr_beg(host) -i cr. - host_cr hdr_beg(host) -i cr. docker-registry.
- host_gcr-mirror hdr_beg(host) -i gcr-mirror.
- host_dr-mirror hdr_beg(host) -i dr-mirror.
use_backends: use_backends:
- container-registry if host_cr - container-registry if host_cr
- gcr-mirror if host_gcr-mirror
- dr-mirror if host_dr-mirror
backends: backends:
backend1: backend1:
name: container-registry name: container-registry
@@ -97,11 +113,43 @@ haproxy:
options: options:
- http-server-close - http-server-close
extra: extra:
#- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan"
- http-response add-header Access-Control-Allow-Origin "*" - http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE" - http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept" - http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true - http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest" - http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
backend2:
name: dr-mirror
balance: roundrobin
servers:
server1:
name: adm01
host: 127.0.0.1
port: 5500
check: check
options:
- http-server-close
extra:
- http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"
backend3:
name: gcr-mirror
balance: roundrobin
servers:
server1:
name: adm01
host: 127.0.0.1
port: 5600
check: check
options:
- http-server-close
extra:
- http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"

32
base/hostconfig/auto02.sls
View File

@@ -40,17 +40,6 @@ systemd:
ExecStop: /usr/bin/podman stop pihole ExecStop: /usr/bin/podman stop pihole
Install: Install:
WantedBy: multi-user.target WantedBy: multi-user.target
container-docker-registry:
Unit:
Description: Docker Registry
After: network-online.target local-fs.target
Before: haproxy.service
Requires: io.podman.service
Service:
ExecStart: /usr/bin/podman start -a docker-registry
ExecStop: /usr/bin/podman stop docker-registry
Install:
WantedBy: multi-user.target
container-zwave2mqtt: container-zwave2mqtt:
Unit: Unit:
Description: zwave2mqtt - yes Description: zwave2mqtt - yes
@@ -144,13 +133,11 @@ haproxy:
- host_auto-conf hdr_beg(host) -i auto-conf. - host_auto-conf hdr_beg(host) -i auto-conf.
- host_z2m hdr_beg(host) -i zwave2mqtt. - host_z2m hdr_beg(host) -i zwave2mqtt.
- host_pihole hdr_beg(host) -i pihole. - host_pihole hdr_beg(host) -i pihole.
- host_docker-registry hdr_beg(host) -i docker-registry.
use_backends: use_backends:
- auto if host_auto - auto if host_auto
- auto-conf if host_auto-conf - auto-conf if host_auto-conf
- z2m if host_z2m - z2m if host_z2m
- pihole if host_pihole - pihole if host_pihole
- docker-registry if host_docker-registry
backends: backends:
backend1: backend1:
name: auto name: auto
@@ -192,23 +179,6 @@ haproxy:
host: 127.0.0.1 host: 127.0.0.1
port: 8080 port: 8080
check: check check: check
backend5:
name: docker-registry
balance: roundrobin
servers:
server1:
name: auto02
host: 127.0.0.1
port: 5000
check: check
options:
- http-server-close
extra:
#- http-request add-header Access-Control-Allow-Origin "http://docker-registry.lan"
- http-response add-header Access-Control-Allow-Origin "*"
- http-response add-header Access-Control-Allow-Methods "HEAD, GET, OPTIONS, DELETE"
- http-response add-header Access-Control-Allow-Headers "Authorization, Accept"
- http-response add-header Access-Control-Allow-Credentials true
- http-response add-header Access-Control-Expose-Headers "Docker-Content-Digest"