Добавил скрипт логина в докер реестр yandex для каждого пользователя

2023-02-25 20:52:58 +03:00 · 2023-02-25 20:52:58 +03:00 · 35278d73b7
commit 35278d73b7
parent cebac4d3f1
4 changed files with 22 additions and 0 deletions
--- a/4
+++ b/4
@ -38,6 +38,7 @@ configure:
 		$(TAGS_ARGS) \
 		--inventory="$(INVENTORY)" \
 		--extra-vars='ansible_python_interpreter=/usr/bin/python3' \
+		-vvv \
 		$(PLAYBOOK)

 configure-prod:
@ -46,6 +47,9 @@ configure-prod:
 configure-apps:
 	$(MAKE) configure TAGS="webserver,apps,env"

+configure-users:
+	$(MAKE) configure TAGS="apps,env"
+
 dry-run:
 	ANSIBLE_HOST_KEY_CHECKING=$(ANSIBLE_HOST_KEY_CHECKING) \
 	ansible-playbook \
--- a/ansible/configuration.yml
+++ b/ansible/configuration.yml
@ -19,6 +19,7 @@
        packages:
          - git
          - python3-pip
+          - acl

    - import_role:
        name: yatesr.timezone
--- a/ansible/roles/docker-app/files/yandex-docker-registry-auth.sh
+++ b/ansible/roles/docker-app/files/yandex-docker-registry-auth.sh
@ -0,0 +1,11 @@
+#!/usr/bin/env sh
+
+# See https://cloud.yandex.ru/docs/container-registry/tutorials/run-docker-on-vm#run
+
+set -eu
+
+curl --silent --show-error -H Metadata-Flavor:Google 169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token | \
+    cut -f1 -d',' | \
+    cut -f2 -d':' | \
+    tr -d '"' | \
+    docker login --username iam --password-stdin cr.yandex
--- a/ansible/roles/docker-app/tasks/main.yml
+++ b/ansible/roles/docker-app/tasks/main.yml
@ -16,3 +16,9 @@
    owner: '{{ username }}'
    group: '{{ username }}'
    recurse: True
+
+- name: 'Login to yandex docker registry.'
+  ansible.builtin.script:
+    cmd: 'files/yandex-docker-registry-auth.sh'
+  become: yes
+  become_user: '{{ username }}'