Merge pull request #49 from stackhpc/docker-registry-auth

markgoddard · web-flow · commit 394c5ffecd36 · 2023-08-02T09:54:58.000+01:00
Docker registry auth
diff --git a/roles/vault/README.md b/roles/vault/README.md
@@ -12,11 +12,17 @@ Note that since version `4.6.4`, `ansible-modules-hashivault` requires
 Role variables
 --------------
 
+* Common variables
+  * Optional
+    * `hashicorp_registry_url`: Address of the Docker registry used to authenticate (default: "")
+    * `hashicorp_registry_username`: Username used to authenticate with the Docker registry (default: "")
+    * `hashicorp_registry_password`: Password used to authenticate with the Docker registry (default: "")
+
 * Consul
   * Optional
     * `consul_bind_interface`: Which interface should be used for Consul (default: "lo")
     * `consul_docker_name`: Docker - under which name to run the Consul image (default: "consul")
-    * `consul_docker_image`: Docker image for Consul (default: "consul")
+    * `consul_docker_image`: Docker image for Consul (default: "hashicorp/consul")
     * `consul_docker_tag`: Docker image tag for Consul (default: "latest")
     * `consul_docker_volume`: Docker volume name for Consul data (default: "consul_data")
     * `consul_container.etc_hosts`: Dict of `{<hostname>:<ip_address>}` to be added to container /etc/hosts (default: Omitted)
@@ -30,6 +36,9 @@ Role variables
     * `vault_bind_address`: Which IP address should Vault bind to (default: "127.0.0.1")
     * `vault_api_addr`: Vault [API addr](https://www.vaultproject.io/docs/configuration#api_addr) - Full URL including protocol and port (default: "http://127.0.0.1:8200")
     * `vault_init_addr`: Vault init addr (used only for initialisation purposes) - full URL including protocol and port (default: "http://127.0.0.1:8200")
+    * `vault_docker_name`: Docker - under which name to run the Vault image (default: "vault")
+    * `vault_docker_image`: Docker image for Vault (default: "hashicorp/vault")
+    * `vault_docker_tag`: Docker image tag for Vault (default: "latest")
     * `consul_container.etc_hosts`: Dict; `{<hostname>:<ip_address>}` to be added to container /etc/host
 s (default: Omitted)
     * `vault_extra_volumes`: List of `"<host_location>:<container_mountpoint>"`
diff --git a/roles/vault/defaults/main.yml b/roles/vault/defaults/main.yml
@@ -1,4 +1,8 @@
 ---
+hashicorp_registry_url: ""
+hashicorp_registry_username: ""
+hashicorp_registry_password: ""
+
 consul_docker_name: "consul"
 consul_docker_image: "hashicorp/consul"
 consul_docker_tag: "latest"
diff --git a/roles/vault/tasks/main.yml b/roles/vault/tasks/main.yml
@@ -2,6 +2,9 @@
 - name: "Vault Prechecks"
   import_tasks: prechecks.yml
 
+- name: "Vault Prerequisites"
+  import_tasks: prereqs.yml
+
 - name: "Deploy Consul"
   import_tasks: consul.yml
 
diff --git a/roles/vault/tasks/prereqs.yml b/roles/vault/tasks/prereqs.yml
@@ -0,0 +1,8 @@
+---
+- name: Log into Docker registry
+  docker_login:
+    registry: "{{ hashicorp_registry_url }}"
+    username: "{{ hashicorp_registry_username }}"
+    password: "{{ hashicorp_registry_password }}"
+  when: hashicorp_registry_username | length > 0
+  become: true
