Merge pull request #10 from ledermann/add-mounting

Support for private registry authentication
containrrr · Apr 9, 2018 · 781b554 · 781b554
2 parents 0cee1cb + 5a376be
commit 781b554
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -16,13 +16,17 @@ Shepherd will try to update your services every 5 minutes by default. You can ad
 
 You can prevent services from being updated bei appending them to the `BLACKLIST_SERVICES` variable. This should be a space-separated list of service names.
 
+You can enable private registry authentication by setting the `WITH_REGISTRY_AUTH` variable.
+
 Example:
 
     docker service create --name shepherd \
                         --constraint "node.role==manager" \
                         --env SLEEP_TIME="5m" \
                         --env BLACKLIST_SERVICES="shepherd my-other-service" \
+                        --env WITH_REGISTRY_AUTH="true" \
                         --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \
+                        --mount type=bind,source=/root/.docker/config.json,target=/root/.docker/config.json,ro \
                         mazzolino/shepherd
 
 ## How does it work?

diff --git a/shepherd b/shepherd
@@ -8,8 +8,12 @@ server_version() {
 update_services() {
   local blacklist="$1"
   local supports_detach_option=$2
+  local supports_registry_auth=$3
   local detach_option=""
+  local registry_auth=""
+
   [ $supports_detach_option = true ] && detach_option="--detach=false"
+  [ $supports_registry_auth = true ] && registry_auth="--with-registry-auth"
 
   for service in $(IFS="\n" docker service ls --quiet); do
     local name image_with_digest image
@@ -18,28 +22,32 @@ update_services() {
       image_with_digest="$(docker service inspect "$service" -f '{{.Spec.TaskTemplate.ContainerSpec.Image}}')"
       image=$(echo "$image_with_digest" | cut -d@ -f1)
       echo "Updating service $name with image $image"
-      docker service update "$service" $detach_option --image="$image" > /dev/null
+      docker service update "$service" $detach_option $registry_auth --image="$image" > /dev/null
     fi
   done
 }
 
 main() {
-  local blacklist sleep_time supports_detach_option
+  local blacklist sleep_time supports_detach_option supports_registry_auth
   blacklist="${BLACKLIST_SERVICES:-}"
   sleep_time="${SLEEP_TIME:-5m}"
 
   supports_detach_option=false
   if [[ "$(server_version)" > "17.05" ]]; then
     supports_detach_option=true
     echo "Enabling synchronous service updates"
-  else
-    supports_detach_option=false
+  fi
+
+  supports_registry_auth=false
+  if [[ ${WITH_REGISTRY_AUTH+x} ]]; then
+    supports_registry_auth=true
+    echo "Send registry authentication details to swarm agents"
   fi
 
   [[ "$blacklist" != "" ]] && echo "Excluding services: $blacklist"
 
   while true; do
-    update_services "$blacklist" "$supports_detach_option"
+    update_services "$blacklist" "$supports_detach_option" "$supports_registry_auth"
     echo "Sleeping $sleep_time before next update"
     sleep "$sleep_time"
   done