From 8a3f8bad91cec3e9184566ec1b0464d098940f6d Mon Sep 17 00:00:00 2001
From: Pieter Develtere
Date: Fri, 8 Sep 2017 17:05:56 +0200
Subject: [PATCH 1/3] Added WITH_REGISTRY_AUTH env variable to support
--with-registry-auth
---
README.md | 3 +++
shepherd | 20 +++++++++++++++-----
2 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index d3bc670..4d54c02 100644
--- a/README.md
+++ b/README.md
@@ -16,12 +16,15 @@ Shepherd will try to update your services every 5 minutes by default. You can ad
You can prevent services from being updated bei appending them to the `BLACKLIST_SERVICES` variable. This should be a space-separated list of service names.
+You can enable private registry authentication by setting the `WITH_REGISTRY_AUTH` variable.
+
Example:
docker service create --name shepherd \
--constraint "node.role==manager" \
--env SLEEP_TIME="5m" \
--env BLACKLIST_SERVICES="shepherd my-other-service" \
+ --env WITH_REGISTRY_AUTH \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \
mazzolino/shepherd
diff --git a/shepherd b/shepherd
index cb15dce..efdbcd9 100755
--- a/shepherd
+++ b/shepherd
@@ -8,8 +8,12 @@ server_version() {
update_services() {
local blacklist="$1"
local supports_detach_option=$2
+ local supports_registry_auth=$3
local detach_option=""
+ local registry_auth=""
+
[ $supports_detach_option = true ] && detach_option="--detach=false"
+ [ $supports_registry_auth = true ] && registry_auth="--with-registry-auth"
for service in $(IFS="\n" docker service ls --quiet); do
local name image_with_digest image
@@ -18,13 +22,13 @@ update_services() {
image_with_digest="$(docker service inspect "$service" -f '{{.Spec.TaskTemplate.ContainerSpec.Image}}')"
image=$(echo "$image_with_digest" | cut -d@ -f1)
echo "Updating service $name with image $image"
- docker service update "$service" $detach_option --image="$image" > /dev/null
+ docker service update "$service" $detach_option $registry_auth --image="$image" > /dev/null
fi
done
}
main() {
- local blacklist sleep_time supports_detach_option
+ local blacklist sleep_time supports_detach_option supports_registry_auth
blacklist="${BLACKLIST_SERVICES:-}"
sleep_time="${SLEEP_TIME:-5m}"
@@ -32,17 +36,23 @@ main() {
if [[ "$(server_version)" > "17.05" ]]; then
supports_detach_option=true
echo "Enabling synchronous service updates"
- else
- supports_detach_option=false
+ fi
+
+ supports_registry_auth=false
+ if [[ ${WITH_REGISTRY_AUTH+x} ]]; then
+ supports_registry_auth=true
+ echo "Send registry authentication details to swarm agents"
fi
[[ "$blacklist" != "" ]] && echo "Excluding services: $blacklist"
while true; do
- update_services "$blacklist" "$supports_detach_option"
+ update_services "$blacklist" "$supports_detach_option" "$supports_registry_auth"
echo "Sleeping $sleep_time before next update"
sleep "$sleep_time"
done
+
+
}
main "$@"
From 6d0ccf8faa57e0bd20bbcfb7bcc7b2deec00d279 Mon Sep 17 00:00:00 2001
From: Georg Ledermann
Date: Fri, 23 Mar 2018 11:04:59 +0100
Subject: [PATCH 2/3] Readme: Mount to .docker/config.json and fix env
---
README.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 4d54c02..bfbae24 100644
--- a/README.md
+++ b/README.md
@@ -24,8 +24,9 @@ Example:
--constraint "node.role==manager" \
--env SLEEP_TIME="5m" \
--env BLACKLIST_SERVICES="shepherd my-other-service" \
- --env WITH_REGISTRY_AUTH \
+ --env WITH_REGISTRY_AUTH="true" \
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \
+ --mount type=bind,source=/root/.docker/config.json,target=/root/.docker/config.json,ro \
mazzolino/shepherd
## How does it work?
From 5a376be992f41024db8eb1d09865a94bbbd949a5 Mon Sep 17 00:00:00 2001
From: Georg Ledermann
Date: Mon, 9 Apr 2018 06:09:27 +0200
Subject: [PATCH 3/3] Remove empty lines
---
shepherd | 2 --
1 file changed, 2 deletions(-)
diff --git a/shepherd b/shepherd
index efdbcd9..272de01 100755
--- a/shepherd
+++ b/shepherd
@@ -51,8 +51,6 @@ main() {
echo "Sleeping $sleep_time before next update"
sleep "$sleep_time"
done
-
-
}
main "$@"