From 8a3f8bad91cec3e9184566ec1b0464d098940f6d Mon Sep 17 00:00:00 2001 From: Pieter Develtere Date: Fri, 8 Sep 2017 17:05:56 +0200 Subject: [PATCH 1/3] Added WITH_REGISTRY_AUTH env variable to support --with-registry-auth --- README.md | 3 +++ shepherd | 20 +++++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d3bc670..4d54c02 100644 --- a/README.md +++ b/README.md @@ -16,12 +16,15 @@ Shepherd will try to update your services every 5 minutes by default. You can ad You can prevent services from being updated bei appending them to the `BLACKLIST_SERVICES` variable. This should be a space-separated list of service names. +You can enable private registry authentication by setting the `WITH_REGISTRY_AUTH` variable. + Example: docker service create --name shepherd \ --constraint "node.role==manager" \ --env SLEEP_TIME="5m" \ --env BLACKLIST_SERVICES="shepherd my-other-service" \ + --env WITH_REGISTRY_AUTH \ --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \ mazzolino/shepherd diff --git a/shepherd b/shepherd index cb15dce..efdbcd9 100755 --- a/shepherd +++ b/shepherd @@ -8,8 +8,12 @@ server_version() { update_services() { local blacklist="$1" local supports_detach_option=$2 + local supports_registry_auth=$3 local detach_option="" + local registry_auth="" + [ $supports_detach_option = true ] && detach_option="--detach=false" + [ $supports_registry_auth = true ] && registry_auth="--with-registry-auth" for service in $(IFS="\n" docker service ls --quiet); do local name image_with_digest image @@ -18,13 +22,13 @@ update_services() { image_with_digest="$(docker service inspect "$service" -f '{{.Spec.TaskTemplate.ContainerSpec.Image}}')" image=$(echo "$image_with_digest" | cut -d@ -f1) echo "Updating service $name with image $image" - docker service update "$service" $detach_option --image="$image" > /dev/null + docker service update "$service" $detach_option $registry_auth --image="$image" > /dev/null fi done } main() { - local blacklist sleep_time supports_detach_option + local blacklist sleep_time supports_detach_option supports_registry_auth blacklist="${BLACKLIST_SERVICES:-}" sleep_time="${SLEEP_TIME:-5m}" @@ -32,17 +36,23 @@ main() { if [[ "$(server_version)" > "17.05" ]]; then supports_detach_option=true echo "Enabling synchronous service updates" - else - supports_detach_option=false + fi + + supports_registry_auth=false + if [[ ${WITH_REGISTRY_AUTH+x} ]]; then + supports_registry_auth=true + echo "Send registry authentication details to swarm agents" fi [[ "$blacklist" != "" ]] && echo "Excluding services: $blacklist" while true; do - update_services "$blacklist" "$supports_detach_option" + update_services "$blacklist" "$supports_detach_option" "$supports_registry_auth" echo "Sleeping $sleep_time before next update" sleep "$sleep_time" done + + } main "$@" From 6d0ccf8faa57e0bd20bbcfb7bcc7b2deec00d279 Mon Sep 17 00:00:00 2001 From: Georg Ledermann Date: Fri, 23 Mar 2018 11:04:59 +0100 Subject: [PATCH 2/3] Readme: Mount to .docker/config.json and fix env --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4d54c02..bfbae24 100644 --- a/README.md +++ b/README.md @@ -24,8 +24,9 @@ Example: --constraint "node.role==manager" \ --env SLEEP_TIME="5m" \ --env BLACKLIST_SERVICES="shepherd my-other-service" \ - --env WITH_REGISTRY_AUTH \ + --env WITH_REGISTRY_AUTH="true" \ --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock,ro \ + --mount type=bind,source=/root/.docker/config.json,target=/root/.docker/config.json,ro \ mazzolino/shepherd ## How does it work? From 5a376be992f41024db8eb1d09865a94bbbd949a5 Mon Sep 17 00:00:00 2001 From: Georg Ledermann Date: Mon, 9 Apr 2018 06:09:27 +0200 Subject: [PATCH 3/3] Remove empty lines --- shepherd | 2 -- 1 file changed, 2 deletions(-) diff --git a/shepherd b/shepherd index efdbcd9..272de01 100755 --- a/shepherd +++ b/shepherd @@ -51,8 +51,6 @@ main() { echo "Sleeping $sleep_time before next update" sleep "$sleep_time" done - - } main "$@"