Break out registry

salt/registry/etc/config.yml

@@ -21,4 +21,3 @@ health:
     threshold: 3
 proxy:
   remoteurl: https://registry-1.docker.io
-

salt/registry/init.sls

@@ -0,0 +1,40 @@
+# Create the config directory for the docker registry
+dockerregistryconfdir:
+  file.directory:
+    - name: /opt/so/conf/docker-registry/etc
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+dockerregistrydir:
+  file.directory:
+    - name: /nsm/docker/registry
+    - user: 939
+    - group: 939
+    - makedirs: True
+
+dockerregistrylogdir:
+  file.directory:
+    - name: /opt/so/log/docker-registry
+    - user: 939
+    - group: 939
+    - makedirs: true
+
+# Copy the config
+dockerregistryconf:
+  file.managed:
+    - name: /opt/so/conf/docker-registry/etc/config.yml
+    - source: salt://master/files/registry/config.yml
+
+# Install the registry container
+so-dockerregistry:
+  docker_container.running:
+    - image: registry:2
+    - hostname: so-registry
+    - port_bindings:
+      - 0.0.0.0:5000:5000
+    - binds:
+      - /opt/so/conf/docker-registry/etc/config.yml:/etc/docker/registry/config.yml:ro
+      - /opt/so/conf/docker-registry:/var/lib/registry:rw
+      - /etc/pki/registry.crt:/etc/pki/registry.crt:ro
+      - /etc/pki/registry.key:/etc/pki/registry.key:ro

salt/top.sls

@@ -43,10 +43,11 @@ base:
   'G@role:so-eval':
     - ca
     - ssl
+    - registry
+    - master
     - common
     - sensoroni
     - firewall
-    - master
     - idstools
     {%- if OSQUERY != 0 %}
     - mysql
@@ -84,6 +85,7 @@ base:
   'G@role:so-master':
     - ca
     - ssl
+    - registry
     - common
     - cyberchef
     - sensoroni

setup/so-setup.sh

@@ -364,6 +364,7 @@ if (whiptail_you_sure) ; then
       salt_checkin >> $SETUPLOG 2>&1
       salt-call state.apply ca >> $SETUPLOG 2>&1
       salt-call state.apply ssl >> $SETUPLOG 2>&1
+      salt-call state.apply registry >> $SETUPLOG 2>&1
       echo -e "XXX\n43\nInstalling Common Components... \nXXX"
       salt-call state.apply common >> $SETUPLOG 2>&1
       echo -e "XXX\n45\nApplying firewall rules... \nXXX"
@@ -603,6 +604,7 @@ if (whiptail_you_sure) ; then
       salt_checkin >> $SETUPLOG 2>&1
       salt-call state.apply ca >> $SETUPLOG 2>&1
       salt-call state.apply ssl >> $SETUPLOG 2>&1
+      salt-call state.apply registry >> $SETUPLOG 2>&1
       salt-call state.apply master >> $SETUPLOG 2>&1
       echo -e "XXX\n15\nInstalling core components... \nXXX"
       salt-call state.apply common >> $SETUPLOG 2>&1