-
Notifications
You must be signed in to change notification settings - Fork 528
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use docker::swarm as an exported resource #722
Comments
You can always treat the token like a password and pass it as a variable. You then only have the problem during the initial init when tokens are generated. If you want to get fancier you'd need something like consul you can use as an external keystore. Then you can code a custom function to read/export the tokens into. |
@Justin-DynamicD if I have to treat it like a password, then |
Which is why I made the 2nd suggestion of consul. You can setup consul as a hiera backend and then upload/gather from consul k/v with a lookup. I was just trying to give you an option to get things going (it's what we did here until our hiera was setup). I endedup writing a ruby function that pulled said tokens out of docker swarm joint-token statement. |
@Justin-DynamicD setting up a consul instance just for bringing up one (or more) swarm cluster seems a little bit overkill to me, at least for my needs. Thanks for your feedback anyway! :) |
I've done something similar, adding a custom external fact to expose the worker token, using it in an exported resource and then just realising that on the worker nodes. It feels a bit ugly having the secret exposed as a fact, but as it's generated on the fly it's pretty tricky to do anything else. |
docker::Swarm
is a define so it makes it a perfect target (with some boiler plate code in the profile) for an exported resource to be imported by every node assigned to the same cluster so we can autojoin nodes via Puppet with no manual intervention. But currently there's no way to retrieve the cluster token from the master node(s), so this is not possible.The text was updated successfully, but these errors were encountered: