From 149f04e9cf19c8266a118be24a423b1ccd1b4064 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 2 Mar 2017 11:48:09 +0000 Subject: Add docker profile This configures the docker service on the host, as an alternative to the firstboot script in docker/firstboot/setup_docker_host.sh Doing this via puppet will enable easier integration with e.g the multinode jobs where no firstboot scripts run, and also enables a better error path in the event the service fails to start Co-Authored-By: Alex Schultz Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea --- manifests/profile/base/docker.pp | 68 ++++++++++++++++++++++ .../notes/docker_profile-8571ae260eec69b8.yaml | 4 ++ spec/classes/tripleo_profile_base_docker_spec.rb | 68 ++++++++++++++++++++++ 3 files changed, 140 insertions(+) create mode 100644 manifests/profile/base/docker.pp create mode 100644 releasenotes/notes/docker_profile-8571ae260eec69b8.yaml create mode 100644 spec/classes/tripleo_profile_base_docker_spec.rb diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp new file mode 100644 index 0000000..5e18a85 --- /dev/null +++ b/manifests/profile/base/docker.pp @@ -0,0 +1,68 @@ +# Copyright 2017 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::docker +# +# docker profile for tripleo +# +# === Parameters +# +# [*docker_namespace*] +# The namespace to be used when setting INSECURE_REGISTRY +# this will be split on "/" to derive the docker registry +# (defaults to undef) +# +# [*insecure_registry*] +# Set docker_namespace to INSECURE_REGISTRY, used when a local registry +# is enabled (defaults to false) +# +# [*step*] +# step defaults to hiera('step') +# +class tripleo::profile::base::docker ( + $docker_namespace = undef, + $insecure_registry = false, + $step = hiera('step'), +) { + if $step >= 1 { + package {'docker': + ensure => installed, + } + + service { 'docker': + ensure => 'running', + enable => true, + require => Package['docker'], + } + + if $insecure_registry { + if $docker_namespace == undef { + fail('You must provide a $docker_namespace in order to configure insecure registry') + } + $namespace = strip($docker_namespace.split('/')[0]) + $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ] + } else { + $changes = [ 'rm INSECURE_REGISTRY', ] + } + + augeas { 'docker-sysconfig': + lens => 'Shellvars.lns', + incl => '/etc/sysconfig/docker', + changes => $changes, + subscribe => Package['docker'], + notify => Service['docker'], + } + } +} diff --git a/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml new file mode 100644 index 0000000..ddbf175 --- /dev/null +++ b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Added a new profile to configure the docker service diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb new file mode 100644 index 0000000..587cc29 --- /dev/null +++ b/spec/classes/tripleo_profile_base_docker_spec.rb @@ -0,0 +1,68 @@ +# Copyright 2016 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::docker' do + shared_examples_for 'tripleo::profile::base::docker' do + context 'with step 1 and defaults' do + let(:params) { { + :step => 1, + } } + + it { is_expected.to contain_class('tripleo::profile::base::docker') } + it { is_expected.to contain_package('docker') } + it { is_expected.to contain_service('docker') } + it { + is_expected.to contain_augeas('docker-sysconfig').with_changes(['rm INSECURE_REGISTRY']) + } + end + + context 'with step 1 and insecure_registry configured' do + let(:params) { { + :docker_namespace => 'foo:8787', + :insecure_registry => true, + :step => 1, + } } + + it { is_expected.to contain_class('tripleo::profile::base::docker') } + it { is_expected.to contain_package('docker') } + it { is_expected.to contain_service('docker') } + it { + is_expected.to contain_augeas('docker-sysconfig').with_changes(["set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'"]) + } + end + + context 'with step 1 and insecure_registry configured but no docker_namespace' do + let(:params) { { + :insecure_registry => true, + :step => 1, + } } + + it_raises 'a Puppet::Error', /You must provide a \$docker_namespace in order to configure insecure registry/ + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::docker' + end + end +end -- cgit 1.2.3-korg