aboutsummaryrefslogtreecommitdiffstats
path: root/spec/classes/tripleo_profile_base_docker_spec.rb
AgeCommit message (Collapse)AuthorFilesLines
2017-11-08Unset MountFlags in docker.service systemd directivesOliver Walsh1-0/+7
Required to allow bind propegation options to be set on individual bind-mounts. See https://github.com/moby/moby/issues/19625. Also https://access.redhat.com/articles/2938171 for rational for using this option in RHEL/CentOS 7.3. Change-Id: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25 Related-bug: 1730533 (cherry picked from commit 2366b5b2fe3bc97d11aa9c3a65660ff78a6dc6f7)
2017-08-29Enable config for docker daemon debugAlex Schultz1-1/+23
Exposes a way to configure the docker daemon with debug enabled. Change-Id: I654a70c8bb7753679be83d78ca653ed44c3a7395 Related-Bug: #1710533 (cherry picked from commit 44b90c9a79146139cbcbe7f560bd1df667cca780)
2017-08-17Allow configuring multiple insecure registriesJiri Stransky1-0/+13
If we're using local registries, we may want to use different registries e.g. for Ceph and for OpenStack. We allow multiple registries in general for this purpose, and we should also allow it in the insecure registry configuration. Change-Id: I5cddd20a123a85516577bde1b793a30d43171285 Related-Bug: #1709310
2017-08-04Merge "Configure dockerd with --iptables=false"Jenkins1-1/+1
2017-08-03Configure dockerd with --iptables=falseDan Prince1-1/+1
This change defaults --iptables=false for dockerd to avoid having Docker create its own FORWARD iptables rules. These rules can interact with normal OS networking rules and disable communications between hosts on reboot. Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f Closes-bug: #1708279
2017-08-02Use normal socket file permissions instead of polkitOliver Walsh1-79/+0
The default (on RHEL/CentOS) is to use polkit but this is only useful for GUI support or for fine grained API access control. As we don't require either we can achieve identical control using plain old unix filesystem permissions. I've merged Sven's changes from https://review.openstack.org/484979 and https://review.openstack.org/487150. As we need to be careful with the libvirtd option quoting I think it's best to do this in puppet-tripleo instead of t-h-t yaml. The option to override the settings from t-h-t remains. Co-Authored-By: Sven Anderson <sven@redhat.com> Reverts I91be1f1eacf8eed9017bbfef393ee2d66771e8d6 Closes-bug: 1696504 Change-Id: I507bdd8e3a461091562177403a2a55fcaf6694d2 Depends-On: I17f6c9b5a6e2120a53bae296042ece492210597a
2017-06-27Split docker options and insecure registryBogdan Dobrelya1-6/+3
Use augeas to modify only parameters' dedicated configuration. Split options from insecure registry. Overlapping those params may unschedule the docker service restarts for some cases, ending up with a split brain state for the docker service run-time config vs changed /etc/sysconfig/options config. Change-Id: Ic5640061837b022f7175f0db0dc269f9a61e6023 Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2017-06-06Add polkit rule to allow kolla nova user access to libvirtd socket on docker ↵Oliver Walsh1-0/+79
host The polkit rules are currently evaluated in the context of the docker host. As a result the check fails for the kolla nova compute user, as the uids are not consistent with the host uids (in fact we probably can't assume a nova user exists on the docker host). As a short-term workaround a 'docker_nova' user group is created on the docker host and the polkit rule is updated to grant this user access to the libvirtd socket. Longer term solution probably requires running polkitd in a container too. Change-Id: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6 Related-bug: #1693844
2017-05-19Switch to overlay2 driver for storageDan Prince1-2/+57
This patch switches the default to the overlay2 storage driver and see if it helps performance. Background: The loopback driver is not recommended for production. Most other docker storage backends require extra disks (or partitions) which we don't have on the root disk. Overlay seems to make the most since for TripleO upgrades where we intend to update in-place installations to use docker. Co-Authored-By: Martin André <m.andre@redhat.com> Change-Id: I6896a9b3e9dc3e269bf5b0dc753bf8c985482daf
2017-04-08Add registry_mirror to base::docker profileDan Prince1-0/+15
This patch adds a new registry_mirror option to help configure /etc/docker/daemon.json so that we can make use of HTTP docker mirrors within upstream TripleO CI (infra). Change-Id: I4b966e9b9b174ca5a6f57974185e0149ea12f232
2017-03-06Add docker profileSteven Hardy1-0/+68
This configures the docker service on the host, as an alternative to the firstboot script in docker/firstboot/setup_docker_host.sh Doing this via puppet will enable easier integration with e.g the multinode jobs where no firstboot scripts run, and also enables a better error path in the event the service fails to start Co-Authored-By: Alex Schultz <aschultz@redhat.com> Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea