From 59c410e6dd74b2bf4aaa36f36f172fd10481ea7c Mon Sep 17 00:00:00 2001
From: Oliver Walsh <owalsh@redhat.com>
Date: Tue, 7 Nov 2017 00:24:59 +0000
Subject: Unset MountFlags in docker.service systemd directives

Required to allow bind propegation options to be set on individual bind-mounts.
See https://github.com/moby/moby/issues/19625.

Also https://access.redhat.com/articles/2938171 for rational for using this
option in RHEL/CentOS 7.3.

Change-Id: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25
Related-bug: 1730533
(cherry picked from commit 2366b5b2fe3bc97d11aa9c3a65660ff78a6dc6f7)
---
 manifests/profile/base/docker.pp                 | 16 ++++++++++++++++
 spec/classes/tripleo_profile_base_docker_spec.rb |  7 +++++++
 2 files changed, 23 insertions(+)

diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index 73731ad..d3f6fe7 100644
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -83,6 +83,22 @@ class tripleo::profile::base::docker (
       ensure => installed,
     }
 
+    $docker_unit_override="[Service]\nMountFlags=\n"
+
+    file {'/etc/systemd/system/docker.service.d':
+      ensure  => directory,
+      require => Package['docker'],
+    }
+    -> file {'/etc/systemd/system/docker.service.d/99-unset-mountflags.conf':
+      content => $docker_unit_override,
+    }
+    ~> exec { 'systemd daemon-reload':
+      command     => 'systemctl daemon-reload',
+      path        => ['/usr/bin', '/usr/sbin'],
+      refreshonly => true,
+      notify      => Service['docker']
+    }
+
     service { 'docker':
       ensure  => 'running',
       enable  => true,
diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
index 328948e..1b05b87 100644
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -26,6 +26,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_class('tripleo::profile::base::docker') }
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
       it {
           is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
             "set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false\"'",
@@ -43,6 +44,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_class('tripleo::profile::base::docker') }
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
       it {
         is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([
           "set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'",
@@ -81,6 +83,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_class('tripleo::profile::base::docker') }
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
       it {
         is_expected.to contain_augeas('docker-daemon.json').with_changes(
             ['set dict/entry[. = "registry-mirrors"] "registry-mirrors',
@@ -99,6 +102,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_class('tripleo::profile::base::docker') }
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
       it {
         is_expected.to contain_augeas('docker-daemon.json').with_changes(
             ['rm dict/entry[. = "registry-mirrors"]',
@@ -117,6 +121,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_class('tripleo::profile::base::docker') }
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
       it {
         is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
           "set OPTIONS '\"--log-driver=syslog\"'",
@@ -133,6 +138,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_class('tripleo::profile::base::docker') }
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
       it {
         is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([
           "set DOCKER_STORAGE_OPTIONS '\" #{params[:storage_options]}\"'",
@@ -149,6 +155,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_class('tripleo::profile::base::docker') }
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
       it {
         is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([
           "rm DOCKER_STORAGE_OPTIONS",
-- 
cgit 1.2.3-korg