Unset MountFlags in docker.service systemd directives

Required to allow bind propegation options to be set on individual bind-mounts. See https://github.com/moby/moby/issues/19625. Also https://access.redhat.com/articles/2938171 for rational for using this option in RHEL/CentOS 7.3. Change-Id: I8a63c044e15d7ca0f54654e9fc9c5d878461aa25 Related-bug: 1730533 (cherry picked from commit 2366b5b2fe)
2017-11-07 00:24:59 +00:00 · 2017-11-07 00:24:59 +00:00 · 59c410e6dd
parent dd17e35242
commit 59c410e6dd
2 changed files with 23 additions and 0 deletions
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@ -83,6 +83,22 @@ class tripleo::profile::base::docker (
      ensure => installed,
    }

+    $docker_unit_override="[Service]\nMountFlags=\n"
+
+    file {'/etc/systemd/system/docker.service.d':
+      ensure  => directory,
+      require => Package['docker'],
+    }
+    -> file {'/etc/systemd/system/docker.service.d/99-unset-mountflags.conf':
+      content => $docker_unit_override,
+    }
+    ~> exec { 'systemd daemon-reload':
+      command     => 'systemctl daemon-reload',
+      path        => ['/usr/bin', '/usr/sbin'],
+      refreshonly => true,
+      notify      => Service['docker']
+    }
+
    service { 'docker':
      ensure  => 'running',
      enable  => true,
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@ -26,6 +26,7 @@ describe 'tripleo::profile::base::docker' do
      it { is_expected.to contain_class('tripleo::profile::base::docker') }
      it { is_expected.to contain_package('docker') }
      it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
      it {
          is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
            "set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false\"'",
@ -43,6 +44,7 @@ describe 'tripleo::profile::base::docker' do
      it { is_expected.to contain_class('tripleo::profile::base::docker') }
      it { is_expected.to contain_package('docker') }
      it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
      it {
        is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([
          "set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'",
@ -81,6 +83,7 @@ describe 'tripleo::profile::base::docker' do
      it { is_expected.to contain_class('tripleo::profile::base::docker') }
      it { is_expected.to contain_package('docker') }
      it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
      it {
        is_expected.to contain_augeas('docker-daemon.json').with_changes(
            ['set dict/entry[. = "registry-mirrors"] "registry-mirrors',
@ -99,6 +102,7 @@ describe 'tripleo::profile::base::docker' do
      it { is_expected.to contain_class('tripleo::profile::base::docker') }
      it { is_expected.to contain_package('docker') }
      it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
      it {
        is_expected.to contain_augeas('docker-daemon.json').with_changes(
            ['rm dict/entry[. = "registry-mirrors"]',
@ -117,6 +121,7 @@ describe 'tripleo::profile::base::docker' do
      it { is_expected.to contain_class('tripleo::profile::base::docker') }
      it { is_expected.to contain_package('docker') }
      it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
      it {
        is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
          "set OPTIONS '\"--log-driver=syslog\"'",
@ -133,6 +138,7 @@ describe 'tripleo::profile::base::docker' do
      it { is_expected.to contain_class('tripleo::profile::base::docker') }
      it { is_expected.to contain_package('docker') }
      it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
      it {
        is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([
          "set DOCKER_STORAGE_OPTIONS '\" #{params[:storage_options]}\"'",
@ -149,6 +155,7 @@ describe 'tripleo::profile::base::docker' do
      it { is_expected.to contain_class('tripleo::profile::base::docker') }
      it { is_expected.to contain_package('docker') }
      it { is_expected.to contain_service('docker') }
+      it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
      it {
        is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([
          "rm DOCKER_STORAGE_OPTIONS",