Add docker profile

This configures the docker service on the host, as an alternative to the firstboot script in docker/firstboot/setup_docker_host.sh Doing this via puppet will enable easier integration with e.g the multinode jobs where no firstboot scripts run, and also enables a better error path in the event the service fails to start Co-Authored-By: Alex Schultz <aschultz@redhat.com> Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea
2017-03-02 11:48:09 +00:00 · 2017-03-02 11:48:09 +00:00 · 149f04e9cf
parent 292a751437
commit 149f04e9cf
3 changed files with 140 additions and 0 deletions
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@ -0,0 +1,68 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::docker
+#
+# docker profile for tripleo
+#
+# === Parameters
+#
+# [*docker_namespace*]
+#   The namespace to be used when setting INSECURE_REGISTRY
+#   this will be split on "/" to derive the docker registry
+#   (defaults to undef)
+#
+# [*insecure_registry*]
+#   Set docker_namespace to INSECURE_REGISTRY, used when a local registry
+#   is enabled (defaults to false)
+#
+# [*step*]
+#   step defaults to hiera('step')
+#
+class tripleo::profile::base::docker (
+  $docker_namespace = undef,
+  $insecure_registry = false,
+  $step = hiera('step'),
+) {
+  if $step >= 1 {
+    package {'docker':
+      ensure => installed,
+    }
+
+    service { 'docker':
+      ensure  => 'running',
+      enable  => true,
+      require => Package['docker'],
+    }
+
+    if $insecure_registry {
+      if $docker_namespace == undef {
+        fail('You must provide a $docker_namespace in order to configure insecure registry')
+      }
+      $namespace = strip($docker_namespace.split('/')[0])
+      $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ]
+    } else {
+      $changes = [ 'rm INSECURE_REGISTRY', ]
+    }
+
+    augeas { 'docker-sysconfig':
+      lens      => 'Shellvars.lns',
+      incl      => '/etc/sysconfig/docker',
+      changes   => $changes,
+      subscribe => Package['docker'],
+      notify    => Service['docker'],
+    }
+  }
+}
--- a/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml
+++ b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Added a new profile to configure the docker service
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@ -0,0 +1,68 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::docker' do
+  shared_examples_for 'tripleo::profile::base::docker' do
+    context 'with step 1 and defaults' do
+      let(:params) { {
+          :step              => 1,
+      } }
+
+      it { is_expected.to contain_class('tripleo::profile::base::docker') }
+      it { is_expected.to contain_package('docker') }
+      it { is_expected.to contain_service('docker') }
+      it {
+          is_expected.to contain_augeas('docker-sysconfig').with_changes(['rm INSECURE_REGISTRY'])
+      }
+    end
+
+    context 'with step 1 and insecure_registry configured' do
+      let(:params) { {
+          :docker_namespace  => 'foo:8787',
+          :insecure_registry => true,
+          :step              => 1,
+      } }
+
+      it { is_expected.to contain_class('tripleo::profile::base::docker') }
+      it { is_expected.to contain_package('docker') }
+      it { is_expected.to contain_service('docker') }
+      it {
+        is_expected.to contain_augeas('docker-sysconfig').with_changes(["set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'"])
+      }
+    end
+
+    context 'with step 1 and insecure_registry configured but no docker_namespace' do
+      let(:params) { {
+          :insecure_registry => true,
+          :step              => 1,
+      } }
+
+      it_raises 'a Puppet::Error', /You must provide a \$docker_namespace in order to configure insecure registry/
+    end
+  end
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::docker'
+    end
+  end
+end