amy/fruit-bowl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: initial commit

Browse source
This commit is contained in:
amy 2025-04-01 17:40:03 +00:00
commit 38f495e3f4
457 changed files with 40577 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

54
environments/production/thirdparty/docker/manifests/compose.pp vendored Normal file
View file

@ -0,0 +1,54 @@
# @summary install Docker Compose using the recommended curl command.
#
# @param ensure
# Whether to install or remove Docker Compose
# Valid values are absent present
#
# @param version
# The version of Docker Compose to install.
#
class docker::compose (
Enum[present,absent] $ensure = present,
Optional[String] $version = undef,
) {
include docker
if $docker::manage_package {
include docker::params
$_version = $version ? {
undef => $docker::params::compose_version,
default => $version,
}
if $_version and $ensure != 'absent' {
$package_ensure = $_version
} else {
$package_ensure = $ensure
}
case $facts['os']['family'] {
'Debian': {
$_require = $docker::use_upstream_package_source ? {
true => [Apt::Source['docker'], Class['apt::update']],
false => undef,
}
}
'RedHat': {
$_require = $docker::use_upstream_package_source ? {
true => Yumrepo['docker'],
false => undef,
}
}
'Windows': {
fail('The docker compose portion of this module is not supported on Windows')
}
default: {
fail('The docker compose portion of this module only works on Debian or RedHat')
}
}
package { 'docker-compose-plugin':
ensure => $package_ensure,
require => $_require,
}
}
}

16
environments/production/thirdparty/docker/manifests/config.pp vendored Normal file
View file

@ -0,0 +1,16 @@
# @summary Configuration for docker
# @api private
#
class docker::config {
if $facts['os']['family'] != 'windows' {
$docker::docker_users.each |$user| {
docker::system_user { $user:
create_user => $docker::create_user,
}
}
} else {
$docker::docker_users.each |$user| {
docker::windows_account { $user: }
}
}
}

81
environments/production/thirdparty/docker/manifests/exec.pp vendored Normal file
View file

@ -0,0 +1,81 @@
# @summary
# A define which executes a command inside a container.
#
# @param detach
# @param interactive
# @param env
# @param tty
# @param container
# @param command
# @param unless
# @param sanitise_name
# @param refreshonly
# @param onlyif
#
define docker::exec (
Boolean $detach = false,
Boolean $interactive = false,
Array $env = [],
Boolean $tty = false,
Optional[String] $container = undef,
Optional[String] $command = undef,
Optional[String] $unless = undef,
Boolean $sanitise_name = true,
Boolean $refreshonly = false,
Optional[String] $onlyif = undef,
) {
include docker::params
$docker_command = $docker::params::docker_command
if $facts['os']['family'] == 'windows' {
$exec_environment = "PATH=${facts['docker_program_files_path']}/Docker/"
$exec_timeout = 3000
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
$exec_provider = 'powershell'
} else {
$exec_environment = 'HOME=/root'
$exec_path = ['/bin', '/usr/bin',]
$exec_timeout = 0
$exec_provider = undef
}
$docker_exec_flags = docker_exec_flags({
detach => $detach,
interactive => $interactive,
tty => $tty,
env => any2array($env),
}
)
if $sanitise_name {
$sanitised_container = regsubst($container, '[^0-9A-Za-z.\-_]', '-', 'G')
} else {
$sanitised_container = $container
}
$exec = "${docker_command} exec ${docker_exec_flags} ${sanitised_container} ${command}"
$unless_command = $unless ? {
undef => undef,
'' => undef,
default => "${docker_command} exec ${docker_exec_flags} ${sanitised_container} ${$unless}",
}
$onlyif_command = $onlyif ? {
undef => undef,
'' => undef,
'running' => "${docker_command} ps --no-trunc --format='table {{.Names}}' | grep '^${sanitised_container}$'",
default => $onlyif
}
exec { $exec:
environment => $exec_environment,
onlyif => $onlyif_command,
path => $exec_path,
refreshonly => $refreshonly,
timeout => $exec_timeout,
provider => $exec_provider,
unless => $unless_command,
}
}

185
environments/production/thirdparty/docker/manifests/image.pp vendored Normal file
View file

@ -0,0 +1,185 @@
# @summary
# Module to install an up-to-date version of a Docker image
# from the registry
#
# @param ensure
# Whether you want the image present or absent.
#
# @param image
# If you want the name of the image to be different from the
# name of the puppet resource you can pass a value here.
#
# @param image_tag
# If you want a specific tag of the image to be installed
#
# @param image_digest
# If you want a specific content digest of the image to be installed
#
# @param docker_file
# If you want to add a docker image from specific docker file
#
# @param docker_tar
# If you want to load a docker image from specific docker tar
#
# @param force
#
# @param docker_dir
#
define docker::image (
Enum[present,absent,latest] $ensure = 'present',
Optional[Pattern[/^[\S]*$/]] $image = $title,
Optional[String] $image_tag = undef,
Optional[String] $image_digest = undef,
Boolean $force = false,
Optional[String] $docker_file = undef,
Optional[String] $docker_dir = undef,
Optional[String] $docker_tar = undef,
) {
include docker::params
$docker_command = $docker::params::docker_command
if $facts['os']['family'] == 'windows' {
$update_docker_image_template = 'docker/windows/update_docker_image.ps1.epp'
$update_docker_image_path = "${facts['docker_user_temp_path']}/update_docker_image.ps1"
$exec_environment = "PATH=${facts['docker_program_files_path']}/Docker/"
$exec_timeout = 3000
$update_docker_image_owner = undef
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
$exec_provider = 'powershell'
} else {
$update_docker_image_template = 'docker/update_docker_image.sh.epp'
$update_docker_image_path = '/usr/local/bin/update_docker_image.sh'
$update_docker_image_owner = 'root'
$exec_environment = 'HOME=/root'
$exec_path = ['/bin', '/usr/bin',]
$exec_timeout = 0
$exec_provider = undef
}
$parameters = {
'docker_command' => $docker_command,
}
# Wrapper used to ensure images are up to date
ensure_resource('file', $update_docker_image_path,
{
ensure => $docker::params::ensure,
owner => $update_docker_image_owner,
group => $update_docker_image_owner,
mode => '0555',
content => epp($update_docker_image_template, $parameters),
}
)
if ($docker_file) and ($docker_tar) {
fail('docker::image must not have both $docker_file and $docker_tar set')
}
if ($docker_dir) and ($docker_tar) {
fail('docker::image must not have both $docker_dir and $docker_tar set')
}
if ($image_digest) and ($docker_file) {
fail('docker::image must not have both $image_digest and $docker_file set')
}
if ($image_digest) and ($docker_dir) {
fail('docker::image must not have both $image_digest and $docker_dir set')
}
if ($image_digest) and ($docker_tar) {
fail('docker::image must not have both $image_digest and $docker_tar set')
}
if $force {
$image_force = '-f '
} else {
$image_force = ''
}
if $image_tag {
$image_arg = "${image}:${image_tag}"
$image_remove = "${docker_command} rmi ${image_force}${image}:${image_tag}"
$image_find = "${docker_command} images -q ${image}:${image_tag}"
} elsif $image_digest {
$image_arg = "${image}@${image_digest}"
$image_remove = "${docker_command} rmi ${image_force}${image}:${image_digest}"
$image_find = "${docker_command} images -q ${image}@${image_digest}"
} else {
$image_arg = $image
$image_remove = "${docker_command} rmi ${image_force}${image}"
$image_find = "${docker_command} images -q ${image}"
}
if $facts['os']['family'] == 'windows' {
$_image_find = "If (-not (${image_find}) ) { Exit 1 }"
} else {
$_image_find = "${image_find} | grep ."
}
if ($docker_dir) and ($docker_file) {
$image_install = "${docker_command} build -t ${image_arg} -f ${docker_file} ${docker_dir}"
} elsif $docker_dir {
$image_install = "${docker_command} build -t ${image_arg} ${docker_dir}"
} elsif $docker_file {
if $facts['os']['family'] == windows {
$image_install = "Get-Content ${docker_file} -Raw | ${docker_command} build -t ${image_arg} -"
} else {
$image_install = "${docker_command} build -t ${image_arg} - < ${docker_file}"
}
} elsif $docker_tar {
$image_install = "${docker_command} load -i ${docker_tar}"
} else {
if $facts['os']['family'] == 'windows' {
$image_install = "& ${update_docker_image_path} -DockerImage ${image_arg}"
} else {
$image_install = "${update_docker_image_path} ${image_arg}"
}
}
if $ensure == 'absent' {
exec { $image_remove:
path => $exec_path,
environment => $exec_environment,
onlyif => $_image_find,
provider => $exec_provider,
timeout => $exec_timeout,
logoutput => true,
}
} elsif $ensure == 'latest' or $image_tag == 'latest' or $force {
notify { "Check if image ${image_arg} is in-sync":
noop => false,
}
~> exec { $image_install:
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
returns => ['0', '2'],
require => File[$update_docker_image_path],
provider => $exec_provider,
logoutput => true,
}
~> exec { "echo 'Update of ${image_arg} complete'":
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
require => File[$update_docker_image_path],
provider => $exec_provider,
logoutput => true,
refreshonly => true,
}
} elsif $ensure == 'present' {
exec { $image_install:
unless => $_image_find,
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
returns => ['0', '2'],
require => File[$update_docker_image_path],
provider => $exec_provider,
logoutput => true,
}
}
Docker::Image <| title == $title |>
}

9
environments/production/thirdparty/docker/manifests/images.pp vendored Normal file
View file

@ -0,0 +1,9 @@
# @summary
#
# @param images
#
class docker::images (
Hash $images
) {
create_resources(docker::image, $images)
}

652
environments/production/thirdparty/docker/manifests/init.pp vendored Normal file
View file

@ -0,0 +1,652 @@
# @summary
# Module to install an up-to-date version of Docker from package.
#
# @param version
# The package version to install, used to set the package name.
#
# @param ensure
# Passed to the docker package.
#
# @param prerequired_packages
# An array of additional packages that need to be installed to support docker.
#
# @param dependent_packages
# An array of packages installed by the docker-ce package v 18.09 and later.
# Used when uninstalling to ensure containers cannot be run on the system.
#
# @param tcp_bind
# The tcp socket to bind to in the format
# tcp://127.0.0.1:4243
#
# @param tls_enable
# Enable TLS.
#
# @param tls_verify
# Use TLS and verify the remote
#
# @param tls_cacert
# Path to TLS CA certificate
#
# @param tls_cert
# Path to TLS certificate file
#
# @param tls_key
# Path to TLS key file
#
# @param ip_forward
# Enables IP forwarding on the Docker host.
#
# @param iptables
# Enable Docker's addition of iptables rules.
#
# @param ip_masq
# Enable IP masquerading for bridge's IP range.
#
# @param icc
# Enable or disable Docker's unrestricted inter-container and Docker daemon host communication.
# (Requires iptables=true to disable)
#
# @param bip
# Specify docker's network bridge IP, in CIDR notation.
#
# @param mtu
# Docker network MTU.
#
# @param bridge
# Attach containers to a pre-existing network bridge
# use 'none' to disable container networking
#
# @param fixed_cidr
# IPv4 subnet for fixed IPs
# 10.20.0.0/16
#
# @param default_gateway
# IPv4 address of the container default gateway;
# this address must be part of the bridge subnet
# (which is defined by bridge)
#
# @param ipv6
# Enables ipv6 support for the docker daemon
#
# @param ipv6_cidr
# IPv6 subnet for fixed IPs
#
# @param default_gateway_ipv6
# IPv6 address of the container default gateway:
#
# @param socket_bind
# The unix socket to bind to.
#
# @param log_level
# Set the logging level
# Valid values: debug, info, warn, error, fatal
#
# @param log_driver
# Set the log driver.
# Docker default is json-file.
# Please verify the value by yourself, before setting it. Valid shipped log drivers can be found here:
# https://docs.docker.com/config/containers/logging/configure/#supported-logging-drivers
# Since custom log driver plugins are and must be possible, the value can not be verified through code here.
#
# @param log_opt
# Set the log driver specific options
# Valid values per log driver:
# none : undef
# local :
# max-size=[0-9+][k|m|g]
# max-file=[0-9+]
# json-file:
# max-size=[0-9+][k|m|g]
# max-file=[0-9+]
# syslog :
# syslog-address=[tcp|udp]://host:port
# syslog-address=unix://path
# syslog-facility=daemon|kern|user|mail|auth|
# syslog|lpr|news|uucp|cron|
# authpriv|ftp|
# local0|local1|local2|local3|
# local4|local5|local6|local7
# syslog-tag="some_tag"
# journald : undef
# gelf :
# gelf-address=udp://host:port
# gelf-tag="some_tag"
# fluentd :
# fluentd-address=host:port
# fluentd-tag={{.ID}} - short container id (12 characters)|
# {{.FullID}} - full container id
# {{.Name}} - container name
# splunk :
# splunk-token=<splunk_http_event_collector_token>
# splunk-url=https://your_splunk_instance:8088
# awslogs :
# awslogs-group=<Cloudwatch Log Group>
# awslogs-stream=<Cloudwatch Log Stream>
# awslogs-create-group=true|false
# awslogs-datetime-format=<Date format> - strftime expression
# awslogs-multiline-pattern=multiline start pattern using a regular expression
# tag={{.ID}} - short container id (12 characters)|
# {{.FullID}} - full container id
# {{.Name}} - container name
#
# @param selinux_enabled
# Enable selinux support. Default is false. SELinux does not presently
# support the BTRFS storage driver.
#
# @param use_upstream_package_source
# Whether or not to use the upstream package source.
# If you run your own package mirror, you may set this
# to false.
#
# @param pin_upstream_package_source
# Pin upstream package source; this option currently only has any effect on
# apt-based distributions. Set to false to remove pinning on the upstream
# package repository. See also "apt_source_pin_level".
#
# @param apt_source_pin_level
# What level to pin our source package repository to; this only is relevent
# if you're on an apt-based system (Debian, Ubuntu, etc) and
# $use_upstream_package_source is set to true. Set this to false to disable
# pinning, and undef to ensure the apt preferences file apt::source uses to
# define pins is removed.
#
# @param service_state
# Whether you want to docker daemon to start up
#
# @param service_enable
# Whether you want to docker daemon to start up at boot
#
# @param manage_service
# Specify whether the service should be managed.
#
# @param root_dir
# Custom root directory for containers
#
# @param dns
# Custom dns server address
#
# @param dns_search
# Custom dns search domains
#
# @param socket_group
# Group ownership of the unix control socket.
#
# @param extra_parameters
# Any extra parameters that should be passed to the docker daemon.
#
# @param shell_values
# Array of shell values to pass into init script config files
#
# @param proxy
# Will set the http_proxy and https_proxy env variables in /etc/sysconfig/docker (redhat/centos) or /etc/default/docker (debian)
#
# @param no_proxy
# Will set the no_proxy variable in /etc/sysconfig/docker (redhat/centos) or /etc/default/docker (debian)
#
# @param storage_driver
# Specify a storage driver to use
# Valid values: aufs, devicemapper, btrfs, overlay, overlay2, vfs, zfs
#
# @param dm_basesize
# The size to use when creating the base device, which limits the size of images and containers.
#
# @param dm_fs
# The filesystem to use for the base image (xfs or ext4)
#
# @param dm_mkfsarg
# Specifies extra mkfs arguments to be used when creating the base device.
#
# @param dm_mountopt
# Specifies extra mount options used when mounting the thin devices.
#
# @param dm_blocksize
# A custom blocksize to use for the thin pool.
# Default blocksize is 64K.
# Warning: _DO NOT_ change this parameter after the lvm devices have been initialized.
#
# @param dm_loopdatasize
# Specifies the size to use when creating the loopback file for the "data" device which is used for the thin pool
#
# @param dm_loopmetadatasize
# Specifies the size to use when creating the loopback file for the "metadata" device which is used for the thin pool
#
# @param dm_datadev
# (deprecated - dm_thinpooldev should be used going forward)
# A custom blockdevice to use for data for the thin pool.
#
# @param dm_metadatadev
# (deprecated - dm_thinpooldev should be used going forward)
# A custom blockdevice to use for metadata for the thin pool.
#
# @param dm_thinpooldev
# Specifies a custom block storage device to use for the thin pool.
#
# @param dm_use_deferred_removal
# Enables use of deferred device removal if libdm and the kernel driver support the mechanism.
#
# @param dm_use_deferred_deletion
# Enables use of deferred device deletion if libdm and the kernel driver support the mechanism.
#
# @param dm_blkdiscard
# Enables or disables the use of blkdiscard when removing devicemapper devices.
#
# @param dm_override_udev_sync_check
# By default, the devicemapper backend attempts to synchronize with the udev
# device manager for the Linux kernel. This option allows disabling that
# synchronization, to continue even though the configuration may be buggy.
#
# @param overlay2_override_kernel_check
# Overrides the Linux kernel version check allowing using overlay2 with kernel < 4.0.
#
# @param manage_package
# Won't install or define the docker package, useful if you want to use your own package
#
# @param service_name
# Specify custom service name
#
# @param docker_users
# Specify an array of users to add to the docker group
#
# @param create_user
# If `true` the list of `docker_users` will be created as well as added to the docker group
#
# @param docker_group
# Specify a string for the docker group
#
# @param daemon_environment_files
# Specify additional environment files to add to the
# service-overrides.conf
#
# @param repo_opt
# Specify a string to pass as repository options (RedHat only)
#
# @param storage_devs
# A quoted, space-separated list of devices to be used.
#
# @param storage_vg
# The volume group to use for docker storage.
#
# @param storage_root_size
# The size to which the root filesystem should be grown.
#
# @param storage_data_size
# The desired size for the docker data LV
#
# @param storage_min_data_size
# The minimum size of data volume otherwise pool creation fails
#
# @param storage_chunk_size
# Controls the chunk size/block size of thin pool.
#
# @param storage_growpart
# Enable resizing partition table backing root volume group.
#
# @param storage_auto_extend_pool
# Enable/disable automatic pool extension using lvm
#
# @param storage_pool_autoextend_threshold
# Auto pool extension threshold (in % of pool size)
#
# @param storage_pool_autoextend_percent
# Extend the pool by specified percentage when threshold is hit.
#
# @param tmp_dir_config
# Whether to set the TMPDIR value in the systemd config file
# Default: true (set the value); false will comment out the line.
# Note: false is backwards compatible prior to PR #58
#
# @param tmp_dir
# Sets the tmp dir for Docker (path)
#
# @param registry_mirror
# Sets the prefered container registry mirror.
#
# @param nuget_package_provider_version
# The version of the NuGet Package provider
#
# @param docker_msft_provider_version
# The version of the Microsoft Docker Provider Module
#
# @param docker_ce_start_command
# @param docker_ce_package_name
# @param docker_ce_cli_package_name
# @param docker_ce_source_location
# @param docker_ce_key_source
# @param docker_ce_key_id
# @param docker_ce_release
# @param docker_package_location
# @param docker_package_key_source
# @param docker_package_key_check_source
# @param docker_package_key_id
# @param docker_package_release
# @param docker_engine_start_command
# @param docker_engine_package_name
# @param docker_ce_channel
# @param docker_ee
# @param docker_ee_package_name
# @param docker_ee_source_location
# @param docker_ee_key_source
# @param docker_ee_key_id
# @param docker_ee_repos
# @param docker_ee_release
# @param package_release
# @param labels
# @param execdriver
# @param package_source
# @param os_lc
# @param storage_config
# @param storage_config_template
# @param storage_setup_file
# @param service_provider
# @param service_config
# @param service_config_template
# @param service_overrides_template
# @param socket_overrides_template
# @param socket_override
# @param service_after_override
# @param service_hasstatus
# @param service_hasrestart
# @param acknowledge_unsupported_os
# @param have_systemd_v230
#
class docker (
Optional[String] $version = $docker::params::version,
String $ensure = $docker::params::ensure,
Variant[Array[String], Hash] $prerequired_packages = $docker::params::prerequired_packages,
Array $dependent_packages = $docker::params::dependent_packages,
String $docker_ce_start_command = $docker::params::docker_ce_start_command,
Optional[String] $docker_ce_package_name = $docker::params::docker_ce_package_name,
String[1] $docker_ce_cli_package_name = $docker::params::docker_ce_cli_package_name,
Optional[String] $docker_ce_source_location = $docker::params::package_ce_source_location,
Optional[String] $docker_ce_key_source = $docker::params::package_ce_key_source,
Optional[String] $docker_ce_key_id = $docker::params::package_ce_key_id,
Optional[String] $docker_ce_release = $docker::params::package_ce_release,
Optional[String] $docker_package_location = $docker::params::package_source_location,
Optional[String] $docker_package_key_source = $docker::params::package_key_source,
Optional[Boolean] $docker_package_key_check_source = $docker::params::package_key_check_source,
Optional[String] $docker_package_key_id = $docker::params::package_key_id,
Optional[String] $docker_package_release = $docker::params::package_release,
String $docker_engine_start_command = $docker::params::docker_engine_start_command,
String $docker_engine_package_name = $docker::params::docker_engine_package_name,
String $docker_ce_channel = $docker::params::docker_ce_channel,
Optional[Boolean] $docker_ee = $docker::params::docker_ee,
Optional[String] $docker_ee_package_name = $docker::params::package_ee_package_name,
Optional[String] $docker_ee_source_location = $docker::params::package_ee_source_location,
Optional[String] $docker_ee_key_source = $docker::params::package_ee_key_source,
Optional[String] $docker_ee_key_id = $docker::params::package_ee_key_id,
Optional[String] $docker_ee_repos = $docker::params::package_ee_repos,
Optional[String] $docker_ee_release = $docker::params::package_ee_release,
Optional[Variant[String,Array[String]]] $tcp_bind = $docker::params::tcp_bind,
Boolean $tls_enable = $docker::params::tls_enable,
Boolean $tls_verify = $docker::params::tls_verify,
Optional[String] $tls_cacert = $docker::params::tls_cacert,
Optional[String] $tls_cert = $docker::params::tls_cert,
Optional[String] $tls_key = $docker::params::tls_key,
Boolean $ip_forward = $docker::params::ip_forward,
Boolean $ip_masq = $docker::params::ip_masq,
Optional[Boolean] $ipv6 = $docker::params::ipv6,
Optional[String] $ipv6_cidr = $docker::params::ipv6_cidr,
Optional[String] $default_gateway_ipv6 = $docker::params::default_gateway_ipv6,
Optional[String] $bip = $docker::params::bip,
Optional[String] $mtu = $docker::params::mtu,
Boolean $iptables = $docker::params::iptables,
Optional[Boolean] $icc = $docker::params::icc,
String $socket_bind = $docker::params::socket_bind,
Optional[String] $fixed_cidr = $docker::params::fixed_cidr,
Optional[String] $bridge = $docker::params::bridge,
Optional[String] $default_gateway = $docker::params::default_gateway,
Optional[String] $log_level = $docker::params::log_level,
Optional[String] $log_driver = $docker::params::log_driver,
Array $log_opt = $docker::params::log_opt,
Optional[Boolean] $selinux_enabled = $docker::params::selinux_enabled,
Optional[Boolean] $use_upstream_package_source = $docker::params::use_upstream_package_source,
Optional[Boolean] $pin_upstream_package_source = $docker::params::pin_upstream_package_source,
Optional[Integer] $apt_source_pin_level = $docker::params::apt_source_pin_level,
Optional[String] $package_release = $docker::params::package_release,
String $service_state = $docker::params::service_state,
Boolean $service_enable = $docker::params::service_enable,
Boolean $manage_service = $docker::params::manage_service,
Optional[String] $root_dir = $docker::params::root_dir,
Optional[Boolean] $tmp_dir_config = $docker::params::tmp_dir_config,
Optional[String] $tmp_dir = $docker::params::tmp_dir,
Optional[Variant[String,Array]] $dns = $docker::params::dns,
Optional[Variant[String,Array]] $dns_search = $docker::params::dns_search,
Optional[Variant[String,Boolean]] $socket_group = $docker::params::socket_group,
Array $labels = $docker::params::labels,
Optional[Variant[String,Array]] $extra_parameters = undef,
Optional[Variant[String,Array]] $shell_values = undef,
Optional[String] $proxy = $docker::params::proxy,
Optional[String] $no_proxy = $docker::params::no_proxy,
Optional[String] $storage_driver = $docker::params::storage_driver,
Optional[String] $dm_basesize = $docker::params::dm_basesize,
Optional[String] $dm_fs = $docker::params::dm_fs,
Optional[String] $dm_mkfsarg = $docker::params::dm_mkfsarg,
Optional[String] $dm_mountopt = $docker::params::dm_mountopt,
Optional[String] $dm_blocksize = $docker::params::dm_blocksize,
Optional[String] $dm_loopdatasize = $docker::params::dm_loopdatasize,
Optional[String] $dm_loopmetadatasize = $docker::params::dm_loopmetadatasize,
Optional[String] $dm_datadev = $docker::params::dm_datadev,
Optional[String] $dm_metadatadev = $docker::params::dm_metadatadev,
Optional[String] $dm_thinpooldev = $docker::params::dm_thinpooldev,
Optional[Boolean] $dm_use_deferred_removal = $docker::params::dm_use_deferred_removal,
Optional[Boolean] $dm_use_deferred_deletion = $docker::params::dm_use_deferred_deletion,
Optional[Boolean] $dm_blkdiscard = $docker::params::dm_blkdiscard,
Optional[Boolean] $dm_override_udev_sync_check = $docker::params::dm_override_udev_sync_check,
Boolean $overlay2_override_kernel_check = $docker::params::overlay2_override_kernel_check,
Optional[String] $execdriver = $docker::params::execdriver,
Boolean $manage_package = $docker::params::manage_package,
Optional[String] $package_source = $docker::params::package_source,
Optional[String] $service_name = $docker::params::service_name,
Array $docker_users = [],
Boolean $create_user = true,
String $docker_group = $docker::params::docker_group,
Array $daemon_environment_files = [],
Optional[Variant[String,Hash]] $repo_opt = $docker::params::repo_opt,
Optional[String] $os_lc = $docker::params::os_lc,
Optional[String] $storage_devs = $docker::params::storage_devs,
Optional[String] $storage_vg = $docker::params::storage_vg,
Optional[String] $storage_root_size = $docker::params::storage_root_size,
Optional[String] $storage_data_size = $docker::params::storage_data_size,
Optional[String] $storage_min_data_size = $docker::params::storage_min_data_size,
Optional[String] $storage_chunk_size = $docker::params::storage_chunk_size,
Optional[Boolean] $storage_growpart = $docker::params::storage_growpart,
Optional[String] $storage_auto_extend_pool = $docker::params::storage_auto_extend_pool,
Optional[String] $storage_pool_autoextend_threshold = $docker::params::storage_pool_autoextend_threshold,
Optional[String] $storage_pool_autoextend_percent = $docker::params::storage_pool_autoextend_percent,
Optional[Variant[String,Boolean]] $storage_config = $docker::params::storage_config,
Optional[String] $storage_config_template = $docker::params::storage_config_template,
Optional[String] $storage_setup_file = $docker::params::storage_setup_file,
Optional[String] $service_provider = $docker::params::service_provider,
Optional[Variant[String,Boolean]] $service_config = $docker::params::service_config,
Optional[String] $service_config_template = $docker::params::service_config_template,
Optional[Variant[String,Boolean]] $service_overrides_template = $docker::params::service_overrides_template,
Optional[Variant[String,Boolean]] $socket_overrides_template = $docker::params::socket_overrides_template,
Optional[Boolean] $socket_override = $docker::params::socket_override,
Optional[Variant[String,Boolean]] $service_after_override = $docker::params::service_after_override,
Optional[Boolean] $service_hasstatus = $docker::params::service_hasstatus,
Optional[Boolean] $service_hasrestart = $docker::params::service_hasrestart,
Optional[Variant[String,Array]] $registry_mirror = $docker::params::registry_mirror,
Boolean $acknowledge_unsupported_os = false,
# Windows specific parameters
Optional[String] $docker_msft_provider_version = $docker::params::docker_msft_provider_version,
Optional[String] $nuget_package_provider_version = $docker::params::nuget_package_provider_version,
Boolean $have_systemd_v230 = $docker::params::have_systemd_v230,
) inherits docker::params {
if $facts['os']['family'] and ! $acknowledge_unsupported_os {
assert_type(Pattern[/^(Debian|RedHat|windows)$/], $facts['os']['family']) |$a, $b| {
fail('This module only works on Debian, Red Hat or Windows based systems.')
}
if ($facts['os']['family'] == 'RedHat') and ($facts['os']['name'] != 'Amazon') and (versioncmp($facts['os']['release']['major'], '7') < 0) {
fail('This module only works on Red Hat based systems version 7 and higher.')
} elsif ($facts['os']['name'] == 'Amazon') and ($facts['os']['release']['major'] != '2') and (versioncmp($facts['os']['release']['major'], '2022') < 0) {
fail('This module only works on Amazon Linux 2 and newer systems.')
}
}
if ($default_gateway) and (!$bridge) {
fail('You must provide the $bridge parameter.')
}
if $log_level {
assert_type(Pattern[/^(debug|info|warn|error|fatal)$/], $log_level) |$a, $b| {
fail('log_level must be one of debug, info, warn, error or fatal')
}
}
if $storage_driver {
if $facts['os']['family'] == 'windows' {
assert_type(Pattern[/^(windowsfilter)$/], $storage_driver) |$a, $b| {
fail('Valid values for storage_driver on windows are windowsfilter')
}
} else {
assert_type(Pattern[/^(aufs|devicemapper|btrfs|overlay|overlay2|vfs|zfs)$/], $storage_driver) |$a, $b| {
fail('Valid values for storage_driver are aufs, devicemapper, btrfs, overlay, overlay2, vfs, zfs.')
}
}
}
if ($bridge) and ($facts['os']['family'] == 'windows') {
assert_type(Pattern[/^(none|nat|transparent|overlay|l2bridge|l2tunnel)$/], $bridge) |$a, $b| {
fail('bridge must be one of none, nat, transparent, overlay, l2bridge or l2tunnel on Windows.')
}
}
if $dm_fs {
assert_type(Pattern[/^(ext4|xfs)$/], $dm_fs) |$a, $b| {
fail('Only ext4 and xfs are supported currently for dm_fs.')
}
}
if ($dm_loopdatasize or $dm_loopmetadatasize) and ($dm_datadev or $dm_metadatadev) {
fail('You should provide parameters only for loop lvm or direct lvm, not both.')
}
if ($dm_datadev or $dm_metadatadev) and $dm_thinpooldev {
fail('You can use the $dm_thinpooldev parameter, or the $dm_datadev and $dm_metadatadev parameter pair, but you cannot use both.') # lint:ignore:140chars
}
if ($dm_datadev or $dm_metadatadev) {
notice('The $dm_datadev and $dm_metadatadev parameter pair are deprecated. The $dm_thinpooldev parameter should be used instead.')
}
if ($dm_datadev and !$dm_metadatadev) or (!$dm_datadev and $dm_metadatadev) {
fail('You need to provide both $dm_datadev and $dm_metadatadev parameters for direct lvm.')
}
if ($dm_basesize or $dm_fs or $dm_mkfsarg or $dm_mountopt or $dm_blocksize or $dm_loopdatasize or $dm_loopmetadatasize or $dm_datadev or $dm_metadatadev) and ($storage_driver != 'devicemapper') {
fail('Values for dm_ variables will be ignored unless storage_driver is set to devicemapper.')
}
if($tls_enable) {
if(! $tcp_bind) {
fail('You need to provide tcp bind parameter for TLS.')
}
}
if ($version == undef) or ($version !~ /^(17[.][0-1][0-9][.][0-1](~|-|\.)ce|1.\d+)/) {
if ($docker_ee) {
$package_location = $docker::docker_ee_source_location
$package_key_source = $docker::docker_ee_key_source
$package_key_check_source = $docker_package_key_check_source
$package_key = $docker::docker_ee_key_id
$package_repos = $docker::docker_ee_repos
$release = $docker::docker_ee_release
$docker_start_command = $docker::docker_ee_start_command
$docker_package_name = $docker::docker_ee_package_name
} else {
case $facts['os']['family'] {
'Debian' : {
$package_location = $docker_ce_source_location
$package_key_source = $docker_ce_key_source
$package_key = $docker_ce_key_id
$package_repos = $docker_ce_channel
$release = $docker_ce_release
}
'RedHat' : {
$package_location = $docker_ce_source_location
$package_key_source = $docker_ce_key_source
$package_key_check_source = $docker_package_key_check_source
}
'windows': {
fail('This module only work for Docker Enterprise Edition on Windows.')
}
default: {
$package_location = $docker_package_location
$package_key_source = $docker_package_key_source
$package_key_check_source = $docker_package_key_check_source
}
}
$docker_start_command = $docker_ce_start_command
$docker_package_name = $docker_ce_package_name
}
} else {
case $facts['os']['family'] {
'Debian': {
$package_location = $docker_package_location
$package_key_source = $docker_package_key_source
$package_key_check_source = $docker_package_key_check_source
$package_key = $docker_package_key_id
$package_repos = 'main'
$release = $docker_package_release
}
'RedHat': {
$package_location = $docker_package_location
$package_key_source = $docker_package_key_source
$package_key_check_source = $docker_package_key_check_source
}
default: {
$package_location = $docker_package_location
$package_key_source = $docker_package_key_source
$package_key_check_source = $docker_package_key_check_source
}
}
$docker_start_command = $docker_engine_start_command
$docker_package_name = $docker_engine_package_name
}
if ($version != undef) and ($version =~ /^(17[.]0[0-4]|1.\d+)/) {
$root_dir_flag = '-g'
} else {
$root_dir_flag = '--data-root'
}
if $ensure != 'absent' {
contain docker::repos
contain docker::install
contain docker::config
contain docker::service
create_resources(
'docker::registry',
lookup("${module_name}::registries", Hash, 'deep', {}),
)
create_resources(
'docker::image',
lookup("${module_name}::images", Hash, 'deep', {}),
)
create_resources(
'docker::run',
lookup("${module_name}::runs", Hash, 'deep', {}),
)
Class['docker::repos']
-> Class['docker::install']
-> Class['docker::config']
-> Class['docker::service']
-> Docker::Registry <||>
-> Docker::Image <||>
-> Docker::Run <||>
-> Docker_compose <||>
} else {
contain 'docker::repos'
contain 'docker::install'
Class['docker::repos'] -> Class['docker::install']
}
}

153
environments/production/thirdparty/docker/manifests/install.pp vendored Normal file
View file

@ -0,0 +1,153 @@
# @summary
# Module to install an up-to-date version of Docker from a package repository.
# Only for Debian, Red Hat and Windows
#
# @param version
# The package version to install, used to set the package name.
#
# @param nuget_package_provider_version
# The version of the NuGet Package provider
#
# @param docker_msft_provider_version
# The version of the Microsoft Docker Provider Module
#
# @param docker_ee_package_name
# The name of the Docker Enterprise Edition package
#
# @param docker_download_url
#
# @param dependent_packages
#
class docker::install (
Optional[String] $version = $docker::version,
Optional[String] $nuget_package_provider_version = $docker::nuget_package_provider_version,
Optional[String] $docker_msft_provider_version = $docker::docker_msft_provider_version,
Optional[String] $docker_ee_package_name = $docker::docker_ee_package_name,
Optional[String] $docker_download_url = $docker::package_location,
Array $dependent_packages = $docker::dependent_packages,
) {
$docker_start_command = $docker::docker_start_command
if $facts['os']['family'] and ! $docker::acknowledge_unsupported_os {
assert_type(Pattern[/^(Debian|RedHat|windows)$/], $facts['os']['family']) |$a, $b| {
fail('This module only works on Debian, RedHat or Windows.')
}
}
if $docker::version and $docker::ensure != 'absent' {
$ensure = $docker::version
} else {
$ensure = $docker::ensure
}
if $docker::manage_package {
if empty($docker::repo_opt) {
$docker_hash = {}
} else {
$docker_hash = { 'install_options' => $docker::repo_opt }
}
if $docker::package_source {
if $facts['os']['family'] == 'windows' {
fail('Custom package source is currently not implemented on windows.')
}
case $docker::package_source {
/docker-engine/ : {
ensure_resource('package', 'docker', stdlib::merge($docker_hash, {
ensure => $ensure,
source => $docker::package_source,
name => $docker::docker_engine_package_name,
}))
}
/docker-ce/ : {
ensure_resource('package', 'docker', stdlib::merge($docker_hash, {
ensure => $ensure,
source => $docker::package_source,
name => $docker::docker_ce_package_name,
}))
ensure_resource('package', 'docker-ce-cli', stdlib::merge($docker_hash, {
ensure => $ensure,
source => $docker::package_source,
name => $docker::docker_ce_cli_package_name,
}))
}
default : {
# Empty
}
}
} else {
if $facts['os']['family'] != 'windows' {
ensure_resource('package', 'docker', stdlib::merge($docker_hash, {
ensure => $ensure,
name => $docker::docker_package_name,
}))
if $ensure == 'absent' {
ensure_resource('package', $dependent_packages, {
ensure => $ensure,
})
}
} else {
if $ensure == 'absent' {
$remove_docker_parameters = {
'docker_ee_package_name' => $docker_ee_package_name,
'version' => $version,
}
$check_docker_parameters = {
'docker_ee_package_name' => $docker_ee_package_name,
}
exec { 'remove-docker-package':
command => epp('docker/windows/remove_docker.ps1.epp', $remove_docker_parameters),
provider => powershell,
unless => epp('docker/windows/check_docker.ps1.epp', $check_docker_parameters),
logoutput => true,
}
} else {
if $docker::package_location {
$download_docker_parameters = {
'docker_download_url' => $docker_download_url,
}
$check_docker_url_parameters = {
'docker_download_url' => $docker_download_url,
}
exec { 'install-docker-package':
command => epp('docker/windows/download_docker.ps1.epp', $download_docker_parameters),
provider => powershell,
unless => epp('docker/windows/check_docker_url.ps1.epp', $check_docker_url_parameters),
logoutput => true,
notify => Exec['service-restart-on-failure'],
}
} else {
$install_powershell_provider_parameters = {
'nuget_package_provider_version' => $nuget_package_provider_version,
'docker_msft_provider_version' => $docker_msft_provider_version,
'version' => $version,
}
$check_powershell_provider_parameters = {
'nuget_package_provider_version' => $nuget_package_provider_version,
'docker_msft_provider_version' => $docker_msft_provider_version,
'docker_ee_package_name' => $docker_ee_package_name,
'version' => $version,
}
exec { 'install-docker-package':
command => epp('docker/windows/install_powershell_provider.ps1.epp', $install_powershell_provider_parameters),
provider => powershell,
unless => epp('docker/windows/check_powershell_provider.ps1.epp', $check_powershell_provider_parameters),
logoutput => true,
timeout => 1800,
notify => Exec['service-restart-on-failure'],
}
}
exec { 'service-restart-on-failure':
command => 'SC.exe failure Docker reset= 432000 actions= restart/30000/restart/60000/restart/60000',
refreshonly => true,
logoutput => true,
provider => powershell,
}
}
}
}
}
}

108
environments/production/thirdparty/docker/manifests/machine.pp vendored Normal file
View file

@ -0,0 +1,108 @@
# @summary
# install Docker Machine using the recommended curl command.
#
# @param ensure
# Whether to install or remove Docker Machine
# Valid values are absent present
#
# @param version
# The version of Docker Machine to install.
#
# @param install_path
# The path where to install Docker Machine.
#
# @param proxy
# Proxy to use for downloading Docker Machine.
#
# @param url
# The URL from which the docker machine binary should be fetched
#
# @param curl_ensure
# Whether or not the curl package is ensured by this module.
#
class docker::machine (
Enum[present,absent] $ensure = 'present',
Optional[String] $version = $docker::params::machine_version,
Optional[String] $install_path = $docker::params::machine_install_path,
Optional[Pattern['^((http[s]?)?:\/\/)?([^:^@]+:[^:^@]+@|)([\da-z\.-]+)\.([\da-z\.]{2,6})(:[\d])?([\/\w \.-]*)*\/?$']] $proxy = undef,
Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $url = undef,
Optional[Boolean] $curl_ensure = $docker::params::curl_ensure,
) inherits docker::params {
if $facts['os']['family'] == 'windows' {
$file_extension = '.exe'
$file_owner = 'Administrator'
} else {
$file_extension = ''
$file_owner = 'root'
}
$docker_machine_location = "${install_path}/docker-machine${file_extension}"
$docker_machine_location_versioned = "${install_path}/docker-machine-${version}${file_extension}"
if $ensure == 'present' {
$docker_machine_url = $url ? {
undef => "https://github.com/docker/machine/releases/download/v${version}/docker-machine-${facts['kernel']}-x86_64${file_extension}",
default => $url,
}
if $proxy != undef {
$proxy_opt = "--proxy ${proxy}"
} else {
$proxy_opt = ''
}
if $facts['os']['family'] == 'windows' {
$docker_download_command = "if (Invoke-WebRequest ${docker_machine_url} ${proxy_opt} -UseBasicParsing -OutFile \"${docker_machine_location_versioned}\") { exit 0 } else { exit 1}" # lint:ignore:140chars
$parameters = {
'proxy' => $proxy,
'docker_machine_url' => $docker_machine_url,
'docker_machine_location_versioned' => $docker_machine_location_versioned,
}
exec { "Install Docker Machine ${version}":
command => epp('docker/windows/download_docker_machine.ps1.epp', $parameters),
provider => powershell,
creates => $docker_machine_location_versioned,
}
file { $docker_machine_location:
ensure => 'link',
target => $docker_machine_location_versioned,
require => Exec["Install Docker Machine ${version}"],
}
} else {
if $curl_ensure {
stdlib::ensure_packages(['curl'])
}
exec { "Install Docker Machine ${version}":
path => '/usr/bin/',
cwd => '/tmp',
command => "curl -s -S -L ${proxy_opt} ${docker_machine_url} -o ${docker_machine_location_versioned}",
creates => $docker_machine_location_versioned,
require => Package['curl'],
}
file { $docker_machine_location_versioned:
owner => $file_owner,
mode => '0755',
require => Exec["Install Docker Machine ${version}"],
}
file { $docker_machine_location:
ensure => 'link',
target => $docker_machine_location_versioned,
require => File[$docker_machine_location_versioned],
}
}
} else {
file { $docker_machine_location_versioned:
ensure => absent,
}
file { $docker_machine_location:
ensure => absent,
}
}
}

11
environments/production/thirdparty/docker/manifests/networks.pp vendored Normal file
View file

@ -0,0 +1,11 @@
# @summary
#
# @param networks
#
class docker::networks (
Optional[Hash[String, Hash]] $networks = undef,
) {
if $networks {
create_resources(docker_network, $networks)
}
}

387
environments/production/thirdparty/docker/manifests/params.pp vendored Normal file
View file

@ -0,0 +1,387 @@
# @summary Default parameter values for the docker module
#
class docker::params {
$version = undef
$ensure = present
$docker_ce_start_command = 'dockerd'
$docker_ce_package_name = 'docker-ce'
$docker_ce_cli_package_name = 'docker-ce-cli'
$docker_engine_start_command = 'docker daemon'
$docker_engine_package_name = 'docker-engine'
$docker_ce_channel = stable
$docker_ee = false
$docker_ee_start_command = 'dockerd'
$docker_ee_source_location = undef
$docker_ee_key_source = undef
$docker_ee_key_id = undef
$docker_ee_repos = stable
$tcp_bind = undef
$tls_enable = false
$tls_verify = true
$machine_version = '0.16.1'
$ip_forward = true
$iptables = true
$ipv6 = false
$ipv6_cidr = undef
$default_gateway_ipv6 = undef
$icc = undef
$ip_masq = true
$bip = undef
$mtu = undef
$fixed_cidr = undef
$bridge = undef
$default_gateway = undef
$socket_bind = 'unix:///var/run/docker.sock'
$log_level = undef
$log_driver = undef
$log_opt = []
$selinux_enabled = undef
$socket_group_default = 'docker'
$labels = []
$service_state = running
$service_enable = true
$manage_service = true
$root_dir = undef
$tmp_dir_config = true
$tmp_dir = '/tmp/'
$dns = undef
$dns_search = undef
$proxy = undef
$compose_version = undef
$no_proxy = undef
$execdriver = undef
$storage_driver = undef
$dm_basesize = undef
$dm_fs = undef
$dm_mkfsarg = undef
$dm_mountopt = undef
$dm_blocksize = undef
$dm_loopdatasize = undef
$dm_loopmetadatasize = undef
$dm_datadev = undef
$dm_metadatadev = undef
$dm_thinpooldev = undef
$dm_use_deferred_removal = undef
$dm_use_deferred_deletion = undef
$dm_blkdiscard = undef
$dm_override_udev_sync_check = undef
$overlay2_override_kernel_check = false
$manage_package = true
$package_source = undef
$service_name_default = 'docker'
$docker_group_default = 'docker'
$storage_devs = undef
$storage_vg = undef
$storage_root_size = undef
$storage_data_size = undef
$storage_min_data_size = undef
$storage_chunk_size = undef
$storage_growpart = undef
$storage_auto_extend_pool = undef
$storage_pool_autoextend_threshold = undef
$storage_pool_autoextend_percent = undef
$storage_config_template = 'docker/etc/sysconfig/docker-storage.epp'
$registry_mirror = undef
$curl_ensure = true
$os_lc = downcase($facts['os']['name'])
$docker_msft_provider_version = undef
$nuget_package_provider_version = undef
$docker_command = 'docker'
if ($facts['os']['family'] == 'windows') {
$docker_ee_package_name = 'Docker'
$machine_install_path = "${facts['docker_program_files_path']}/Docker"
$tls_cacert = "${facts['docker_program_data_path']}/docker/certs.d/ca.pem"
$tls_cert = "${facts['docker_program_data_path']}/docker/certs.d/server-cert.pem"
$tls_key = "${facts['docker_program_data_path']}/docker/certs.d/server-key.pem"
} else {
$docker_ee_package_name = 'docker-ee'
$machine_install_path = '/usr/local/bin'
$tls_cacert = '/etc/docker/tls/ca.pem'
$tls_cert = '/etc/docker/tls/cert.pem'
$tls_key = '/etc/docker/tls/key.pem'
}
case $facts['os']['family'] {
'Debian' : {
case $facts['os']['name'] {
'Ubuntu' : {
$package_release = "ubuntu-${facts['os']['distro']['codename']}"
if (versioncmp($facts['os']['release']['full'], '15.04') >= 0) {
$service_after_override = undef
$service_config_template = 'docker/etc/sysconfig/docker.systemd.epp'
$service_hasrestart = true
$service_hasstatus = true
$service_overrides_template = 'docker/etc/systemd/system/docker.service.d/service-overrides-debian.conf.epp'
$service_provider = 'systemd'
$socket_override = false
$socket_overrides_template = 'docker/etc/systemd/system/docker.socket.d/socket-overrides.conf.epp'
$storage_config = '/etc/default/docker-storage'
include docker::systemd_reload
} else {
$service_config_template = 'docker/etc/default/docker.epp'
$service_overrides_template = undef
$socket_overrides_template = undef
$socket_override = false
$service_after_override = undef
$service_provider = 'upstart'
$service_hasstatus = true
$service_hasrestart = false
$storage_config = undef
}
}
default: {
if (versioncmp($facts['facterversion'], '2.4.6') <= 0) {
$package_release = "debian-${facts['os']['lsb']['distcodename']}"
} else {
$package_release = "debian-${facts['os']['distro']['codename']}"
}
$service_provider = 'systemd'
$storage_config = '/etc/default/docker-storage'
$service_config_template = 'docker/etc/sysconfig/docker.systemd.epp'
$service_overrides_template = 'docker/etc/systemd/system/docker.service.d/service-overrides-debian.conf.epp'
$socket_overrides_template = 'docker/etc/systemd/system/docker.socket.d/socket-overrides.conf.epp'
$socket_override = false
$service_after_override = undef
$service_hasstatus = true
$service_hasrestart = true
include docker::systemd_reload
}
}
$apt_source_pin_level = 500
$docker_group = $docker_group_default
$pin_upstream_package_source = true
$repo_opt = undef
$service_config = undef
$service_name = $service_name_default
$socket_group = $socket_group_default
$storage_setup_file = undef
$use_upstream_package_source = true
$package_ce_source_location = "https://download.docker.com/linux/${os_lc}"
$package_ce_key_source = "https://download.docker.com/linux/${os_lc}/gpg"
$package_ce_key_id = '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
if (versioncmp($facts['facterversion'], '2.4.6') <= 0) {
$package_ce_release = $facts['os']['lsb']['distcodename']
} else {
$package_ce_release = $facts['os']['distro']['codename']
}
$package_source_location = 'http://apt.dockerproject.org/repo'
$package_key_source = 'https://apt.dockerproject.org/gpg'
$package_key_check_source = undef
$package_key_id = '58118E89F3A912897C070ADBF76221572C52609D'
$package_ee_source_location = $docker_ee_source_location
$package_ee_key_source = $docker_ee_key_source
$package_ee_key_id = $docker_ee_key_id
if (versioncmp($facts['facterversion'], '2.4.6') <= 0) {
$package_ee_release = $facts['os']['lsb']['distcodename']
} else {
$package_ee_release = $facts['os']['distro']['codename']
}
$package_ee_repos = $docker_ee_repos
$package_ee_package_name = $docker_ee_package_name
if ($service_provider == 'systemd') {
$detach_service_in_init = false
} else {
$detach_service_in_init = true
}
}
'RedHat' : {
$service_after_override = undef
$service_config = '/etc/sysconfig/docker'
$service_config_template = 'docker/etc/sysconfig/docker.systemd.epp'
$service_hasrestart = true
$service_hasstatus = true
$service_overrides_template = 'docker/etc/systemd/system/docker.service.d/service-overrides-rhel.conf.epp'
$service_provider = 'systemd'
$socket_override = false
$socket_overrides_template = 'docker/etc/systemd/system/docker.socket.d/socket-overrides.conf.epp'
$storage_config = '/etc/sysconfig/docker-storage'
$storage_setup_file = '/etc/sysconfig/docker-storage-setup'
$use_upstream_package_source = true
$apt_source_pin_level = undef
$detach_service_in_init = false
$package_ce_key_id = undef
$package_ce_key_source = 'https://download.docker.com/linux/centos/gpg'
$package_ce_release = undef
$package_ce_source_location = "https://download.docker.com/linux/centos/${facts['os']['release']['major']}/${facts['os']['architecture']}/${docker_ce_channel}"
$package_ee_key_id = $docker_ee_key_id
$package_ee_key_source = $docker_ee_key_source
$package_ee_package_name = $docker_ee_package_name
$package_ee_release = undef
$package_ee_repos = $docker_ee_repos
$package_ee_source_location = $docker_ee_source_location
$package_key_check_source = true
$package_key_id = undef
$package_key_source = 'https://yum.dockerproject.org/gpg'
$package_release = undef
$package_source_location = "https://yum.dockerproject.org/repo/main/centos/${facts['os']['release']['major']}"
$pin_upstream_package_source = undef
$service_name = $service_name_default
if $use_upstream_package_source {
$docker_group = $docker_group_default
$socket_group = $socket_group_default
} else {
$docker_group = 'dockerroot'
$socket_group = 'dockerroot'
}
$repo_opt = undef
}
'windows' : {
$msft_nuget_package_provider_version = $nuget_package_provider_version
$msft_provider_version = $docker_msft_provider_version
$msft_package_version = $version
$service_config_template = 'docker/windows/config/daemon.json.epp'
$service_config = "${facts['docker_program_data_path']}/docker/config/daemon.json"
$docker_group = 'docker'
$package_ce_source_location = undef
$package_ce_key_source = undef
$package_ce_key_id = undef
$package_ce_repos = undef
$package_ce_release = undef
$package_key_id = undef
$package_release = undef
$package_source_location = undef
$package_key_source = undef
$package_key_check_source = undef
$package_ee_source_location = undef
$package_ee_package_name = $docker_ee_package_name
$package_ee_key_source = undef
$package_ee_key_id = undef
$package_ee_repos = undef
$package_ee_release = undef
$use_upstream_package_source = undef
$pin_upstream_package_source = undef
$apt_source_pin_level = undef
$socket_group = undef
$service_name = $service_name_default
$repo_opt = undef
$storage_config = undef
$storage_setup_file = undef
$service_provider = undef
$service_overrides_template = undef
$socket_overrides_template = undef
$socket_override = false
$service_after_override = undef
$service_hasstatus = undef
$service_hasrestart = undef
$detach_service_in_init = true
}
'Suse': {
$docker_group = $docker_group_default
$socket_group = $socket_group_default
$package_key_source = undef
$package_key_check_source = undef
$package_source_location = undef
$package_key_id = undef
$package_repos = undef
$package_release = undef
$package_ce_key_source = undef
$package_ce_source_location = undef
$package_ce_key_id = undef
$package_ce_repos = undef
$package_ce_release = undef
$package_ee_source_location = undef
$package_ee_key_source = undef
$package_ee_key_id = undef
$package_ee_release = undef
$package_ee_repos = undef
$package_ee_package_name = undef
$use_upstream_package_source = true
$service_overrides_template = undef
$socket_overrides_template = undef
$socket_override = false
$service_after_override = undef
$service_hasstatus = undef
$service_hasrestart = undef
$service_provider = 'systemd'
$package_name = $docker_ce_package_name
$service_name = $service_name_default
$detach_service_in_init = true
$repo_opt = undef
$nowarn_kernel = false
$service_config = undef
$storage_config = undef
$storage_setup_file = undef
$service_config_template = undef
$pin_upstream_package_source = undef
$apt_source_pin_level = undef
}
default: {
$docker_group = $docker_group_default
$socket_group = $socket_group_default
$package_key_source = undef
$package_key_check_source = undef
$package_source_location = undef
$package_key_id = undef
$package_repos = undef
$package_release = undef
$package_ce_key_source = undef
$package_ce_source_location = undef
$package_ce_key_id = undef
$package_ce_repos = undef
$package_ce_release = undef
$package_ee_source_location = undef
$package_ee_key_source = undef
$package_ee_key_id = undef
$package_ee_release = undef
$package_ee_repos = undef
$package_ee_package_name = undef
$use_upstream_package_source = true
$service_overrides_template = undef
$socket_overrides_template = undef
$socket_override = false
$service_after_override = undef
$service_hasstatus = undef
$service_hasrestart = undef
$service_provider = undef
$package_name = $docker_ce_package_name
$service_name = $service_name_default
$detach_service_in_init = true
$repo_opt = undef
$nowarn_kernel = false
$service_config = undef
$storage_config = undef
$storage_setup_file = undef
$service_config_template = undef
$pin_upstream_package_source = undef
$apt_source_pin_level = undef
}
}
# Special extra packages are required on some OSes.
# Specifically apparmor is needed for Ubuntu:
# https://github.com/docker/docker/issues/4734
$prerequired_packages = $facts['os']['family'] ? {
'Debian' => $facts['os']['name'] ? {
'Debian' => ['cgroupfs-mount',],
'Ubuntu' => ['cgroup-lite', 'apparmor',],
default => [],
},
'RedHat' => ['device-mapper'],
default => [],
}
$dependent_packages = [$docker_ce_cli_package_name, 'containerd.io',]
if($service_provider == 'systemd') {
# systemd v230 adds new StartLimitIntervalSec, StartLimitBurst
if($facts['os']['family'] == 'RedHat' and versioncmp($facts['os']['release']['major'], '8') < 0) {
$have_systemd_v230 = false
} elsif($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '18.04') < 0) {
$have_systemd_v230 = false
} elsif($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '9') < 0) {
$have_systemd_v230 = false
} else {
$have_systemd_v230 = true
}
} else {
$have_systemd_v230 = false
}
}

122
environments/production/thirdparty/docker/manifests/plugin.pp vendored Normal file
View file

@ -0,0 +1,122 @@
# @summary
# A define that manages a docker plugin
#
# @param plugin_name
# This ensures whether the plugin is installed or not.
# Note that the default behaviour of docker plugin
# requires a plugin be disabled before it can be removed
#
# @param enabled
# A setting to enable or disable an installed plugin.
#
# @param timeout
# The number of seconds to wait when enabling a plugin
#
# @param plugin_alias
# An alternative name to use for an installed plugin
#
# @param disable_on_install
# Alters the default behaviour of enabling a plugin upon install
#
# @param disable_content_trust
# Skip image verification
#
# @param grant_all_permissions
# Grant all permissions necessary to run the plugin
#
# @param force_remove
# Force the removal of an active plugin
#
# @param settings
# Any additional settings to pass to the plugin during install
#
# @param ensure
#
define docker::plugin (
Enum[present,absent] $ensure = 'present',
String $plugin_name = $title,
Boolean $enabled = true,
Optional[String] $timeout = undef,
Optional[String] $plugin_alias = undef,
Boolean $disable_on_install = false,
Boolean $disable_content_trust = true,
Boolean $grant_all_permissions = true,
Boolean $force_remove = true,
Array $settings = [],
) {
include docker::params
$docker_command = "${docker::params::docker_command} plugin"
if ($facts['os']['family'] == 'windows') {
fail('Feature not implemented on windows.')
}
if $ensure == 'present' {
$docker_plugin_install_flags = docker_plugin_install_flags({
plugin_name => $plugin_name,
plugin_alias => $plugin_alias,
disable_on_install => $disable_on_install,
disable_content_trust => $disable_content_trust,
grant_all_permissions => $grant_all_permissions,
settings => $settings,
}
)
$exec_install = "${docker_command} install ${docker_plugin_install_flags}"
$unless_install = "${docker_command} ls --format='{{.PluginReference}}' | grep -w ${plugin_name}"
exec { "plugin install ${plugin_name}":
command => $exec_install,
environment => 'HOME=/root',
path => ['/bin', '/usr/bin'],
timeout => 0,
unless => $unless_install,
}
} elsif $ensure == 'absent' {
$docker_plugin_remove_flags = docker_plugin_remove_flags({
plugin_name => $plugin_name,
force_remove => $force_remove,
}
)
$exec_rm = "${docker_command} rm ${docker_plugin_remove_flags}"
$onlyif_rm = "${docker_command} ls --format='{{.PluginReference}}' | grep -w ${plugin_name}"
exec { "plugin remove ${plugin_name}":
command => $exec_rm,
environment => 'HOME=/root',
path => ['/bin', '/usr/bin'],
timeout => 0,
onlyif => $onlyif_rm,
}
}
if $enabled {
$docker_plugin_enable_flags = docker_plugin_enable_flags({
plugin_name => $plugin_name,
plugin_alias => $plugin_alias,
timeout => $timeout,
}
)
$exec_enable = "${docker_command} enable ${docker_plugin_enable_flags}"
$onlyif_enable = "${docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w ${plugin_name}"
exec { "plugin enable ${plugin_name}":
command => $exec_enable,
environment => 'HOME=/root',
path => ['/bin', '/usr/bin'],
timeout => 0,
onlyif => $onlyif_enable,
}
} elsif $enabled == false {
exec { "disable ${plugin_name}":
command => "${docker_command} disable ${plugin_name}",
environment => 'HOME=/root',
path => ['/bin', '/usr/bin',],
timeout => 0,
unless => "${docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w ${plugin_name}",
}
}
}

9
environments/production/thirdparty/docker/manifests/plugins.pp vendored Normal file
View file

@ -0,0 +1,9 @@
# @summary
#
# @param plugins
#
class docker::plugins (
Hash $plugins
) {
create_resources(docker::plugin, $plugins)
}

159
environments/production/thirdparty/docker/manifests/registry.pp vendored Normal file
View file

@ -0,0 +1,159 @@
# @summary
# Module to configure private docker registries from which to pull Docker images
#
# @param server
# The hostname and port of the private Docker registry. Ex: dockerreg:5000
#
# @param ensure
# Whether or not you want to login or logout of a repository
#
# @param username
# Username for authentication to private Docker registry.
# auth is not required.
#
# @param password
# Password for authentication to private Docker registry. Leave undef if
# auth is not required.
#
# @param pass_hash
# The hash to be used for receipt. If left as undef, a hash will be generated
#
# @param email
# Email for registration to private Docker registry. Leave undef if
# auth is not required.
#
# @param local_user
# The local user to log in as. Docker will store credentials in this
# users home directory
#
# @param local_user_home
# The local user home directory.
#
# @param receipt
# Required to be true for idempotency
#
# @param version
#
define docker::registry (
Optional[String] $server = $title,
Enum[present,absent] $ensure = 'present',
Optional[String] $username = undef,
Optional[String] $password = undef,
Optional[String] $pass_hash = undef,
Optional[String] $email = undef,
String $local_user = 'root',
Optional[String] $local_user_home = undef,
Optional[String] $version = $docker::version,
Boolean $receipt = true,
) {
include docker::params
$docker_command = $docker::params::docker_command
if $facts['os']['family'] == 'windows' {
$exec_environment = ["PATH=${facts['docker_program_files_path']}/Docker/",]
$exec_timeout = 3000
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
$exec_provider = 'powershell'
$password_env = '$env:password'
$exec_user = undef
} else {
$exec_environment = []
$exec_path = ['/bin', '/usr/bin',]
$exec_timeout = 0
$exec_provider = undef
$password_env = "\${password}"
$exec_user = $local_user
if $local_user_home {
$_local_user_home = $local_user_home
} else {
# set sensible default
$_local_user_home = ($local_user == 'root') ? {
true => '/root',
default => "/home/${local_user}",
}
}
}
if $ensure == 'present' {
if $username != undef and $password != undef and $email != undef and $version != undef and $version =~ /1[.][1-9]0?/ {
$auth_cmd = "${docker_command} login -u '${username}' -p \"${password_env}\" -e '${email}' ${server}"
$auth_environment = "password=${password}"
} elsif $username != undef and $password != undef {
$auth_cmd = "${docker_command} login -u '${username}' -p \"${password_env}\" ${server}"
$auth_environment = "password=${password}"
} else {
$auth_cmd = "${docker_command} login ${server}"
$auth_environment = ''
}
} else {
$auth_cmd = "${docker_command} logout ${server}"
$auth_environment = ''
}
$docker_auth = "${title}${auth_environment}${auth_cmd}${local_user}"
if $auth_environment != '' {
$exec_env = concat($exec_environment, $auth_environment, "docker_auth=${docker_auth}")
} else {
$exec_env = concat($exec_environment, "docker_auth=${docker_auth}")
}
if $receipt {
if $facts['os']['family'] != 'windows' {
# server may be an URI, which can contain /
$server_strip = regsubst($server, '/', '_', 'G')
# no - with pw_hash
$local_user_strip = regsubst($local_user, '[-_]', '', 'G')
$_pass_hash = $pass_hash ? {
Undef => pw_hash($docker_auth, 'SHA-512', $local_user_strip),
default => $pass_hash
}
$_auth_command = "${auth_cmd} || (rm -f \"/${_local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}\"; exit 1;)"
file { "/${_local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}":
ensure => $ensure,
content => $_pass_hash,
owner => $local_user,
group => $local_user,
notify => Exec["${title} auth"],
}
} else {
# server may be an URI, which can contain /
$server_strip = regsubst($server, '[/:]', '_', 'G')
$passfile = "${facts['docker_user_temp_path']}/registry-auth-puppet_receipt_${server_strip}_${local_user}"
$_auth_command = "if (-not (${auth_cmd})) { Remove-Item -Path ${passfile} -Force -Recurse -EA SilentlyContinue; exit 1 } else { exit 0 }" # lint:ignore:140chars
if $ensure == 'absent' {
file { $passfile:
ensure => $ensure,
notify => Exec["${title} auth"],
}
} elsif $ensure == 'present' {
exec { 'compute-hash':
command => stdlib::deferrable_epp('docker/windows/compute_hash.ps1.epp', { 'passfile' => $passfile }),
environment => Deferred('docker::env', [$exec_env]),
provider => $exec_provider,
logoutput => true,
unless => stdlib::deferrable_epp('docker/windows/check_hash.ps1.epp', { 'passfile' => $passfile }),
notify => Exec["${title} auth"],
}
}
}
} else {
$_auth_command = $auth_cmd
}
exec { "${title} auth":
environment => Deferred('docker::env', [$exec_env]),
command => Deferred('sprintf', [$_auth_command]),
user => $exec_user,
path => $exec_path,
timeout => $exec_timeout,
provider => $exec_provider,
refreshonly => $receipt,
}
}

9
environments/production/thirdparty/docker/manifests/registry_auth.pp vendored Normal file
View file

@ -0,0 +1,9 @@
# @summary
#
# @param registries
#
class docker::registry_auth (
Hash $registries
) {
create_resources(docker::registry, $registries)
}

90
environments/production/thirdparty/docker/manifests/repos.pp vendored Normal file
View file

@ -0,0 +1,90 @@
# @summary
#
# @param location
#
# @param key_source
#
# @param key_check_source
#
# @param architecture
#
class docker::repos (
Optional[String] $location = $docker::package_location,
Optional[String] $key_source = $docker::package_key_source,
Optional[Boolean] $key_check_source = $docker::package_key_check_source,
String $architecture = $facts['os']['architecture'],
) {
stdlib::ensure_packages($docker::prerequired_packages)
case $facts['os']['family'] {
'Debian': {
$release = $docker::release
$package_key = $docker::package_key
$package_repos = $docker::package_repos
if ($docker::use_upstream_package_source) {
apt::source { 'docker':
location => $location,
architecture => $architecture,
release => $release,
repos => $package_repos,
key => {
id => $package_key,
source => $key_source,
},
include => {
src => false,
},
}
$url_split = split($location, '/')
$repo_host = $url_split[2]
$pin_ensure = $docker::pin_upstream_package_source ? {
true => 'present',
default => 'absent',
}
apt::pin { 'docker':
ensure => $pin_ensure,
origin => $repo_host,
priority => $docker::apt_source_pin_level,
}
if $docker::manage_package {
include apt
if (versioncmp($facts['facterversion'], '2.4.6') <= 0) {
if $facts['os']['name'] == 'Debian' and $facts['os']['lsb']['distcodename'] == 'wheezy' {
include apt::backports
}
} else {
if $facts['os']['name'] == 'Debian' and $facts['os']['distro']['codename'] == 'wheezy' {
include apt::backports
}
}
Exec['apt_update'] -> Package[$docker::prerequired_packages]
Apt::Source['docker'] -> Package['docker']
}
}
}
'RedHat': {
if ($docker::manage_package) {
$baseurl = $location
$gpgkey = $key_source
$gpgkey_check = $key_check_source
if ($docker::use_upstream_package_source) {
yumrepo { 'docker':
descr => 'Docker',
baseurl => $baseurl,
gpgkey => $gpgkey,
gpgcheck => $gpgkey_check,
}
Yumrepo['docker'] -> Package['docker']
}
}
}
default: {}
}
}

752
environments/production/thirdparty/docker/manifests/run.pp vendored Normal file
View file

@ -0,0 +1,752 @@
# @summary
# A define which manages a running docker container.
#
# @param restart
# Sets a restart policy on the docker run.
# Note: If set, puppet will NOT setup an init script to manage, instead
# it will do a raw docker run command using a CID file to track the container
# ID.
#
# If you want a normal named container with an init script and a restart policy
# you must use the extra_parameters feature and pass it in like this:
#
# extra_parameters => ['--restart=always']
#
# However, if your system is using sytemd this restart policy will be
# ineffective because the ExecStop commands will run which will cause
# docker to stop restarting it. In this case you should use the
# systemd_restart option to specify the policy you want.
#
# This will allow the docker container to be restarted if it dies, without
# puppet help.
#
# @param verify_digest
# (optional) Make sure, that the image has not modified. Compares the digest
# checksum before starting the docker image.
# To get the digest of an image, run the following command:
# docker image inspect <<image>> --format='{{index .RepoDigests 0}}
#
# @param service_prefix
# (optional) The name to prefix the startup script with and the Puppet
# service resource title with. Default: 'docker-'
#
# @param restart_service
# (optional) Whether or not to restart the service if the the generated init
# script changes. Default: true
#
# @param restart_service_on_docker_refresh
# Whether or not to restart the service if the docker service is restarted.
# Only has effect if the docker_service parameter is set.
# Default: true
#
# @param manage_service
# (optional) Whether or not to create a puppet Service resource for the init
# script. Disabling this may be useful if integrating with existing modules.
# Default: true
#
# @param docker_service
# (optional) If (and how) the Docker service itself is managed by Puppet
# true -> Service['docker']
# false -> no Service dependency
# anything else -> Service[docker_service]
# Default: false
#
# @param health_check_cmd
# (optional) Specifies the command to execute to check that the container is healthy using the docker health check functionality.
# Default: undef
#
# @param health_check_interval
# (optional) Specifies the interval that the health check command will execute in seconds.
# Default: undef
#
# @param restart_on_unhealthy
# (optional) Checks the health status of Docker container and if it is unhealthy the service will be restarted.
# The health_check_cmd parameter must be set to true to use this functionality.
# Default: undef
#
# @param net
#
# The docker network to attach to a container.
# Can be a String or Array (if using multiple networks)
# Default: bridge
#
# @param extra_parameters
# An array of additional command line arguments to pass to the `docker run`
# command. Useful for adding additional new or experimental options that the
# module does not yet support.
#
# @param systemd_restart
# (optional) If the container is to be managed by a systemd unit file set the
# Restart option on the unit file. Can be any valid value for this systemd
# configuration. Most commonly used are on-failure or always.
# Default: on-failure
#
# @param custom_unless
# (optional) Specify an additional unless for the Docker run command when using restart.
# Default: undef
#
# @param after_create
# (optional) Specifies the command to execute after container is created but before it is started.
# Default: undef
#
# @param remain_after_exit
# (optional) If the container is to be managed by a systemd unit file set the
# RemainAfterExit option on the unit file. Can be any valid value for this systemd
# configuration.
# Default: Not included in unit file
#
# @param prepare_service_only
# (optional) Prepare the service and enable it as usual but do not run it right away.
# Useful when building VM images using masterless Puppet and then letting the Docker images
# to be downloaded when a new VM is created.
# Default: false
#
# @param image
#
# @param ensure
#
# @param command
#
# @param memory_limit
#
# @param cpuset
#
# @param ports
#
# @param labels
#
# @param expose
#
# @param volumes
#
# @param links
#
# @param use_name
#
# @param running
#
# @param volumes_from
#
# @param username
#
# @param hostname
#
# @param env
#
# @param env_file
#
# @param dns
#
# @param dns_search
#
# @param lxc_conf
#
# @param service_provider
#
# @param disable_network
#
# @param privileged
#
# @param detach
#
# @param extra_systemd_parameters
#
# @param pull_on_start
#
# @param after
#
# @param after_service
#
# @param depends
#
# @param depend_services
#
# @param tty
#
# @param socket_connect
#
# @param hostentries
#
# @param before_start
#
# @param before_stop
#
# @param after_start
#
# @param after_stop
#
# @param remove_container_on_start
#
# @param remove_container_on_stop
#
# @param remove_volume_on_start
#
# @param remove_volume_on_stop
#
# @param stop_wait_time
#
# @param syslog_identifier
#
# @param syslog_facility
#
# @param read_only
#
define docker::run (
Optional[Pattern[/^[\S]*$/]] $image = undef,
Enum[present,absent] $ensure = 'present',
Optional[String] $verify_digest = undef,
Optional[String] $command = undef,
Pattern[/^[\d]*(b|k|m|g)$/] $memory_limit = '0b',
Variant[String,Array,Undef] $cpuset = [],
Variant[String,Array,Undef] $ports = [],
Variant[String,Array,Undef] $labels = [],
Variant[String,Array,Undef] $expose = [],
Variant[String,Array,Undef] $volumes = [],
Variant[String,Array,Undef] $links = [],
Boolean $use_name = false,
Boolean $running = true,
Variant[String,Array] $volumes_from = [],
Variant[String,Array[String[1],1],Undef] $net = undef,
Variant[String,Boolean] $username = false,
Variant[String,Boolean] $hostname = false,
Variant[String,Array] $env = [],
Variant[String,Array] $env_file = [],
Variant[String,Array] $dns = [],
Variant[String,Array] $dns_search = [],
Variant[String,Array] $lxc_conf = [],
String $service_prefix = 'docker-',
Optional[String] $service_provider = undef,
Boolean $restart_service = true,
Boolean $restart_service_on_docker_refresh = true,
Boolean $manage_service = true,
Variant[String,Boolean] $docker_service = false,
Boolean $disable_network = false,
Boolean $privileged = false,
Optional[Boolean] $detach = undef,
Optional[Variant[String,Array[String]]] $extra_parameters = undef,
String $systemd_restart = 'on-failure',
Variant[String,Hash] $extra_systemd_parameters = {},
Boolean $pull_on_start = false,
Variant[String,Array] $after = [],
Variant[String,Array] $after_service = [],
Variant[String,Array] $depends = [],
Variant[String,Array] $depend_services = ['docker.service'],
Boolean $tty = false,
Variant[String,Array] $socket_connect = [],
Variant[String,Array] $hostentries = [],
Optional[String] $restart = undef,
Variant[String,Boolean] $before_start = false,
Variant[String,Boolean] $before_stop = false,
Variant[String,Boolean] $after_start = false,
Variant[String,Boolean] $after_stop = false,
Optional[String] $after_create = undef,
Boolean $remove_container_on_start = true,
Boolean $remove_container_on_stop = true,
Boolean $remove_volume_on_start = false,
Boolean $remove_volume_on_stop = false,
Integer $stop_wait_time = 10,
Optional[String] $syslog_identifier = undef,
Optional[String] $syslog_facility = undef,
Boolean $read_only = false,
Optional[String] $health_check_cmd = undef,
Boolean $restart_on_unhealthy = false,
Optional[Integer] $health_check_interval = undef,
Variant[String,Array] $custom_unless = [],
Optional[String] $remain_after_exit = undef,
Boolean $prepare_service_only = false,
) {
include docker::params
if ($socket_connect != []) {
$sockopts = join(any2array($socket_connect), ',')
$docker_command = "${docker::params::docker_command} -H ${sockopts}"
} else {
$docker_command = $docker::params::docker_command
}
$service_name = $docker::service_name
$docker_group = $docker::docker_group
if $restart {
assert_type(Pattern[/^(no|always|unless-stopped|on-failure)|^on-failure:[\d]+$/], $restart)
}
if ($remove_volume_on_start and !$remove_container_on_start) {
fail("In order to remove the volume on start for ${title} you need to also remove the container")
}
if ($remove_volume_on_stop and !$remove_container_on_stop) {
fail("In order to remove the volume on stop for ${title} you need to also remove the container")
}
if $use_name {
notify { "docker use_name warning: ${title}":
message => 'The use_name parameter is no-longer required and will be removed in a future release',
withpath => true,
}
}
if $systemd_restart {
assert_type(Pattern[/^(no|always|on-success|on-failure|on-abnormal|on-abort|on-watchdog)$/], $systemd_restart)
}
$service_provider_real = $service_provider ? {
undef => $docker::params::service_provider,
default => $service_provider,
}
if $detach == undef {
$valid_detach = $service_provider_real ? {
'systemd' => false,
default => $docker::params::detach_service_in_init,
}
} else {
$valid_detach = $detach
}
$extra_parameters_array = any2array($extra_parameters)
$after_array = any2array($after)
$depends_array = any2array($depends)
$depend_services_array = any2array($depend_services)
$docker_run_flags = docker_run_flags({
cpuset => any2array($cpuset),
disable_network => $disable_network,
dns => any2array($dns),
dns_search => any2array($dns_search),
env => any2array($env),
env_file => any2array($env_file),
expose => any2array($expose),
extra_params => any2array($extra_parameters),
hostentries => any2array($hostentries),
hostname => $hostname,
links => any2array($links),
lxc_conf => any2array($lxc_conf),
memory_limit => $memory_limit,
net => $net,
ports => any2array($ports),
labels => any2array($labels),
privileged => $privileged,
socket_connect => any2array($socket_connect),
tty => $tty,
username => $username,
volumes => any2array($volumes),
volumes_from => any2array($volumes_from),
read_only => $read_only,
health_check_cmd => $health_check_cmd,
restart_on_unhealthy => $restart_on_unhealthy,
health_check_interval => $health_check_interval,
osfamily => $facts['os']['family'],
}
)
$sanitised_title = docker::sanitised_name($title)
if empty($depends_array) {
$sanitised_depends_array = []
} else {
$sanitised_depends_array = docker::sanitised_name($depends_array)
}
if empty($after_array) {
$sanitised_after_array = []
} else {
$sanitised_after_array = docker::sanitised_name($after_array)
}
if $facts['os']['family'] == 'windows' {
$exec_environment = "PATH=${facts['docker_program_files_path']}/Docker/;${facts['docker_systemroot']}/System32/"
$exec_timeout = 3000
$exec_path = ["${facts['docker_program_files_path']}/Docker/"]
$exec_provider = 'powershell'
$cidfile = "${facts['docker_user_temp_path']}/${service_prefix}${sanitised_title}.cid"
$restart_check = "${docker_command} inspect ${sanitised_title} -f '{{ if eq \\\"unhealthy\\\" .State.Health.Status }} {{ .Name }}{{ end }}' | findstr ${sanitised_title}" # lint:ignore:140chars
$container_running_check = "\$state = ${docker_command} inspect ${sanitised_title} -f \"{{ .State.Running }}\"; if (\$state -ieq \"true\") { Exit 0 } else { Exit 1 }" # lint:ignore:140chars
} else {
$exec_environment = 'HOME=/root'
$exec_path = ['/bin', '/usr/bin']
$exec_timeout = 0
$exec_provider = undef
$cidfile = "/var/run/${service_prefix}${sanitised_title}.cid"
$restart_check = "${docker_command} inspect ${sanitised_title} -f '{{ if eq \"unhealthy\" .State.Health.Status }} {{ .Name }}{{ end }}' | grep ${sanitised_title}" # lint:ignore:140chars
$container_running_check = "${docker_command} inspect ${sanitised_title} -f \"{{ .State.Running }}\" | grep true" # lint:ignore:140chars
}
if $restart_on_unhealthy {
exec { "Restart unhealthy container ${title} with docker":
command => "${docker_command} restart ${sanitised_title}",
onlyif => $restart_check,
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
}
if $restart {
if $ensure == 'absent' {
exec { "stop ${title} with docker":
command => "${docker_command} stop --time=${stop_wait_time} ${sanitised_title}",
onlyif => "${docker_command} inspect ${sanitised_title}",
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
exec { "remove ${title} with docker":
command => "${docker_command} rm -v ${sanitised_title}",
onlyif => "${docker_command} inspect ${sanitised_title}",
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
file { $cidfile:
ensure => absent,
}
} else {
$run_with_docker_command = [
"${docker_command} run -d ${docker_run_flags}",
"--name ${sanitised_title} --cidfile=${cidfile}",
"--restart=\"${restart}\" ${image} ${command}",
]
$inspect = ["${docker_command} inspect ${sanitised_title}",]
if $custom_unless {
$exec_unless = concat($custom_unless, $inspect)
} else {
$exec_unless = $inspect
}
if versioncmp($facts['puppetversion'], '6') < 0 {
exec { "run ${title} with docker":
command => join($run_with_docker_command, ' '),
unless => $exec_unless,
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
if $running == false {
exec { "stop ${title} with docker":
command => "${docker_command} stop --time=${stop_wait_time} ${sanitised_title}",
onlyif => $container_running_check,
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
} else {
exec { "start ${title} with docker":
command => "${docker_command} start ${sanitised_title}",
unless => $container_running_check,
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
}
} else {
$docker_params_changed_args = {
sanitised_title => $sanitised_title,
osfamily => $facts['os']['family'],
command => join($run_with_docker_command, ' '),
cidfile => $cidfile,
image => $image,
volumes => $volumes,
ports => $ports,
stop_wait_time => $stop_wait_time,
container_running => $running,
# logfile_path => ($facts['os']['family'] == 'windows') ? {
# true => ::docker_user_temp_path,
# default => '/tmp',
# },
}
$detect_changes = Deferred('docker_params_changed', [$docker_params_changed_args])
notify { "${title}_docker_params_changed":
message => $detect_changes,
}
}
}
} else {
$run_start_parameters = {
'before_start' => $before_start,
'remove_container_on_start' => $remove_container_on_start,
'docker_command' => $docker_command,
'remove_volume_on_start' => $remove_volume_on_start,
'sanitised_title' => $sanitised_title,
'pull_on_start' => $pull_on_start,
'image' => $image,
'verify_digest' => $verify_digest,
'docker_run_flags' => $docker_run_flags,
'command' => $command,
'after_create' => $after_create,
'net' => $net,
'valid_detach' => $valid_detach,
'after_start' => $after_start,
}
$docker_run_inline_start = epp('docker/docker-run-start.epp', $run_start_parameters)
$run_stop_parameters = {
'before_stop' => $before_stop,
'docker_command' => $docker_command,
'stop_wait_time' => $stop_wait_time,
'sanitised_title' => $sanitised_title,
'remove_container_on_stop' => $remove_container_on_stop,
'remove_volume_on_stop' => $remove_volume_on_stop,
'after_stop' => $after_stop,
}
$docker_run_inline_stop = epp('docker/docker-run-stop.epp', $run_stop_parameters)
case $service_provider_real {
'systemd': {
$initscript = "/etc/systemd/system/${service_prefix}${sanitised_title}.service"
$startscript = "/usr/local/bin/docker-run-${sanitised_title}-start.sh"
$stopscript = "/usr/local/bin/docker-run-${sanitised_title}-stop.sh"
$startstop_template = 'docker/usr/local/bin/docker-run.sh.epp'
$init_template = 'docker/etc/systemd/system/docker-run.epp'
$mode = '0644'
$hasstatus = true
}
'upstart': {
$initscript = "/etc/init.d/${service_prefix}${sanitised_title}"
$init_template = 'docker/etc/init.d/docker-run.epp'
$mode = '0750'
$startscript = undef
$stopscript = undef
$startstop_template = undef
$hasstatus = true
}
default: {
if $facts['os']['family'] != 'windows' {
fail('Docker needs a Debian or RedHat based system.')
}
elsif $ensure == 'present' {
fail('Restart parameter is required for Windows')
}
$hasstatus = $docker::params::service_hasstatus
}
}
if $syslog_identifier {
$_syslog_identifier = $syslog_identifier
} else {
$_syslog_identifier = "${service_prefix}${sanitised_title}"
}
if $ensure == 'absent' {
if $facts['os']['family'] == 'windows' {
exec { "stop container ${service_prefix}${sanitised_title}":
command => "${docker_command} stop --time=${stop_wait_time} ${sanitised_title}",
onlyif => "${docker_command} inspect ${sanitised_title}",
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
notify => Exec["remove container ${service_prefix}${sanitised_title}"],
}
}
else {
service { "${service_prefix}${sanitised_title}":
ensure => false,
enable => false,
hasstatus => $hasstatus,
provider => $service_provider_real,
notify => Exec["remove container ${service_prefix}${sanitised_title}"],
}
}
exec { "remove container ${service_prefix}${sanitised_title}":
command => "${docker_command} rm -v ${sanitised_title}",
onlyif => "${docker_command} inspect ${sanitised_title}",
environment => $exec_environment,
path => $exec_path,
refreshonly => true,
provider => $exec_provider,
timeout => $exec_timeout,
}
if $facts['os']['family'] != 'windows' {
file { "/etc/systemd/system/${service_prefix}${sanitised_title}.service":
ensure => absent,
}
if ($startscript) {
file { $startscript:
ensure => absent,
}
}
if ($stopscript) {
file { $stopscript:
ensure => absent,
}
}
} else {
file { $cidfile:
ensure => absent,
}
}
} else {
if ($startscript) {
file { $startscript:
ensure => file,
content => epp($startstop_template, { 'script' => $docker_run_inline_start }),
seltype => 'container_runtime_exec_t',
owner => 'root',
group => $docker_group,
mode => '0770',
}
}
if ($stopscript) {
file { $stopscript:
ensure => file,
content => epp($startstop_template, { 'script' => $docker_run_inline_stop }),
seltype => 'container_runtime_exec_t',
owner => 'root',
group => $docker_group,
mode => '0770',
}
}
if $service_provider_real == 'systemd' {
$init_template_parameters = {
'depend_services_array' => $depend_services_array,
'sanitised_after_array' => $sanitised_after_array,
'service_prefix' => $service_prefix,
'sanitised_depends_array' => $sanitised_depends_array,
'title' => $title,
'have_systemd_v230' => $docker::params::have_systemd_v230,
'extra_systemd_parameters' => $extra_systemd_parameters,
'systemd_restart' => $systemd_restart,
'_syslog_identifier' => $_syslog_identifier,
'syslog_facility' => $syslog_facility,
'sanitised_title' => $sanitised_title,
'remain_after_exit' => $remain_after_exit,
'service_name' => $service_name,
}
} elsif $service_provider_real == 'upstart' {
$init_template_parameters = {
'sanitised_after_array' => $sanitised_after_array,
'service_prefix' => $service_prefix,
'sanitised_depends_array' => $sanitised_depends_array,
'depend_services_array' => $depend_services_array,
'docker_command' => $docker_command,
'sanitised_title' => $sanitised_title,
'docker_run_inline_start' => $docker_run_inline_start,
'docker_run_inline_stop' => $docker_run_inline_stop,
}
}
file { $initscript:
ensure => file,
content => epp($init_template, $init_template_parameters),
seltype => 'container_unit_file_t',
owner => 'root',
group => $docker_group,
mode => $mode,
}
if $manage_service {
if $running == false {
service { "${service_prefix}${sanitised_title}":
ensure => $running,
enable => false,
hasstatus => $hasstatus,
require => File[$initscript],
}
} else {
# Transition help from moving from CID based container detection to
# Name-based container detection. See #222 for context.
# This code should be considered temporary until most people have
# transitioned. - 2015-04-15
if $initscript == "/etc/init.d/${service_prefix}${sanitised_title}" {
# This exec sequence will ensure the old-style CID container is stopped
# before we replace the init script with the new-style.
$transition_onlyif = [
"/usr/bin/test -f /var/run/docker-${sanitised_title}.cid &&",
"/usr/bin/test -f /etc/init.d/${service_prefix}${sanitised_title}",
]
exec { "/bin/sh /etc/init.d/${service_prefix}${sanitised_title} stop":
onlyif => join($transition_onlyif, ' '),
require => [],
}
-> file { "/var/run/${service_prefix}${sanitised_title}.cid":
ensure => absent,
}
-> File[$initscript]
}
service { "${service_prefix}${sanitised_title}":
ensure => $running and !$prepare_service_only,
enable => true,
provider => $service_provider_real,
hasstatus => $hasstatus,
require => File[$initscript],
}
}
if $docker_service {
if $docker_service == true {
Service['docker'] -> Service["${service_prefix}${sanitised_title}"]
if $restart_service_on_docker_refresh == true {
Service['docker'] ~> Service["${service_prefix}${sanitised_title}"]
}
} else {
Service[$docker_service] -> Service["${service_prefix}${sanitised_title}"]
if $restart_service_on_docker_refresh == true {
Service[$docker_service] ~> Service["${service_prefix}${sanitised_title}"]
}
}
}
}
if $service_provider_real == 'systemd' and !$prepare_service_only {
exec { "docker-${sanitised_title}-systemd-reload":
path => ['/bin/', '/sbin/', '/usr/bin/', '/usr/sbin/'],
command => 'systemctl daemon-reload',
refreshonly => true,
require => [
File[$initscript],
File[$startscript],
File[$stopscript],
],
subscribe => [
File[$initscript],
File[$startscript],
File[$stopscript],
],
}
Exec["docker-${sanitised_title}-systemd-reload"] -> Service <| title == "${service_prefix}${sanitised_title}" |>
}
if $restart_service {
if $startscript or $stopscript {
[File[$initscript], File[$startscript], File[$stopscript],] ~> Service <| title == "${service_prefix}${sanitised_title}" |>
}
else {
[File[$initscript],] ~> Service <| title == "${service_prefix}${sanitised_title}" |>
}
}
else {
if $startscript or $stopscript {
[File[$initscript], File[$startscript], File[$stopscript],] -> Service <| title == "${service_prefix}${sanitised_title}" |>
}
else {
[File[$initscript],] -> Service <| title == "${service_prefix}${sanitised_title}" |>
}
}
}
}
}

9
environments/production/thirdparty/docker/manifests/run_instance.pp vendored Normal file
View file

@ -0,0 +1,9 @@
# @summary
#
# @param instance
#
class docker::run_instance (
Hash $instance
) {
create_resources(docker::run, $instance)
}

524
environments/production/thirdparty/docker/manifests/service.pp vendored Normal file
View file

@ -0,0 +1,524 @@
# @summary manage the docker service daemon
#
# @param tcp_bind
# Which tcp port, if any, to bind the docker service to.
#
# @param ip_forward
# This flag interacts with the IP forwarding setting on
# your host system's kernel
#
# @param iptables
# Enable Docker's addition of iptables rules
#
# @param ip_masq
# Enable IP masquerading for bridge's IP range.
#
# @param socket_bind
# Which local unix socket to bind the docker service to.
#
# @param socket_group
# Which local unix socket to bind the docker service to.
#
# @param root_dir
# Specify a non-standard root directory for docker.
#
# @param extra_parameters
# Plain additional parameters to pass to the docker daemon
#
# @param shell_values
# Array of shell values to pass into init script config files
#
# @param manage_service
# Specify whether the service should be managed.
# Valid values are 'true', 'false'.
# Defaults to 'true'.
#
# @param docker_command
#
# @param docker_start_command
#
# @param service_name
#
# @param icc
#
# @param bridge
#
# @param fixed_cidr
#
# @param default_gateway
#
# @param ipv6
#
# @param ipv6_cidr
#
# @param default_gateway_ipv6
#
# @param log_level
#
# @param log_driver
#
# @param log_opt
#
# @param selinux_enabled
#
# @param labels
#
# @param dns
#
# @param dns_search
#
# @param service_state
#
# @param service_enable
#
# @param proxy
#
# @param no_proxy
#
# @param execdriver
#
# @param bip
#
# @param mtu
#
# @param storage_driver
#
# @param dm_basesize
#
# @param dm_fs
#
# @param dm_mkfsarg
#
# @param dm_mountopt
#
# @param dm_blocksize
#
# @param dm_loopdatasize
#
# @param dm_loopmetadatasize
#
# @param dm_datadev
#
# @param dm_metadatadev
#
# @param tmp_dir_config
#
# @param tmp_dir
#
# @param dm_thinpooldev
#
# @param dm_use_deferred_removal
#
# @param dm_use_deferred_deletion
#
# @param dm_blkdiscard
#
# @param dm_override_udev_sync_check
#
# @param overlay2_override_kernel_check
#
# @param storage_devs
#
# @param storage_vg
#
# @param storage_root_size
#
# @param storage_data_size
#
# @param storage_min_data_size
#
# @param storage_chunk_size
#
# @param storage_growpart
#
# @param storage_auto_extend_pool
#
# @param storage_pool_autoextend_threshold
#
# @param storage_pool_autoextend_percent
#
# @param storage_config
#
# @param storage_config_template
#
# @param storage_setup_file
#
# @param service_provider
#
# @param service_config
#
# @param service_config_template
#
# @param service_overrides_template
#
# @param socket_overrides_template
#
# @param socket_override
#
# @param service_after_override
#
# @param service_hasstatus
#
# @param service_hasrestart
#
# @param daemon_environment_files
#
# @param tls_enable
#
# @param tls_verify
#
# @param tls_cacert
#
# @param tls_cert
#
# @param tls_key
#
# @param registry_mirror
#
# @param root_dir_flag
#
class docker::service (
String $docker_command = $docker::docker_command,
String $docker_start_command = $docker::docker_start_command,
Optional[String] $service_name = $docker::service_name,
Optional[Variant[String,Array[String]]] $tcp_bind = $docker::tcp_bind,
Boolean $ip_forward = $docker::ip_forward,
Boolean $iptables = $docker::iptables,
Boolean $ip_masq = $docker::ip_masq,
Optional[Boolean] $icc = $docker::icc,
Optional[String] $bridge = $docker::bridge,
Optional[String] $fixed_cidr = $docker::fixed_cidr,
Optional[String] $default_gateway = $docker::default_gateway,
Optional[Boolean] $ipv6 = $docker::ipv6,
Optional[String] $ipv6_cidr = $docker::ipv6_cidr,
Optional[String] $default_gateway_ipv6 = $docker::default_gateway_ipv6,
String $socket_bind = $docker::socket_bind,
Optional[String] $log_level = $docker::log_level,
Optional[String] $log_driver = $docker::log_driver,
Array $log_opt = $docker::log_opt,
Optional[Boolean] $selinux_enabled = $docker::selinux_enabled,
Optional[Variant[String,Boolean]] $socket_group = $docker::socket_group,
Array $labels = $docker::labels,
Optional[Variant[String,Array]] $dns = $docker::dns,
Optional[Variant[String,Array]] $dns_search = $docker::dns_search,
String $service_state = $docker::service_state,
Boolean $service_enable = $docker::service_enable,
Boolean $manage_service = $docker::manage_service,
Optional[String] $root_dir = $docker::root_dir,
Optional[Variant[String,Array]] $extra_parameters = $docker::extra_parameters,
Optional[Variant[String,Array]] $shell_values = $docker::shell_values,
Optional[String] $proxy = $docker::proxy,
Optional[String] $no_proxy = $docker::no_proxy,
Optional[String] $execdriver = $docker::execdriver,
Optional[String] $bip = $docker::bip,
Optional[String] $mtu = $docker::mtu,
Optional[String] $storage_driver = $docker::storage_driver,
Optional[String] $dm_basesize = $docker::dm_basesize,
Optional[String] $dm_fs = $docker::dm_fs,
Optional[String] $dm_mkfsarg = $docker::dm_mkfsarg,
Optional[String] $dm_mountopt = $docker::dm_mountopt,
Optional[String] $dm_blocksize = $docker::dm_blocksize,
Optional[String] $dm_loopdatasize = $docker::dm_loopdatasize,
Optional[String] $dm_loopmetadatasize = $docker::dm_loopmetadatasize,
Optional[String] $dm_datadev = $docker::dm_datadev,
Optional[String] $dm_metadatadev = $docker::dm_metadatadev,
Optional[Boolean] $tmp_dir_config = $docker::tmp_dir_config,
Optional[String] $tmp_dir = $docker::tmp_dir,
Optional[String] $dm_thinpooldev = $docker::dm_thinpooldev,
Optional[Boolean] $dm_use_deferred_removal = $docker::dm_use_deferred_removal,
Optional[Boolean] $dm_use_deferred_deletion = $docker::dm_use_deferred_deletion,
Optional[Boolean] $dm_blkdiscard = $docker::dm_blkdiscard,
Optional[Boolean] $dm_override_udev_sync_check = $docker::dm_override_udev_sync_check,
Boolean $overlay2_override_kernel_check = $docker::overlay2_override_kernel_check,
Optional[String] $storage_devs = $docker::storage_devs,
Optional[String] $storage_vg = $docker::storage_vg,
Optional[String] $storage_root_size = $docker::storage_root_size,
Optional[String] $storage_data_size = $docker::storage_data_size,
Optional[String] $storage_min_data_size = $docker::storage_min_data_size,
Optional[String] $storage_chunk_size = $docker::storage_chunk_size,
Optional[Boolean] $storage_growpart = $docker::storage_growpart,
Optional[String] $storage_auto_extend_pool = $docker::storage_auto_extend_pool,
Optional[String] $storage_pool_autoextend_threshold = $docker::storage_pool_autoextend_threshold,
Optional[String] $storage_pool_autoextend_percent = $docker::storage_pool_autoextend_percent,
Optional[Variant[String,Boolean]] $storage_config = $docker::storage_config,
Optional[String] $storage_config_template = $docker::storage_config_template,
Optional[String] $storage_setup_file = $docker::storage_setup_file,
Optional[String] $service_provider = $docker::service_provider,
Optional[Variant[String,Boolean]] $service_config = $docker::service_config,
Optional[String] $service_config_template = $docker::service_config_template,
Optional[Variant[String,Boolean]] $service_overrides_template = $docker::service_overrides_template,
Optional[Variant[String,Boolean]] $socket_overrides_template = $docker::socket_overrides_template,
Optional[Boolean] $socket_override = $docker::socket_override,
Optional[Variant[String,Boolean]] $service_after_override = $docker::service_after_override,
Optional[Boolean] $service_hasstatus = $docker::service_hasstatus,
Optional[Boolean] $service_hasrestart = $docker::service_hasrestart,
Array $daemon_environment_files = $docker::daemon_environment_files,
Boolean $tls_enable = $docker::tls_enable,
Boolean $tls_verify = $docker::tls_verify,
Optional[String] $tls_cacert = $docker::tls_cacert,
Optional[String] $tls_cert = $docker::tls_cert,
Optional[String] $tls_key = $docker::tls_key,
Optional[Variant[String,Array]] $registry_mirror = $docker::registry_mirror,
String $root_dir_flag = $docker::root_dir_flag,
) {
unless $facts['os']['family'] =~ /(Debian|RedHat|windows)/ or $docker::acknowledge_unsupported_os {
fail('The docker::service class needs a Debian, Redhat or Windows based system.')
}
$dns_array = any2array($dns)
$dns_search_array = any2array($dns_search)
$labels_array = any2array($labels)
$extra_parameters_array = any2array($extra_parameters)
$shell_values_array = any2array($shell_values)
$tcp_bind_array = any2array($tcp_bind)
if $service_config != undef {
$_service_config = $service_config
} else {
if $facts['os']['family'] == 'Debian' {
$_service_config = "/etc/default/${service_name}"
} else {
$_service_config = undef
}
}
$_manage_service = $manage_service ? {
true => Service['docker'],
default => [],
}
$docker_storage_setup_parameters = {
'storage_driver' => $storage_driver,
'storage_devs' => $storage_devs,
'storage_vg' => $storage_vg,
'storage_root_size' => $storage_root_size,
'storage_data_size' => $storage_data_size,
'storage_min_data_size' => $storage_min_data_size,
'storage_chunk_size' => $storage_chunk_size,
'storage_growpart' => $storage_growpart,
'storage_auto_extend_pool' => $storage_auto_extend_pool,
'storage_pool_autoextend_threshold' => $storage_pool_autoextend_threshold,
'storage_pool_autoextend_percent' => $storage_pool_autoextend_percent,
}
if $facts['os']['family'] == 'RedHat' {
file { $storage_setup_file:
ensure => file,
force => true,
content => epp('docker/etc/sysconfig/docker-storage-setup.epp', $docker_storage_setup_parameters),
before => $_manage_service,
notify => $_manage_service,
}
}
if $facts['os']['family'] == 'windows' {
$dirs = [
"${facts['docker_program_data_path']}/docker/",
"${facts['docker_program_data_path']}/docker/config/",
]
$dirs.each |$dir| {
file { $dir:
ensure => directory,
}
}
}
$parameters_service_overrides_template = {
'service_after_override' => $service_after_override,
'docker_start_command' => $docker_start_command,
'daemon_environment_files' => $daemon_environment_files,
}
case $service_provider {
'systemd': {
file { '/etc/systemd/system/docker.service.d':
ensure => 'directory',
}
if $service_overrides_template {
file { '/etc/systemd/system/docker.service.d/service-overrides.conf':
ensure => file,
content => epp($service_overrides_template, $parameters_service_overrides_template),
seltype => 'container_unit_file_t',
notify => Exec['docker-systemd-reload-before-service'],
before => $_manage_service,
}
}
if $socket_override {
file { '/etc/systemd/system/docker.socket.d':
ensure => 'directory',
}
file { '/etc/systemd/system/docker.socket.d/socket-overrides.conf':
ensure => file,
content => epp($socket_overrides_template, { 'socket_group' => $socket_group }),
seltype => 'container_unit_file_t',
notify => Exec['docker-systemd-reload-before-service'],
before => $_manage_service,
}
}
exec { 'docker-systemd-reload-before-service':
path => ['/bin/', '/sbin/', '/usr/bin/', '/usr/sbin/',],
command => 'systemctl daemon-reload > /dev/null',
notify => $_manage_service,
refreshonly => true,
}
}
'upstart': {
file { '/etc/init.d/docker':
ensure => 'link',
target => '/lib/init/upstart-job',
force => true,
notify => $_manage_service,
}
}
default: {}
}
#workaround for docker 1.13 on RedHat 7
if $facts['docker_server_version'] {
if $facts['os']['family'] == 'RedHat' and $facts['docker_server_version'] =~ /1\.13.+/ {
$_skip_storage_config = true
} else {
$_skip_storage_config = false
}
} else {
$_skip_storage_config = false
}
$storage_config_parameters = {
'storage_driver' => $storage_driver,
'storage_devs' => $storage_devs,
'storage_vg' => $storage_vg,
'storage_root_size' => $storage_root_size,
'storage_data_size' => $storage_data_size,
'storage_min_data_size' => $storage_min_data_size,
'storage_chunk_size' => $storage_chunk_size,
'storage_growpart' => $storage_growpart,
'storage_auto_extend_pool' => $storage_auto_extend_pool,
'storage_pool_autoextend_threshold' => $storage_pool_autoextend_threshold,
'storage_pool_autoextend_percent' => $storage_pool_autoextend_percent,
'dm_basesize' => $dm_basesize,
'dm_fs' => $dm_fs,
'dm_mkfsarg' => $dm_mkfsarg,
'dm_mountopt' => $dm_mountopt,
'dm_blocksize' => $dm_blocksize,
'dm_loopdatasize' => $dm_loopdatasize,
'dm_loopmetadatasize' => $dm_loopmetadatasize,
'dm_thinpooldev' => $dm_thinpooldev,
'dm_datadev' => $dm_datadev,
'dm_metadatadev' => $dm_metadatadev,
'dm_use_deferred_removal' => $dm_use_deferred_removal,
'dm_use_deferred_deletion' => $dm_use_deferred_deletion,
'dm_blkdiscard' => $dm_blkdiscard,
'dm_override_udev_sync_check' => $dm_override_udev_sync_check,
'overlay2_override_kernel_check' => $overlay2_override_kernel_check,
}
if $storage_config {
unless $_skip_storage_config {
file { $storage_config:
ensure => file,
force => true, #force rewrite storage configuration
content => epp($storage_config_template, $storage_config_parameters),
notify => $_manage_service,
}
}
}
$parameters = {
'docker_command' => $docker_command,
'proxy' => $proxy,
'no_proxy' => $no_proxy,
'tmp_dir' => $tmp_dir,
'root_dir' => $root_dir,
'root_dir_flag' => $root_dir_flag,
'tcp_bind' => $tcp_bind,
'tcp_bind_array' => $tcp_bind_array,
'tls_enable' => $tls_enable,
'tls_verify' => $tls_verify,
'tls_cacert' => $tls_cacert,
'tls_cert' => $tls_cert,
'tls_key' => $tls_key,
'socket_bind' => $socket_bind,
'ip_forward' => $ip_forward,
'iptables' => $iptables,
'ip_masq' => $ip_masq,
'icc' => $icc,
'fixed_cidr' => $fixed_cidr,
'bridge' => $bridge,
'default_gateway' => $default_gateway,
'log_level' => $log_level,
'log_driver' => $log_driver,
'log_opt' => $log_opt,
'selinux_enabled' => $selinux_enabled,
'socket_group' => $socket_group,
'dns' => $dns,
'dns_array' => $dns_array,
'dns_search' => $dns_search,
'dns_search_array' => $dns_search_array,
'execdriver' => $execdriver,
'bip' => $bip,
'mtu' => $mtu,
'registry_mirror' => $registry_mirror,
'storage_driver' => $storage_driver,
'dm_basesize' => $dm_basesize,
'dm_fs' => $dm_fs,
'dm_mkfsarg' => $dm_mkfsarg,
'dm_mountopt' => $dm_mountopt,
'dm_blocksize' => $dm_blocksize,
'dm_loopdatasize' => $dm_loopdatasize,
'dm_loopmetadatasize' => $dm_loopmetadatasize,
'dm_thinpooldev' => $dm_thinpooldev,
'dm_datadev' => $dm_datadev,
'dm_metadatadev' => $dm_metadatadev,
'dm_use_deferred_removal' => $dm_use_deferred_removal,
'dm_use_deferred_deletion' => $dm_use_deferred_deletion,
'dm_blkdiscard' => $dm_blkdiscard,
'dm_override_udev_sync_check' => $dm_override_udev_sync_check,
'overlay2_override_kernel_check' => $overlay2_override_kernel_check,
'labels' => $labels,
'extra_parameters' => $extra_parameters,
'extra_parameters_array' => $extra_parameters_array,
'shell_values' => $shell_values,
'shell_values_array' => $shell_values_array,
'labels_array' => $labels_array,
'ipv6' => $ipv6,
'ipv6_cidr' => $ipv6_cidr,
'default_gateway_ipv6' => $default_gateway_ipv6,
'tmp_dir_config' => $tmp_dir_config,
}
if $_service_config {
file { $_service_config:
ensure => file,
force => true,
content => epp($service_config_template, $parameters),
notify => $_manage_service,
}
}
if $manage_service {
if $facts['os']['family'] == 'windows' {
reboot { 'pending_reboot':
when => 'pending',
onlyif => 'component_based_servicing',
timeout => 1,
}
}
if ! defined(Service['docker']) {
service { 'docker':
ensure => $service_state,
name => $service_name,
enable => $service_enable,
hasstatus => $service_hasstatus,
hasrestart => $service_hasrestart,
provider => $service_provider,
}
}
}
}

205
environments/production/thirdparty/docker/manifests/services.pp vendored Normal file
View file

@ -0,0 +1,205 @@
# @summary define that managers a Docker services
#
# @param ensure
# This ensures that the service is present or not.
#
# @param image
# The Docker image to spwan the service from.
#
# @param detach
# Exit immediately instead of waiting for the service to converge (default true)
#
# @param env
# Set environment variables
#
# @param label
# Service labels.
# This used as metdata to configure constraints etc.
#
# @param publish
# Publish port(s) as node ports.
#
# @param replicas
# Number of tasks (containers per service)
#
# @param tty
# Allocate a pseudo-TTY
#
# @param user
# Username or UID (format: <name|uid>[:<group|gid>])
#
# @param workdir
# Working directory inside the container
#
# @param extra_params
# Allows you to pass any other flag that the Docker service create supports.
# This must be passed as an array. See docker service create --help for all options
#
# @param update
# This changes the docker command to
# docker service update, you must pass a service name with this option
#
# @param scale
# This changes the docker command to
# docker service scale, this can only be used with service name and
# replicas
#
# @param host_socket
# This will allow the service to connect to the host linux socket.
#
# @param registry_mirror
# This will allow the service to set a registry mirror.
#
# @param mounts
# Allows attaching filesystem mounts to the service (specified as an array)
#
# @param networks
# Allows attaching the service to networks (specified as an array)
#
# @param command
# Command to run on the container
#
# @param create
#
# @param service_name
#
define docker::services (
Enum[present,absent] $ensure = 'present',
Boolean $create = true,
Boolean $update = false,
Boolean $scale = false,
Boolean $detach = true,
Boolean $tty = false,
Array $env = [],
Array $label = [],
Array $extra_params = [],
Optional[Variant[String,Array]] $image = undef,
Optional[Variant[String,Array]] $service_name = undef,
Optional[Variant[String,Array]] $publish = undef,
Optional[Variant[String,Array]] $replicas = undef,
Optional[Variant[String,Array]] $user = undef,
Optional[Variant[String,Array]] $workdir = undef,
Optional[Variant[String,Array]] $host_socket = undef,
Optional[Variant[String,Array]] $registry_mirror = undef,
Optional[Variant[String,Array]] $mounts = undef,
Optional[Array] $networks = undef,
Optional[Variant[String,Array]] $command = undef,
) {
include docker::params
$docker_command = "${docker::params::docker_command} service"
if $ensure == 'absent' {
if $update {
fail('When removing a service you can not update it.')
}
if $scale {
fail('When removing a service you can not update it.')
}
}
if $facts['os']['family'] == 'windows' {
$exec_environment = "PATH=${facts['docker_program_files_path']}/Docker/;${facts['docker_systemroot']}/System32/"
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
$exec_provider = 'powershell'
$exec_timeout = 3000
} else {
$exec_environment = 'HOME=/root'
$exec_path = ['/bin', '/usr/bin',]
$exec_provider = undef
$exec_timeout = 0
}
if $create {
$docker_service_create_flags = docker_service_flags({
detach => $detach,
env => any2array($env),
service_name => $service_name,
label => any2array($label),
publish => $publish,
replicas => $replicas,
tty => $tty,
user => $user,
workdir => $workdir,
extra_params => any2array($extra_params),
image => $image,
host_socket => $host_socket,
registry_mirror => $registry_mirror,
mounts => $mounts,
networks => $networks,
command => $command,
}
)
$exec_create = "${docker_command} create --name ${docker_service_create_flags}"
$unless_create = "docker service ps ${service_name}"
exec { "${title} docker service create":
command => $exec_create,
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
provider => $exec_provider,
unless => $unless_create,
}
}
if $update {
$docker_service_flags = docker_service_flags({
detach => $detach,
env => any2array($env),
service_name => $service_name,
label => any2array($label),
publish => $publish,
replicas => $replicas,
tty => $tty,
user => $user,
workdir => $workdir,
extra_params => any2array($extra_params),
image => $image,
host_socket => $host_socket,
registry_mirror => $registry_mirror,
}
)
$exec_update = "${docker_command} update ${docker_service_flags}"
exec { "${title} docker service update":
command => $exec_update,
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
}
if $scale {
$docker_service_flags = docker_service_flags({
service_name => $service_name,
replicas => $replicas,
extra_params => any2array($extra_params),
}
)
$exec_scale = "${docker_command} scale ${service_name}=${replicas}"
exec { "${title} docker service scale":
command => $exec_scale,
environment => $exec_environment,
path => $exec_path,
timeout => $exec_timeout,
provider => $exec_provider,
}
}
if $ensure == 'absent' {
exec { "${title} docker service remove":
command => "docker service rm ${service_name}",
onlyif => "docker service ps ${service_name}",
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
}
}
}

80
environments/production/thirdparty/docker/manifests/stack.pp vendored Normal file
View file

@ -0,0 +1,80 @@
# @summary
# deploys Docker stacks or compose v3
#
# @param ensure
# This ensures that the stack is present or not.
#
# @param stack_name
# The name of the stack that you are deploying
#
# @param bundle_file
# Path to a Distributed Application Bundle file
# Please note this is experimental
#
# @param prune
# Prune services that are no longer referenced
#
# @param resolve_image
# Query the registry to resolve image digest and supported platforms
# Only accepts ("always"|"changed"|"never")
#
# @param with_registry_auth
# Send registry authentication details to Swarm agents
#
# @param compose_files
define docker::stack (
Enum[present,absent] $ensure = 'present',
Optional[String] $stack_name = undef,
Optional[String] $bundle_file = undef,
Optional[Array] $compose_files = undef,
Boolean $prune = false,
Boolean $with_registry_auth = false,
Optional[Enum['always','changed','never']] $resolve_image = undef,
) {
include docker::params
deprecation('docker::stack','The docker stack define type will be deprecated in a future release. Please migrate to the docker_stack type/provider.')
$docker_command = "${docker::params::docker_command} stack"
if $facts['os']['family'] == 'windows' {
$exec_path = ['C:/Program Files/Docker/',]
$check_stack = '$info = docker stack ls | select-string -pattern web
if ($info -eq $null) { Exit 1 } else { Exit 0 }'
$provider = 'powershell'
} else {
$exec_path = ['/bin', '/usr/bin',]
$check_stack = "${docker_command} ls | grep '${stack_name}'"
$provider = undef
}
if $ensure == 'present' {
$docker_stack_flags = docker_stack_flags ({
stack_name => $stack_name,
bundle_file => $bundle_file,
compose_files => $compose_files,
prune => $prune,
with_registry_auth => $with_registry_auth,
resolve_image => $resolve_image,
}
)
$exec_stack = "${docker_command} deploy ${docker_stack_flags} ${stack_name}"
exec { "docker stack create ${stack_name}":
command => $exec_stack,
unless => $check_stack,
path => $exec_path,
provider => $provider,
}
}
if $ensure == 'absent' {
exec { "docker stack destroy ${stack_name}":
command => "${docker_command} rm ${stack_name}",
onlyif => $check_stack,
path => $exec_path,
provider => $provider,
}
}
}

161
environments/production/thirdparty/docker/manifests/swarm.pp vendored Normal file
View file

@ -0,0 +1,161 @@
# @summary
# managers a Docker Swarm Mode cluster
#
# @param ensure
# This ensures that the cluster is present or not.
# Note this forcefully removes a node from the cluster. Make sure all worker nodes
# have been removed before managers
#
# @param init
# This creates the first worker node for a new cluster.
# Set init to true to create a new cluster
#
# @param join
# This adds either a worker or manger node to the cluster.
# The role of the node is defined by the join token.
# Set to true to join the cluster
#
# @param advertise_addr
# The address that your node will advertise to the cluster for raft.
# On multihomed servers this flag must be passed
#
# @param autolock
# Enable manager autolocking (requiring an unlock key to start a stopped manager)
#
# @param cert_expiry
# Validity period for node certificates (ns|us|ms|s|m|h) (default 2160h0m0s)
#
# @param default_addr_pool
# Array of default subnet pools for global scope networks (['30.30.0.0/16','40.40.0.0/16'])
#
# @param default_addr_pool_mask_length
# Default subnet pools mask length for default-addr-pools (CIDR block number)
#
# @param dispatcher_heartbeat
# Dispatcher heartbeat period (ns|us|ms|s|m|h) (default 5s)
#
# @param external_ca
# Specifications of one or more certificate signing endpoints
#
# @param force_new_cluster
# Force create a new cluster from current state
#
# @param listen_addr
# The address that your node will listen to the cluster for raft.
# On multihomed servers this flag must be passed
#
# @param max_snapshots
# Number of additional Raft snapshots to retain
#
# @param snapshot_interval
# Number of log entries between Raft snapshots (default 10000)
#
# @param token
# The authentication token to join the cluster. The token also defines the type of
# node (worker or manager)
#
# @param manager_ip
# The ip address of a manager node to join the cluster.
#
define docker::swarm (
Enum[present,absent] $ensure = 'present',
Boolean $init = false,
Boolean $join = false,
Optional[String] $advertise_addr = undef,
Boolean $autolock = false,
Optional[String] $cert_expiry = undef,
Optional[Array] $default_addr_pool = undef,
Optional[String] $default_addr_pool_mask_length = undef,
Optional[String] $dispatcher_heartbeat = undef,
Optional[String] $external_ca = undef,
Boolean $force_new_cluster = false,
Optional[String] $listen_addr = undef,
Optional[String] $max_snapshots = undef,
Optional[String] $snapshot_interval = undef,
Optional[String] $token = undef,
Optional[String] $manager_ip = undef,
) {
include docker::params
if $facts['os']['family'] == 'windows' {
$exec_environment = "PATH=${facts['docker_program_files_path']}/Docker/"
$exec_path = ["${facts['docker_program_files_path']}/Docker/",]
$exec_timeout = 3000
$exec_provider = 'powershell'
$unless_init = '$info = docker info | select-string -pattern "Swarm: active"
if ($info -eq $null) { Exit 1 } else { Exit 0 }'
$unless_join = '$info = docker info | select-string -pattern "Swarm: active"
if ($info -eq $null) { Exit 1 } else { Exit 0 }'
$onlyif_leave = '$info = docker info | select-string -pattern "Swarm: active"
if ($info -eq $null) { Exit 1 } else { Exit 0 }'
} else {
$exec_environment = 'HOME=/root'
$exec_path = ['/bin', '/usr/bin',]
$exec_timeout = 0
$exec_provider = undef
$unless_init = 'docker info | grep -w "Swarm: active"'
$unless_join = 'docker info | grep -w "Swarm: active"'
$onlyif_leave = 'docker info | grep -w "Swarm: active"'
}
$docker_command = "${docker::params::docker_command} swarm"
if $init {
$docker_swarm_init_flags = docker_swarm_init_flags({
init => $init,
advertise_addr => $advertise_addr,
autolock => $autolock,
cert_expiry => $cert_expiry,
dispatcher_heartbeat => $dispatcher_heartbeat,
default_addr_pool => $default_addr_pool,
default_addr_pool_mask_length => $default_addr_pool_mask_length,
external_ca => $external_ca,
force_new_cluster => $force_new_cluster,
listen_addr => $listen_addr,
max_snapshots => $max_snapshots,
snapshot_interval => $snapshot_interval,
}
)
$exec_init = "${docker_command} ${docker_swarm_init_flags}"
exec { 'Swarm init':
command => $exec_init,
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
unless => $unless_init,
}
}
if $join {
$docker_swarm_join_flags = docker_swarm_join_flags({
join => $join,
advertise_addr => $advertise_addr,
listen_addr => $listen_addr,
token => $token,
}
)
$exec_join = "${docker_command} ${docker_swarm_join_flags} ${manager_ip}"
exec { 'Swarm join':
command => $exec_join,
environment => $exec_environment,
path => $exec_path,
provider => $exec_provider,
timeout => $exec_timeout,
unless => $unless_join,
}
}
if $ensure == 'absent' {
exec { 'Leave swarm':
command => 'docker swarm leave --force',
onlyif => $onlyif_leave,
path => $exec_path,
provider => $exec_provider,
}
}
}

9
environments/production/thirdparty/docker/manifests/swarms.pp vendored Normal file
View file

@ -0,0 +1,9 @@
# @summary
#
# @param swarms
#
class docker::swarms (
Hash $swarms
) {
create_resources(docker::swarm, $swarms)
}

23
environments/production/thirdparty/docker/manifests/system_user.pp vendored Normal file
View file

@ -0,0 +1,23 @@
# @summary manage docker group users
#
# @param create_user
# Boolean to cotrol whether the user should be created
#
define docker::system_user (
Boolean $create_user = true
) {
include docker
$docker_group = $docker::docker_group
if $create_user {
ensure_resource('user', $name, { 'ensure' => 'present' })
User[$name] -> Exec["docker-system-user-${name}"]
}
exec { "docker-system-user-${name}":
command => "/usr/sbin/usermod -aG ${docker_group} ${name}",
unless => "/bin/cat /etc/group | grep '^${docker_group}:' | grep -qw ${name}",
}
}

10
environments/production/thirdparty/docker/manifests/systemd_reload.pp vendored Normal file
View file

@ -0,0 +1,10 @@
# @summary
# For systems that have systemd
#
class docker::systemd_reload {
exec { 'docker-systemd-reload':
path => ['/bin/', '/sbin/', '/usr/bin/', '/usr/sbin/',],
command => 'systemctl daemon-reload',
refreshonly => true,
}
}

9
environments/production/thirdparty/docker/manifests/volumes.pp vendored Normal file
View file

@ -0,0 +1,9 @@
# @summary
#
# @param volumes
#
class docker::volumes (
Hash $volumes
) {
create_resources(docker_volume, $volumes)
}

7
environments/production/thirdparty/docker/manifests/windows_account.pp vendored Normal file
View file

@ -0,0 +1,7 @@
# @summary
# Windows account that owns the docker services
#
define docker::windows_account (
) {
notice('Not implemented')
}