feat: initial commit

environments/production/thirdparty/docker/templates/docker-run-start.epp

@@ -0,0 +1,37 @@
+<% if $before_start { -%>
+    <%= $before_start %>
+<% } -%>
+<% if $remove_container_on_start { -%>
+    /usr/bin/<%= $docker_command %> rm <% if $remove_volume_on_start { %>-v<% } %> <%= $sanitised_title %> >/dev/null 2>&1
+<% } -%>
+
+<% if $pull_on_start { -%>
+    /usr/bin/<%= $docker_command %> pull <%= $image %>
+<% } -%>
+
+<% if $verify_digest { -%>
+    digest_local=$(docker image inspect <%= $image %> --format='{{index .RepoDigests 0}}')
+    digest_verify="<%= $verify_digest %>"
+    if [ "${digest_local##*:}" != "${digest_verify##*:}" ]; then
+      echo "Digest verify failed! Expected checksum 'sha256:$digest_verify' does not match with local checksum 'sha256:$digest_local'!"
+      exit 2
+    fi
+<% } -%>
+
+/usr/bin/<%= $docker_command %> create \
+<%= $docker_run_flags %> \
+--name <%= $sanitised_title %> \
+<%= $image %> <% if $command { %> \
+<%= $command %><% } %>
+
+<% if $after_create { %><%= $after_create %><% } %>
+<% if String(type($net, 'generalized')).index('Array') == 0 { %>
+  <% $net.each |$n| { %>
+/usr/bin/<%= $docker_command %> network connect <%= $n %> <%= $sanitised_title %>  
+  <% } %>
+<% } %>
+
+/usr/bin/<%= $docker_command %> start <% if ! $valid_detach { %>-a<% } %> <%= $sanitised_title %>
+<% if $after_start { -%>
+    <%= $after_start %>
+<% } -%>

environments/production/thirdparty/docker/templates/docker-run-stop.epp

@@ -0,0 +1,10 @@
+<% if $before_stop { -%>
+    <%= $before_stop %>
+<% } -%>
+/usr/bin/<%= $docker_command %> stop --time=<%= $stop_wait_time %> <%= $sanitised_title %>
+<% if $remove_container_on_stop { -%>
+    /usr/bin/<%= $docker_command %> rm <% if $remove_volume_on_stop { %>-v<% } %> <%= $sanitised_title %>
+<% } -%>
+<% if $after_stop { -%>
+    <%= $after_stop %>
+<% } -%>

environments/production/thirdparty/docker/templates/etc/conf.d/docker.epp

@@ -0,0 +1,56 @@
+# This file is managed by Puppet and local changes
+# may be overwritten
+
+DOCKER="/usr/bin/<%= $docker_start_command %>"
+
+other_args="<% -%>
+<% if $root_dir { %><%= $root_dir_flag %> <%= $root_dir %><% } -%>
+<% if $tcp_bind { %><% $tcp_bind_array.each |$param| { %> -H <%= $param %><% } %><% } -%>
+<% if $tls_enable { %> --tls<% if $tls_verify { %> --tlsverify<% } %> --tlscacert=<%= $tls_cacert %> --tlscert=<%= $tls_cert %> --tlskey=<%= $tls_key %><% } -%> 
+<% if $socket_bind { %> -H <%= $socket_bind %><% } -%>
+ --ip-forward=<%= $ip_forward -%>
+ --iptables=<%= $iptables -%>
+ --ip-masq=<%= $ip_masq -%>
+<% if $icc { %> --icc=<%= $icc %><% } -%>
+<% if $fixed_cidr { %> --fixed-cidr <%= $fixed_cidr %><% } -%>
+<% if $default_gateway { %> --default-gateway <%= $default_gateway %><% } -%>
+<% if $bridge { %> --bridge <%= $bridge %><% } -%>
+<% if $log_level { %> -l <%= $log_level %><% } -%>
+<% if $log_driver { %> --log-driver <%= $log_driver %><% } -%>
+<% if $log_driver { %><% if $log_opt { %><% $log_opt.each |$param| { %> --log-opt <%= $param %><% } %><% } -%><% } -%>
+<% if $selinux_enabled { %> --selinux-enabled=<%= $selinux_enabled %><% } -%>
+<% if $socket_group { %> -G <%= $socket_group %><% } -%>
+<% if $dns { %><% $dns_array.each |$address| { %> --dns <%= $address %><% } %><% } -%>
+<% if $dns_search { %><% $dns_search_array.each |$domain| { %> --dns-search <%= $domain %><% } %><% } -%>
+<% if $execdriver { %> -e <%= $execdriver %><% } -%>
+<% if $storage_driver { %> --storage-driver=<%= $storage_driver %><% } -%>
+<% if $storage_driver == 'devicemapper' { -%>
+  <%- if $dm_basesize { %> --storage-opt dm.basesize=<%= $dm_basesize %><% } -%>
+  <%- if $dm_fs { %> --storage-opt dm.fs=<%= $dm_fs %><% } -%>
+  <%- if $dm_mkfsarg { %> --storage-opt "dm.mkfsarg=<%= $dm_mkfsarg %>"<% } -%>
+  <%- if $dm_mountopt { %> --storage-opt dm.mountopt=<%= $dm_mountopt %><% } -%>
+  <%- if $dm_blocksize { %> --storage-opt dm.blocksize=<%= $dm_blocksize %><% } -%>
+  <%- if $dm_loopdatasize { %> --storage-opt dm.loopdatasize=<%= $dm_loopdatasize %><% } -%>
+  <%- if $dm_loopmetadatasize { %> --storage-opt dm.loopmetadatasize=<%= $dm_loopmetadatasize %><% } -%>
+  <%- if $dm_thinpooldev { %> --storage-opt dm.thinpooldev=<%= $dm_thinpooldev -%>
+  <%- }else { -%>
+    <%- if $dm_datadev { %> --storage-opt dm.datadev=<%= $dm_datadev %><% } -%>
+    <%- if $dm_metadatadev { %> --storage-opt dm.metadatadev=<%= $dm_metadatadev %><% } -%>
+  <%- } -%>
+<%- if $dm_use_deferred_removal { %> --storage-opt dm.use_deferred_removal=<%= $dm_use_deferred_removal %><% } -%>
+<%- if $dm_use_deferred_deletion { %> --storage-opt dm.use_deferred_deletion=<%= $dm_use_deferred_deletion %><% } -%>
+<%- if $dm_blkdiscard { %> --storage-opt dm.blkdiscard=<%= $dm_blkdiscard %><% } -%>
+<%- if $dm_override_udev_sync_check { %> --storage-opt dm.override_udev_sync_check=<%= $dm_override_udev_sync_check %><% } -%>
+<% } elsif $storage_driver == 'overlay2' { -%>
+  <%- if $overlay2_override_kernel_check { %> --storage-opt overlay2.override_kernel_check=<%= $overlay2_override_kernel_check %><% } -%>
+<% } -%>
+<% $labels.each |$label| { %> --label <%= $label %><% } -%>
+<% if $extra_parameters { %><% $extra_parameters_array.each |$param| { %> <%= $param %><% } %><% } -%>
+"
+<% if $proxy { %>export http_proxy='<%= $proxy %>'
+export https_proxy='<%= $proxy %>'<% } %>
+<% if $no_proxy { %>export no_proxy='<%= $no_proxy %>'<% } %>
+# This is also a handy place to tweak where Docker's temporary files go.
+export TMPDIR="<%= $tmp_dir %>"
+<% if $shell_values { %><% $shell_values_array.each |$param| { %>
+<%= $param %><% } %><% } -%>

environments/production/thirdparty/docker/templates/etc/conf.d/docker.gentoo.epp

@@ -0,0 +1,56 @@
+# This file is managed by Puppet and local changes
+# may be overwritten
+
+DOCKER_BINARY="/usr/bin/<%= $docker_command %>"
+
+DOCKER_OPTS="<% -%>
+<% if $root_dir { %> -g <%= $root_dir %><% } %>
+<% if $tcp_bind { %><% $tcp_bind_array.each |$param| { %> -H <%= $param %><% } %><% } %>
+<% if $tls_enable { %> --tls<% if $tls_verify { %> --tlsverify<% } %> --tlscacert=<%= $tls_cacert %> --tlscert=<%= $tls_cert %> --tlskey=<%= $tls_key %><% } %> 
+<% if $socket_bind { %> -H <%= $socket_bind %><% } %>
+ --ip-forward=<%= $ip_forward -%>
+ --iptables=<%= $iptables -%>
+ --ip-masq=<%= $ip_masq -%>
+<% if $icc { %> --icc=<%= $icc %><% } %>
+<% if $fixed_cidr { %> --fixed-cidr <%= $fixed_cidr %><% } %>
+<% if $default_gateway { %> --default-gateway <%= $default_gateway %><% } %>
+<% if $bridge { %> --bridge <%= $bridge %><% } %>
+<% if $log_level { %> -l <%= $log_level %><% } %>
+<% if $log_driver { %> --log-driver <%= $log_driver %><% } %>
+<% if $log_driver { %><% if $log_opt { %><% $log_opt.each |$param| { %> --log-opt <%= $param %><% } %><% } %><% } %>
+<% if $selinux_enabled { %> --selinux-enabled=<%= $selinux_enabled %><% } %>
+<% if $socket_group { %> -G <%= $socket_group %><% } %>
+<% if $dns { %><% $dns_array.each |$address| { %> --dns <%= $address %><% } %><% } %>
+<% if $dns_search { %><% $dns_search_array.each |$domain| { %> --dns-search <%= $domain %><% } %><% } %>
+<% if $execdriver { %> -e <%= $execdriver %><% } %>
+<% if $storage_driver { %> --storage-driver=<%= $storage_driver %><% } %>
+<% if $storage_driver == 'devicemapper' { -%>
+  <%- if $dm_basesize { %> --storage-opt dm.basesize=<%= $dm_basesize %><% } %>
+  <%- if $dm_fs { %> --storage-opt dm.fs=<%= $dm_fs %><% } %>
+  <%- if $dm_mkfsarg { %> --storage-opt "dm.mkfsarg=<%= $dm_mkfsarg %>"<% } %>
+  <%- if $dm_mountopt { %> --storage-opt dm.mountopt=<%= $dm_mountopt %><% } %>
+  <%- if $dm_blocksize { %> --storage-opt dm.blocksize=<%= $dm_blocksize %><% } %>
+  <%- if $dm_loopdatasize { %> --storage-opt dm.loopdatasize=<%= $dm_loopdatasize %><% } %>
+  <%- if $dm_loopmetadatasize { %> --storage-opt dm.loopmetadatasize=<%= $dm_loopmetadatasize %><% } %>
+  <%- if $dm_thinpooldev { %> --storage-opt dm.thinpooldev=<%= $dm_thinpooldev %><% }
+  else { %>
+    <%- if $dm_datadev { %> --storage-opt dm.datadev=<%= $dm_datadev %><% } %>
+    <%- if $dm_metadatadev { %> --storage-opt dm.metadatadev=<%= $dm_metadatadev %><% } %>
+  <% } %>
+<%- if $dm_use_deferred_removal { %> --storage-opt dm.use_deferred_removal=<%= $dm_use_deferred_removal %><% } %>
+<%- if $dm_use_deferred_deletion { %> --storage-opt dm.use_deferred_deletion=<%= $dm_use_deferred_deletion %><% } %>
+<%- if $dm_blkdiscard { %> --storage-opt dm.blkdiscard=<%= $dm_blkdiscard %><% } %>
+<%- if $dm_override_udev_sync_check { %> --storage-opt dm.override_udev_sync_check=<%= $dm_override_udev_sync_check %><% } %>
+<% } elsif $storage_driver == 'overlay2' { -%>
+  <%- if $overlay2_override_kernel_check { %> --storage-opt overlay2.override_kernel_check=<%= $overlay2_override_kernel_check %><% } %>
+<% } -%>
+<% $labels.each |$label| { %> --label <%= $label %><% } %>
+<% if $extra_parameters { %><% $extra_parameters_array.each |$param| { %> <%= $param %><% } %><% } %>
+"
+<% if $proxy { %>export http_proxy='<%= $proxy %>'
+export https_proxy='<%= $proxy %>'<% } -%>
+<% if $no_proxy { %>export no_proxy='<%= $no_proxy %>'<% } -%>
+# This is also a handy place to tweak where Docker's temporary files go.
+export TMPDIR="<%= $tmp_dir %>"
+<% if $shell_values { %><% $shell_values_array.each |$param| { %>
+<%= $param %><% } %><% } -%>

environments/production/thirdparty/docker/templates/etc/default/docker.epp

@@ -0,0 +1,70 @@
+# Docker Upstart and SysVinit configuration file
+#
+# THIS FILE IS MANAGED BY PUPPET. Changes will be overwritten.
+
+# # Customize location of Docker binary (especially for development testing).
+DOCKER="/usr/bin/<%= $docker_command %>"
+
+# # If you need Docker to use an HTTP proxy, it can also be specified here.
+<% if $proxy { -%>
+export http_proxy='<%= $proxy %>'
+export https_proxy='<%= $proxy %>'
+<% } -%>
+<% if $no_proxy { -%>
+export no_proxy='<%= $no_proxy.convert_to(Array).join(',') %>'
+<% } -%>
+
+# # This is also a handy place to tweak where Docker's temporary files go.
+export TMPDIR="<%= $tmp_dir %>"
+
+# # Use DOCKER_OPTS to modify the daemon startup options.
+DOCKER_OPTS="\
+<% if $root_dir { %><%= $root_dir_flag %> <%= $root_dir %><% } -%>
+<% if $tcp_bind { %><% $tcp_bind_array.each |$param| { %> -H <%= $param %><% } %><% } -%>
+<% if $tls_enable { %> --tls<% if $tls_verify { %> --tlsverify<% } %> --tlscacert=<%= $tls_cacert %> --tlscert=<%= $tls_cert %> --tlskey=<%= $tls_key %><% } -%>
+<% if $socket_bind { %> -H <%= $socket_bind %><% } -%>
+ --ip-forward=<%= $ip_forward -%>
+ --iptables=<%= $iptables -%>
+ --ip-masq=<%= $ip_masq -%>
+<% if $icc { %> --icc=<%= $icc %><% } -%>
+<% if $fixed_cidr { %> --fixed-cidr <%= $fixed_cidr %><% } -%>
+<% if $bridge { %> --bridge <%= $bridge %><% } -%>
+<% if $default_gateway { %> --default-gateway <%= $default_gateway %><% } -%>
+<% if $log_level { %> -l <%= $log_level %><% } -%>
+<% if $log_driver { %> --log-driver <%= $log_driver %><% } -%>
+<% if $log_driver { %><% if $log_opt { %><% $log_opt.each |$param| { %> --log-opt <%= $param %><% } %><% } -%><% } -%>
+<% if $selinux_enabled { %> --selinux-enabled=<%= $selinux_enabled %><% } -%>
+<% if $socket_group { %> -G <%= $socket_group %><% } -%>
+<% if $dns { %><% $dns_array.each |$address| { %> --dns <%= $address %><% } %><% } -%>
+<% if $dns_search { %><% $dns_search_array.each |$domain| { %> --dns-search <%= $domain %><% } %><% } -%>
+<% if $execdriver { %> -e <%= $execdriver %><% } -%>
+<% if $bip { %> --bip=<%= $bip %><% } -%>
+<% if $mtu { %> --mtu=<%= $mtu %><% } -%>
+<% if type($registry_mirror, 'generalized') == String { %> --registry-mirror=<%= $registry_mirror %><% } -%>
+<% if String(type($registry_mirror, 'generalized')).index('Array') == 0 { %><% $registry_mirror.each |$param| { %> --registry-mirror=<%= $param %><% } %><% } -%>
+<% if $storage_driver { %> --storage-driver=<%= $storage_driver %><% } -%>
+<% if $storage_driver == 'devicemapper' { -%>
+  <%- if $dm_basesize { %> --storage-opt dm.basesize=<%= $dm_basesize %><% } -%>
+  <%- if $dm_fs { %> --storage-opt dm.fs=<%= $dm_fs %><% } -%>
+  <%- if $dm_mkfsarg { %> --storage-opt "dm.mkfsarg=<%= $dm_mkfsarg %>"<% } -%>
+  <%- if $dm_mountopt { %> --storage-opt dm.mountopt=<%= $dm_mountopt %><% } -%>
+  <%- if $dm_blocksize { %> --storage-opt dm.blocksize=<%= $dm_blocksize %><% } -%>
+  <%- if $dm_loopdatasize { %> --storage-opt dm.loopdatasize=<%= $dm_loopdatasize %><% } -%>
+  <%- if $dm_loopmetadatasize { %> --storage-opt dm.loopmetadatasize=<%= $dm_loopmetadatasize %><% } -%>
+  <%- if $dm_thinpooldev { %> --storage-opt dm.thinpooldev=<%= $dm_thinpooldev -%>
+  <%- }else { -%>
+    <%- if $dm_datadev { %> --storage-opt dm.datadev=<%= $dm_datadev %><% } -%>
+    <%- if $dm_metadatadev { %> --storage-opt dm.metadatadev=<%= $dm_metadatadev %><% } -%>
+  <%- } -%>
+<%- if $dm_use_deferred_removal { %> --storage-opt dm.use_deferred_removal=<%= $dm_use_deferred_removal %><% } -%>
+<%- if $dm_use_deferred_deletion { %> --storage-opt dm.use_deferred_deletion=<%= $dm_use_deferred_deletion %><% } -%>
+<%- if $dm_blkdiscard { %> --storage-opt dm.blkdiscard=<%= $dm_blkdiscard %><% } -%>
+<%- if $dm_override_udev_sync_check { %> --storage-opt dm.override_udev_sync_check=<%= $dm_override_udev_sync_check %><% } -%>
+<% } elsif $storage_driver == 'overlay2' { -%>
+  <%- if $overlay2_override_kernel_check { %> --storage-opt overlay2.override_kernel_check=<%= $overlay2_override_kernel_check %><% } -%>
+<% } -%>
+<% $labels.each |$label| { %> --label <%= $label %><% } -%>
+<% if $extra_parameters { %><% $extra_parameters_array.each |$param| { %> <%= $param %><% } %><% } -%>
+"
+<% if $shell_values { %><% $shell_values_array.each |$param| { %>
+<%= $param %><% } %><% } -%>

environments/production/thirdparty/docker/templates/etc/init.d/docker-run.epp

@@ -0,0 +1,145 @@
+<%-
+	$required_start = ["$network"] +
+		$sanitised_after_array.map |$s| { "${service_prefix}${s}"} +
+		$sanitised_depends_array.map |$s| { "${service_prefix}${s}"} +
+		$depend_services_array
+
+	$required_stop = ["$network"] +
+		$sanitised_depends_array.map |$d| { "${service_prefix}${d}"} +
+		$depend_services_array
+-%>
+#!/bin/sh
+#
+# This file is managed by Puppet and local changes
+# may be overwritten
+#
+#    /etc/rc.d/init.d/<servicename>
+#
+#    Daemon for <%= $title %>
+#
+# chkconfig: 2345 97 15
+# description: Docker container for <%= $title %>
+
+### BEGIN INIT INFO
+# Provides:       <%= $service_prefix %><%= $sanitised_title %>
+# Required-Start: <%= $required_start.unique.join(" ") %>
+# Required-Stop:  <%= $required_stop.unique.join(" ") %>
+# Should-Start:
+# Should-Stop:
+# Default-Start: 2 3 4 5
+# Default-Stop:  0 1 6
+# Short-Description: start and stop docker container for <%= $title %>
+# Description: Docker container for <%= $title %>
+### END INIT INFO
+
+if [ -e /etc/init.d/functions ]; then
+    . /etc/init.d/functions
+elif [ -e /lib/lsb/init-functions ]; then
+    . /lib/lsb/init-functions
+    failure() {
+        log_failure_msg "$@"
+        return 1
+    }
+    success() {
+        log_success_msg "$@"
+        return 0
+    }
+else
+    failure() {
+        echo "fail: $@" >&2
+        exit 1
+    }
+    success() {
+        echo "success: $@" >&2
+        exit 0
+    }
+fi
+
+export HOME=/root/
+docker="/usr/bin/<%= $docker_command %>"
+prog="<%= $service_prefix %><%= $sanitised_title %>"
+if [ -d /var/lock/subsys ]; then
+    lockfile="/var/lock/subsys/$prog"
+else
+    unset lockfile
+fi
+
+start() {
+    [ -x $docker ] || exit 5
+
+    if [ "true" = "$($docker inspect --format='{{.State.Running}}' <%= $sanitised_title %> 2>/dev/null)" ]; then
+       failure
+       printf "Container <%= $sanitised_title %> is still running.\n"
+       exit 7
+    fi
+
+    printf "Starting $prog:\t"
+    <%= $docker_run_inline_start %>
+
+    retval=$?
+    echo
+    if [ $retval -eq 0 ]; then
+        success
+    else
+        failure
+    fi
+}
+
+stop() {
+    echo -n "Stopping $prog: "
+    <%= $docker_run_inline_stop %>
+
+    return $?
+}
+
+clean() {
+    if ! [ -f $cidfile ]; then
+        failure
+        echo
+        printf "$cidfile does not exist.\n"
+    else
+        cid="$(cat $cidfile)"
+        rm $cidfile
+        $docker rm -v -f $cid
+        retval=$?
+        return $retval
+    fi
+}
+
+case "$1" in
+    start)
+    start
+    ;;
+    stop)
+    stop
+    ;;
+    status)
+    if [ "true" = "$($docker inspect --format='{{.State.Running}}' <%= $sanitised_title %> 2>/dev/null)" ]; then
+        echo $prog is running
+        exit 0
+    else
+        echo $prog not running
+        exit 1
+    fi
+    ;;
+    restart|reload)
+    stop
+    start
+    ;;
+    clean)
+    clean
+    ;;
+    cleanRestart)
+    stop
+    clean
+    start
+    ;;
+    condrestart)
+    [ -f /var/lock/subsys/$prog ] && restart || :
+    ;;
+    *)
+    echo "Usage: $0 [start|stop|status|reload|restart|probe|clean|cleanRestart]"
+    exit 1
+    ;;
+esac
+exit $?

environments/production/thirdparty/docker/templates/etc/sysconfig/docker-storage-setup.epp

@@ -0,0 +1,19 @@
+# This file is managed by Puppet and local changes
+# may be overwritten
+
+# Edit this file to override any configuration options specified in
+# /usr/lib/docker-storage-setup/docker-storage-setup.
+#
+# For more details refer to "man docker-storage-setup"
+
+<% if $storage_driver { %>STORAGE_DRIVER=<%= $storage_driver %><% } %>
+<% if $storage_devs { %>DEVS="<%= $storage_devs %>"<% } %>
+<% if $storage_vg { %>VG=<%= $storage_vg %><% } %>
+<% if $storage_root_size { %>ROOT_SIZE=<%= $storage_root_size %><% } %>
+<% if $storage_data_size { %>DATA_SIZE=<%= $storage_data_size %><% } %>
+<% if $storage_min_data_size { %>MIN_DATA_SIZE=<%= $storage_min_data_size %><% } %>
+<% if $storage_chunk_size { %>CHUNK_SIZE=<%= $storage_chunk_size %><% } %>
+<% if $storage_growpart { %>GROWPART=<%= $storage_growpart %><% } %>
+<% if $storage_auto_extend_pool { %>AUTO_EXTEND_POOL=<%= $storage_auto_extend_pool %><% } %>
+<% if $storage_pool_autoextend_threshold { %>POOL_AUTOEXTEND_THRESHOLD=<%= $storage_pool_autoextend_threshold %><% } %>
+<% if $storage_pool_autoextend_percent { %>POOL_AUTOEXTEND_PERCENT=<%= $storage_pool_autoextend_percent %><% } %>

environments/production/thirdparty/docker/templates/etc/sysconfig/docker-storage.epp

@@ -0,0 +1,39 @@
+# This file is managed by Puppet and local changes
+# may be overwritten
+
+# This file may be automatically generated by an installation program.
+
+# By default, Docker uses a loopback-mounted sparse file in
+# /var/lib/docker.  The loopback makes it slower, and there are some
+# restrictive defaults, such as 100GB max storage.
+
+# If your installation did not set a custom storage for Docker, you
+# may do it below.
+
+# Example: Use a custom pair of raw logical volumes (one for metadata,
+# one for data).
+# DOCKER_STORAGE_OPTIONS = --storage-opt dm.metadatadev=/dev/mylogvol/my-docker-metadata --storage-opt dm.datadev=/dev/mylogvol/my-docker-data
+
+DOCKER_STORAGE_OPTIONS="<% -%>
+<% if $storage_driver { %> --storage-driver=<%= $storage_driver %><% } -%>
+<% if $storage_driver == 'devicemapper' { -%>
+  <%- if $dm_basesize { %> --storage-opt dm.basesize=<%= $dm_basesize %><% } -%>
+  <%- if $dm_fs { %> --storage-opt dm.fs=<%= $dm_fs %><% } -%>
+  <%- if $dm_mkfsarg { %> --storage-opt "dm.mkfsarg=<%= $dm_mkfsarg %>"<% } -%>
+  <%- if $dm_mountopt { %> --storage-opt dm.mountopt=<%= $dm_mountopt %><% } -%>
+  <%- if $dm_blocksize { %> --storage-opt dm.blocksize=<%= $dm_blocksize %><% } -%>
+  <%- if $dm_loopdatasize { %> --storage-opt dm.loopdatasize=<%= $dm_loopdatasize %><% } -%>
+  <%- if $dm_loopmetadatasize { %> --storage-opt dm.loopmetadatasize=<%= $dm_loopmetadatasize %><% } -%>
+  <%- if $dm_thinpooldev { %> --storage-opt dm.thinpooldev=<%= $dm_thinpooldev -%>
+  <%- }else { -%>
+    <%- if $dm_datadev { %> --storage-opt dm.datadev=<%= $dm_datadev %><% } -%>
+    <%- if $dm_metadatadev { %> --storage-opt dm.metadatadev=<%= $dm_metadatadev %><% } -%>
+  <%- } -%>
+<%- if $dm_use_deferred_removal { %> --storage-opt dm.use_deferred_removal=<%= $dm_use_deferred_removal %><% } -%>
+<%- if $dm_use_deferred_deletion { %> --storage-opt dm.use_deferred_deletion=<%= $dm_use_deferred_deletion %><% } -%>
+<%- if $dm_blkdiscard { %> --storage-opt dm.blkdiscard=<%= $dm_blkdiscard %><% } -%>
+<%- if $dm_override_udev_sync_check { %> --storage-opt dm.override_udev_sync_check=<%= $dm_override_udev_sync_check %><% } -%>
+<% } elsif $storage_driver == 'overlay2' { -%>
+  <%- if $overlay2_override_kernel_check { %> --storage-opt overlay2.override_kernel_check=<%= $overlay2_override_kernel_check %><% } -%>
+<% } -%>
+"

environments/production/thirdparty/docker/templates/etc/sysconfig/docker.epp

@@ -0,0 +1,40 @@
+# This file is managed by Puppet and local changes
+# may be overwritten
+
+DOCKER="/usr/bin/<%= $docker_command %>"
+
+other_args="<% -%>
+<% if $root_dir { %><%= $root_dir_flag %> <%= $root_dir %><% } -%>
+<% if $tcp_bind { %><% $tcp_bind_array.each |$param| { %> -H <%= $param %><% } %><% } -%>
+<% if $tls_enable { %> --tls<% if $tls_verify { %> --tlsverify<% } %> --tlscacert=<%= $tls_cacert %> --tlscert=<%= $tls_cert %> --tlskey=<%= $tls_key %><% } -%> 
+<% if $socket_bind { %> -H <%= $socket_bind %><% } -%>
+ --ip-forward=<%= $ip_forward -%>
+ --iptables=<%= $iptables -%>
+ --ip-masq=<%= $ip_masq -%>
+<% if $icc { %> --icc=<%= $icc %><% } -%>
+<% if $fixed_cidr { %> --fixed-cidr <%= $fixed_cidr %><% } -%>
+<% if $bridge { %> --bridge <%= $bridge %><% } -%>
+<% if $default_gateway { %> --default-gateway <%= $default_gateway %><% } -%>
+<% if $ipv6 { %> --ipv6<% } -%>
+<% if $ipv6_cidr { %> --fixed-cidr-v6 <%= $ipv6_cidr %><% } -%>
+<% if $default_gateway_ipv6 { %> --default-gateway-v6 <%= $default_gateway_ipv6 %><% } -%>
+<% if $log_level { %> -l <%= $log_level %><% } -%>
+<% if $log_driver { %> --log-driver <%= $log_driver %><% } -%>
+<% if $log_driver { %><% if $log_opt { %><% $log_opt.each |$param| { %> --log-opt <%= $param %><% } %><% } -%><% } -%>
+<% if $selinux_enabled { %> --selinux-enabled=<%= $selinux_enabled %><% } -%>
+<% if $socket_group { %> -G <%= $socket_group %><% } -%>
+<% if $dns { %><% $dns_array.each |$address| { %> --dns <%= $address %><% } %><% } -%>
+<% if $dns_search { %><% $dns_search_array.each |$domain| { %> --dns-search <%= $domain %><% } %><% } -%>
+<% if $execdriver { %> -e <%= $execdriver %><% } -%>
+<% if $bip { %> --bip=<%= $bip %><% } -%>
+<% if $mtu { %> --mtu=<%= $mtu %><% } -%>
+<% $labels.each |$label| { %> --label <%= $label %><% } -%>
+<% if $extra_parameters { %><% $extra_parameters_array.each |$param| { %> <%= $param %><% } %><% } -%>"
+
+<% if $proxy { %>export http_proxy='<%= $proxy %>'
+export https_proxy='<%= $proxy %>'<% } %>
+<% if $no_proxy { %>export no_proxy='<%= $no_proxy %>'<% } %>
+# This is also a handy place to tweak where Docker's temporary files go.
+export TMPDIR="<%= $tmp_dir %>"
+<% if $shell_values { %><% $shell_values_array.each |$param| { %>
+<%= $param %><% } %><% } -%>

environments/production/thirdparty/docker/templates/etc/sysconfig/docker.systemd.epp

@@ -0,0 +1,38 @@
+# This file is managed by Puppet and local changes
+# may be overwritten
+
+OPTIONS="<% if $root_dir { %><%= $root_dir_flag %> <%= $root_dir %><% } -%>
+<% if $tcp_bind { %><% $tcp_bind_array.each |$param| { %> -H <%= $param %><% } %><% } -%>
+<% if $tls_enable { %> --tls<% if $tls_verify { %> --tlsverify<% } %> --tlscacert=<%= $tls_cacert %> --tlscert=<%= $tls_cert %> --tlskey=<%= $tls_key %><% } -%> 
+<% if $socket_bind { %> -H <%= $socket_bind %><% } -%>
+ --ip-forward=<%= $ip_forward -%>
+ --iptables=<%= $iptables -%>
+ --ip-masq=<%= $ip_masq -%>
+<% if $icc { %> --icc=<%= $icc %><% } -%>
+<% if type($registry_mirror, 'generalized') == String { %> --registry-mirror=<%= $registry_mirror %><% } -%>
+<% if String(type($registry_mirror, 'generalized')).index('Array') == 0 { %><% $registry_mirror.each |$param| { %> --registry-mirror=<%= $param %><% } %><% } -%>
+<% if $fixed_cidr { %> --fixed-cidr <%= $fixed_cidr %><% } -%>
+<% if $default_gateway { %> --default-gateway <%= $default_gateway %><% } -%>
+<% if $ipv6 { %> --ipv6<% } -%>
+<% if $ipv6_cidr { %> --fixed-cidr-v6 <%= $ipv6_cidr %><% } -%>
+<% if $default_gateway_ipv6 { %> --default-gateway-v6 <%= $default_gateway_ipv6 %><% } -%>
+<% if $bridge { %> --bridge <%= $bridge %><% } -%>
+<% if $log_level { %> -l <%= $log_level %><% } -%>
+<% if $log_driver { %> --log-driver <%= $log_driver %><% } -%>
+<% if $log_driver { %><% if $log_opt { %><% $log_opt.each |$param| { %> --log-opt <%= $param %><% } %><% } -%><% } -%>
+<% if $selinux_enabled { %> --selinux-enabled=<%= $selinux_enabled %><% } -%>
+<% if $socket_group { %> -G <%= $socket_group %><% } -%>
+<% if $dns { %><% $dns_array.each |$address| { %> --dns <%= $address %><% } %><% } -%>
+<% if $dns_search { %><% $dns_search_array.each |$domain| { %> --dns-search <%= $domain %><% } %><% } -%>
+<% if $execdriver { %> -e <%= $execdriver %><% } -%>
+<% if $bip { %> --bip=<%= $bip %><% } -%>
+<% if $mtu { %> --mtu=<%= $mtu %><% } -%>
+<% if $labels { %><% $labels_array.each |$label| { %> --label <%= $label %><% } %><% } -%>
+<% if $extra_parameters { %><% $extra_parameters_array.each |$param| { %> <%= $param %><% } %><% } -%>"
+
+<% if $proxy { %>http_proxy='<%= $proxy %>'
+  https_proxy='<%= $proxy %>'<% } %>
+<% if $no_proxy { %>no_proxy='<%= $no_proxy %>'<% } %>
+# This is also a handy place to tweak where Docker's temporary files go.
+<% if $tmp_dir_config { %>TMPDIR="<%= $tmp_dir %>"<% }else { %># TMPDIR="<%= $tmp_dir %>"<% } %>
+<% if $shell_values { %><% $shell_values_array.each |$param| { %> <%= $param %><% } %><% } -%>

environments/production/thirdparty/docker/templates/etc/systemd/system/docker-run.epp

@@ -0,0 +1,63 @@
+<%-
+	$depend_services = $depend_services_array.map |$s| { if $s =~ /\.[a-z]+$/ { $s }else { "${s}.service" } }
+	$after = $sanitised_after_array.map |$s| { "${service_prefix}${s}.service" } +
+		 $sanitised_depends_array.map |$s| { "${service_prefix}${s}.service"} +
+		 $depend_services
+	$wants = $sanitised_after_array.map |$a| { "${service_prefix}${a}.service" }
+	$requires = $sanitised_depends_array.map |$d| { "${service_prefix}${d}.service" } +
+		    $depend_services
+-%>
+# This file is managed by Puppet and local changes
+# may be overwritten
+
+[Unit]
+Description=Daemon for <%= $title %>
+After=<%= $after.unique.join(" ") %>
+Wants=<%= $wants.unique.join(" ") %>
+Requires=<%= $requires.unique.join(" ") %>
+<%- if $have_systemd_v230 { -%>
+StartLimitIntervalSec=20
+StartLimitBurst=3
+<% } -%>
+<%- if $extra_systemd_parameters['Unit'] { -%>
+	<%- $extra_systemd_parameters['Unit'].each |$key, $value| { %>
+<%= $key %>=<%= $value %>
+	<%- } -%>
+<% } -%>
+
+[Service]
+Restart=<%= $systemd_restart %>
+<%- unless $have_systemd_v230 { -%>
+StartLimitInterval=20
+StartLimitBurst=3
+<% } -%>
+TimeoutStartSec=0
+RestartSec=5
+Environment="HOME=/root"
+<%- if $_syslog_identifier { -%>
+SyslogIdentifier=<%= $_syslog_identifier %>
+<% } -%>
+<%- if $syslog_facility { -%>
+SyslogFacility=<%= $syslog_facility %>
+<% } -%>
+ExecStart=/usr/local/bin/docker-run-<%= $sanitised_title %>-start.sh
+ExecStop=-/usr/local/bin/docker-run-<%= $sanitised_title %>-stop.sh
+<%- if $remain_after_exit { %>
+RemainAfterExit=<%= $remain_after_exit %>
+<% } -%>
+<%- if $extra_systemd_parameters['Service'] { -%>
+	<%- $extra_systemd_parameters['Service'].each |$key, $value| { -%>
+<%= $key %>=<%= $value %>
+	<%- } -%>
+<% } -%>
+
+[Install]
+WantedBy=multi-user.target
+<%- if $service_name { -%>
+WantedBy=<%= $service_name %>.service
+<% } -%>
+<%- if $extra_systemd_parameters['Install'] { -%>
+	<%- $extra_systemd_parameters['Install'].each |$key, $value| { -%>
+<%= $key %>=<%= $value %>
+	<%- } -%>
+<% } -%>

environments/production/thirdparty/docker/templates/etc/systemd/system/docker.service.d/service-overrides-debian.conf.epp

@@ -0,0 +1,11 @@
+<% if $service_after_override { -%>
+[Unit]
+After=<%= $service_after_override %>
+
+<% } -%>
+[Service]
+EnvironmentFile=-/etc/default/docker
+EnvironmentFile=-/etc/default/docker-storage
+ExecStart=
+ExecStart=/usr/bin/<%= $docker_start_command %> $OPTIONS \
+        $DOCKER_STORAGE_OPTIONS

environments/production/thirdparty/docker/templates/etc/systemd/system/docker.service.d/service-overrides-rhel.conf.epp

@@ -0,0 +1,17 @@
+<% if $service_after_override { -%>
+[Unit]
+After=<%= $service_after_override %>
+
+<% } -%>
+[Service]
+EnvironmentFile=-/etc/sysconfig/docker
+EnvironmentFile=-/etc/sysconfig/docker-storage
+EnvironmentFile=-/etc/sysconfig/docker-network
+<% if $daemon_environment_files { %><% $daemon_environment_files.each |$param| { %>EnvironmentFile=-<%= $param %>
+<% } %><% } -%>
+ExecStart=
+ExecStart=/usr/bin/<%= $docker_start_command %> $OPTIONS \
+      $DOCKER_STORAGE_OPTIONS \
+      $DOCKER_NETWORK_OPTIONS \
+      $BLOCK_REGISTRY \
+      $INSECURE_REGISTRY

environments/production/thirdparty/docker/templates/etc/systemd/system/docker.socket.d/socket-overrides.conf.epp

@@ -0,0 +1,2 @@
+[Socket]
+SocketGroup=<%= $socket_group %>

environments/production/thirdparty/docker/templates/update_docker_image.sh.epp

@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Pulls a docker image.
+# Returns 0 if there a change.
+# Returns 2 if there is no change.
+# Returns 3 if something when wrong.
+#
+DOCKER_IMAGE=$1
+
+BEFORE=$(docker inspect --type image --format='{{.Id}}' ${DOCKER_IMAGE} 2>/dev/null)
+<%= $docker_command %> pull ${DOCKER_IMAGE}
+AFTER=$(docker inspect --type image --format='{{.Id}}' ${DOCKER_IMAGE} 2>/dev/null)
+
+if [[ -z $AFTER ]]; then
+  echo "Docker image ${DOCKER_IMAGE} failed to pull!"
+  exit 3
+elif [[ $BEFORE == $AFTER ]]; then
+  echo "No updates to ${DOCKER_IMAGE} available. Currently on ${AFTER}."
+  exit 2
+else
+  echo "${DOCKER_IMAGE} updated. Changed from ${BEFORE} to ${AFTER}."
+  exit 0
+fi

environments/production/thirdparty/docker/templates/usr/local/bin/docker-run.sh.epp

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+<%= $script %>
+
+exit $?

environments/production/thirdparty/docker/templates/windows/check_docker.ps1.epp

@@ -0,0 +1,19 @@
+# this file checks the status of the Windows Docker package using the DockerProvider powershell provider
+$dockerProviderName="DockerProvider"
+
+Write-Information "Checking Docker package."
+$package=Get-Package <%= $docker_ee_package_name %> -ProviderName $dockerProviderName -ErrorAction Ignore
+if ($package -ne $null) { 
+    Exit 1
+}
+
+$service = Get-Service "docker" -ErrorAction Ignore
+if ($service -ne $null) {
+    exit 1
+} 
+
+if (Test-Path -Path "$env:ProgramFiles\docker") {
+    exit 1
+}
+
+exit 0

environments/production/thirdparty/docker/templates/windows/check_docker_url.ps1.epp

@@ -0,0 +1,22 @@
+$dockerLocation = Join-Path $env:TEMP "docker.zip"
+
+if ((test-path $dockerLocation)) 
+{
+    $localModified = (Get-Item $dockerLocation).LastWriteTime 
+    $webRequest = [System.Net.HttpWebRequest]::Create("<%= $docker_download_url %>");
+    $webRequest.Method = "HEAD";
+    $webResponse = $webRequest.GetResponse()
+    $remoteLastModified = ($webResponse.LastModified) -as [DateTime] 
+    $webResponse.Close()
+
+    if ($remoteLastModified -gt $localModified)
+    {
+        exit 1
+    }
+    else
+    {
+        exit 0
+    }
+}
+
+exit 1

environments/production/thirdparty/docker/templates/windows/check_hash.ps1.epp

@@ -0,0 +1,17 @@
+#file computes the 512SHA for a given string and writes it to a file
+
+$String = $env:docker_auth
+$HashName = "SHA512"
+$StringBuilder = New-Object System.Text.StringBuilder 
+[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|%{ 
+[Void]$StringBuilder.Append($_.ToString("x2")) 
+} 
+
+if([System.IO.File]::Exists("<%= $passfile %>")){
+    $CurrentContent = Get-Content -Path "<%= $passfile %>"
+    if($CurrentContent -eq $StringBuilder.ToString()){
+        exit 0
+    }
+}
+
+exit 1

environments/production/thirdparty/docker/templates/windows/check_powershell_provider.ps1.epp

@@ -0,0 +1,48 @@
+# this file checks the status of the Windows Docker package using the DockerProvider powershell provider
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+$dockerProviderName="DockerProvider"
+
+Write-Information "Checking Package Provider"
+$module = Get-PackageProvider NuGet -ErrorAction SilentlyContinue
+If ($module -eq $null) {
+    Write-Error "NuGet PackagePrivider is not installed."
+    Exit 1
+}
+
+<% if $nuget_package_provider_version { -%>
+Write-Information "Checking Package provider version"
+if ($module.Version.ToString() -ne "<%= $nuget_package_provider_version %>" ) {
+    Write-Error "Incorrect Microsoft Nuget provider version installed"
+    Exit 1
+}
+<% } -%>
+
+Write-Information "Checking Docker Provider"
+$provider = Get-Module -ListAvailable -Name $dockerProviderName -ErrorAction SilentlyContinue
+If ($provider -eq $null) {
+    Write-Error "Docker Microsoft Docker provider is not installed."
+    Exit 1
+}
+
+<% if $docker_msft_provider_version { -%>
+Write-Information "Checking Docker provider version"
+if ($provider.Version.ToString() -ne "<%= $docker_msft_provider_version %>" ) {
+    Write-Error "Incorrect Microsoft Docker Provider version installed."
+    Exit 1
+}
+<% } -%>
+
+Write-Information "Checking Docker package."
+$package=Get-Package <%= $docker_ee_package_name %> -ProviderName $dockerProviderName -ErrorAction SilentlyContinue
+If ($package -eq $null) { 
+    Write-Error "Docker package is not installed."
+    Exit 1
+}
+
+<% if $version { -%>
+Write-Information "Checking Docker package version"
+if ($package.Version.ToString() -notmatch  "<%= $version %>"){
+    Write-Error "Incorrect Docker package version installed."
+    Exit 1
+}
+<% } %>

environments/production/thirdparty/docker/templates/windows/compute_hash.ps1.epp

@@ -0,0 +1,10 @@
+#file computes the 512SHA for a given string and writes it to a file
+
+$String = $env:docker_auth
+$HashName = "SHA512"
+$StringBuilder = New-Object System.Text.StringBuilder 
+[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|%{ 
+[Void]$StringBuilder.Append($_.ToString("x2")) 
+} 
+
+$StringBuilder.ToString() | Out-File <%= $passfile %>

environments/production/thirdparty/docker/templates/windows/config/daemon.json.epp

@@ -0,0 +1,23 @@
+{
+    <% if $dns { %> "dns": <%= $dns_array.to_json %>,<% } -%>
+    <% if $dns_search { %> "dns-search": <%= $dns_search_array.to_json %>,<% } -%>
+    <% if $log_driver { %> "log-driver": "<%= $log_driver %>", <% } -%>
+    <% if $mtu { %> "mtu": <%= $mtu %>,<% } -%>
+    <% if $tcp_bind { %> "hosts": <%= $tcp_bind_array.to_json %>,<% } -%>
+    <% if $log_level { %> "log-level": "<%= $log_level %>",<% } -%>
+    <% if $tls_enable { %> "tlsverify": true, 
+    "tlscacert": "<%= $tls_cacert %>",
+    "tlscert": "<%= $tls_cert %>",
+    "tlskey": "<%= $tls_key %>",    
+    <% } -%>
+    <% if $socket_group { %>"group": "<%= $socket_group %>",<% } -%>
+    <% if $bridge { %>"bridge": "<%= $bridge %>",<% } -%>
+    <% if $fixed_cidr { %>"fixed-cidr": "<%= $fixed_cidr %>",<% } -%>
+    <% if type($registry_mirror, 'generalized') == String { %>"registry-mirrors": ["<%= $registry_mirror %>"], <% } -%>
+    <% if String(type($registry_mirror, 'generalized')).index('Array') == 0 { %>"registry-mirrors": ["<%= $registry_mirror.join('", "') %>"], <% } -%>
+    <% if $extra_parameters { %><% $extra_parameters_array.each |$param| { %>
+    <%= $param %> ,<% } %>
+    <% } -%>
+    <% if $root_dir { %>"data-root": "<%= $root_dir %>",<% } -%>
+    "labels": <%= $labels_array.to_json %>
+}

environments/production/thirdparty/docker/templates/windows/download_docker.ps1.epp

@@ -0,0 +1,40 @@
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+$dockerLocation = Join-Path $env:TEMP "docker.zip"
+
+Invoke-webrequest -UseBasicparsing -Outfile $dockerLocation "<%= $docker_download_url %>"
+
+$cleanInstall = $false
+
+$service = Get-Service "docker" -ErrorAction Ignore
+if ( -not $service ) {
+    $cleanInstall = $true
+} elseif ( $service.Status -ne [ServiceProcess.ServiceControllerStatus]::Stopped ) {
+    $timeSpan = New-Timespan -Seconds 60
+    try {
+        $service.Stop()
+        $service.WaitForStatus([ServiceProcess.ServiceControllerStatus]::Stopped, $timeSpan)
+    }
+    catch [Management.Automation.MethodInvocationException],[ServiceProcess.TimeoutException] {
+        Write-Error "Failed to stop docker service"
+        exit 1
+    }
+}
+
+# Extract the archive.
+Expand-Archive -Force $dockerLocation -DestinationPath $Env:ProgramFiles
+
+# Install Docker. This will require rebooting.
+$null = Install-WindowsFeature containers
+
+if ($cleanInstall) {
+    # Add Docker to the path for the current session.
+    $env:path += ";$env:ProgramFiles\docker"
+
+    # Optionally, modify PATH to persist across sessions.
+    $newPath = "$env:ProgramFiles\docker;" + [Environment]::GetEnvironmentVariable("PATH", [EnvironmentVariableTarget]::Machine)
+
+    [Environment]::SetEnvironmentVariable("PATH", $newPath, [EnvironmentVariableTarget]::Machine)
+
+    # Register the Docker daemon as a service.
+    dockerd --register-service
+}

environments/production/thirdparty/docker/templates/windows/download_docker_compose.ps1.epp

@@ -0,0 +1,23 @@
+try {
+$WebClient = New-Object System.Net.WebClient
+<%if $proxy { %>
+$uri = New-Object Uri("<%= $proxy %>")
+if ($uri.UserInfo -eq $null) {
+  $WebProxy = New-Object System.Net.WebProxy("<%= $proxy %>",$true)
+  $WebClient.Proxy = $WebProxy
+} 
+else {
+  $user,$password = $uri.UserInfo -split (':')
+  $proxyAddress = $uri.Scheme + "://" + $uri.Host + ":" + $uri.Port + $uri.PathAndQuery
+  $WebProxy = New-Object System.Net.WebProxy($uri,$true)
+  $WebClient.Proxy = $WebProxy
+  $WebClient.Proxy.Credentials = New-Object System.Net.NetworkCredential($user, $password)
+}
+<% } %>
+  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+  $WebClient.DownloadFile("<%= $docker_compose_url %>","<%= $docker_compose_location_versioned %>")
+}
+catch {
+    exit 1
+}
+exit 0

environments/production/thirdparty/docker/templates/windows/download_docker_machine.ps1.epp

@@ -0,0 +1,23 @@
+try {
+$WebClient = New-Object System.Net.WebClient
+<%if $proxy { %>
+$uri = New-Object Uri("<%= $proxy %>")
+if ($uri.UserInfo -eq $null) {
+  $WebProxy = New-Object System.Net.WebProxy("<%= $proxy %>",$true)
+  $WebClient.Proxy = $WebProxy
+} 
+else {
+  $user,$password = $uri.UserInfo -split (':')
+  $proxyAddress = $uri.Scheme + "://" + $uri.Host + ":" + $uri.Port + $uri.PathAndQuery
+  $WebProxy = New-Object System.Net.WebProxy($uri,$true)
+  $WebClient.Proxy = $WebProxy
+  $WebClient.Proxy.Credentials = New-Object System.Net.NetworkCredential($user, $password)
+}
+<% } %>
+  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+  $WebClient.DownloadFile("<%= $docker_machine_url %>","<%= $docker_machine_location_versioned %>")
+}
+catch {
+    exit 1
+}
+exit 0

environments/production/thirdparty/docker/templates/windows/install_powershell_provider.ps1.epp

@@ -0,0 +1,28 @@
+# this file install the Windows Docker package using the DockerProvider powershell provider
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+$dockerProviderName="DockerProvider"
+
+Write-Information "Installing Package Provider"
+$module = Install-PackageProvider NuGet -Force <% if $nuget_package_provider_version { %><%= "-RequiredVersion ${nuget_package_provider_version}" %><% } %>
+
+If ($module -eq $null) {
+    Write-Error "Failed to install NuGet Package Provider"
+    Exit 1
+}
+
+Write-Information "Installing Docker Provider"
+Install-Module $dockerProviderName -Force <% if $docker_msft_provider_version { %><%= "-RequiredVersion ${docker_msft_provider_version}" %><% } %>
+
+$provider = Get-Module -ListAvailable -Name $dockerProviderName
+If ($provider -eq $null) {
+    Write-Error "Failed to install Docker Microsoft Provider"
+    Exit 1
+}
+
+Write-Information "Installing Docker Package"
+$package=Install-Package Docker -ProviderName $dockerProviderName -Force <% if $version { %><%= "-RequiredVersion ${version}" %><% } %>
+
+If ($package -eq $null) { 
+    Write-Error "Failed to install Docker Package"
+    Exit 1
+}

environments/production/thirdparty/docker/templates/windows/remove_docker.ps1.epp

@@ -0,0 +1,48 @@
+# this file install the Windows Docker package using the DockerProvider powershell provider
+$dockerProviderName="DockerProvider"
+
+$package=Get-Package <%= $docker_ee_package_name %> -ProviderName $dockerProviderName -ErrorAction Ignore
+If ($package -ne $null) { 
+    Write-Information "Uninstalling Docker Package"
+    $package=Uninstall-Package <%= $docker_ee_package_name %> -ProviderName $dockerProviderName -Force
+    <% if $version { -%>
+    -RequiredVersion <%= $version %>
+    <% } -%>
+    If ($package -eq $null) { 
+        Write-Error "Failed to uninstall Docker Package"
+        Exit 1
+    }
+}
+
+$provider = Get-Module -ListAvailable -Name $dockerProviderName -ErrorAction Ignore
+If ($provider -ne $null) {
+    Write-Information "Uninstalling Docker Provider"
+    Uninstall-Module $dockerProviderName -Force
+
+    $provider = Get-Module -ListAvailable -Name $dockerProviderName -ErrorAction Ignore
+    If ($provider -ne $null) {
+        Write-Error "Failed to uninstall Docker Microsoft Provider"
+        Exit 1
+    }
+}
+
+$service = Get-Service "docker" -ErrorAction Ignore
+if ($service -ne $null) {
+    if ( $service.Status -ne [ServiceProcess.ServiceControllerStatus]::Stopped ) {
+        $timeSpan = New-Object Timespan 0,0,60
+        try {
+            $service.Stop()
+            $service.WaitForStatus([ServiceProcess.ServiceControllerStatus]::Stopped, 60)
+        }
+        catch [Management.Automation.MethodInvocationException],[ServiceProcess.TimeoutException] {
+            Write-Error "Failed to stop docker service"
+            exit 1
+        }
+    }
+
+    sc.exe delete "docker"
+} 
+
+if (Test-Path -Path "$env:ProgramFiles\docker") {
+    Remove-Item "$env:ProgramFiles\docker" -Recurse -Force
+}

environments/production/thirdparty/docker/templates/windows/update_docker_image.ps1.epp

@@ -0,0 +1,27 @@
+# Pulls a docker image.
+# Returns 0 if there a change.
+# Returns 2 if there is no change.
+# Returns 3 if something when wrong.
+#
+
+param
+(
+    [string]$DockerImage
+)
+
+Write-Information "Before - Looking for image"
+$before=$(& <%= $docker_command %> inspect --type image --format='{{.Id}}' ${DockerImage} 2>$null)
+Write-Information "Pulling image"
+& <%= $docker_command %> pull ${DockerImage}
+Write-Information "Inspecting image"
+$after=$(& <%= $docker_command %> inspect --type image --format='{{.Id}}' ${DockerImage} 2>$null)
+If (!$after) {
+    Write-Information "Docker image ${DockerImage} failed to pull!"
+    Exit 3
+} ElseIf ($after -eq $before) {
+    Write-Information "No updates to ${DockerImage} available. Currently on ${after}."
+    Exit 2
+} Else {
+    Write-Information "${DockerImage} updated. Changed from ${before} to ${after}."
+    Exit 0
+}