diff --git a/manifests/init.pp b/manifests/init.pp index 4bf4561..074a186 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,666 +1,668 @@ # @summary # Module to install an up-to-date version of Docker from package. # # @param version # The package version to install, used to set the package name. # # @param ensure # Passed to the docker package. # # @param prerequired_packages # An array of additional packages that need to be installed to support docker. # # @param dependent_packages # An array of packages installed by the docker-ce package v 18.09 and later. # Used when uninstalling to ensure containers cannot be run on the system. # # @param tcp_bind # The tcp socket to bind to in the format # tcp://127.0.0.1:4243 # # @param tls_enable # Enable TLS. # # @param tls_verify # Use TLS and verify the remote # # @param tls_cacert # Path to TLS CA certificate # # @param tls_cert # Path to TLS certificate file # # @param tls_key # Path to TLS key file # # @param ip_forward # Enables IP forwarding on the Docker host. # # @param iptables # Enable Docker's addition of iptables rules. # # @param ip_masq # Enable IP masquerading for bridge's IP range. # # @param icc # Enable or disable Docker's unrestricted inter-container and Docker daemon host communication. # (Requires iptables=true to disable) # # @param bip # Specify docker's network bridge IP, in CIDR notation. # # @param mtu # Docker network MTU. # # @param bridge # Attach containers to a pre-existing network bridge # use 'none' to disable container networking # # @param fixed_cidr # IPv4 subnet for fixed IPs # 10.20.0.0/16 # # @param default_gateway # IPv4 address of the container default gateway; # this address must be part of the bridge subnet # (which is defined by bridge) # # @param ipv6 # Enables ipv6 support for the docker daemon # # @param ipv6_cidr # IPv6 subnet for fixed IPs # # @param default_gateway_ipv6 # IPv6 address of the container default gateway: # # @param socket_bind # The unix socket to bind to. # # @param log_level # Set the logging level # Valid values: debug, info, warn, error, fatal # # @param log_driver # Set the log driver. # Docker default is json-file. # Valid values: none, json-file, syslog, journald, gelf, fluentd # Valid values description: # none : Disables any logging for the container. # docker logs won't be available with this driver. # json-file: Default logging driver for Docker. # Writes JSON messages to file. # syslog : Syslog logging driver for Docker. # Writes log messages to syslog. # journald : Journald logging driver for Docker. # Writes log messages to journald. # gelf : Graylog Extended Log Format (GELF) logging driver for Docker. # Writes log messages to a GELF endpoint: Graylog or Logstash. # fluentd : Fluentd logging driver for Docker. # Writes log messages to fluentd (forward input). # splunk : Splunk logging driver for Docker. # Writes log messages to Splunk (HTTP Event Collector). # awslogs : AWS Cloudwatch Logs logging driver for Docker. # Write log messages to Cloudwatch API # # @param log_opt # Set the log driver specific options # Valid values per log driver: # none : undef # json-file: # max-size=[0-9+][k|m|g] # max-file=[0-9+] # syslog : # syslog-address=[tcp|udp]://host:port # syslog-address=unix://path # syslog-facility=daemon|kern|user|mail|auth| # syslog|lpr|news|uucp|cron| # authpriv|ftp| # local0|local1|local2|local3| # local4|local5|local6|local7 # syslog-tag="some_tag" # journald : undef # gelf : # gelf-address=udp://host:port # gelf-tag="some_tag" # fluentd : # fluentd-address=host:port # fluentd-tag={{.ID}} - short container id (12 characters)| # {{.FullID}} - full container id # {{.Name}} - container name # splunk : # splunk-token= # splunk-url=https://your_splunk_instance:8088 # awslogs : # awslogs-group= # awslogs-stream= # awslogs-create-group=true|false # awslogs-datetime-format= - strftime expression # awslogs-multiline-pattern=multiline start pattern using a regular expression # tag={{.ID}} - short container id (12 characters)| # {{.FullID}} - full container id # {{.Name}} - container name # # @param selinux_enabled # Enable selinux support. Default is false. SELinux does not presently # support the BTRFS storage driver. # # @param use_upstream_package_source # Whether or not to use the upstream package source. # If you run your own package mirror, you may set this # to false. # # @param pin_upstream_package_source # Pin upstream package source; this option currently only has any effect on # apt-based distributions. Set to false to remove pinning on the upstream # package repository. See also "apt_source_pin_level". # # @param apt_source_pin_level # What level to pin our source package repository to; this only is relevent # if you're on an apt-based system (Debian, Ubuntu, etc) and # $use_upstream_package_source is set to true. Set this to false to disable # pinning, and undef to ensure the apt preferences file apt::source uses to # define pins is removed. # # @param service_state # Whether you want to docker daemon to start up # # @param service_enable # Whether you want to docker daemon to start up at boot # # @param manage_service # Specify whether the service should be managed. # # @param root_dir # Custom root directory for containers # # @param dns # Custom dns server address # # @param dns_search # Custom dns search domains # # @param socket_group # Group ownership of the unix control socket. # # @param extra_parameters # Any extra parameters that should be passed to the docker daemon. # # @param shell_values # Array of shell values to pass into init script config files # # @param proxy # Will set the http_proxy and https_proxy env variables in /etc/sysconfig/docker (redhat/centos) or /etc/default/docker (debian) # # @param no_proxy # Will set the no_proxy variable in /etc/sysconfig/docker (redhat/centos) or /etc/default/docker (debian) # # @param storage_driver # Specify a storage driver to use # Valid values: aufs, devicemapper, btrfs, overlay, overlay2, vfs, zfs # # @param dm_basesize # The size to use when creating the base device, which limits the size of images and containers. # # @param dm_fs # The filesystem to use for the base image (xfs or ext4) # # @param dm_mkfsarg # Specifies extra mkfs arguments to be used when creating the base device. # # @param dm_mountopt # Specifies extra mount options used when mounting the thin devices. # # @param dm_blocksize # A custom blocksize to use for the thin pool. # Default blocksize is 64K. # Warning: _DO NOT_ change this parameter after the lvm devices have been initialized. # # @param dm_loopdatasize # Specifies the size to use when creating the loopback file for the "data" device which is used for the thin pool # # @param dm_loopmetadatasize # Specifies the size to use when creating the loopback file for the "metadata" device which is used for the thin pool # # @param dm_datadev # (deprecated - dm_thinpooldev should be used going forward) # A custom blockdevice to use for data for the thin pool. # # @param dm_metadatadev # (deprecated - dm_thinpooldev should be used going forward) # A custom blockdevice to use for metadata for the thin pool. # # @param dm_thinpooldev # Specifies a custom block storage device to use for the thin pool. # # @param dm_use_deferred_removal # Enables use of deferred device removal if libdm and the kernel driver support the mechanism. # # @param dm_use_deferred_deletion # Enables use of deferred device deletion if libdm and the kernel driver support the mechanism. # # @param dm_blkdiscard # Enables or disables the use of blkdiscard when removing devicemapper devices. # # @param dm_override_udev_sync_check # By default, the devicemapper backend attempts to synchronize with the udev # device manager for the Linux kernel. This option allows disabling that # synchronization, to continue even though the configuration may be buggy. # # @param overlay2_override_kernel_check # Overrides the Linux kernel version check allowing using overlay2 with kernel < 4.0. # # @param manage_package # Won't install or define the docker package, useful if you want to use your own package # # @param service_name # Specify custom service name # # @param docker_users # Specify an array of users to add to the docker group # # @param docker_group # Specify a string for the docker group # # @param daemon_environment_files # Specify additional environment files to add to the # service-overrides.conf # # @param repo_opt # Specify a string to pass as repository options (RedHat only) # # @param storage_devs # A quoted, space-separated list of devices to be used. # # @param storage_vg # The volume group to use for docker storage. # # @param storage_root_size # The size to which the root filesystem should be grown. # # @param storage_data_size # The desired size for the docker data LV # # @param storage_min_data_size # The minimum size of data volume otherwise pool creation fails # # @param storage_chunk_size # Controls the chunk size/block size of thin pool. # # @param storage_growpart # Enable resizing partition table backing root volume group. # # @param storage_auto_extend_pool # Enable/disable automatic pool extension using lvm # # @param storage_pool_autoextend_threshold # Auto pool extension threshold (in % of pool size) # # @param storage_pool_autoextend_percent # Extend the pool by specified percentage when threshold is hit. # # @param tmp_dir_config # Whether to set the TMPDIR value in the systemd config file # Default: true (set the value); false will comment out the line. # Note: false is backwards compatible prior to PR #58 # # @param tmp_dir # Sets the tmp dir for Docker (path) # # @param registry_mirror # Sets the prefered container registry mirror. # # @param nuget_package_provider_version # The version of the NuGet Package provider # # @param docker_msft_provider_version # The version of the Microsoft Docker Provider Module # # @param docker_ce_start_command # @param docker_ce_package_name # @param docker_ce_source_location # @param docker_ce_key_source # @param docker_ce_key_id # @param docker_ce_release # @param docker_package_location # @param docker_package_key_source # @param docker_package_key_check_source # @param docker_package_key_id # @param docker_package_release # @param docker_engine_start_command # @param docker_engine_package_name # @param docker_ce_channel # @param docker_ee # @param docker_ee_package_name # @param docker_ee_source_location # @param docker_ee_key_source # @param docker_ee_key_id # @param docker_ee_repos # @param docker_ee_release # @param package_release # @param labels # @param execdriver # @param package_source # @param os_lc # @param storage_config # @param storage_config_template # @param storage_setup_file # @param service_provider # @param service_config # @param service_config_template # @param service_overrides_template # @param socket_overrides_template # @param socket_override # @param service_after_override # @param service_hasstatus # @param service_hasrestart # @param acknowledge_unsupported_os # class docker( Optional[String] $version = $docker::params::version, String $ensure = $docker::params::ensure, Variant[Array[String], Hash] $prerequired_packages = $docker::params::prerequired_packages, Array $dependent_packages = $docker::params::dependent_packages, String $docker_ce_start_command = $docker::params::docker_ce_start_command, Optional[String] $docker_ce_package_name = $docker::params::docker_ce_package_name, Optional[String] $docker_ce_source_location = $docker::params::package_ce_source_location, Optional[String] $docker_ce_key_source = $docker::params::package_ce_key_source, Optional[String] $docker_ce_key_id = $docker::params::package_ce_key_id, Optional[String] $docker_ce_release = $docker::params::package_ce_release, Optional[String] $docker_package_location = $docker::params::package_source_location, Optional[String] $docker_package_key_source = $docker::params::package_key_source, Optional[Boolean] $docker_package_key_check_source = $docker::params::package_key_check_source, Optional[String] $docker_package_key_id = $docker::params::package_key_id, Optional[String] $docker_package_release = $docker::params::package_release, String $docker_engine_start_command = $docker::params::docker_engine_start_command, String $docker_engine_package_name = $docker::params::docker_engine_package_name, String $docker_ce_channel = $docker::params::docker_ce_channel, Optional[Boolean] $docker_ee = $docker::params::docker_ee, Optional[String] $docker_ee_package_name = $docker::params::package_ee_package_name, Optional[String] $docker_ee_source_location = $docker::params::package_ee_source_location, Optional[String] $docker_ee_key_source = $docker::params::package_ee_key_source, Optional[String] $docker_ee_key_id = $docker::params::package_ee_key_id, Optional[String] $docker_ee_repos = $docker::params::package_ee_repos, Optional[String] $docker_ee_release = $docker::params::package_ee_release, Optional[Variant[String,Array[String]]] $tcp_bind = $docker::params::tcp_bind, Boolean $tls_enable = $docker::params::tls_enable, Boolean $tls_verify = $docker::params::tls_verify, Optional[String] $tls_cacert = $docker::params::tls_cacert, Optional[String] $tls_cert = $docker::params::tls_cert, Optional[String] $tls_key = $docker::params::tls_key, Boolean $ip_forward = $docker::params::ip_forward, Boolean $ip_masq = $docker::params::ip_masq, Optional[Boolean] $ipv6 = $docker::params::ipv6, Optional[String] $ipv6_cidr = $docker::params::ipv6_cidr, Optional[String] $default_gateway_ipv6 = $docker::params::default_gateway_ipv6, Optional[String] $bip = $docker::params::bip, Optional[String] $mtu = $docker::params::mtu, Boolean $iptables = $docker::params::iptables, Optional[Boolean] $icc = $docker::params::icc, String $socket_bind = $docker::params::socket_bind, Optional[String] $fixed_cidr = $docker::params::fixed_cidr, Optional[String] $bridge = $docker::params::bridge, Optional[String] $default_gateway = $docker::params::default_gateway, Optional[String] $log_level = $docker::params::log_level, Optional[String] $log_driver = $docker::params::log_driver, Array $log_opt = $docker::params::log_opt, Optional[Boolean] $selinux_enabled = $docker::params::selinux_enabled, Optional[Boolean] $use_upstream_package_source = $docker::params::use_upstream_package_source, Optional[Boolean] $pin_upstream_package_source = $docker::params::pin_upstream_package_source, Optional[Integer] $apt_source_pin_level = $docker::params::apt_source_pin_level, Optional[String] $package_release = $docker::params::package_release, String $service_state = $docker::params::service_state, Boolean $service_enable = $docker::params::service_enable, Boolean $manage_service = $docker::params::manage_service, Optional[String] $root_dir = $docker::params::root_dir, Optional[Boolean] $tmp_dir_config = $docker::params::tmp_dir_config, Optional[String] $tmp_dir = $docker::params::tmp_dir, Optional[Variant[String,Array]] $dns = $docker::params::dns, Optional[Variant[String,Array]] $dns_search = $docker::params::dns_search, Optional[Variant[String,Boolean]] $socket_group = $docker::params::socket_group, Array $labels = $docker::params::labels, Optional[Variant[String,Array]] $extra_parameters = undef, Optional[Variant[String,Array]] $shell_values = undef, Optional[String] $proxy = $docker::params::proxy, Optional[String] $no_proxy = $docker::params::no_proxy, Optional[String] $storage_driver = $docker::params::storage_driver, Optional[String] $dm_basesize = $docker::params::dm_basesize, Optional[String] $dm_fs = $docker::params::dm_fs, Optional[String] $dm_mkfsarg = $docker::params::dm_mkfsarg, Optional[String] $dm_mountopt = $docker::params::dm_mountopt, Optional[String] $dm_blocksize = $docker::params::dm_blocksize, Optional[String] $dm_loopdatasize = $docker::params::dm_loopdatasize, Optional[String] $dm_loopmetadatasize = $docker::params::dm_loopmetadatasize, Optional[String] $dm_datadev = $docker::params::dm_datadev, Optional[String] $dm_metadatadev = $docker::params::dm_metadatadev, Optional[String] $dm_thinpooldev = $docker::params::dm_thinpooldev, Optional[Boolean] $dm_use_deferred_removal = $docker::params::dm_use_deferred_removal, Optional[Boolean] $dm_use_deferred_deletion = $docker::params::dm_use_deferred_deletion, Optional[Boolean] $dm_blkdiscard = $docker::params::dm_blkdiscard, Optional[Boolean] $dm_override_udev_sync_check = $docker::params::dm_override_udev_sync_check, Boolean $overlay2_override_kernel_check = $docker::params::overlay2_override_kernel_check, Optional[String] $execdriver = $docker::params::execdriver, Boolean $manage_package = $docker::params::manage_package, Optional[String] $package_source = $docker::params::package_source, Optional[String] $service_name = $docker::params::service_name, Array $docker_users = [], String $docker_group = $docker::params::docker_group, Array $daemon_environment_files = [], Optional[Variant[String,Hash]] $repo_opt = $docker::params::repo_opt, Optional[String] $os_lc = $docker::params::os_lc, Optional[String] $storage_devs = $docker::params::storage_devs, Optional[String] $storage_vg = $docker::params::storage_vg, Optional[String] $storage_root_size = $docker::params::storage_root_size, Optional[String] $storage_data_size = $docker::params::storage_data_size, Optional[String] $storage_min_data_size = $docker::params::storage_min_data_size, Optional[String] $storage_chunk_size = $docker::params::storage_chunk_size, Optional[Boolean] $storage_growpart = $docker::params::storage_growpart, Optional[String] $storage_auto_extend_pool = $docker::params::storage_auto_extend_pool, Optional[String] $storage_pool_autoextend_threshold = $docker::params::storage_pool_autoextend_threshold, Optional[String] $storage_pool_autoextend_percent = $docker::params::storage_pool_autoextend_percent, Optional[Variant[String,Boolean]] $storage_config = $docker::params::storage_config, Optional[String] $storage_config_template = $docker::params::storage_config_template, Optional[String] $storage_setup_file = $docker::params::storage_setup_file, Optional[String] $service_provider = $docker::params::service_provider, Optional[Variant[String,Boolean]] $service_config = $docker::params::service_config, Optional[String] $service_config_template = $docker::params::service_config_template, Optional[Variant[String,Boolean]] $service_overrides_template = $docker::params::service_overrides_template, Optional[Variant[String,Boolean]] $socket_overrides_template = $docker::params::socket_overrides_template, Optional[Boolean] $socket_override = $docker::params::socket_override, Optional[Variant[String,Boolean]] $service_after_override = $docker::params::service_after_override, Optional[Boolean] $service_hasstatus = $docker::params::service_hasstatus, Optional[Boolean] $service_hasrestart = $docker::params::service_hasrestart, Optional[Variant[String,Array]] $registry_mirror = $docker::params::registry_mirror, Boolean $acknowledge_unsupported_os = false, # Windows specific parameters Optional[String] $docker_msft_provider_version = $docker::params::docker_msft_provider_version, Optional[String] $nuget_package_provider_version = $docker::params::nuget_package_provider_version, + + Boolean $have_systemd_v230 = $docker::params::have_systemd_v230, ) inherits docker::params { if $facts['os']['family'] and ! $acknowledge_unsupported_os { assert_type(Pattern[/^(Debian|RedHat|windows)$/], $facts['os']['family']) |$a, $b| { fail(translate('This module only works on Debian, Red Hat or Windows based systems.')) } } if ($facts['os']['family'] == 'RedHat') and (versioncmp($facts['os']['release']['major'], '7') < 0) { fail(translate('This module only works on Red Hat based systems version 7 and higher.')) } if ($default_gateway) and (!$bridge) { fail(translate('You must provide the $bridge parameter.')) } if $log_level { assert_type(Pattern[/^(debug|info|warn|error|fatal)$/], $log_level) |$a, $b| { fail(translate('log_level must be one of debug, info, warn, error or fatal')) } } if $log_driver { if $facts['os']['family'] == 'windows' { assert_type(Pattern[/^(none|json-file|syslog|gelf|fluentd|splunk|awslogs|etwlogs)$/], $log_driver) |$a, $b| { fail(translate('log_driver must be one of none, json-file, syslog, gelf, fluentd, splunk, awslogs or etwlogs')) } } else { assert_type(Pattern[/^(none|json-file|syslog|journald|gelf|fluentd|splunk|awslogs)$/], $log_driver) |$a, $b| { fail(translate('log_driver must be one of none, json-file, syslog, journald, gelf, fluentd, splunk or awslogs')) } } } if $storage_driver { if $facts['os']['family'] == 'windows' { assert_type(Pattern[/^(windowsfilter)$/], $storage_driver) |$a, $b| { fail(translate('Valid values for storage_driver on windows are windowsfilter')) } } else { assert_type(Pattern[/^(aufs|devicemapper|btrfs|overlay|overlay2|vfs|zfs)$/], $storage_driver) |$a, $b| { fail(translate('Valid values for storage_driver are aufs, devicemapper, btrfs, overlay, overlay2, vfs, zfs.')) } } } if ($bridge) and ($facts['os']['family'] == 'windows') { assert_type(Pattern[/^(none|nat|transparent|overlay|l2bridge|l2tunnel)$/], $bridge) |$a, $b| { fail(translate('bridge must be one of none, nat, transparent, overlay, l2bridge or l2tunnel on Windows.')) } } if $dm_fs { assert_type(Pattern[/^(ext4|xfs)$/], $dm_fs) |$a, $b| { fail(translate('Only ext4 and xfs are supported currently for dm_fs.')) } } if ($dm_loopdatasize or $dm_loopmetadatasize) and ($dm_datadev or $dm_metadatadev) { fail(translate('You should provide parameters only for loop lvm or direct lvm, not both.')) } if ($dm_datadev or $dm_metadatadev) and $dm_thinpooldev { fail(translate('You can use the $dm_thinpooldev parameter, or the $dm_datadev and $dm_metadatadev parameter pair, but you cannot use both.')) # lint:ignore:140chars } if ($dm_datadev or $dm_metadatadev) { notice('The $dm_datadev and $dm_metadatadev parameter pair are deprecated. The $dm_thinpooldev parameter should be used instead.') } if ($dm_datadev and !$dm_metadatadev) or (!$dm_datadev and $dm_metadatadev) { fail(translate('You need to provide both $dm_datadev and $dm_metadatadev parameters for direct lvm.')) } if ($dm_basesize or $dm_fs or $dm_mkfsarg or $dm_mountopt or $dm_blocksize or $dm_loopdatasize or $dm_loopmetadatasize or $dm_datadev or $dm_metadatadev) and ($storage_driver != 'devicemapper') { fail(translate('Values for dm_ variables will be ignored unless storage_driver is set to devicemapper.')) } if($tls_enable) { if(! $tcp_bind) { fail(translate('You need to provide tcp bind parameter for TLS.')) } } if ($version == undef) or ($version !~ /^(17[.][0-1][0-9][.][0-1](~|-|\.)ce|1.\d+)/) { if ($docker_ee) { $package_location = $docker::docker_ee_source_location $package_key_source = $docker::docker_ee_key_source $package_key_check_source = true $package_key = $docker::docker_ee_key_id $package_repos = $docker::docker_ee_repos $release = $docker::docker_ee_release $docker_start_command = $docker::docker_ee_start_command $docker_package_name = $docker::docker_ee_package_name } else { case $facts['os']['family'] { 'Debian' : { $package_location = $docker_ce_source_location $package_key_source = $docker_ce_key_source $package_key = $docker_ce_key_id $package_repos = $docker_ce_channel $release = $docker_ce_release } 'RedHat' : { $package_location = $docker_ce_source_location $package_key_source = $docker_ce_key_source $package_key_check_source = true } 'windows': { fail(translate('This module only work for Docker Enterprise Edition on Windows.')) } default: { $package_location = $docker_package_location $package_key_source = $docker_package_key_source $package_key_check_source = $docker_package_key_check_source } } $docker_start_command = $docker_ce_start_command $docker_package_name = $docker_ce_package_name } } else { case $facts['os']['family'] { 'Debian': { $package_location = $docker_package_location $package_key_source = $docker_package_key_source $package_key_check_source = $docker_package_key_check_source $package_key = $docker_package_key_id $package_repos = 'main' $release = $docker_package_release } 'RedHat': { $package_location = $docker_package_location $package_key_source = $docker_package_key_source $package_key_check_source = $docker_package_key_check_source } default: { $package_location = $docker_package_location $package_key_source = $docker_package_key_source $package_key_check_source = $docker_package_key_check_source } } $docker_start_command = $docker_engine_start_command $docker_package_name = $docker_engine_package_name } if ($version != undef) and ($version =~ /^(17[.]0[0-4]|1.\d+)/) { $root_dir_flag = '-g' } else { $root_dir_flag = '--data-root' } if $ensure != 'absent' { contain docker::repos contain docker::install contain docker::config contain docker::service create_resources( 'docker::registry', lookup("${module_name}::registries", Hash, 'deep', {}), ) create_resources( 'docker::image', lookup("${module_name}::images", Hash, 'deep', {}), ) create_resources( 'docker::run', lookup("${module_name}::runs", Hash, 'deep', {}), ) Class['docker::repos'] -> Class['docker::install'] -> Class['docker::config'] -> Class['docker::service'] -> Docker::Registry <||> -> Docker::Image <||> -> Docker::Run <||> } else { contain 'docker::repos' contain 'docker::install' Class['docker::repos'] -> Class['docker::install'] } } diff --git a/manifests/params.pp b/manifests/params.pp index 2436107..68dd093 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,376 +1,391 @@ # @summary Default parameter values for the docker module # class docker::params { $version = undef $ensure = present $docker_ce_start_command = 'dockerd' $docker_ce_package_name = 'docker-ce' $docker_engine_start_command = 'docker daemon' $docker_engine_package_name = 'docker-engine' $docker_ce_channel = stable $docker_ee = false $docker_ee_start_command = 'dockerd' $docker_ee_source_location = undef $docker_ee_key_source = undef $docker_ee_key_id = undef $docker_ee_repos = stable $tcp_bind = undef $tls_enable = false $tls_verify = true $machine_version = '0.16.1' $ip_forward = true $iptables = true $ipv6 = false $ipv6_cidr = undef $default_gateway_ipv6 = undef $icc = undef $ip_masq = true $bip = undef $mtu = undef $fixed_cidr = undef $bridge = undef $default_gateway = undef $socket_bind = 'unix:///var/run/docker.sock' $log_level = undef $log_driver = undef $log_opt = [] $selinux_enabled = undef $socket_group_default = 'docker' $labels = [] $service_state = running $service_enable = true $manage_service = true $root_dir = undef $tmp_dir_config = true $tmp_dir = '/tmp/' $dns = undef $dns_search = undef $proxy = undef $compose_base_url = 'https://github.com/docker/compose/releases/download' $compose_symlink_name = 'docker-compose' $no_proxy = undef $execdriver = undef $storage_driver = undef $dm_basesize = undef $dm_fs = undef $dm_mkfsarg = undef $dm_mountopt = undef $dm_blocksize = undef $dm_loopdatasize = undef $dm_loopmetadatasize = undef $dm_datadev = undef $dm_metadatadev = undef $dm_thinpooldev = undef $dm_use_deferred_removal = undef $dm_use_deferred_deletion = undef $dm_blkdiscard = undef $dm_override_udev_sync_check = undef $overlay2_override_kernel_check = false $manage_package = true $package_source = undef $service_name_default = 'docker' $docker_group_default = 'docker' $storage_devs = undef $storage_vg = undef $storage_root_size = undef $storage_data_size = undef $storage_min_data_size = undef $storage_chunk_size = undef $storage_growpart = undef $storage_auto_extend_pool = undef $storage_pool_autoextend_threshold = undef $storage_pool_autoextend_percent = undef $storage_config_template = 'docker/etc/sysconfig/docker-storage.erb' $registry_mirror = undef $curl_ensure = true $os_lc = downcase($facts['os']['name']) $docker_msft_provider_version = undef $nuget_package_provider_version = undef $docker_command = 'docker' if ($facts['os']['family'] == 'windows') { $compose_install_path = "${::docker_program_files_path}/Docker" $compose_version = '1.21.2' $docker_ee_package_name = 'Docker' $machine_install_path = "${::docker_program_files_path}/Docker" $tls_cacert = "${::docker_program_data_path}/docker/certs.d/ca.pem" $tls_cert = "${::docker_program_data_path}/docker/certs.d/server-cert.pem" $tls_key = "${::docker_program_data_path}/docker/certs.d/server-key.pem" } else { $compose_install_path = '/usr/local/bin' $compose_version = '1.21.2' $docker_ee_package_name = 'docker-ee' $machine_install_path = '/usr/local/bin' $tls_cacert = '/etc/docker/tls/ca.pem' $tls_cert = '/etc/docker/tls/cert.pem' $tls_key = '/etc/docker/tls/key.pem' } case $facts['os']['family'] { 'Debian' : { case $facts['os']['name'] { 'Ubuntu' : { $package_release = "ubuntu-${facts['os']['distro']['codename']}" if (versioncmp($facts['os']['release']['full'], '15.04') >= 0) { $service_after_override = undef $service_config_template = 'docker/etc/sysconfig/docker.systemd.erb' $service_hasrestart = true $service_hasstatus = true $service_overrides_template = 'docker/etc/systemd/system/docker.service.d/service-overrides-debian.conf.erb' $service_provider = 'systemd' $socket_override = false $socket_overrides_template = 'docker/etc/systemd/system/docker.socket.d/socket-overrides.conf.erb' $storage_config = '/etc/default/docker-storage' include docker::systemd_reload } else { $service_config_template = 'docker/etc/default/docker.erb' $service_overrides_template = undef $socket_overrides_template = undef $socket_override = false $service_after_override = undef $service_provider = 'upstart' $service_hasstatus = true $service_hasrestart = false $storage_config = undef } } default: { if (versioncmp($facts['facterversion'], '2.4.6') <= 0) { $package_release = "debian-${facts['os']['lsb']['distcodename']}" } else { $package_release = "debian-${facts['os']['distro']['codename']}" } $service_provider = 'systemd' $storage_config = '/etc/default/docker-storage' $service_config_template = 'docker/etc/sysconfig/docker.systemd.erb' $service_overrides_template = 'docker/etc/systemd/system/docker.service.d/service-overrides-debian.conf.erb' $socket_overrides_template = 'docker/etc/systemd/system/docker.socket.d/socket-overrides.conf.erb' $socket_override = false $service_after_override = undef $service_hasstatus = true $service_hasrestart = true include docker::systemd_reload } } $apt_source_pin_level = 500 $docker_group = $docker_group_default $pin_upstream_package_source = true $repo_opt = undef $service_config = undef $service_name = $service_name_default $socket_group = $socket_group_default $storage_setup_file = undef $use_upstream_package_source = true $package_ce_source_location = "https://download.docker.com/linux/${os_lc}" $package_ce_key_source = "https://download.docker.com/linux/${os_lc}/gpg" $package_ce_key_id = '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' if (versioncmp($facts['facterversion'], '2.4.6') <= 0) { $package_ce_release = $facts['os']['lsb']['distcodename'] } else { $package_ce_release = $facts['os']['distro']['codename'] } $package_source_location = 'http://apt.dockerproject.org/repo' $package_key_source = 'https://apt.dockerproject.org/gpg' $package_key_check_source = undef $package_key_id = '58118E89F3A912897C070ADBF76221572C52609D' $package_ee_source_location = $docker_ee_source_location $package_ee_key_source = $docker_ee_key_source $package_ee_key_id = $docker_ee_key_id if (versioncmp($facts['facterversion'], '2.4.6') <= 0) { $package_ee_release = $facts['os']['lsb']['distcodename'] } else { $package_ee_release = $facts['os']['distro']['codename'] } $package_ee_repos = $docker_ee_repos $package_ee_package_name = $docker_ee_package_name if ($service_provider == 'systemd') { $detach_service_in_init = false } else { $detach_service_in_init = true } } 'RedHat' : { $service_after_override = undef $service_config = '/etc/sysconfig/docker' $service_config_template = 'docker/etc/sysconfig/docker.systemd.erb' $service_hasrestart = true $service_hasstatus = true $service_overrides_template = 'docker/etc/systemd/system/docker.service.d/service-overrides-rhel.conf.erb' $service_provider = 'systemd' $socket_override = false $socket_overrides_template = 'docker/etc/systemd/system/docker.socket.d/socket-overrides.conf.erb' $storage_config = '/etc/sysconfig/docker-storage' $storage_setup_file = '/etc/sysconfig/docker-storage-setup' $use_upstream_package_source = true $apt_source_pin_level = undef $detach_service_in_init = false $package_ce_key_id = undef $package_ce_key_source = 'https://download.docker.com/linux/centos/gpg' $package_ce_release = undef $package_ce_source_location = "https://download.docker.com/linux/centos/${facts['os']['release']['major']}/${facts['os']['architecture']}/${docker_ce_channel}" $package_ee_key_id = $docker_ee_key_id $package_ee_key_source = $docker_ee_key_source $package_ee_package_name = $docker_ee_package_name $package_ee_release = undef $package_ee_repos = $docker_ee_repos $package_ee_source_location = $docker_ee_source_location $package_key_check_source = true $package_key_id = undef $package_key_source = 'https://yum.dockerproject.org/gpg' $package_release = undef $package_source_location = "https://yum.dockerproject.org/repo/main/centos/${facts['os']['release']['major']}" $pin_upstream_package_source = undef $service_name = $service_name_default if $use_upstream_package_source { $docker_group = $docker_group_default $socket_group = $socket_group_default } else { $docker_group = 'dockerroot' $socket_group = 'dockerroot' } $repo_opt = undef } 'windows' : { $msft_nuget_package_provider_version = $nuget_package_provider_version $msft_provider_version = $docker_msft_provider_version $msft_package_version = $version $service_config_template = 'docker/windows/config/daemon.json.erb' $service_config = "${::docker_program_data_path}/docker/config/daemon.json" $docker_group = 'docker' $package_ce_source_location = undef $package_ce_key_source = undef $package_ce_key_id = undef $package_ce_repos = undef $package_ce_release = undef $package_key_id = undef $package_release = undef $package_source_location = undef $package_key_source = undef $package_key_check_source = undef $package_ee_source_location = undef $package_ee_package_name = $docker_ee_package_name $package_ee_key_source = undef $package_ee_key_id = undef $package_ee_repos = undef $package_ee_release = undef $use_upstream_package_source = undef $pin_upstream_package_source = undef $apt_source_pin_level = undef $socket_group = undef $service_name = $service_name_default $repo_opt = undef $storage_config = undef $storage_setup_file = undef $service_provider = undef $service_overrides_template = undef $socket_overrides_template = undef $socket_override = false $service_after_override = undef $service_hasstatus = undef $service_hasrestart = undef $detach_service_in_init = true } 'Suse': { $docker_group = $docker_group_default $socket_group = $socket_group_default $package_key_source = undef $package_key_check_source = undef $package_source_location = undef $package_key_id = undef $package_repos = undef $package_release = undef $package_ce_key_source = undef $package_ce_source_location = undef $package_ce_key_id = undef $package_ce_repos = undef $package_ce_release = undef $package_ee_source_location = undef $package_ee_key_source = undef $package_ee_key_id = undef $package_ee_release = undef $package_ee_repos = undef $package_ee_package_name = undef $use_upstream_package_source = true $service_overrides_template = undef $socket_overrides_template = undef $socket_override = false $service_after_override = undef $service_hasstatus = undef $service_hasrestart = undef $service_provider = 'systemd' $package_name = $docker_ce_package_name $service_name = $service_name_default $detach_service_in_init = true $repo_opt = undef $nowarn_kernel = false $service_config = undef $storage_config = undef $storage_setup_file = undef $service_config_template = undef $pin_upstream_package_source = undef $apt_source_pin_level = undef } default: { $docker_group = $docker_group_default $socket_group = $socket_group_default $package_key_source = undef $package_key_check_source = undef $package_source_location = undef $package_key_id = undef $package_repos = undef $package_release = undef $package_ce_key_source = undef $package_ce_source_location = undef $package_ce_key_id = undef $package_ce_repos = undef $package_ce_release = undef $package_ee_source_location = undef $package_ee_key_source = undef $package_ee_key_id = undef $package_ee_release = undef $package_ee_repos = undef $package_ee_package_name = undef $use_upstream_package_source = true $service_overrides_template = undef $socket_overrides_template = undef $socket_override = false $service_after_override = undef $service_hasstatus = undef $service_hasrestart = undef $service_provider = undef $package_name = $docker_ce_package_name $service_name = $service_name_default $detach_service_in_init = true $repo_opt = undef $nowarn_kernel = false $service_config = undef $storage_config = undef $storage_setup_file = undef $service_config_template = undef $pin_upstream_package_source = undef $apt_source_pin_level = undef } } # Special extra packages are required on some OSes. # Specifically apparmor is needed for Ubuntu: # https://github.com/docker/docker/issues/4734 $prerequired_packages = $facts['os']['family'] ? { 'Debian' => $facts['os']['name'] ? { 'Debian' => [ 'cgroupfs-mount', ], 'Ubuntu' => [ 'cgroup-lite', 'apparmor', ], default => [], }, 'RedHat' => ['device-mapper'], default => [], } $dependent_packages = [ 'docker-ce-cli', 'containerd.io', ] + + if($service_provider == 'systemd') { + # systemd v230 adds new StartLimitIntervalSec, StartLimitBurst + if($::osfamily == 'RedHat' and versioncmp($::operatingsystemrelease, '8') < 0) { + $have_systemd_v230 = false + } elsif($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '18.04') < 0) { + $have_systemd_v230 = false + } elsif($::operatingsystem == 'Debian' and versioncmp($::operatingsystemrelease, '9') < 0) { + $have_systemd_v230 = false + } else { + $have_systemd_v230 = true + } + } else { + $have_systemd_v230 = false + } } diff --git a/templates/etc/systemd/system/docker-run.erb b/templates/etc/systemd/system/docker-run.erb index 17015f3..3286704 100644 --- a/templates/etc/systemd/system/docker-run.erb +++ b/templates/etc/systemd/system/docker-run.erb @@ -1,39 +1,45 @@ <%- depend_services = @depend_services_array.map{|s| s =~ /\.[a-z]+$/ ? s : "#{s}.service"} @after = @sanitised_after_array.map{ |s| "#{@service_prefix}#{s}.service"} + @sanitised_depends_array.map{ |s| "#{@service_prefix}#{s}.service"} + depend_services @wants = @sanitised_after_array.map{ |a| "#{@service_prefix}#{a}.service"} @requires = @sanitised_depends_array.map{ |d| "#{@service_prefix}#{d}.service"} + depend_services -%> # This file is managed by Puppet and local changes # may be overwritten [Unit] Description=Daemon for <%= @title %> After=<%= @after.uniq.join(" ") %> Wants=<%= @wants.uniq.join(" ") %> Requires=<%= @requires.uniq.join(" ") %> +<%- if @have_systemd_v230 -%> StartLimitIntervalSec=20 StartLimitBurst=3 +<%- end -%> [Service] Restart=<%= @systemd_restart %> +<%- unless @have_systemd_v230 -%> +StartLimitInterval=20 +StartLimitBurst=3 +<%- end -%> TimeoutStartSec=0 RestartSec=5 Environment="HOME=/root" <%- if @_syslog_identifier -%> SyslogIdentifier=<%= @_syslog_identifier %> <%- end -%> ExecStart=/usr/local/bin/docker-run-<%= @sanitised_title %>-start.sh ExecStop=-/usr/local/bin/docker-run-<%= @sanitised_title %>-stop.sh <%- if @remain_after_exit %> RemainAfterExit=<%= @remain_after_exit %> <%- end -%> [Install] WantedBy=multi-user.target <%- if @service_name -%> WantedBy=<%= @service_name %>.service <%- end -%>