Add docker profile

This configures the docker service on the host, as an alternative
to the firstboot script in docker/firstboot/setup_docker_host.sh

Doing this via puppet will enable easier integration with e.g
the multinode jobs where no firstboot scripts run, and also
enables a better error path in the event the service fails to start

Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Change-Id: Id8add1e8a0ecaedb7d8a7dc9ba3747c1ac3b8eea

diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
new file mode 100644 (file)
index 0000000..5e18a85
--- /dev/null
+++ b/manifests/profile/base/docker.pp
@@ -0,0 +1,68 @@
+# Copyright 2017 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::docker
+#
+# docker profile for tripleo
+#
+# === Parameters
+#
+# [*docker_namespace*]
+#   The namespace to be used when setting INSECURE_REGISTRY
+#   this will be split on "/" to derive the docker registry
+#   (defaults to undef)
+#
+# [*insecure_registry*]
+#   Set docker_namespace to INSECURE_REGISTRY, used when a local registry
+#   is enabled (defaults to false)
+#
+# [*step*]
+#   step defaults to hiera('step')
+#
+class tripleo::profile::base::docker (
+  $docker_namespace = undef,
+  $insecure_registry = false,
+  $step = hiera('step'),
+) {
+  if $step >= 1 {
+    package {'docker':
+      ensure => installed,
+    }
+
+    service { 'docker':
+      ensure  => 'running',
+      enable  => true,
+      require => Package['docker'],
+    }
+
+    if $insecure_registry {
+      if $docker_namespace == undef {
+        fail('You must provide a $docker_namespace in order to configure insecure registry')
+      }
+      $namespace = strip($docker_namespace.split('/')[0])
+      $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'", ]
+    } else {
+      $changes = [ 'rm INSECURE_REGISTRY', ]
+    }
+
+    augeas { 'docker-sysconfig':
+      lens      => 'Shellvars.lns',
+      incl      => '/etc/sysconfig/docker',
+      changes   => $changes,
+      subscribe => Package['docker'],
+      notify    => Service['docker'],
+    }
+  }
+}

diff --git a/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml
new file mode 100644 (file)
index 0000000..ddbf175
--- /dev/null
+++ b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Added a new profile to configure the docker service

diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
new file mode 100644 (file)
index 0000000..587cc29
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -0,0 +1,68 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::docker' do
+  shared_examples_for 'tripleo::profile::base::docker' do
+    context 'with step 1 and defaults' do
+      let(:params) { {
+          :step              => 1,
+      } }
+
+      it { is_expected.to contain_class('tripleo::profile::base::docker') }
+      it { is_expected.to contain_package('docker') }
+      it { is_expected.to contain_service('docker') }
+      it {
+          is_expected.to contain_augeas('docker-sysconfig').with_changes(['rm INSECURE_REGISTRY'])
+      }
+    end
+
+    context 'with step 1 and insecure_registry configured' do
+      let(:params) { {
+          :docker_namespace  => 'foo:8787',
+          :insecure_registry => true,
+          :step              => 1,
+      } }
+
+      it { is_expected.to contain_class('tripleo::profile::base::docker') }
+      it { is_expected.to contain_package('docker') }
+      it { is_expected.to contain_service('docker') }
+      it {
+        is_expected.to contain_augeas('docker-sysconfig').with_changes(["set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'"])
+      }
+    end
+
+    context 'with step 1 and insecure_registry configured but no docker_namespace' do
+      let(:params) { {
+          :insecure_registry => true,
+          :step              => 1,
+      } }
+
+      it_raises 'a Puppet::Error', /You must provide a \$docker_namespace in order to configure insecure registry/
+    end
+  end
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::docker'
+    end
+  end
+end