Split docker options and insecure registry

Use augeas to modify only parameters' dedicated configuration.
Split options from insecure registry. Overlapping those params may
unschedule the docker service restarts for some cases, ending up with
a split brain state for the docker service run-time config vs changed
/etc/sysconfig/options config.

Change-Id: Ic5640061837b022f7175f0db0dc269f9a61e6023
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>

diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index 28a2764..cf3a914 100644 (file)
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -89,22 +89,34 @@ class tripleo::profile::base::docker (
       require => Package['docker'],
     }
 
+    if $docker_options {
+      $options_changes = [ "set OPTIONS '\"${docker_options}\"'" ]
+    } else {
+      $options_changes = [ 'rm OPTIONS' ]
+    }
+
+    augeas { 'docker-sysconfig-options':
+      lens      => 'Shellvars.lns',
+      incl      => '/etc/sysconfig/docker',
+      changes   => $options_changes,
+      subscribe => Package['docker'],
+      notify    => Service['docker'],
+    }
+
     if $insecure_registry {
       if $docker_namespace == undef {
         fail('You must provide a $docker_namespace in order to configure insecure registry')
       }
       $namespace = strip($docker_namespace.split('/')[0])
-      $changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'",
-                    "set OPTIONS '\"${docker_options}\"'" ]
+      $registry_changes = [ "set INSECURE_REGISTRY '\"--insecure-registry ${namespace}\"'" ]
     } else {
-      $changes = [ 'rm INSECURE_REGISTRY',
-                    "set OPTIONS '\"${docker_options}\"'" ]
+      $registry_changes = [ 'rm INSECURE_REGISTRY' ]
     }
 
-    augeas { 'docker-sysconfig':
+    augeas { 'docker-sysconfig-registry':
       lens      => 'Shellvars.lns',
       incl      => '/etc/sysconfig/docker',
-      changes   => $changes,
+      changes   => $registry_changes,
       subscribe => Package['docker'],
       notify    => Service['docker'],
     }

diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
index bb21055..dc5efa7 100644 (file)
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -27,8 +27,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
       it {
-          is_expected.to contain_augeas('docker-sysconfig').with_changes([
-            'rm INSECURE_REGISTRY',
+          is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
             "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'",
           ])
       }
@@ -45,9 +44,8 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
       it {
-        is_expected.to contain_augeas('docker-sysconfig').with_changes([
+        is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([
           "set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'",
-          "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'",
         ])
       }
     end
@@ -85,8 +83,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_package('docker') }
       it { is_expected.to contain_service('docker') }
       it {
-        is_expected.to contain_augeas('docker-sysconfig').with_changes([
-          "rm INSECURE_REGISTRY",
+        is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
           "set OPTIONS '\"--log-driver=syslog\"'",
         ])
       }