diff --git a/docker/networks/clean.sls b/docker/networks/clean.sls index e507f5fc..09015605 100644 --- a/docker/networks/clean.sls +++ b/docker/networks/clean.sls @@ -20,3 +20,4 @@ include: - name: {{ name }} {%- endfor %} + {%- endif %} diff --git a/docker/osfamilymap.yaml b/docker/osfamilymap.yaml index aa970854..eedb872c 100644 --- a/docker/osfamilymap.yaml +++ b/docker/osfamilymap.yaml @@ -59,6 +59,7 @@ RedHat: docker: # environ_file: /etc/sysconfig/docker repo: + name: docker-ce baseurl: 'https://download.docker.com/linux/{{ grains.os|lower }}/$releasever/$basearch/stable' file: '/etc/yum.repos.d/docker-ce.repo' gpgkey: 'https://download.docker.com/linux/{{ grains.os|lower }}/gpg' diff --git a/docker/software/package/clean.sls b/docker/software/package/clean.sls index f4829d20..3183637b 100644 --- a/docker/software/package/clean.sls +++ b/docker/software/package/clean.sls @@ -6,19 +6,21 @@ {%- set formula = d.formula %} {%- if d.pkg.docker.use_upstream in ('package', 'repo') %} - {%- if grains.kernel|lower in ('linux',) %} - {%- if d.pkg.docker.use_upstream == 'repo' %} + {%- set enable_repo = grains.os_family in ('RedHat', 'Debian') and d.pkg.docker.get('repo') %} + {%- if enable_repo %} + {%- set sls_repo_clean = tplroot ~ '.software.package.repo.clean' %} include: - - .package.repo.clean - {%- endif %} + - {{ sls_repo_clean }} + {%- endif %} + {%- if grains.kernel|lower in ('linux', 'darwin') %} {{ formula }}-software-package-clean-pkg: pkg.removed: - name: {{ d.pkg.docker.name }} - reload_modules: {{ d.misc.reload|default(true, true) }} - {%- if d.pkg.docker.use_upstream == 'repo' %} + {%- if enable_repo %} - require: - - pkgrepo: {{ formula }}-package-repo-absent + - pkgrepo: {{ formula }}-software-package-repo-absent {%- endif %} {%- elif grains.os_family == 'MacOS' %} diff --git a/docker/software/package/install.sls b/docker/software/package/install.sls index 6e232a7f..cf43eb91 100644 --- a/docker/software/package/install.sls +++ b/docker/software/package/install.sls @@ -6,13 +6,14 @@ {%- set formula = d.formula %} {%- if d.pkg.docker.use_upstream in ('package', 'repo') %} + {%- set enable_repo = grains.os_family in ('RedHat', 'Debian') and d.pkg.docker.get('repo') %} {%- set docker_pkg_version = d.version | default(d.pkg.version, true) %} - {%- if grains.os_family in ('RedHat', 'Debian') %} + {%- if enable_repo %} {%- set sls_repo_install = tplroot ~ '.software.package.repo.install' %} - include: - {{ sls_repo_install }} {%- endif %} + {%- if grains.kernel|lower in ('linux', 'darwin') %} {%- if 'deps' in d.pkg and d.pkg.deps %} @@ -43,7 +44,7 @@ include: {%- if grains.os|lower not in ('suse',) %} - hold: {{ d.misc.hold|default(false, true) }} {%- endif %} - {%- if grains.os_family in ('RedHat', 'Debian') %} + {%- if enable_repo %} - require: - pkgrepo: {{ formula }}-software-package-repo-managed {%- endif %} diff --git a/docker/software/package/repo/clean.sls b/docker/software/package/repo/clean.sls index 253d8293..53c03245 100644 --- a/docker/software/package/repo/clean.sls +++ b/docker/software/package/repo/clean.sls @@ -5,8 +5,10 @@ {%- from tplroot ~ "/map.jinja" import data as d with context %} {%- set formula = d.formula %} + {%- if 'repo' in d.pkg.docker and d.pkg.docker.repo %} + {{ formula }}-software-package-repo-absent: pkgrepo.absent: - name: {{ d.pkg.docker.repo.name }} - - onlyif: - - {{ d.pkg.docker.repo }} + + {%- endif %} diff --git a/docker/software/package/repo/install.sls b/docker/software/package/repo/install.sls index c792721e..422b274e 100644 --- a/docker/software/package/repo/install.sls +++ b/docker/software/package/repo/install.sls @@ -13,7 +13,5 @@ {{- format_kwargs(d.pkg.docker.repo) }} - humanname: {{ grains["os"] }} {{ grains["oscodename"]|capitalize }} Docker Package Repository - refresh: {{ d.misc.refresh }} - - onlyif: - - {{ d.pkg.docker.repo }} {%- endif %} diff --git a/kitchen.yml b/kitchen.yml index 7929640b..21217215 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -632,6 +632,23 @@ suites: verifier: inspec_tests: - path: test/integration/package + - name: repo + provisioner: + state_top: + base: + '*': + - docker._mapdata + - docker + pillars: + top.sls: + base: + '*': + - docker + pillars_from_files: + docker.sls: test/salt/pillar/repo.sls + verifier: + inspec_tests: + - path: test/integration/package - name: clean provisioner: state_top: @@ -645,7 +662,7 @@ suites: '*': - docker pillars_from_files: - docker.sls: test/salt/pillar/archive.sls + docker.sls: test/salt/pillar/repo.sls verifier: inspec_tests: - path: test/integration/clean diff --git a/test/salt/pillar/repo.sls b/test/salt/pillar/repo.sls new file mode 100644 index 00000000..dd721dd3 --- /dev/null +++ b/test/salt/pillar/repo.sls @@ -0,0 +1,166 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# example docker registry container +# if you want to your own docker registry, use this +docker: + wanted: + - docker + - compose + + pkg: + docker: + use_upstream: repo + config: + # yamllint disable-line rule:line-length + - OPTIONS='-s devicemapper --storage-opt dm.fs=xfs --exec-opt native.cgroupdriver=cgroupfs --selinux-enabled' + # yamllint disable-line rule:line-length + - DOCKER_OPTS="-s btrfs --dns 8.8.8.8" + - export http_proxy="http://172.17.42.1:3128" + daemon_config: + insecure-registries: [] + + containers: + running: + - nginx + - prometheus + + nginx: + image: "nginx:latest" + + prometheus: + image: "prom/prometheus:v1.7.1" + env: + - a=b + - ping=pong + - ding=dong + command: + - ls + - ls -l + auto_remove: true + blkio_weight: 1000 + cap_add: ["SYS_ADMIN", "MKNOD"] + dns: + - 8.8.8.8 + - 8.8.4.4 + dns_search: + - EXAMPLE.COM + domainname: + - EXAMPLE.COM + entrypoint: + - ls + - ls -l + - ls -last + - sleep 100 + init: false + labels: + - label1 + - label2 + - label3 + mem_limit: 1g + mem_swappiness: 50 + name: prometheus + network_disabled: false + network_mode: host # bridge or none or container:netcontainer or host + oom_kill_disable: true + oom_score_adj: 100 + pid_mode: host + pids_limit: -1 + privileged: false + publish_all_ports: true + read_only: false + stdin_open: false + tty: true + volume_driver: local + + registry: + image: "registry:latest" + env: + - REGISTRY_LOG_LEVEL=warn + - REGISTRY_STORAGE=s3 + - REGISTRY_STORAGE_S3_REGION=us-west-1 + - REGISTRY_STORAGE_S3_BUCKET=my-bucket + - REGISTRY_STORAGE_S3_ROOTDIRECTORY=/registry + command: + - "--log-driver=syslog" + - "-p 5000:5000" + - "--rm" + + compose: + ## salt dockercompose module ## + applications: + - composetest + composetest: + path: /srv/salt/docker/files/composetest/docker-compose.yml + + ## formerly compose-ng state ## + ng: + registry-datastore: + dvc: true + # image: ®istry_image 'docker.io/registry:latest' ## Fedora + image: ®istry_image 'registry:latest' + container_name: &dvc 'registry-datastore' + command: echo *dvc data volume container + volumes: + - &datapath '/registry' + registry-service: + image: *registry_image + container_name: 'registry-service' + volumes_from: + - *dvc + environment: + SETTINGS_FLAVOR: 'local' + STORAGE_PATH: *datapath + SEARCH_BACKEND: 'sqlalchemy' + REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: '/registry' + ports: + - 127.0.0.1:5000:5000 + # restart: 'always' # compose v1.9 + deploy: # compose v3 + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + window: 120s + nginx-latest: + # image: 'docker.io/nginx:latest' ##Fedora + image: 'nginx:latest' + container_name: 'nginx-latest' + links: + - 'registry-service:registry' + ports: + - '80:80' + - '443:443' + volumes: + - /srv/docker-registry/nginx/:/etc/nginx/conf.d + - /srv/docker-registry/auth/:/etc/nginx/conf.d/auth + - /srv/docker-registry/certs/:/etc/nginx/conf.d/certs + working_dir: '/var/www/html' + volume_driver: 'local' + userns_mode: 'host' + user: 'nginx' + # restart: 'always' # compose v1.9 + deploy: # compose v3 + restart_policy: + condition: on-failure + delay: 5s + max_attempts: 3 + window: 120s + + swarm: + # Per https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.swarm.html + joinswarm: {} + leave_swarm: false + node_ls: {} + remove_node: {} + remove_service: {} + service_create: {} + swarm_init: {} + service_info: {} + swarm_tokens: true + update_node: {} + + misc: + skip_translate: ports + force_present: false + force_running: true