Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 7.0.0
- , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'glorpen-g_docker', '1.7.0'Learn more about managing modules with a PuppetfileDocumentation
g-docker
Configures Docker daemon and allows running containers as system services.
The main target of this module is running containerized apps as system services when not using cluster supervisor (Docker Swarm, Kubernetes, ...).
Helpful features
- containers can be reloaded upon managed configuration changes - no restarting
- persistent container data stored on managed LVM volumes
- binding specific folders to container
- manageable firewall - automatic rules created by Docker are accounted for by Puppet, you can safely purge unmanaged firewall rules
- pluggable storage and firewall modules
Usage
Setup
Remember to enable and configure choosen firewall and storage driver.
include ::g_docker::firewall::native
include ::g_docker::storage::overlay2
class { ::g_docker: }
Creating containers:
Hiera:
g_docker::instances:
example:
image: example:latest
env:
MY_ENV: "some env"
volumes:
data:
size: 30G
binds:
home:
path: /data
readonly: false
user: 1000
group: 1000
mode: a=rx,u+w
Runtime configs and reloading
You can create small configuration files with puppet and mount it inside containers.
Hiera:
g_docker::instances:
example:
# ...
runtime_configs:
pupppetizer:
target: /var/opt/puppetizer/hiera
configs:
"runtime.yaml":
reload: true
source: puppet:///modules/profile/proxy.yaml
or Puppet DSL:
g_docker::run { 'example-1':
ensure => present,
image => 'example:latest',
runtime_configs => {
'puppetizer' => {
'target' => '/var/opt/puppetizer/hiera',
'configs' => {
'runtime.yaml' => {
'reload' => true,
'source' => 'puppet:///modules/profile/proxy.yaml',
},
},
},
},
}
Following example works identically to previous one:
g_docker::run { 'example-1':
ensure => present,
image => 'example:latest',
runtime_configs => {
'puppetizer' => {
'target' => '/var/opt/puppetizer/hiera',
},
},
},
}
g_docker::runtime_config::config { 'example':
container => 'example-1',
group => 'puppetizer',
filename => 'runtime.yaml',
reload => true,
source => 'puppet:///modules/profile/proxy.yaml',
}
Reference
Table of Contents
Classes
Public Classes
g_docker: Setups Docker.g_docker::daemon:g_docker::firewall:g_docker::firewall::native:g_docker::firewall::native_helper:g_docker::firewall::noop:g_docker::firewall::puppet:g_docker::firewall::puppet_helper:g_docker::storage:g_docker::storage::devicemapper: Configures Docker to use devicemapper as storage backend.g_docker::storage::overlay2:g_docker::swarm:
Private Classes
g_docker::storage::overlay2_helper:
Defined types
g_docker::compat::run:g_docker::data: Creates persistent data volumes for container.g_docker::data::bind: This definition creates container volume mount point.g_docker::data::volume:g_docker::firewall::native_run:g_docker::firewall::puppet_network:g_docker::network: Creates docker networks.g_docker::run: Creates docker system servicesg_docker::runtime_config: This type setups configuration dir for container and Exec chain for hot reloading.g_docker::runtime_config::config:g_docker::runtime_config::group:
Functions
Data types
Classes
g_docker
Setups Docker.
Parameters
The following parameters are available in the g_docker class.
data_vg_name
Data type: String
LVM volume group to use for container persistent data.
data_path
Data type: String
Directory where persistent data volumes will be mounted.
Default value: '/mnt/docker'
runtime_config_path
Data type: String
Directory for runtime configuration files.
Default value: '/etc/docker/config.d'
instances
Data type: Hash
Containers to create (uses g_docker::run).
Default value: {}
registries
Data type: Hash
Registries to log in (uses docker::registry).
Default value: {}
insecure_registries
Data type: Array[String]
Names of registries to mark as insecure.
Default value: []
ipv6_cidr
Data type: Optional[String]
IPv6 subnet to use.
Default value: undef
networks
Data type: Hash
Manages docker networks (uses g_docker::network).
Default value: {}
auto_prune
Data type: Optional[String]
Creates cron job to prune images/containers/data volumes not used for given time.
Default value: '24h'
auto_prune_options
Data type: Hash
Cron options for prune job
Default value: { 'hour' => '*/4', 'minute' => 0, }
docker_data_path
Data type: String
Docker data dir, defaults to /var/lib/docker.
Default value: '/var/lib/docker'
service_prefix
Data type: String
Prefix to use for created services, defaults to docker-.
Default value: 'docker-'
log_driver
Data type: String
Logging driver, defaults to syslog.
Default value: 'syslog'
log_level
Data type: Enum['debug', 'info', 'warn', 'error', 'fatal']
Log level, one of 'debug', 'info', 'warn', 'error', 'fatal', defaults to info.
Default value: 'info'
log_options
Data type: Hash[String, String]
Log driver specific options.
Default value: {}
tcp_bind
Data type: Variant[String,Array[String],Undef]
Bind docker daemon to given tcp host:port.
Default value: undef
socket_bind
Data type: Optional[String]
Docker socket path, defaults to /var/run/docker.sock.
Default value: '/var/run/docker.sock'
version
Data type: String
Docker engine version, defaults to 'present'.
Default value: 'present'
address_pools
Data type: Array[Tuple[Stdlib::IP::Address::V4::CIDR, Integer]]
Address pools to use in docker networks eg. ['172.16.0.0/12', 24] will create 172.16.1.0/24 network.
Default value: []
default_bridge
Data type: String
Default value: 'docker0'
export_metrics
Data type: Optional[String]
Default value: undef
labels
Data type: Hash[String, Scalar]
Default value: {}
g_docker::daemon
The g_docker::daemon class.
g_docker::firewall
The g_docker::firewall class.
Parameters
The following parameters are available in the g_docker::firewall class.
docker_config
Data type: Hash
Default value: {}
run_type
Data type: Optional[String]
Default value: undef
helper
Data type: Optional[String]
Default value: undef
network_type
Data type: Optional[String]
Default value: undef
g_docker::firewall::native
The g_docker::firewall::native class.
g_docker::firewall::native_helper
The g_docker::firewall::native_helper class.
g_docker::firewall::noop
The g_docker::firewall::noop class.
g_docker::firewall::puppet
The g_docker::firewall::puppet class.
Parameters
The following parameters are available in the g_docker::firewall::puppet class.
ensure
Data type: Enum['present', 'absent']
Default value: 'present'
manage_ip_forward
Data type: Boolean
Default value: true
g_docker::firewall::puppet_helper
The g_docker::firewall::puppet_helper class.
g_docker::storage
The g_docker::storage class.
Parameters
The following parameters are available in the g_docker::storage class.
docker_config
Data type: Hash
Default value: {}
helper
Data type: Optional[String]
Default value: undef
g_docker::storage::devicemapper
Configures Docker to use devicemapper as storage backend.
Parameters
The following parameters are available in the g_docker::storage::devicemapper class.
basesize
Data type: String
Default size for running containers, eg. 2G
thinpool_size
Data type: String
Thin pool size.
thinpool_metadata_size
Data type: String
Size of thinpool metadata.
thinpool_name
Data type: String
Thinpool name to use.
Default value: 'docker-thin'
vg_name
Data type: String
Volume group to use.
ensure
Data type: Enum['present', 'absent']
Default value: 'present'
g_docker::storage::overlay2
The g_docker::storage::overlay2 class.
Parameters
The following parameters are available in the g_docker::storage::overlay2 class.
size
Data type: String
ensure
Data type: Enum['present', 'absent']
Default value: 'present'
vg_name
Data type: Optional[String]
Default value: undef
lv_name
Data type: String
Default value: 'docker-data'
raid_level
Data type: Optional[Integer]
Default value: undef
raid_stripes
Data type: Optional[Integer]
Default value: undef
raid_mirrors
Data type: Optional[Integer]
Default value: undef
g_docker::swarm
The g_docker::swarm class.
Parameters
The following parameters are available in the g_docker::swarm class.
cluster_iface
Data type: String
manager_ip
Data type: Optional[String]
Default value: undef
token
Data type: Optional[String]
Default value: undef
node_name
Data type: String
Default value: $::fqdn
address_pools
Data type: Array[Tuple[Stdlib::IP::Address::V4::CIDR, Integer]]
Default value: []
Defined types
g_docker::compat::run
The g_docker::compat::run class.
Parameters
The following parameters are available in the g_docker::compat::run defined type.
ensure
Data type: Enum['present', 'absent']
image
Data type: String
remove_container_on_stop
Data type: Boolean
Default value: true
remove_container_on_start
Data type: Boolean
Default value: true
ports
Data type: Variant[String,Array,Undef]
Default value: []
extra_parameters
Data type: Variant[String,Array[String],Undef]
Default value: undef
net
Data type: Variant[String,Array]
Default value: 'bridge'
env
Data type: Variant[String,Array,Undef]
Default value: []
command
Data type: Optional[String]
Default value: undef
stop_wait_time
Data type: Optional[Integer]
Default value: 0
after_create
Data type: String
Default value: ''
depends
Data type: Array[String]
Default value: []
remove_volume_on_start
Data type: Boolean
Default value: false
remove_volume_on_stop
Data type: Boolean
Default value: false
labels
Data type: Hash[String, String]
Default value: {}
g_docker::data
Creates persistent data volumes for container.
Parameters
The following parameters are available in the g_docker::data defined type.
ensure
Data type: Enum['present','absent']
Default value: 'present'
volumes
Data type: Hash[String, Hash]
Default value: {}
g_docker::data::bind
This definition creates container volume mount point.
Parameters
The following parameters are available in the g_docker::data::bind defined type.
ensure
Data type: Enum['present','absent']
Enables or disables the specified server (present|absent)
Default value: 'present'
data_name
Data type: String
Name of data directory, used in LVM volume naming
volume_name
Data type: String
Name of data sub-directory, used in LVM volume naming
bind_name
Data type: String
Name of bind directory (just a folder), for sharing space on single LVM volume
Default value: $title
user
Data type: Optional[Variant[String, Integer]]
Host user name/id to use as directory owner
Default value: undef
group
Data type: Optional[Variant[String, Integer]]
Host group name/id to use as directory owner
Default value: undef
mode
Data type: Optional[String]
Permissions for directory
Default value: undef
g_docker::data::volume
The g_docker::data::volume class.
Parameters
The following parameters are available in the g_docker::data::volume defined type.
data_name
Data type: String
size
Data type: String
volume_name
Data type: String
Default value: $title
binds
Data type: Hash[String, Hash]
Default value: {}
ensure
Data type: Enum['present','absent']
Default value: 'present'
raid
Data type: Optional[Integer]
Default value: undef
mirrors
Data type: Optional[Integer]
Default value: undef
stripes
Data type: Optional[Integer]
Default value: undef
fs
Data type: Optional[String]
Default value: undef
fs_options
Data type: Optional[String]
Default value: undef
mount_options
Data type: Optional[String]
Default value: undef
pass
Data type: Optional[Integer]
Default value: undef
g_docker::firewall::native_run
The g_docker::firewall::native_run class.
Parameters
The following parameters are available in the g_docker::firewall::native_run defined type.
host_port
Data type: G_docker::PortRange
protocol
Data type: String
host_network
Data type: Boolean
port_side
Data type: G_server::Side
ensure
Data type: Enum['present','absent']
Default value: 'present'
g_docker::firewall::puppet_network
The g_docker::firewall::puppet_network class.
Parameters
The following parameters are available in the g_docker::firewall::puppet_network defined type.
ensure
Data type: Enum['present', 'absent']
Default value: 'present'
external_access
Data type: Boolean
Default value: false
g_docker::network
Creates docker networks.
Parameters
The following parameters are available in the g_docker::network defined type.
ensure
Data type: Enum['present', 'absent']
Create or remove network.
Default value: 'present'
driver
Data type: String
Driver to use for this network.
Default value: 'bridge'
subnets
Data type: Array[G_docker::IP::Address::CIDR]
List of subnets for network eg. ['10.0.0.0/24', ...]
Default value: []
gateways
Data type: Array[Stdlib::IP::Address::Nosubnet]
Gateway for subnet.
Default value: []
ranges
Data type: Array[G_docker::IP::Address::CIDR]
Ranges to allocate IPs from.
Default value: []
options
Data type: Hash
Additional driver options.
Default value: {}
internal
Data type: Boolean
Restrict external access to the network.
Default value: true
aux_addresses
Data type: Hash[String, Stdlib::IP::Address::Nosubnet]
Default value: {}
g_docker::run
Creates docker system services
Parameters
The following parameters are available in the g_docker::run defined type.
ensure
Data type: Enum['present','absent']
Create or remove service.
Default value: 'present'
init
Data type: Boolean
Run an init inside the container.
Default value: false
localtime
Data type: Boolean
Mount /etc/localtime inside container.
Default value: true
image
Data type: String
volumes
Data type: Hash[String, Hash]
Default value: {}
mounts
Data type: Hash[Stdlib::AbsolutePath, Hash]
Default value: {}
ports
Data type: Hash
Default value: {}
networks
Data type: Array[Variant[String,Hash]]
Default value: []
capabilities
Data type: Array[String]
Default value: []
network
Data type: String
Default value: 'bridge'
env
Data type: Hash[String, Variant[String, Integer]]
Default value: {}
args
Data type: Variant[String, Array[String]]
Default value: []
stop_wait_time
Data type: Integer
Default value: 10
depends_on
Data type: Array[String]
Default value: []
user
Data type: Optional[Array[Variant[String, Integer], 2, 2]]
Default value: undef
hosts
Data type: Hash[String, String]
Default value: {}
runtime_configs
Data type: Hash[String, Hash]
Default value: {}
reload_signal
Data type: Enum['HUP','USR1', 'USR2']
Default value: 'HUP'
labels
Data type: Hash[String, String]
Default value: {}
devices
Data type: Array[String]
Default value: []
g_docker::runtime_config
This type setups configuration dir for container and Exec chain for hot reloading.
Parameters
The following parameters are available in the g_docker::runtime_config defined type.
ensure
Data type: Enum['present', 'absent']
Creates or removes config directory (present|absent).
Default value: 'present'
reload_signal
Data type: Optional[String]
Signal to send to container when reloading was requested.
Default value: undef
g_docker::runtime_config::config
The g_docker::runtime_config::config class.
Parameters
The following parameters are available in the g_docker::runtime_config::config defined type.
container
Data type: String
config_group
Data type: String
filename
Data type: String
source
Data type: Optional[String]
Default value: undef
content
Data type: Optional[String]
Default value: undef
user
Data type: Variant[String, Integer, Undef]
Default value: undef
group
Data type: Variant[String, Integer, Undef]
Default value: undef
mode
Data type: Optional[String]
Default value: undef
reload
Data type: Boolean
Default value: false
g_docker::runtime_config::group
The g_docker::runtime_config::group class.
Parameters
The following parameters are available in the g_docker::runtime_config::group defined type.
container
Data type: String
group_name
Data type: String
Default value: $name
configs
Data type: Hash[String, Hash]
Default value: {}
source
Data type: Optional[String]
Default value: undef
user
Data type: Variant[String, Integer, Undef]
Default value: undef
group
Data type: Variant[String, Integer, Undef]
Default value: undef
mode
Data type: Optional[String]
Default value: undef
source_reload
Data type: Boolean
Default value: false
Functions
g_docker::find_network_config
Type: Puppet Language
The g_docker::find_network_config function.
g_docker::find_network_config(String $name)
The g_docker::find_network_config function.
Returns: Hash
name
Data type: String
g_docker::find_network_interface
Type: Puppet Language
The g_docker::find_network_interface function.
g_docker::find_network_interface(String $name)
The g_docker::find_network_interface function.
Returns: String
name
Data type: String
g_docker::mount_options
Type: Puppet Language
The g_docker::mount_options function.
g_docker::mount_options(Optional[Enum['bind','volume','tmpfs']] $type, String $source, String $destination, Optional[Boolean] $readonly = undef, Optional[Enum['shared','slave','private','rshared','rslave','rprivate']] $propagation = undef)
The g_docker::mount_options function.
Returns: String
type
Data type: Optional[Enum['bind','volume','tmpfs']]
source
Data type: String
destination
Data type: String
readonly
Data type: Optional[Boolean]
propagation
Data type: Optional[Enum['shared','slave','private','rshared','rslave','rprivate']]
Data types
G_docker::IP::Address::CIDR
The G_docker::IP::Address::CIDR data type.
Alias of Variant[Stdlib::IP::Address::V4::CIDR, Stdlib::IP::Address::V6::CIDR]
G_docker::PortRange
The G_docker::PortRange data type.
Alias of Variant[Pattern[ /^[0-9]+$/, /^[0-9]+\-[0-9]+$/ ], Stdlib::Port]
Dependencies
- puppetlabs/stdlib (>=4.0.0 <7.0.0)
- puppetlabs/docker (>=3.6.0 <4.0.0)
- glorpen/g_server (>=2.2.0 <3.0.0)
- glorpen/g_firewall (>=0.3.1 <1.0.0)