cookbook 'docker-grid', '= 0.5.1'
docker-grid
(41) Versions
0.5.1
-
Follow0
Installs/Configures Docker Engine.
cookbook 'docker-grid', '= 0.5.1', :supermarket
knife supermarket install docker-grid
knife supermarket download docker-grid
docker-grid Cookbook
This cookbook sets up Docker engine etc.
Contents
Requirements
platforms
- CentOS, Red Hat Enterprise Linux >= 7.2 (in baremetal or LXD (Ubuntu >= 14.04))
- Debian >= 9.0
- Ubuntu >= 14.04 (in baremetal or LXD (Ubuntu >= 14.04))
packages
- none.
Attributes
Key | Type | Description, example | Default |
---|---|---|---|
['docker-grid']['install_flavor'] |
String |
'dockerproject' or 'os-repository'
|
'dockerproject' |
['docker-grid']['dockerproject']['package_name'] |
String | 'docker-engine' |
|
['docker-grid']['apt_repo']['url'] |
String | 'https://apt.dockerproject.org/repo' |
|
['docker-grid']['apt_repo']['keyserver'] |
String | 'hkp://p80.pool.sks-keyservers.net:80' |
|
['docker-grid']['apt_repo']['recv-keys'] |
String | '58118E89F3A912897C070ADBF76221572C52609D' |
|
['docker-grid']['apt_repo']['override_apt_line'] |
String | If you set this attribute, apt-line settings with the ['docker-grid']['apt_repo']['url'] attribute is overrridden. e.g. 'deb https://apt.dockerproject.org/repo ubuntu-xenial main'
|
'' |
['docker-grid']['yum_repo']['baseurl'] |
String | 'https://yum.dockerproject.org/repo/main/centos/$releasever/' |
|
['docker-grid']['yum_repo']['gpgcheck'] |
String |
'0' : disabled, '1' : enabled. |
'1' |
['docker-grid']['yum_repo']['gpgkey'] |
String | 'https://yum.dockerproject.org/gpg' |
|
['docker-grid']['compose']['install_flavor'] |
String |
'dockerproject' or 'os-repository'
|
'dockerproject' |
['docker-grid']['compose']['skip_setup'] |
Boolean | false |
|
['docker-grid']['compose']['auto_upgrade'] |
Boolean | upgrade/reinstall the docker-compose automatically. | false |
['docker-grid']['compose']['release_base_url'] |
String | 'https://github.com/docker/compose/releases/download/1.9.0' |
|
['docker-grid']['compose']['release_url'] |
String | "#{node['docker-grid']['compose']['release_base_url']}/docker-compose-#{node['kernel']['name']}-#{node['kernel']['machine']}" |
|
['docker-grid']['compose']['home_dir'] |
String | '/opt/docker-compose' |
|
['docker-grid']['compose']['app_dir'] |
String | "#{node['docker-grid']['compose']['home_dir']}/app |
|
['docker-grid']['engine']['skip_setup'] |
Boolean | false |
|
['docker-grid']['engine']['version_on_centos'] |
String | Docker version for CentOS. '' (empty) means the latest version. |
'1.11.2-1' |
['docker-grid']['engine']['version_on_debian'] |
String | Docker version for Debian. '' (empty) means the latest version. |
'17.03.1~ce-0' |
['docker-grid']['engine']['version_on_ubuntu'] |
String | Docker version for Ubuntu. '' (empty) means the latest version. |
'1.11.2-0' |
['docker-grid']['engine']['version'] |
String | Docker version. '' (empty) means the latest version. Note: this default value is overwritten by the version_on_{centos or ubuntu} . |
See default.rb |
['docker-grid']['engine']['storage-driver_on_centos'] |
String | Docker storage driver (overlay, devicemapper, ...) for CentOS. | 'overlay' |
['docker-grid']['engine']['storage-driver_on_debian'] |
String | Docker storage driver (aufs, overlay, ...) for Debian. | 'overlay2' |
['docker-grid']['engine']['storage-driver_on_ubuntu'] |
String | Docker storage driver (aufs, overlay, ...) for Ubuntu. | 'aufs' |
['docker-grid']['engine']['storage-driver'] |
String | See default.rb | |
['docker-grid']['engine']['userns-remap'] |
String | e.g. 'default' (dockremap user/group) or your specified user/group name. Note: it is available in Docker 1.10/later and (Ubuntu or RHEL family 7.2/later). |
nil (inactive) |
['docker-grid']['engine']['daemon_extra_options'] |
String | ref. docker daemon --help . |
'-H fd://' |
['docker-grid']['engine']['users_allow'] |
Array | Non-root users allowed to manage Docker daemon. | [] |
['docker-grid']['registry']['with_ssl_cert_cookbook'] |
Boolean | If this attribute is true, node['docker-grid']['registry']['docker-compose']['config'] are are overridden by the following common_name attributes. |
false |
['docker-grid']['registry']['ssl_cert']['common_name'] |
String | Registry server common name for TLS | node['fqdn'] |
['docker-grid']['registry']['server']['config'] |
Hash | Registry server configurations. | See attributes/default.rb
|
['docker-grid']['registry']['docker-compose']['app_dir'] |
String | "#{node['docker-grid']['compose']['app_dir']}/registry" |
|
['docker-grid']['registry']['docker-compose']['host_data_volume'] |
String | Data directory path on the host filesystem or nil (unset). |
'/var/lib/docker-registry' |
['docker-grid']['registry']['docker-compose']['config_format_version'] |
String |
docker-compose.yml format version. '1' or '2'
|
'1' |
['docker-grid']['registry']['docker-compose']['service_name'] |
String | Docker registry service name in the docker-compose.yml
|
'registry' |
['docker-grid']['registry']['docker-compose']['config'] |
Hash |
docker-compose.yml configurations. See attributes/default.rb and Deploying a registry server
|
See attributes/default.rb
|
['docker-grid']['registry']['docker-compose']['registry-config'] |
Hash | See Overriding the entire configuration file | nil |
Usage
Recipes
docker-grid::default
This recipe does nothing.
docker-grid::compose
This recipe installs docker-compose.
docker-grid::engine
This recipe sets up Docker engine.
docker-grid::registry
This recipe sets up Docker Compose configurations for the Docker registry service.
docker-grid::registry-docker-compose
This recipe is alias of the docker-grid::registry
recipe.
docker-grid::registry-server
This recipe sets up a Docker registry service on real host.
Role Examples
-
roles/docker.rb
: installs thedocker-engine
package.
name 'docker' description 'Docker Engine distributed by dockerproject' run_list( 'recipe[docker-grid::engine]', ) override_attributes( 'docker-grid' => { 'install_flavor' => 'dockerproject', 'engine' => { 'version_on_centos' => '17.03.1.ce-1', 'version_on_debian' => '17.03.1~ce-0', 'version_on_ubuntu' => '17.03.1~ce-0', 'storage-driver_on_centos' => 'overlay', 'storage-driver_on_debian' => 'overlay2', 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs' #'userns-remap' => 'default', # default: nil (inactive) 'daemon_extra_options' => '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24', }, }, )
-
roles/docker-rhel.rb
: installs thedocker
package.
name 'docker-rhel' description 'Docker Engine distributed by RHEL' run_list( 'recipe[docker-grid::engine]', ) override_attributes( 'docker-grid' => { 'install_flavor' => 'os-repository', 'engine' => { 'version_on_centos' => '1.12.5-14', # docker package 'version_on_ubuntu' => '1.12.3-0ubuntu4~16.04.2', # docker.io package 'storage-driver_on_centos' => 'overlay', 'storage-driver_on_ubuntu' => 'overlay', # default: aufs #'userns-remap' => 'default', 'daemon_extra_options' => '-H fd://', # for RHEL docker package >= 1.12: '-H fd://' option automatically removed by this cookbook. # See https://github.com/docker/docker/issues/22847 }, }, )
-
roles/docker-ubuntu.rb
: installs thedocker.io
package.
name 'docker-ubuntu' description 'Docker Engine distributed by Ubuntu' run_list( 'recipe[docker-grid::engine]', ) override_attributes( 'docker-grid' => { 'install_flavor' => 'os-repository', 'engine' => { 'version_on_centos' => '1.12.5-14', # docker package 'version_on_ubuntu' => '1.12.3-0ubuntu4~16.04.2', # docker.io package 'storage-driver_on_centos' => 'overlay', 'storage-driver_on_ubuntu' => 'overlay', # default: aufs #'userns-remap' => 'default', 'daemon_extra_options' => '-H fd://', }, }, )
-
roles/docker-registry.rb
: on Docker.
name 'docker-registry' description 'Docker Registry Server' run_list( 'recipe[docker-grid::registry]', ) override_attributes( 'docker-grid' => { 'engine' => { 'version_on_centos' => '17.03.1.ce-1', 'version_on_debian' => '17.03.1~ce-0', 'version_on_ubuntu' => '17.03.1~ce-0', 'storage-driver_on_centos' => 'overlay', 'storage-driver_on_debian' => 'overlay2', 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs' 'userns-remap' => '', 'daemon_extra_options' => \ '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24', \ # for development environment only. #+ ' --insecure-registry registry.docker.example.com:5000', }, 'registry' => { 'docker-compose' => { 'config_format_version' => '1', 'host_data_volume' => nil, 'config' => { # in docker-compose.yml # See: https://docs.docker.com/registry/deploying/#/managing-with-compose 'registry' => { 'restart' => 'always', 'image' => 'registry:2', 'ports' => [ '5000:5000', ], 'environment' => { 'REGISTRY_HTTP_TLS_CERTIFICATE' => '/certs/domain.crt', 'REGISTRY_HTTP_TLS_KEY' => '/certs/domain.key', 'REGISTRY_AUTH' => 'htpasswd', 'REGISTRY_AUTH_HTPASSWD_PATH' => '/auth/htpasswd', 'REGISTRY_AUTH_HTPASSWD_REALM' => 'Registry Realm', }, 'volumes' => [ '/path/data:/var/lib/registry', '/path/certs:/certs', '/path/auth:/auth', ], }, }, }, }, }, )
-
roles/docker-registry-with-ssl-cert.rb
: on Docker.
name 'docker-registry-with-ssl-cert' description 'Docker Registry Server' registry_fqdn = 'registry.docker.example.com' run_list( #'recipe[ssl_cert::server_key_pairs]', # docker-grid <= 0.3.9 'recipe[docker-grid::registry]', ) override_attributes( 'ssl_cert' => { 'common_names' => [ registry_fqdn, ], }, 'docker-grid' => { 'engine' => { 'version_on_centos' => '17.03.1.ce-1', 'version_on_debian' => '17.03.1~ce-0', 'version_on_ubuntu' => '17.03.1~ce-0', 'storage-driver_on_centos' => 'overlay', 'storage-driver_on_debian' => 'overlay2', 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs' 'userns-remap' => '', 'daemon_extra_options' => \ '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24', }, 'registry' => { 'with_ssl_cert_cookbook' => true, 'ssl_cert' => { 'common_name' => registry_fqdn, }, 'docker-compose' => { 'config_format_version' => '1', 'host_data_volume' => nil, 'config' => { # in docker-compose.yml # See: https://docs.docker.com/registry/deploying/#/managing-with-compose 'registry' => { 'restart' => 'always', 'image' => 'registry:2', 'ports' => [ '5000:5000', ], 'environment' => { # REGISTRY_HTTP_TLS_{CERTIFICATE,KEY} will be set automatically. 'REGISTRY_AUTH' => 'htpasswd', 'REGISTRY_AUTH_HTPASSWD_PATH' => '/auth/htpasswd', 'REGISTRY_AUTH_HTPASSWD_REALM' => 'Registry Realm', # proxy cache #'REGISTRY_PROXY_REMOTEURL' => 'https://registry-1.docker.io', }, 'volumes' => [ # Volumes for the server certificate and key files will be set automatically. '/path/data:/var/lib/registry', '/path/auth:/auth', ], }, }, }, }, }, )
-
roles/docker-registry-by-entire-config.rb
: on Docker.
name 'docker-registry-by-entire-config' description 'Docker Registry Server' run_list( 'recipe[docker-grid::registry]', ) override_attributes( 'docker-grid' => { 'engine' => { 'version_on_centos' => '17.03.1.ce-1', 'version_on_debian' => '17.03.1~ce-0', 'version_on_ubuntu' => '17.03.1~ce-0', 'storage-driver_on_centos' => 'overlay', 'storage-driver_on_debian' => 'overlay2', 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs' 'userns-remap' => '', 'daemon_extra_options' => \ '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24', \ # for development environment only. #+ ' --insecure-registry registry.docker.example.com:5000', }, 'registry' => { 'docker-compose' => { 'registry-config' => { # NOT nil # in ./etc/config.yml # See: https://docs.docker.com/registry/configuration/#/overriding-the-entire-configuration-file 'version' => '0.1', # ... }, 'config_format_version' => '1', 'config' => { # in ./docker-compose.yml # See: https://docs.docker.com/registry/deploying/#/managing-with-compose 'registry' => { 'restart' => 'always', 'image' => 'registry:2', 'ports' => [ '5000:5000', ], 'environment' => { # -> ./etc/config.yml }, 'volumes' => [ # Volumes for the ./etc/config.yml will be set automatically. #'./etc/config.yml:/etc/docker/registry/config.yml:ro', '/path/data:/var/lib/registry', '/path/auth:/auth', ], }, }, }, }, }, )
-
roles/registry-server-with-ssl-cert.rb
: on real host.
name 'registry-server-with-ssl-cert' description 'Docker Registry Server' registry_fqdn = 'registry.docker.example.com' run_list( 'recipe[docker-grid::registry-server]', ) override_attributes( 'ssl_cert' => { 'common_names' => [ registry_fqdn, ], }, 'docker-grid' => { 'registry' => { 'with_ssl_cert_cookbook' => true, 'ssl_cert' => { 'common_name' => registry_fqdn, }, 'server' => { 'config' => { 'storage' => { 'filesystem' => { 'rootdirectory' => '/var/lib/docker-registry', }, }, 'proxy' => { 'remoteurl' => 'https://registry-1.docker.io', }, }, }, }, }, )
SSL server keys and certificates management by ssl_cert
cookbook
- create vault items.
$ ruby -rjson -e 'puts JSON.generate({"private" => File.read("registry.docker.example.com.prod.key")})' \ > > ~/tmp/registry.docker.example.com.prod.key.json $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("registry.docker.example.com.prod.crt")})' \ > > ~/tmp/registry.docker.example.com.prod.crt.json $ cd $CHEF_REPO_PATH $ knife vault create ssl_server_keys registry.docker.example.com.prod \ > --json ~/tmp/registry.docker.example.com.prod.key.json $ knife vault create ssl_server_certs registry.docker.example.com.prod \ > --json ~/tmp/registry.docker.example.com.prod.crt.json
- grant reference permission to the Docker Registry host
$ knife vault update ssl_server_keys registry.docker.example.com.prod -S 'name:registry-host.example.com' $ knife vault update ssl_server_certs registry.docker.example.com.prod -S 'name:registry-host.example.com'
- modify run_list and attributes
run_list( #'recipe[ssl_cert::server_key_pairs]', # docker-grid <= 0.3.9 'recipe[docker-grid::registry]', ) override_attributes( 'ssl_cert' => { 'common_names' => [ 'registry.docker.example.com', ], }, 'docker-grid' => { 'registry' => { 'with_ssl_cert_cookbook' => true, 'ssl_cert' => { 'common_name' => 'registry.docker.example.com', }, # ... }, }, )
License and Authors
- Author:: whitestar at osdn.jp
Copyright 2016-2017, whitestar Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
docker-grid CHANGELOG
0.5.1
- improves
docker-compose
installation.
0.5.0
- adds the
docker-grid::registry-server
anddocker-grid::registry-docker-compose
recipes.
0.4.0
- includes the
ssl_cert::server_key_pairs
recipe automatically. - refactoring.
0.3.9
- adds the Debian 9 (stretch) support.
- adds the
docker_images_cleanup
script. - adds the Concourse pipeline configuration.
0.3.8
- supports the latest Docker engine (17.03.1.ce-1, 17.03.1~ce-0).
0.3.7
- supports the feature to specify no Docker version.
0.3.6
- Bug fix: Ubuntu 14.04 LTS support.
0.3.5
- adds the
['docker-grid']['engine']['skip_setup']
attribute. - adds the
['docker-grid']['compose']['skip_setup']
attribute.
0.3.4
- improves CentOS distributed
docker
package support.
0.3.3
- adds OS distributed Docker Engine package support.
- adds the
['docker-grid']['install_flavor']
attribute.
0.3.2
- refactoring.
0.3.1
- bug fix:
systemctl daemon-reload
timing. - adds the storage-driver automatic modifier for ZFS.
0.3.0
- adds
Docker in LXD
support.
0.2.9
- refactoring.
- adds the
platform_utils
cookbook dependency.
0.2.8
- adds the
['docker-grid']['registry']['docker-compose']['host_data_volume']
attribute.
0.2.7
- adds the
['docker-grid']['compose']['home_dir']
attribute. - adds the
['docker-grid']['compose']['app_dir']
attribute.
0.2.6
- bug fix: modifies
apt-get update
timing for the updated apt-line on Ubuntu.
0.2.5
- adds
docker
service's handling of CA certificate update events.
0.2.4
- improves the
docker-grid::registry
recipe. - adds the
['docker-grid']['registry']['docker-compose']['config_format_version']
attribute. - adds the
['docker-grid']['registry']['docker-compose']['service_name']
attribute.
0.2.3
- adds the
docker-grid::registry
recipe. - adds the
ssl_cert
cookbook dependency. - adds the
['docker-grid']['apt_repo']['override_apt_line']
attribute.
0.2.2
- adds the
docker-grid::compose
recipe. - adds the
['docker-grid']['engine']['users_allow']
attribute. - refactoring.
0.2.1
- refactoring.
0.2.0
- adds the
['docker-grid']['engine']['userns-remap']
attribute.
0.1.0
- Initial release of docker-grid
Collaborator Number Metric
0.5.1 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.5.1 passed this metric
License Metric
0.5.1 passed this metric
No Binaries Metric
0.5.1 passed this metric
Testing File Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.5.1 failed this metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.5.1 passed this metric
License Metric
0.5.1 passed this metric
No Binaries Metric
0.5.1 passed this metric
Testing File Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.5.1 passed this metric
0.5.1 passed this metric
No Binaries Metric
0.5.1 passed this metric
Testing File Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.5.1 passed this metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.5.1 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.5.1 failed this metric