docker-formula
Extensible formula to manage Docker on MacOS, Windows, and GNU/Linux. Currently supports:
- software Docker (https://docs.docker.com/engine/install) [all OS]
- containers Manage Containers. [all OS]
- compose Compose Containers. [all OS]
- swarm Docker Swarm. [Linux]
The default docker.software and docker.compose.software states support:
- archive Docker-Engine (https://docs.docker.com/engine/install) [Linux]
- desktop Docker-Desktop (https://docs.docker.com/desktop) [Windows, MacOS]
- Docker-Compose (https://docs.docker.com/compose/install/) [Linux]
The other states support container managmement.
A SaltStack formula for Docker on MacOS, GNU/Linux, Windows and Raspberry Pi (4b).
Table of Contents
General notes
See the full SaltStack Formulas installation and usage instructions. If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section. If you want to use this formula, please pay attention to the FORMULA
file and/or git tag
, which contains the currently released version. This formula is versioned according to Semantic Versioning. See Formula Versioning Section for more details.
Contributing to this repo
Commit message formatting is significant!!
Please see How to contribute for more details.
Available Meta states
docker
docker.clean
docker.software.package.repo
docker.software.package.repo.clean
docker.software
docker.software.service
docker.software.service.clean
docker.software.config
docker.software.config.clean
docker.software.clean
docker.containers
docker.compose
docker.compose.ng
docker.swarm
docker.swarm.clean
docker.networks
docker.networks.clean
docker
Meta-state (This is a state that includes other states).
This state installs the Docker solution (see https://docs.docker.io) for Raspberry Pi support please see Notes
docker.clean
Meta-state (This is a state that includes other states).
Stop Docker daemon and remove docker packages ('docker', 'docker-engine', 'docker-ce', etc) on Linux. To protect OS integrity, this state won't remove packages listed as dependencies (i.e. python is kept).
docker.software.package.repo
Configures the upstream Docker's repo on RedHat/Debian OS.
docker.software.package.repo.clean
This state removes upstream Docker package repository only, on RedHat/Debian OS.
docker.software
This state installs Docker (see https://docs.docker.com/engine/install and https://docs.docker.com/desktop/)
docker.software.service
This state installs Dockerd daemon on Linux (systemd support).
docker.software.service.clean
This state stops Dockerd daemon on Linux (systemd support).
docker.software.config
This state overrides default Docker options (i.e. /etc/default/docker):
docker: pkg: docker: config: - DOCKER_OPTS="-s btrfs --dns 8.8.8.8" - export http_proxy="http://172.17.42.1:3128"
docker.software.config.clean
This state uninstalls Docker overrides (i.e. /etc/default/docker).
docker.software.clean
This state uninstalls Docker software.
docker.containers
Pulls and runs a number of docker containers. See docker container API for docker.containers options:
docker: containers: running: - prometheus_simple - prometheus_detail prometheus_simple: image: "prom/prometheus:v1.7.1" prometheus_detail: image: "prom/prometheus:v1.7.1" # see https://docker-py.readthedocs.io/en/stable/containers.html
docker.compose
Saltstack dockercompose module state support (See https://docs.saltstack.com/en/2018.3/ref/modules/all/salt.modules.dockercompose.html).
docker.compose.ng
The intent is to provide an interface similar to the specification provided by docker-compose. The hope is that you may provide pillar data similar to that which you would use to define services with docker-compose. The assumption is that you are already using pillar data and salt formulae to represent the state of your existing infrastructure.
No real effort had been made to support every possible feature of docker-compose. Rather, we prefer the syntax provided by the docker-compose whenever it is reasonable for the sake of simplicity.
It is worth noting that we have added one attribute which is decidedly absent
from the docker-compose specification. That attribute is dvc
. This is a
boolean attribute which allows us to define data only volume containers
which can not be represented with the docker.software.service.running
state
since they are not intended to include a long living service inside the
container.
See the included pillar.example
for a representative pillar data block.
To use this formula, you might target a host with the following pillar:
docker:
compose:
ng:
registry-datastore:
dvc: true
# image: ®istry_image 'docker.io/registry:latest' ## Fedora
image: ®istry_image 'registry:latest'
container_name: &dvc 'registry-datastore'
command: echo *dvc data volume container
volumes:
- &datapath '/registry'
registry-service:
image: *registry_image
container_name: 'registry-service'
volumes_from:
- *dvc
environment:
SETTINGS_FLAVOR: 'local'
STORAGE_PATH: *datapath
SEARCH_BACKEND: 'sqlalchemy'
REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: '/registry'
ports:
- 127.0.0.1:5000:5000
# restart: 'always' # compose v1.9
deploy: # compose v3
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
nginx-latest:
# image: 'docker.io/nginx:latest' ##Fedora
image: 'nginx:latest'
container_name: 'nginx-latest'
links:
- 'registry-service:registry'
ports:
- '80:80'
- '443:443'
volumes:
- /srv/docker-registry/nginx/:/etc/nginx/conf.d
- /srv/docker-registry/auth/:/etc/nginx/conf.d/auth
- /srv/docker-registry/certs/:/etc/nginx/conf.d/certs
working_dir: '/var/www/html'
volume_driver: 'local'
userns_mode: 'host'
Then you would target a host with the following states:
include:
- base: docker
- base: docker.compose.ng
docker.swarm
Saltstack swarm module state support (See https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.swarm.html).
docker.swarm.clean
Opposite of docker.swarm state (See https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.swarm.html).
docker.networks
Create docker networks
docker.networks.clean
Remove docker networks
Sub-states
Sub-states are available inside sub-directories.
Notes on Raspberry Pi support
There are some caveats with regard to the support of this module on Rasberry Pi 4b's.
- This module has only been tested with Raspberry Pi 4b using Rasbian Os Version Buster
- This module supports raspbian only when used from Salt 3002.6. Salt 3003.x fails with template isses.
- Docker service is known to fail starting when freshly installed via this module on Rasbian Buster with all apt-get updates and upgrades performed. The error found in logs for failing to start is
dockerd: failed to create NAT chain DOCKER
The Reason for this is as documented here . The following Fix followed by a restart fixes this. The summary reason is that the docker installer uses iptables for nat. Unfortunately Debian uses nftables. You can convert the entries over to nftables or just setup Debian to use the legacy iptables. On the target Raspberry Pi issue the following to resolve or incorporate the SLS before in your custom SLS
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
sudo shutdown -r 0 # Do a restart, Docker.d should then function
or the following SLS
iptables:
alternatives.set:
- path: /usr/sbin/iptables-legacy
ip6tables:
alternatives.set:
- path: /usr/sbin/ip6tables-legacy
The provisioning of docker to raspbian uses functionality from https://docs.docker.com/engine/install/debian/#install-using-the-convenience-script. It specifically mentions Using these scripts is not recommended for production environments, and you should understand the potential risks before you use them: The reasons are stated as :
- The scripts require root or sudo privileges to run. Therefore, you should carefully examine and audit the scripts before running them.
- The scripts attempt to detect your Linux distribution and version and configure your package management system for you. In addition, the scripts do not allow you to customize any installation parameters. This may lead to an unsupported configuration, either from Docker’s point of view or from your own organization’s guidelines and standards.
- The scripts install all dependencies and recommendations of the package manager without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine.
- The script does not provide options to specify which version of Docker to install, and installs the latest version that is released in the “edge” channel.
- Do not use the convenience script if Docker has already been installed on the host machine using another mechanism.
Testing
Linux testing is done with kitchen-salt
.
Requirements
- Ruby
- Docker
$ gem install bundler
$ bundle install
$ bin/kitchen test [platform]
Where [platform]
is the platform name defined in kitchen.yml
,
e.g. debian-9-2019-2-py3
.
bin/kitchen converge
Creates the Docker instance and runs the docker
main state, ready for testing.
bin/kitchen verify
Runs the inspec
tests on the actual instance.
bin/kitchen destroy
Removes the Docker instance.
bin/kitchen test
Runs all of the stages above in one go: i.e. destroy
+ converge
+ verify
+ destroy
.
bin/kitchen login
Gives you SSH access to the instance for manual testing.