• Stars
    star
    397
  • Rank 108,561 (Top 3 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created over 11 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Puppet module for managing docker

Puppet module for installing, configuring and managing Docker from the official repository or alternatively from EPEL on RedHat based distributions.

Puppet Forge Build Status Documentation Status Puppet Forge Downloads Puppet Forge Endorsement

Support

This module is currently tested on:

  • Debian 8.0
  • Debian 7.8
  • Ubuntu 12.04
  • Ubuntu 14.04
  • Centos 7.0
  • Centos 6.6

It may work on other distros and additional operating systems will be supported in the future. It's definitely been used with the following too:

  • Archlinux
  • Amazon Linux
  • Fedora
  • Gentoo

Examples

Usage

The module includes a single class:

include 'docker'

By default this sets up the docker hosted repository if necessary for your OS and installs the docker package and on Ubuntu, any required Kernel extensions.

If you don't want this module to mess about with your Kernel then you can disable this feature like so. It is only enabled (and supported) by default on Ubuntu:

class { 'docker':
  manage_kernel => false,
}

If you want to configure your package sources independently, inform this module to not auto-include upstream sources (This is already disabled on Archlinux as there is no further upstream):

class { 'docker':
  use_upstream_package_source => false,
}

Docker recently launched new official repositories which are now the default for the module from version 5. If you want to stick with the old repositories you can do so with the following:

class { 'docker':
  package_name => 'lxc-docker',
  package_source_location => 'https://get.docker.com/ubuntu',
  package_key_source => 'https://get.docker.com/gpg',
  package_key => '36A1D7869245C8950F966E92D8576A8BA88D21E',
  package_release => 'docker',
}

Docker also provide a commercially supported version of the Docker Engine, called Docker CS, available from a separate repository. This can be installed with the module using the following:

class { 'docker':
  docker_cs => true,
}

The module also now uses the upstream repositories by default for RHEL based distros, including Fedora. If you want to stick with the distro packages you should use the following:

class { 'docker':
  use_upstream_package_source => false,
  package_name => 'docker',
}

By default the docker daemon will bind to a unix socket at /var/run/docker.sock. This can be changed, as well as binding to a tcp socket if required.

class { 'docker':
  tcp_bind        => ['tcp://127.0.0.1:4243','tcp://10.0.0.1:4243'],
  socket_bind     => 'unix:///var/run/docker.sock',
  ip_forward      => true,
  iptables        => true,
  ip_masq         => true,
  bridge          => br0,
  fixed_cidr      => '10.20.1.0/24',
  default_gateway => '10.20.0.1',
}

For TLS setup you should upload related files (such as CA certificate, server certificate and key) and use their paths in manifest

class { 'docker':
  tcp_bind        => ['tcp://0.0.0.0:2376'],
  tls_enable      => true,
  tls_cacert      => '/etc/docker/tls/ca.pem',
  tls_cert        => '/etc/docker/tls/cert.pem',
  tls_key         => '/etc/docker/tls/key.pem',
}

Unless specified this installs the latest version of docker from the docker repository on first run. However if you want to specify a specific version you can do so, unless you are using Archlinux which only supports the latest release. Note that this relies on a package with that version existing in the reposiroty.

class { 'docker':
  version => '0.5.5',
}

And if you want to install a specific rpm package of docker you can do so:

class { 'docker' :
  manage_package              => true,
  use_upstream_package_source => false,
  package_name                => 'docker-engine'
  package_source              => 'https://get.docker.com/rpm/1.7.0/centos-6/RPMS/x86_64/docker-engine-1.7.0-1.el6.x86_64.rpm',
  prerequired_packages        => [ 'glibc.i686', 'glibc.x86_64', 'sqlite.i686', 'sqlite.x86_64', 'device-mapper', 'device-mapper-libs', 'device-mapper-event-libs', 'device-mapper-event' ]
}

And if you want to track the latest version you can do so:

class { 'docker':
  version => 'latest',
}

In some cases dns resolution won't work well in the container unless you give a dns server to the docker daemon like this:

class { 'docker':
  dns => '8.8.8.8',
}

To add users to the Docker group you can pass an array like this:

class { 'docker':
  docker_users => ['user1', 'user2'],
}

To add daemon labels you can pass an array like this:

class { 'docker':
  labels => ['storage=ssd','stage=production'],
}

The class contains lots of other options, please see the inline code documentation for the full options.

Images

The next step is probably to install a docker image; for this we have a defined type which can be used like so:

docker::image { 'base': }

This is equivalent to running docker pull base. This is downloading a large binary so on first run can take a while. For that reason this define turns off the default 5 minute timeout for exec. Takes an optional parameter for installing image tags that is the equivalent to running docker pull -t="precise" ubuntu:

docker::image { 'ubuntu':
  image_tag => 'precise'
}

Note: images will only install if an image of that name does not already exist.

A images can also be added/build from a dockerfile with the docker_file property, this equivalent to running docker build -t ubuntu - < /tmp/Dockerfile

docker::image { 'ubuntu':
  docker_file => '/tmp/Dockerfile'
}

Images can also be added/build from a directory containing a dockerfile with the docker_dir property, this is equivalent to running docker build -t ubuntu /tmp/ubuntu_image

docker::image { 'ubuntu':
  docker_dir => '/tmp/ubuntu_image'
}

You can trigger a rebuild of the image by subscribing to external events like Dockerfile changes:

docker::image { 'ubuntu':
  docker_file => '/tmp/Dockerfile'
  subscribe => File['/tmp/Dockerfile'],
}

file { '/tmp/Dockerfile':
  ensure => file,
  source => 'puppet:///modules/someModule/Dockerfile',
}

You can also remove images you no longer need with:

docker::image { 'base':
  ensure => 'absent'
}

docker::image { 'ubuntu':
  ensure    => 'absent',
  image_tag => 'precise'
}

If using hiera, there's a docker::images class you can configure, for example:

---
  classes:
    - docker::images

docker::images::images:
  ubuntu:
    image_tag: 'precise'

Containers

Now you have an image you can launch containers:

docker::run { 'helloworld':
  image   => 'base',
  command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"',
}

This is equivalent to running the following:

docker run -d base /bin/sh -c "while true; do echo hello world; sleep 1; done"

This will launch a Docker container managed by the local init system.

Run also takes a number of optional parameters:

docker::run { 'helloworld':
  image           => 'base',
  command         => '/bin/sh -c "while true; do echo hello world; sleep 1; done"',
  ports           => ['4444', '4555'],
  expose          => ['4666', '4777'],
  links           => ['mysql:db'],
  net             => 'my-user-def-net',
  volumes         => ['/var/lib/couchdb', '/var/log'],
  volumes_from    => '6446ea52fbc9',
  memory_limit    => '10m', # (format: '<number><unit>', where unit = b, k, m or g)
  cpuset          => ['0', '3'],
  username        => 'example',
  hostname        => 'example.com',
  env             => ['FOO=BAR', 'FOO2=BAR2'],
  env_file        => ['/etc/foo', '/etc/bar'],
  dns             => ['8.8.8.8', '8.8.4.4'],
  restart_service => true,
  privileged      => false,
  pull_on_start   => false,
  before_stop     => 'echo "So Long, and Thanks for All the Fish"',
  before_start    => 'echo "Run this on the host before starting the Docker container"',
  after           => [ 'container_b', 'mysql' ],
  depends         => [ 'container_a', 'postgres' ],
  extra_parameters => [ '--restart=always' ],
}

Ports, expose, env, env_file, dns and volumes can be set with either a single string or as above with an array of values.

Specifying pull_on_start will pull the image before each time it is started.

Specifying before_stop will execute a command before stopping the container.

The after option allows expressing containers that must be started before. This affects the generation of the init.d/systemd script.

The depends option allows expressing container dependencies. The depended container will be started before this container(s), and this container will be stopped before the depended container(s). This affects the generation of the init.d/systemd script. You can use depend_services to specify dependency for generic services (non-docker) that should be started before this container.

extra_parameters : An array of additional command line arguments to pass to the docker run command. Useful for adding additional new or experimental options that the module does not yet support.

The service file created for systemd based systems enables automatic restarting of the service on failure by default.

To use an image tag just append the tag name to the image name separated by a semicolon:

docker::run { 'helloworld':
  image   => 'ubuntu:precise',
  command => '/bin/sh -c "while true; do echo hello world; sleep 1; done"',
}

By default the generated init scripts will remove the container (but not any associated volumes) when the service is stopped or started. This behaviour can be modified using the following, with defaults shown:

docker::run { 'helloworld':
  remove_container_on_start => true,
  remove_volume_on_start    => false,
  remove_container_on_stop  => true,
  remove_volume_on_stop     => false,
}

If using hiera, there's a docker::run_instance class you can configure, for example:

---
  classes:
    - docker::run_instance

  docker::run_instance::instance:
    helloworld:
      image: 'ubuntu:precise'
      command: '/bin/sh -c "while true; do echo hello world; sleep 1; done"'

Networks

As of Docker 1.9.x, Docker has official support for networks. The module now exposes a type, docker_network, used to manage those. This works like:

docker_network { 'my-net':
  ensure   => present,
  driver   => 'overlay',
  subnet   => '192.168.1.0/24',
  gateway  => '192.168.1.1',
  ip_range => '192.168.1.4/32',
}

Only the name is required, along with an ensure value. If you don't pass a driver Docker network will use the default bridge. Note that some networks require the Docker daemon to be configured to use them, for instance for the overlay network you'll need a cluster store configured. You can do that on the docker class like so:

extra_parameters => '--cluster-store=<backend>://172.17.8.101:<port> --cluster-advertise=<interface>:2376'

If using hiera, there's a docker::networks class you can configure, for example:

---
  classes:
    - docker::networks

docker::networks::networks:
  local-docker:
    ensure: 'present'
    subnet: '192.168.1.0/24'
    gateway: '192.168.1.1'

The network defined can then be used on a docker::run resource with the net parameter.

Compose

Docker Compose allows for describing a set of containers in a simple YAML format, and then running a command to build and run those containers. The docker_compose type included in the module allows for using Puppet to run Compose. This means you can have Puppet remediate any issues and make sure reality matches the model in your Compose file.

Before using the docker_compose type make sure the docker-compose utility is installed:

class {'docker::compose': 
  ensure => present,
}

Here's an example. Given the following Compose file:

compose_test:
  image: ubuntu:14.04
  command: /bin/sh -c "while true; do echo hello world; sleep 1; done"

That could be added to the machine you're running Puppet using a file resource or any other means.

Then define a docker_compose resource pointing at the Compose file like so:

docker_compose { '/tmp/docker-compose.yml':
  ensure  => present,
}

Now when Puppet runs it will automatically run Compose is required, for example because the relevant Compose services aren't running.

You can also pass additional options (for example to enable experimental features) as well as provide scaling rules. The following example requests 2 containers be running for example. Puppet will now run Compose if the number of containers for a given service don't match the provided scale values.

docker_compose { '/tmp/docker-compose.yml':
  ensure  => present,
  scale   => {
    'compose_test' => 2,
  },
  options => '--x-networking'
}

It is also possible to give options to the docker-compose up command such as --remove-orphans using the up_args option.

Swarm mode

Docker Engine 1.12 includes swarm mode for natively managing a cluster of Docker Engines called a swarm. You can now cluster your Docker engines with the one of the following Puppet resources. For a swarm manager:

docker::swarm {'cluster_manager':
  init           => true,
  advertise_addr => '192.168.1.1',
  listen_addr    => '192.168.1.1',  
} 

In the above example we have configured a swarm manager with init => true then set the advertise_addr and listen_addr. Both the advertise_addr and listen_addr are set for the cluster communications between nodes. Please note the advertise_addr and listen_addr must be set for a multihomed server. For more advance flags to configure raft snapshots etc please read the readme at the top of the docker::swarm class.

For a swarm worker:

docker::swarm {'cluster_worker':
join           => true,
advertise_addr => '192.168.1.2',
listen_addr    => '192.168.1.2,
manager_ip     => '192.168.1.1',
token          => 'SWMTKN-1-2lw8bnr57qsu74d6iq2q1wr2wq2i334g7425dfr3zucimvh4bl-2vwn6gysbdj605l37c61iixie'
} 

In this example we have joined a node to the cluster using join => true. For a worker node or second manager you need to pass a current managers ip address manager_ip => '192.168.1.1' The other important configuration is the token you pass to the manager. The token will define the nodes role in the cluster, as there will be a token to create another manager and a different token for the worker nodes.

To remove a node from a cluster use the following:

docker::swarm {'cluster_worker':
ensure => absent
}

Docker services

Docker services allow to create distributed applications across multiple swarm nodes. A service is a set of containers that are replicated across your swarm. To configure a service with Puppet code please see the following examples

To create a service

docker::services {'redis':
    create => true,   
    service_name => 'redis',
    image => 'redis:latest',
    publish => '6379:639',
    replicas => '5', 
    extra_params => ['--update-delay 1m', '--restart-window 30s']
  }

In this example we are creating a service called redis, as it is a new service we have set create => true. The service_name resource is the name which Docker knows the service as. The image resource is the image you want to base the service off, publish is the ports that want exposed to the outside world for the service to be consumed, replicas sets the amount of tasks (containers) that you want running in the service, extra_params allows you to configure any of the other flags that Docker gives you when you create a service for more info see docker service create --help

To update the service

docker::services {'redis_update':
  create => false,
  update => true,
  service_name => 'redis',
  replicas => '3',
}

In this example we have taken the service that we created earlier `redis` set the `create => false` and this time added `update => true`. We then decleared the service name `redis` we have then updated the servce to have only 3 replicas, not 5. The `extra_params` resource is also available in the update class.

To scale a service
```puppet
docker::services {'redis_scale':
  create => false,
  scale => true,
  service_name => 'redis',
  replicas => '10', 
}

In this example we have used the command docker service scale with Puppet code. We have taken our service redis set the create => false and scale => true When using scale you have to declare your service_name then the number of replicas that you want. In this example we are going to scale to 10

To remove a service

docker::services {'redis':
  ensure => 'absent',
  service_name => 'redis',
}

To remove a a service from your swarm just set ensure => absent and the service_name of your service.

Private registries

By default images will be pushed and pulled from index.docker.io unless you've specified a server. If you have your own private registry without authentication, you can fully qualify your image name. If your private registry requires authentication you may configure a registry:

docker::registry { 'example.docker.io:5000':
  username => 'user',
  password => 'secret',
  email    => '[email protected]',
}

You can logout of a registry if it is no longer required.

docker::registry { 'example.docker.io:5000':
  ensure => 'absent',
}

If using hiera, there's a docker::registry_auth class you can configure, for example:

docker::registry_auth::registries:
  'example.docker.io:5000':
    username: 'user1'
    password: 'secret'
    email: '[email protected]'

Exec

Docker also supports running arbitrary commands within the context of a running container. And now so does the Puppet module.

docker::exec { 'cron_allow_root':
  detach       => true,
  container    => 'mycontainer',
  command      => '/bin/echo root >> /usr/lib/cron/cron.allow',
  tty          => true,
  unless       => 'grep root /usr/lib/cron/cron.allow 2>/dev/null',
}

More Repositories

1

vagrantboxes-heroku

Repository for http://www.vagrantbox.es
1,281
star
2

puppet-module-skeleton

A pretty opinionated skeleton for writing your own puppet modules
HTML
312
star
3

kubetest

Write unit tests for your Kubernetes configurations
Go
310
star
4

kubernetes-json-schema

A set of JSON schemas for various Kubernetes versions, extracted from the OpenAPI definitions
250
star
5

pentesting-playground

Code for installing various security minded tools onto Vagrant powered virtual machines
Puppet
172
star
6

django-timelog

Performance logging middlware and analysis tools for Django
Python
152
star
7

django-test-extensions

A set of custom assertions and examples for use testing django applications
Python
145
star
8

serf-master

A small python framework for writing Serf handlers
Python
126
star
9

django-project-templates

A set of Paster templates for Django projects, including a fabric deployment script
Python
124
star
10

multi-stage-build-example

Example repository to accompany my talk at Velocity 2018
Makefile
119
star
11

logstash-patterns

A collection of grok patterns for use with logstash
Ruby
98
star
12

cloth

EC2 tasks for Fabric
Python
97
star
13

packer-serverspec-example

Using Serverspec tests to verify images built using Packer
Ruby
96
star
14

prodder

An opinionated test suite focused on generally applicable web application security rules
Ruby
94
star
15

docker-label-inspector

Docker Label Inspector is a tool to help ensure you're providing your Docker images with the metadata they will need out in the wilds of the internet.
Python
80
star
16

ansible-provisioner

A Digital Ocean specific provisioning and orchestration tool built around Ansible
Python
76
star
17

zapr

Easy to use command line security scanner
Ruby
59
star
18

appengine-image-host

Simple image resizing and hosting application
Python
45
star
19

hiera-etcd

A hiera backend for use with the etcd distributed configuration store
Ruby
44
star
20

policykit

A set of utilities and classes for working with Open Policy Agent based tools, including Gatekeeper and Conftest
Python
39
star
21

ruby-vagrantboxes

Ruby gem for interacting with the vagrantbox.es api from inside vagrant
Ruby
37
star
22

riemann-vagrant

A vagrantfile and puppet setup to get playing with Riemann quickly
Ruby
37
star
23

packages

Scripts for building and maintaining a debian package repository using Vagrant
CSS
37
star
24

kubernetes-webhook-examples

Python examples of mutating and validating kubernetes webhook admission controllers
Python
36
star
25

puppet-docker-example

An example of using the Puppet Docker module to manage containers, including Consul for service discovery
Ruby
35
star
26

Asteroid

A simple web interface for running scripts and recording the results
Python
35
star
27

django-clue

A collection of useful development middleware for Django packaged under a custom runserver command
Python
33
star
28

garethr-key_value_config

Puppet type and providers for managing configuration in key/value stores
Ruby
30
star
29

puppet-docker-swarm-example

An example using Puppet to launch a Swarm cluster using Consul
Ruby
30
star
30

sinatra-hello-world

A Hello World style application demonstrating the Sinatra Ruby framework
Ruby
28
star
31

garethr-kubernetes

Puppet types and provider for managing Pods, ReplicationControllers, Services and more in Kubernetes
Ruby
28
star
32

appengine-imified

Example of providing an Instant Messaging interface to App Engine application
Python
24
star
33

web-puppet

A tiny ruby rack application which exposes the data from puppet as JSON over HTTP
Ruby
23
star
34

openshift-json-schema

A set of JSON schemas for various OpenShift versions, extracted from the OpenAPI definitions
Shell
23
star
35

django-googlecalendar

A Django application which provides a front end to one or more Google Calendars
23
star
36

capistrano-puppet

Get capistrano hosts from puppet
Ruby
21
star
37

bolt

A script runner
Ruby
19
star
38

localbuilder

Python script for monitoring a given directory for changes and running a command when something changes
Python
19
star
39

pycnab

Python library for manipulating Cloud Native Application Bundles
Python
19
star
40

garethr-iaas

Experiment with Puppet types and providers for managing virtual machines from an IaaS
Ruby
17
star
41

appengine-bugs

Super simple issue tracker for Google AppEngine, the code behind GitBug
Python
16
star
42

garethr-riemann

Puppet module for Riemann, published on the Puppet Forge
Ruby
16
star
43

snyk-sbom-examples

Examples of using Snyk's SBOM APIs.
Python
15
star
44

sensu-playground

A demo of a vagrant powered multi-node sensu setup, using the sensu puppet module
Puppet
15
star
45

docker-app-cnab-examples

Examples originally for the KubeCon workshop at Microsoft Reactor
Makefile
14
star
46

appengine-uptime

site monitoring utility hosted on Google App Engine
Python
14
star
47

helm-travis-testing-example

Smarty
14
star
48

kubernetes-tools

Python
13
star
49

devopsweekly

Content for the Devops Weekly site
HTML
12
star
50

snyky

A known vulnerable Flask app with an excessive amount of automated testing
Open Policy Agent
12
star
51

tk-demo-puppet

A working example of using Test Kitchen for integration testing of puppet manifests and modules
Ruby
12
star
52

librarian-puppet-vagrant

Vagrant middleware to run librarian puppet before each vagrant up and vagrant provision
Ruby
12
star
53

jenkins-build-list

A very simple Clojure/Noir application which hits the Jenkins API and lists recent builds for a particular job.
Clojure
12
star
54

docker-spec-example

An example of testing docker image builds
Ruby
12
star
55

snyk-tekton

A set of Tekton Tasks for using Snyk to check for vulnerabilities in your pipelines
HTML
11
star
56

booky

script to build compile a book from text file
Python
11
star
57

puppet-swagger-generator

Generate Puppet types and providers from Swagger specifications
Ruby
11
star
58

snykctl

A CLI tool for interacting with the Snyk API.
Crystal
11
star
59

appengine-queue

Simple Queue for App Engine
Python
10
star
60

garethr-kibana

Puppet module to install and configure the kibana logstash interface
Puppet
10
star
61

nginx-json-proxy

An experiment with openresty, lua and nginx
Nginx
10
star
62

chef-repo

Personal cookbooks
Ruby
10
star
63

appengine-books

AppEngine book listing webservice, web site and admin
Python
10
star
64

vagrant-cucumber-host

Vagrant plugin to run cucumber acceptance tests for Vagrant boxes
Ruby
10
star
65

garethr-diamond

Puppet module for the Diamond stats collection daemon
Ruby
9
star
66

cloud-native-tools

A database of activity around various Cloud Native tools
Makefile
9
star
67

gmetric-web

Simple HTTP interface for adding custom time metrics to Ganglia.
Python
9
star
68

serverspec-puppetdb

Example using PuppetDB to generate Serverspec tests
Ruby
9
star
69

garethr-nginx

A very un-opinionated nginx module for Puppet which focuses on installation and NOT configuration
Ruby
9
star
70

dockerfilepp

Library for writing your own Dockerfile pre-processors
Go
8
star
71

urltest

A simple DSL for writing url based tests for WSGI applications
Python
8
star
72

garethr-graphite

Puppet module for the Graphite monitoring tool
Puppet
8
star
73

snyksh

An interactive shell for exploring the Snyk API
Python
8
star
74

garethr-erlang

Puppet module for managing erlang from official package repository
Ruby
7
star
75

web-facter

Expose facts from Facter as JSON over HTTP
Ruby
7
star
76

findcve

Find CVEs from a list of packages in different formats
Python
7
star
77

dockerfilepp-labels

A dockerfile pre-processor for adding dynamic labels
Go
7
star
78

appengine-seller

Sample App Engine integration with PayPal
Python
7
star
79

epydoc-themes

Application to support alternative stylesheets for epydoc
7
star
80

digitalocean-expect

Experiments in testing an IaaS
Clojure
7
star
81

fixmysite

Like FixMyStreet but for Websites, or like GetSatisfaction but for the UK Government Online
Python
7
star
82

garethr-mirageos

Puppet module to install Mirage and it's dependencies
Ruby
7
star
83

puppet-mesos-example

An example of using Puppet to manage a Mesos, Chronos and Marathon cluster
Ruby
7
star
84

garethr-digitalocean

Puppet module to manage droplets on digitalocean IaaS
Ruby
7
star
85

lastbot

A simple search bot for last.fm created during the last.fm hackday
Python
7
star
86

django-http-debug

Simple HTTP logging server, useful for debugging HTTP clients of various types
Python
6
star
87

garethr-sysdig

Puppet module for installing sysdig
Ruby
6
star
88

inboxer

Putting the web in your inbox
Ruby
6
star
89

appengine-template

Quick start template for App Engine projects based on webapp
6
star
90

puppetdb-expect

Experiment writing tests against data in PuppetDB
Clojure
6
star
91

do-test-kitchen

An example, ideal for a CI environment, of using the Test Kitchen Digital Ocean driver and the new shell provisioner
Ruby
6
star
92

docker-applications

A set of example Docker Apps
6
star
93

django-train

Django blogging application based around generic views, flatpages and tagging
Python
5
star
94

django-linklist

Django application for managing a set of ordered lists of links
Python
5
star
95

knb

Proof-of-concept Knative Build user interface
Python
5
star
96

dockerfilepp-puppet

A small experiment in Dockerfile pre-processing
Makefile
5
star
97

jruby-embedded-jetty

Simple example of creating an executable war file with an embedded jetty
Ruby
5
star
98

graylogtail

Use logtail to push log files into Graylog2
Python
5
star
99

gatling-demo

Simple demo of using Gatling assertions
Scala
5
star
100

nash

Nagios dashboard
Ruby
5
star