Defined Type: service::docker

Defined in:
modules/service/manifests/docker.pp

Overview

Define service::docker

Allows pulling a docker image from our registry, and running it.

This is basically a shim to be able to run via puppet the containers we created for use with the new service pipeline in mind.

Parameters

port

the IP port the service runs on, and that will be exposed

on. For now, the port needs to be the same.
version

The docker image tag

namespace

The namespace of the image on the registry, if any

override_cmd

The command to run if different from what defined

in the images's CMD stanza.
environment

k-v hash of env variables to pass to the container

image_name

Name of the Docker image. Default: $title

Parameters:

  • port (Wmflib::UserIpPort)
  • version (String)
  • ensure (Wmflib::Ensure) (defaults to: present)
  • namespace (Optional[String]) (defaults to: undef)
  • config (Hash) (defaults to: {})
  • override_cmd (String) (defaults to: '')
  • environment (Hash) (defaults to: {})
  • image_name (String) (defaults to: $title)


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'modules/service/manifests/docker.pp', line 25

define service::docker(
    Wmflib::UserIpPort $port,
    String $version,
    Wmflib::Ensure $ensure = present,
    Optional[String] $namespace = undef,
    Hash $config = {},
    String $override_cmd = '',
    Hash $environment = {},
    String $image_name = $title,
) {
    # Our docker registry is *not* configurable here.
    $registry = 'docker-registry.wikimedia.org'
    $image_full_name = $namespace ? {
        undef => "${registry}/${image_name}",
        default => "${registry}/${namespace}/${image_name}"
    }

    if $version == 'latest' {
        fail('Meta tags like "latest" are not allowed')
    }
    # The config file will be mounted as a read-only volume inside the container
    file { "/etc/${title}":
        ensure => ensure_directory($ensure),
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
    }

    file { "/etc/${title}/config.yaml":
        ensure  => $ensure,
        content => ordered_yaml($config),
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
    }

    # Make sure we have at least one version installed. It's strongly
    # recommended that you properly configure this.
    exec { "docker pull of ${image_name}:${version} for ${title}":
        command => "/usr/bin/docker pull '${image_full_name}:${version}'",
        unless  => "/usr/bin/docker images | fgrep '${image_full_name}' | fgrep -q '${version}'",
        notify  => Systemd::Service[$title],
    }

    systemd::service { $title:
        ensure  => $ensure,
        content => template('service/docker-service-shim.erb'),
        restart => true,
    }
}