def recycle_daemon():
"""
Render the docker template files and restart the docker daemon on this
system.
:return: None
"""
charm_config = check_for_juju_https_proxy(config)
validate_config(charm_config)
hookenv.log('Restarting docker service.')
# Re-render our docker daemon template at this time... because we're
# restarting. And its nice to play nice with others. Isn't that nice?
opts = DockerOpts()
runtime = determine_apt_source()
render(
'docker.defaults', '/etc/default/docker', {
'opts': opts.to_s(),
'manual': config('docker-opts'),
'docker_runtime': runtime
})
render('docker.systemd', '/lib/systemd/system/docker.service',
charm_config)
reload_system_daemons()
host.service_restart('docker')
if not _probe_runtime_availability():
status_set('waiting', 'Container runtime not available.')
return
def enable_client_tls():
"""
Copy the TLS certificates in place and generate mount points for the swarm
manager to mount the certs. This enables client-side TLS security on the
TCP service.
"""
if not path.exists("/etc/docker"):
makedirs("/etc/docker")
kv = unitdata.kv()
cert = kv.get("tls.server.certificate")
with open("/etc/docker/server.pem", "w+") as f:
f.write(cert)
with open("/etc/docker/ca.pem", "w+") as f:
f.write(leader_get("certificate_authority"))
# schenanigans
keypath = "easy-rsa/easyrsa3/pki/private/{}.key"
server = getenv("JUJU_UNIT_NAME").replace("/", "_")
if path.exists(keypath.format(server)):
copyfile(keypath.format(server), "/etc/docker/server-key.pem")
else:
copyfile(keypath.format(unit_get("public-address")), "/etc/docker/server-key.pem")
opts = DockerOpts()
config_dir = "/etc/docker"
cert_path = "{}/server.pem".format(config_dir)
ca_path = "{}/ca.pem".format(config_dir)
key_path = "{}/server-key.pem".format(config_dir)
opts.add("tlscert", cert_path)
opts.add("tlscacert", ca_path)
opts.add("tlskey", key_path)
opts.add("tlsverify", None)
render("docker.defaults", "/etc/default/docker", {"opts": opts.to_s()})
def enable_client_tls():
"""
Copy the TLS certificates in place and generate mount points for the swarm
manager to mount the certs. This enables client-side TLS security on the
TCP service.
"""
if not path.exists('/etc/docker'):
makedirs('/etc/docker')
kv = unitdata.kv()
cert = kv.get('tls.server.certificate')
with open('/etc/docker/server.pem', 'w+') as f:
f.write(cert)
with open('/etc/docker/ca.pem', 'w+') as f:
f.write(leader_get('certificate_authority'))
# schenanigans
keypath = 'easy-rsa/easyrsa3/pki/private/{}.key'
server = getenv('JUJU_UNIT_NAME').replace('/', '_')
if path.exists(keypath.format(server)):
copyfile(keypath.format(server), '/etc/docker/server-key.pem')
else:
copyfile(keypath.format(unit_get('public-address')),
'/etc/docker/server-key.pem')
opts = DockerOpts()
config_dir = '/etc/docker'
cert_path = '{}/server.pem'.format(config_dir)
ca_path = '{}/ca.pem'.format(config_dir)
key_path = '{}/server-key.pem'.format(config_dir)
opts.add('tlscert', cert_path)
opts.add('tlscacert', ca_path)
opts.add('tlskey', key_path)
opts.add('tlsverify', None)
render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()})
def install():
''' Install the docker daemon, and supporting tooling '''
# Often when building layer-docker based subordinates, you dont need to
# incur the overhead of installing docker. This tuneable layer option
# allows you to disable the exec of that install routine, and instead short
# circuit immediately to docker.available, so you can charm away!
layer_opts = layer.options('docker')
if layer_opts['skip-install']:
set_state('docker.available')
set_state('docker.ready')
return
status_set('maintenance', 'Installing AUFS and other tools')
kernel_release = check_output(['uname', '-r']).rstrip()
packages = [
'aufs-tools',
'git',
'linux-image-extra-{0}'.format(kernel_release),
]
apt_update()
apt_install(packages)
# Install docker-engine from apt.
install_from_apt()
opts = DockerOpts()
render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()})
status_set('active', 'Docker installed, cycling for extensions')
set_state('docker.ready')
# Make with the adding of the users to the groups
check_call(['usermod', '-aG', 'docker', 'ubuntu'])
def install():
"""
Install the docker daemon, and supporting tooling.
:return: None or False
"""
# Switching runtimes causes a reinstall so remove any holds that exist.
unhold_all()
status_set('maintenance', 'Installing AUFS and other tools.')
kernel_release = check_output(['uname', '-r']).rstrip()
packages = [
'aufs-tools',
'git',
'linux-image-extra-{}'.format(kernel_release.decode('utf-8')),
]
apt_update()
apt_install(packages)
# Install docker-engine from apt.
runtime = determine_apt_source()
remove_state('nvidia-docker.supported')
remove_state('nvidia-docker.installed')
if runtime == 'upstream':
install_from_upstream_apt()
elif runtime == 'nvidia':
set_state('nvidia-docker.supported')
install_from_nvidia_apt()
set_state('nvidia-docker.installed')
elif runtime == 'apt':
install_from_archive_apt()
elif runtime == 'custom':
if not install_from_custom_apt():
return False # If install fails, stop.
else:
hookenv.log('Unknown runtime {}'.format(runtime))
return False
charm_config = check_for_juju_https_proxy(config)
validate_config(charm_config)
opts = DockerOpts()
render('docker.defaults', '/etc/default/docker', {
'opts': opts.to_s(),
'docker_runtime': runtime
})
render('docker.systemd', '/lib/systemd/system/docker.service',
charm_config)
reload_system_daemons()
hold_all()
hookenv.log(
'Holding docker-engine and docker.io packages at current revision.')
host.service_restart('docker')
hookenv.log('Docker installed, setting "docker.ready" state.')
set_state('docker.ready')
# Make with the adding of the users to the groups
check_call(['usermod', '-aG', 'docker', 'ubuntu'])
def write_drop_ins():
"""
Write the Docker systemd drop-ins.
:return: None
"""
opts = DockerOpts()
runtime = determine_apt_source()
charm_config = check_for_juju_https_proxy(config)
validate_config(charm_config)
render(
"docker.defaults",
"/etc/default/docker",
{
"opts": opts.to_s(),
"extra_opts": config("docker-opts"),
"docker_runtime": runtime,
},
)
if not os.path.isdir("/etc/systemd/system/docker.service.d/"):
host.mkdir("/etc/systemd/system/docker.service.d/")
render(
"docker-daemon.conf",
"/etc/systemd/system/docker.service.d/docker-daemon.conf",
{},
)
if charm_config.get("http_proxy") or charm_config.get("https_config"):
render(
"http-proxy.conf",
"/etc/systemd/system/docker.service.d/http-proxy.conf",
charm_config,
)
def install():
''' Install the docker daemon, and supporting tooling '''
# switching runtimes causes a reinstall so remove any holds that exist
unholdall()
# Often when building layer-docker based subordinates, you dont need to
# incur the overhead of installing docker. This tuneable layer option
# allows you to disable the exec of that install routine, and instead short
# circuit immediately to docker.available, so you can charm away!
layer_opts = layer.options('docker')
if layer_opts['skip-install']:
set_state('docker.available')
set_state('docker.ready')
return
status_set('maintenance', 'Installing AUFS and other tools.')
kernel_release = check_output(['uname', '-r']).rstrip()
packages = [
'aufs-tools',
'git',
'linux-image-extra-{0}'.format(kernel_release.decode('utf-8')),
]
apt_update()
apt_install(packages)
# Install docker-engine from apt.
runtime = determineAptSource()
if runtime == "upstream":
install_from_upstream_apt()
elif runtime == "nvidia":
install_from_nvidia_apt()
elif runtime == "apt":
install_from_archive_apt()
else:
hookenv.log('unknown runtime {0}'.format(runtime))
return False
validate_config()
opts = DockerOpts()
render('docker.defaults', '/etc/default/docker', {
'opts': opts.to_s(),
'docker_runtime': runtime
})
render('docker.systemd', '/lib/systemd/system/docker.service', config())
reload_system_daemons()
holdall()
hookenv.log('Holding docker-engine and docker.io packages' +
' at current revision.')
host.service_restart('docker')
hookenv.log('Docker installed, setting "docker.ready" state.')
set_state('docker.ready')
# Make with the adding of the users to the groups
check_call(['usermod', '-aG', 'docker', 'ubuntu'])
def recycle_daemon():
''' Other layers should be able to trigger a daemon restart '''
status_set('maintenance', 'Restarting docker daemon')
# Re-render our docker daemon template at this time... because we're
# restarting. And its nice to play nice with others. Isn't that nice?
opts = DockerOpts()
render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()})
service_restart('docker')
remove_state('docker.restart')
def bind_docker_daemon(connection_string):
""" Bind the docker daemon to a TCP socket with TLS credentials """
status_set("maintenance", "Configuring Docker for TCP connections")
opts = DockerOpts()
private_address = unit_private_ip()
opts.add("host", "tcp://{}:2376".format(private_address))
opts.add("host", "unix:///var/run/docker.sock")
opts.add("cluster-advertise", "{}:2376".format(private_address))
opts.add("cluster-store", connection_string, strict=True)
render("docker.defaults", "/etc/default/docker", {"opts": opts.to_s()})
service_restart("docker")
open_port(2376)
def bind_docker_daemon(connection_string):
""" Bind the docker daemon to a TCP socket with TLS credentials """
status_set('maintenance', 'Configuring Docker for TCP connections')
opts = DockerOpts()
private_address = unit_private_ip()
opts.add('host', 'tcp://{}:2376'.format(private_address))
opts.add('host', 'unix:///var/run/docker.sock')
opts.add('cluster-advertise', '{}:2376'.format(private_address))
opts.add('cluster-store', connection_string, strict=True)
render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()})
service_restart('docker')
open_port(2376)
def render_configuration_template(service=False):
"""
:param service: Boolean also render service file
:return: None
"""
opts = DockerOpts()
config = hookenv.config
environment_config = hookenv.env_proxy_settings()
modified_config = dict(config())
parsed_hosts = ""
if environment_config is not None:
hosts = []
for address in environment_config.get('NO_PROXY', "").split(","):
address = address.strip()
try:
net = ipaddress.ip_network(address)
ip_addresses = [str(ip) for ip in net.hosts()]
if ip_addresses == []:
hosts.append(address)
else:
hosts += ip_addresses
except ValueError:
hosts.append(address)
parsed_hosts = ",".join(hosts)
environment_config.update({
'NO_PROXY': parsed_hosts,
'no_proxy': parsed_hosts
})
for key in ['http_proxy', 'https_proxy', 'no_proxy']:
if not modified_config.get(key):
modified_config[key] = environment_config.get(key)
runtime = determine_apt_source()
render(
'docker.defaults', '/etc/default/docker', {
'opts': opts.to_s(),
'manual': config('docker-opts'),
'docker_runtime': runtime
})
if service:
render('docker.systemd', '/lib/systemd/system/docker.service',
modified_config)
write_daemon_json()
def recycle_daemon():
'''Render the docker template files and restart the docker daemon on this
system.'''
hookenv.log('Restarting docker service.')
# Re-render our docker daemon template at this time... because we're
# restarting. And its nice to play nice with others. Isn't that nice?
opts = DockerOpts()
render('docker.defaults', '/etc/default/docker',
{'opts': opts.to_s(), 'manual': config('docker-opts')})
render('docker.systemd', '/lib/systemd/system/docker.service', config())
reload_system_daemons()
host.service_restart('docker')
if not _probe_runtime_availability():
status_set('waiting', 'Container runtime not available.')
return
def recycle_daemon():
'''Render the docker template files and restart the docker daemon on this
system.'''
hookenv.log('Restarting docker service.')
# Re-render our docker daemon template at this time... because we're
# restarting. And its nice to play nice with others. Isn't that nice?
opts = DockerOpts()
render('docker.defaults', '/etc/default/docker', {
'opts': opts.to_s(),
'manual': config('docker-opts')
})
render('docker.systemd', '/lib/systemd/system/docker.service', config())
reload_system_daemons()
host.service_restart('docker')
if not _probe_runtime_availability():
status_set('waiting', 'Container runtime not available.')
return
def render_configuration_template(service=False):
"""
:param service: Boolean also render service file
:return: None
"""
opts = DockerOpts()
config = hookenv.config
runtime = determine_apt_source()
render(
'docker.defaults', '/etc/default/docker', {
'opts': opts.to_s(),
'manual': config('docker-opts'),
'docker_runtime': runtime
})
if service:
render('docker.systemd', '/lib/systemd/system/docker.service',
config())
def install():
''' Install the docker daemon, and supporting tooling '''
# Often when building layer-docker based subordinates, you dont need to
# incur the overhead of installing docker. This tuneable layer option
# allows you to disable the exec of that install routine, and instead short
# circuit immediately to docker.available, so you can charm away!
layer_opts = layer.options('docker')
if layer_opts['skip-install']:
set_state('docker.available')
set_state('docker.ready')
return
status_set('maintenance', 'Installing AUFS and other tools.')
kernel_release = check_output(['uname', '-r']).rstrip()
packages = [
'aufs-tools',
'git',
'linux-image-extra-{0}'.format(kernel_release.decode('utf-8')),
]
apt_update()
apt_install(packages)
# Install docker-engine from apt.
if config('install_from_upstream'):
install_from_upstream_apt()
else:
install_from_archive_apt()
opts = DockerOpts()
render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()})
render('docker.systemd', '/lib/systemd/system/docker.service', config())
reload_system_daemons()
hookenv.log('Docker installed, setting "docker.ready" state.')
set_state('docker.ready')
# Make with the adding of the users to the groups
check_call(['usermod', '-aG', 'docker', 'ubuntu'])
