def recycle_daemon(): """ Render the docker template files and restart the docker daemon on this system. :return: None """ charm_config = check_for_juju_https_proxy(config) validate_config(charm_config) hookenv.log('Restarting docker service.') # Re-render our docker daemon template at this time... because we're # restarting. And its nice to play nice with others. Isn't that nice? opts = DockerOpts() runtime = determine_apt_source() render( 'docker.defaults', '/etc/default/docker', { 'opts': opts.to_s(), 'manual': config('docker-opts'), 'docker_runtime': runtime }) render('docker.systemd', '/lib/systemd/system/docker.service', charm_config) reload_system_daemons() host.service_restart('docker') if not _probe_runtime_availability(): status_set('waiting', 'Container runtime not available.') return
def enable_client_tls(): """ Copy the TLS certificates in place and generate mount points for the swarm manager to mount the certs. This enables client-side TLS security on the TCP service. """ if not path.exists("/etc/docker"): makedirs("/etc/docker") kv = unitdata.kv() cert = kv.get("tls.server.certificate") with open("/etc/docker/server.pem", "w+") as f: f.write(cert) with open("/etc/docker/ca.pem", "w+") as f: f.write(leader_get("certificate_authority")) # schenanigans keypath = "easy-rsa/easyrsa3/pki/private/{}.key" server = getenv("JUJU_UNIT_NAME").replace("/", "_") if path.exists(keypath.format(server)): copyfile(keypath.format(server), "/etc/docker/server-key.pem") else: copyfile(keypath.format(unit_get("public-address")), "/etc/docker/server-key.pem") opts = DockerOpts() config_dir = "/etc/docker" cert_path = "{}/server.pem".format(config_dir) ca_path = "{}/ca.pem".format(config_dir) key_path = "{}/server-key.pem".format(config_dir) opts.add("tlscert", cert_path) opts.add("tlscacert", ca_path) opts.add("tlskey", key_path) opts.add("tlsverify", None) render("docker.defaults", "/etc/default/docker", {"opts": opts.to_s()})
def enable_client_tls(): """ Copy the TLS certificates in place and generate mount points for the swarm manager to mount the certs. This enables client-side TLS security on the TCP service. """ if not path.exists('/etc/docker'): makedirs('/etc/docker') kv = unitdata.kv() cert = kv.get('tls.server.certificate') with open('/etc/docker/server.pem', 'w+') as f: f.write(cert) with open('/etc/docker/ca.pem', 'w+') as f: f.write(leader_get('certificate_authority')) # schenanigans keypath = 'easy-rsa/easyrsa3/pki/private/{}.key' server = getenv('JUJU_UNIT_NAME').replace('/', '_') if path.exists(keypath.format(server)): copyfile(keypath.format(server), '/etc/docker/server-key.pem') else: copyfile(keypath.format(unit_get('public-address')), '/etc/docker/server-key.pem') opts = DockerOpts() config_dir = '/etc/docker' cert_path = '{}/server.pem'.format(config_dir) ca_path = '{}/ca.pem'.format(config_dir) key_path = '{}/server-key.pem'.format(config_dir) opts.add('tlscert', cert_path) opts.add('tlscacert', ca_path) opts.add('tlskey', key_path) opts.add('tlsverify', None) render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()})
def install(): ''' Install the docker daemon, and supporting tooling ''' # Often when building layer-docker based subordinates, you dont need to # incur the overhead of installing docker. This tuneable layer option # allows you to disable the exec of that install routine, and instead short # circuit immediately to docker.available, so you can charm away! layer_opts = layer.options('docker') if layer_opts['skip-install']: set_state('docker.available') set_state('docker.ready') return status_set('maintenance', 'Installing AUFS and other tools') kernel_release = check_output(['uname', '-r']).rstrip() packages = [ 'aufs-tools', 'git', 'linux-image-extra-{0}'.format(kernel_release), ] apt_update() apt_install(packages) # Install docker-engine from apt. install_from_apt() opts = DockerOpts() render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()}) status_set('active', 'Docker installed, cycling for extensions') set_state('docker.ready') # Make with the adding of the users to the groups check_call(['usermod', '-aG', 'docker', 'ubuntu'])
def install(): """ Install the docker daemon, and supporting tooling. :return: None or False """ # Switching runtimes causes a reinstall so remove any holds that exist. unhold_all() status_set('maintenance', 'Installing AUFS and other tools.') kernel_release = check_output(['uname', '-r']).rstrip() packages = [ 'aufs-tools', 'git', 'linux-image-extra-{}'.format(kernel_release.decode('utf-8')), ] apt_update() apt_install(packages) # Install docker-engine from apt. runtime = determine_apt_source() remove_state('nvidia-docker.supported') remove_state('nvidia-docker.installed') if runtime == 'upstream': install_from_upstream_apt() elif runtime == 'nvidia': set_state('nvidia-docker.supported') install_from_nvidia_apt() set_state('nvidia-docker.installed') elif runtime == 'apt': install_from_archive_apt() elif runtime == 'custom': if not install_from_custom_apt(): return False # If install fails, stop. else: hookenv.log('Unknown runtime {}'.format(runtime)) return False charm_config = check_for_juju_https_proxy(config) validate_config(charm_config) opts = DockerOpts() render('docker.defaults', '/etc/default/docker', { 'opts': opts.to_s(), 'docker_runtime': runtime }) render('docker.systemd', '/lib/systemd/system/docker.service', charm_config) reload_system_daemons() hold_all() hookenv.log( 'Holding docker-engine and docker.io packages at current revision.') host.service_restart('docker') hookenv.log('Docker installed, setting "docker.ready" state.') set_state('docker.ready') # Make with the adding of the users to the groups check_call(['usermod', '-aG', 'docker', 'ubuntu'])
def write_drop_ins(): """ Write the Docker systemd drop-ins. :return: None """ opts = DockerOpts() runtime = determine_apt_source() charm_config = check_for_juju_https_proxy(config) validate_config(charm_config) render( "docker.defaults", "/etc/default/docker", { "opts": opts.to_s(), "extra_opts": config("docker-opts"), "docker_runtime": runtime, }, ) if not os.path.isdir("/etc/systemd/system/docker.service.d/"): host.mkdir("/etc/systemd/system/docker.service.d/") render( "docker-daemon.conf", "/etc/systemd/system/docker.service.d/docker-daemon.conf", {}, ) if charm_config.get("http_proxy") or charm_config.get("https_config"): render( "http-proxy.conf", "/etc/systemd/system/docker.service.d/http-proxy.conf", charm_config, )
def install(): ''' Install the docker daemon, and supporting tooling ''' # switching runtimes causes a reinstall so remove any holds that exist unholdall() # Often when building layer-docker based subordinates, you dont need to # incur the overhead of installing docker. This tuneable layer option # allows you to disable the exec of that install routine, and instead short # circuit immediately to docker.available, so you can charm away! layer_opts = layer.options('docker') if layer_opts['skip-install']: set_state('docker.available') set_state('docker.ready') return status_set('maintenance', 'Installing AUFS and other tools.') kernel_release = check_output(['uname', '-r']).rstrip() packages = [ 'aufs-tools', 'git', 'linux-image-extra-{0}'.format(kernel_release.decode('utf-8')), ] apt_update() apt_install(packages) # Install docker-engine from apt. runtime = determineAptSource() if runtime == "upstream": install_from_upstream_apt() elif runtime == "nvidia": install_from_nvidia_apt() elif runtime == "apt": install_from_archive_apt() else: hookenv.log('unknown runtime {0}'.format(runtime)) return False validate_config() opts = DockerOpts() render('docker.defaults', '/etc/default/docker', { 'opts': opts.to_s(), 'docker_runtime': runtime }) render('docker.systemd', '/lib/systemd/system/docker.service', config()) reload_system_daemons() holdall() hookenv.log('Holding docker-engine and docker.io packages' + ' at current revision.') host.service_restart('docker') hookenv.log('Docker installed, setting "docker.ready" state.') set_state('docker.ready') # Make with the adding of the users to the groups check_call(['usermod', '-aG', 'docker', 'ubuntu'])
def recycle_daemon(): ''' Other layers should be able to trigger a daemon restart ''' status_set('maintenance', 'Restarting docker daemon') # Re-render our docker daemon template at this time... because we're # restarting. And its nice to play nice with others. Isn't that nice? opts = DockerOpts() render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()}) service_restart('docker') remove_state('docker.restart')
def bind_docker_daemon(connection_string): """ Bind the docker daemon to a TCP socket with TLS credentials """ status_set("maintenance", "Configuring Docker for TCP connections") opts = DockerOpts() private_address = unit_private_ip() opts.add("host", "tcp://{}:2376".format(private_address)) opts.add("host", "unix:///var/run/docker.sock") opts.add("cluster-advertise", "{}:2376".format(private_address)) opts.add("cluster-store", connection_string, strict=True) render("docker.defaults", "/etc/default/docker", {"opts": opts.to_s()}) service_restart("docker") open_port(2376)
def bind_docker_daemon(connection_string): """ Bind the docker daemon to a TCP socket with TLS credentials """ status_set('maintenance', 'Configuring Docker for TCP connections') opts = DockerOpts() private_address = unit_private_ip() opts.add('host', 'tcp://{}:2376'.format(private_address)) opts.add('host', 'unix:///var/run/docker.sock') opts.add('cluster-advertise', '{}:2376'.format(private_address)) opts.add('cluster-store', connection_string, strict=True) render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()}) service_restart('docker') open_port(2376)
def render_configuration_template(service=False): """ :param service: Boolean also render service file :return: None """ opts = DockerOpts() config = hookenv.config environment_config = hookenv.env_proxy_settings() modified_config = dict(config()) parsed_hosts = "" if environment_config is not None: hosts = [] for address in environment_config.get('NO_PROXY', "").split(","): address = address.strip() try: net = ipaddress.ip_network(address) ip_addresses = [str(ip) for ip in net.hosts()] if ip_addresses == []: hosts.append(address) else: hosts += ip_addresses except ValueError: hosts.append(address) parsed_hosts = ",".join(hosts) environment_config.update({ 'NO_PROXY': parsed_hosts, 'no_proxy': parsed_hosts }) for key in ['http_proxy', 'https_proxy', 'no_proxy']: if not modified_config.get(key): modified_config[key] = environment_config.get(key) runtime = determine_apt_source() render( 'docker.defaults', '/etc/default/docker', { 'opts': opts.to_s(), 'manual': config('docker-opts'), 'docker_runtime': runtime }) if service: render('docker.systemd', '/lib/systemd/system/docker.service', modified_config) write_daemon_json()
def recycle_daemon(): '''Render the docker template files and restart the docker daemon on this system.''' hookenv.log('Restarting docker service.') # Re-render our docker daemon template at this time... because we're # restarting. And its nice to play nice with others. Isn't that nice? opts = DockerOpts() render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s(), 'manual': config('docker-opts')}) render('docker.systemd', '/lib/systemd/system/docker.service', config()) reload_system_daemons() host.service_restart('docker') if not _probe_runtime_availability(): status_set('waiting', 'Container runtime not available.') return
def recycle_daemon(): '''Render the docker template files and restart the docker daemon on this system.''' hookenv.log('Restarting docker service.') # Re-render our docker daemon template at this time... because we're # restarting. And its nice to play nice with others. Isn't that nice? opts = DockerOpts() render('docker.defaults', '/etc/default/docker', { 'opts': opts.to_s(), 'manual': config('docker-opts') }) render('docker.systemd', '/lib/systemd/system/docker.service', config()) reload_system_daemons() host.service_restart('docker') if not _probe_runtime_availability(): status_set('waiting', 'Container runtime not available.') return
def render_configuration_template(service=False): """ :param service: Boolean also render service file :return: None """ opts = DockerOpts() config = hookenv.config runtime = determine_apt_source() render( 'docker.defaults', '/etc/default/docker', { 'opts': opts.to_s(), 'manual': config('docker-opts'), 'docker_runtime': runtime }) if service: render('docker.systemd', '/lib/systemd/system/docker.service', config())
def install(): ''' Install the docker daemon, and supporting tooling ''' # Often when building layer-docker based subordinates, you dont need to # incur the overhead of installing docker. This tuneable layer option # allows you to disable the exec of that install routine, and instead short # circuit immediately to docker.available, so you can charm away! layer_opts = layer.options('docker') if layer_opts['skip-install']: set_state('docker.available') set_state('docker.ready') return status_set('maintenance', 'Installing AUFS and other tools.') kernel_release = check_output(['uname', '-r']).rstrip() packages = [ 'aufs-tools', 'git', 'linux-image-extra-{0}'.format(kernel_release.decode('utf-8')), ] apt_update() apt_install(packages) # Install docker-engine from apt. if config('install_from_upstream'): install_from_upstream_apt() else: install_from_archive_apt() opts = DockerOpts() render('docker.defaults', '/etc/default/docker', {'opts': opts.to_s()}) render('docker.systemd', '/lib/systemd/system/docker.service', config()) reload_system_daemons() hookenv.log('Docker installed, setting "docker.ready" state.') set_state('docker.ready') # Make with the adding of the users to the groups check_call(['usermod', '-aG', 'docker', 'ubuntu'])