Discover the gid of the docker group for mistral

The gid of the docker group is discovered by stating the gid of the
file /var/run/docker.sock. The gid of the docker group is not fixed,
so it must match the gid assigned when docker is installed on the
host. If no docker.sock exists, the custom fact will return nil.

This change also makes sure the user and group ensure_resource calls are
tagged so that docker-puppet.py can include those tags explicitly.

Blueprint: container-prepare-workflow

Change-Id: I94fa558480e408f76e69d292b1d84849ddf9a2a2

lib/facter/docker_group_gid.rb

@@ -0,0 +1,24 @@
+# Copyright 2018 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+Facter.add('docker_group_gid') do
+  setcode do
+    begin
+      File::Stat.new("/var/run/docker.sock").gid
+    rescue
+      nil
+    end
+  end
+end

manifests/profile/base/mistral/executor.pp

@@ -50,9 +50,12 @@ class tripleo::profile::base::mistral::executor (
     if $docker_group {
       ensure_resource('group', 'docker', {
         'ensure' => 'present',
+        'tag'    => 'group',
+        'gid'    => $::docker_group_gid,
       })
       ensure_resource('user', 'mistral', {
         'name'   => 'mistral',
+        'tag'    => 'user',
         'groups' => 'docker',
       })
     }