From 90df6c596554240a30b9083e9cc3172cde1ea7e1 Mon Sep 17 00:00:00 2001
From: Steve Baker <sbaker@redhat.com>
Date: Fri, 15 Jun 2018 14:29:57 +1200
Subject: [PATCH] Discover the gid of the docker group for mistral

The gid of the docker group is discovered by stating the gid of the
file /var/run/docker.sock. The gid of the docker group is not fixed,
so it must match the gid assigned when docker is installed on the
host. If no docker.sock exists, the custom fact will return nil.

This change also makes sure the user and group ensure_resource calls are
tagged so that docker-puppet.py can include those tags explicitly.

Blueprint: container-prepare-workflow

Change-Id: I94fa558480e408f76e69d292b1d84849ddf9a2a2
---
 lib/facter/docker_group_gid.rb             | 24 ++++++++++++++++++++++
 manifests/profile/base/mistral/executor.pp |  3 +++
 2 files changed, 27 insertions(+)
 create mode 100644 lib/facter/docker_group_gid.rb

diff --git a/lib/facter/docker_group_gid.rb b/lib/facter/docker_group_gid.rb
new file mode 100644
index 000000000..633a10297
--- /dev/null
+++ b/lib/facter/docker_group_gid.rb
@@ -0,0 +1,24 @@
+# Copyright 2018 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+Facter.add('docker_group_gid') do
+  setcode do
+    begin
+      File::Stat.new("/var/run/docker.sock").gid
+    rescue
+      nil
+    end
+  end
+end
diff --git a/manifests/profile/base/mistral/executor.pp b/manifests/profile/base/mistral/executor.pp
index 8556e2860..de3f7e2dd 100644
--- a/manifests/profile/base/mistral/executor.pp
+++ b/manifests/profile/base/mistral/executor.pp
@@ -50,9 +50,12 @@ class tripleo::profile::base::mistral::executor (
     if $docker_group {
       ensure_resource('group', 'docker', {
         'ensure' => 'present',
+        'tag'    => 'group',
+        'gid'    => $::docker_group_gid,
       })
       ensure_resource('user', 'mistral', {
         'name'   => 'mistral',
+        'tag'    => 'user',
         'groups' => 'docker',
       })
     }