5248a2a61c
If you rerun an overcloud deploy command or do a minor update, while you changed any of the options in the tripleo::profile::base::docker puppet manifest, you are at risk of triggering a restart of the docker service (e.g. you changed the url in the insecure_registries parameter). This has a number of drastic consequences: 1) *All* the containers will be shut-down and restarted (this will effectively bring down all the APIs at the same time in the overcloud deploy case) 2) Pacemaker can potentially fail to start/stop/monitor the bundles (due to the docker API not being available) which can have a few possible outcomes (depending on timing): it could fence a node in case of failure to stop, it could stop any of the bundles, it could recover from such a situation. Effectively now that we run stuff inside containers, restarting docker is a bit like taking down PID 1 and starting it again. In order to ameliorate this situation we make sure that docker is actually started with the '--live-restore' option which was introduced in docker 1.12 via https://github.com/moby/moby/issues/6851 and avoids restarting all the containers when the docker daemon gets restarted. Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com> Change-Id: Ib3ea6de7f235d2a2d53a6576e0876ab171128b34 Closes-Bug: #1747851
175 lines
6.2 KiB
Ruby
175 lines
6.2 KiB
Ruby
# Copyright 2016 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
|
|
require 'spec_helper'
|
|
|
|
describe 'tripleo::profile::base::docker' do
|
|
shared_examples_for 'tripleo::profile::base::docker' do
|
|
context 'with step 1 and defaults' do
|
|
let(:params) { {
|
|
:step => 1,
|
|
} }
|
|
|
|
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
|
it { is_expected.to contain_package('docker') }
|
|
it { is_expected.to contain_service('docker') }
|
|
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
|
it {
|
|
is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
|
|
"set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false --live-restore\"'",
|
|
])
|
|
}
|
|
end
|
|
|
|
context 'with step 1 and insecure_registry configured' do
|
|
let(:params) { {
|
|
:docker_namespace => 'foo:8787',
|
|
:insecure_registry => true,
|
|
:step => 1,
|
|
} }
|
|
|
|
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
|
it { is_expected.to contain_package('docker') }
|
|
it { is_expected.to contain_service('docker') }
|
|
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
|
it {
|
|
is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([
|
|
"set INSECURE_REGISTRY '\"--insecure-registry foo:8787\"'",
|
|
])
|
|
}
|
|
end
|
|
|
|
context 'with step 1 and insecure_registries configured' do
|
|
let(:params) { {
|
|
:insecure_registries => ['foo:8787', 'bar'],
|
|
:step => 1,
|
|
} }
|
|
|
|
it {
|
|
is_expected.to contain_augeas('docker-sysconfig-registry').with_changes([
|
|
"set INSECURE_REGISTRY '\"--insecure-registry foo:8787 --insecure-registry bar\"'",
|
|
])
|
|
}
|
|
end
|
|
|
|
context 'with step 1 and insecure_registry configured but no docker_namespace' do
|
|
let(:params) { {
|
|
:insecure_registry => true,
|
|
:step => 1,
|
|
} }
|
|
|
|
it_raises 'a Puppet::Error', /You must provide a \$docker_namespace in order to configure insecure registry/
|
|
end
|
|
|
|
context 'with step 1 and registry_mirror configured' do
|
|
let(:params) { {
|
|
:registry_mirror => 'http://foo/bar',
|
|
:step => 1,
|
|
} }
|
|
|
|
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
|
it { is_expected.to contain_package('docker') }
|
|
it { is_expected.to contain_service('docker') }
|
|
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
|
it {
|
|
is_expected.to contain_augeas('docker-daemon.json-mirror').with_changes(
|
|
['set dict/entry[. = "registry-mirrors"] "registry-mirrors',
|
|
"set dict/entry[. = \"registry-mirrors\"]/array/string \"http://foo/bar\""])
|
|
}
|
|
end
|
|
|
|
context 'with step 1 and docker debug' do
|
|
let(:params) { {
|
|
:step => 1,
|
|
:debug => true,
|
|
} }
|
|
|
|
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
|
it { is_expected.to contain_package('docker') }
|
|
it { is_expected.to contain_service('docker') }
|
|
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
|
it {
|
|
is_expected.to contain_augeas('docker-daemon.json-debug').with_changes(
|
|
['set dict/entry[. = "debug"] "debug"',
|
|
"set dict/entry[. = \"debug\"]/const \"true\""])
|
|
}
|
|
end
|
|
|
|
|
|
context 'with step 1 and docker_options configured' do
|
|
let(:params) { {
|
|
:docker_options => '--log-driver=syslog',
|
|
:step => 1,
|
|
} }
|
|
|
|
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
|
it { is_expected.to contain_package('docker') }
|
|
it { is_expected.to contain_service('docker') }
|
|
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
|
it {
|
|
is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
|
|
"set OPTIONS '\"--log-driver=syslog\"'",
|
|
])
|
|
}
|
|
end
|
|
|
|
context 'with step 1 and storage_options configured' do
|
|
let(:params) { {
|
|
:step => 1,
|
|
:storage_options => '-s devicemapper',
|
|
} }
|
|
|
|
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
|
it { is_expected.to contain_package('docker') }
|
|
it { is_expected.to contain_service('docker') }
|
|
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
|
it {
|
|
is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([
|
|
"set DOCKER_STORAGE_OPTIONS '\" #{params[:storage_options]}\"'",
|
|
])
|
|
}
|
|
end
|
|
|
|
context 'with step 1 and configure_storage disabled' do
|
|
let(:params) { {
|
|
:step => 1,
|
|
:configure_storage => false,
|
|
} }
|
|
|
|
it { is_expected.to contain_class('tripleo::profile::base::docker') }
|
|
it { is_expected.to contain_package('docker') }
|
|
it { is_expected.to contain_service('docker') }
|
|
it { is_expected.to contain_file('/etc/systemd/system/docker.service.d/99-unset-mountflags.conf') }
|
|
it {
|
|
is_expected.to contain_augeas('docker-sysconfig-storage').with_changes([
|
|
"rm DOCKER_STORAGE_OPTIONS",
|
|
])
|
|
}
|
|
end
|
|
|
|
end
|
|
|
|
on_supported_os.each do |os, facts|
|
|
context "on #{os}" do
|
|
let(:facts) do
|
|
facts.merge({ :hostname => 'node.example.com' })
|
|
end
|
|
|
|
it_behaves_like 'tripleo::profile::base::docker'
|
|
end
|
|
end
|
|
end
|