From 29455398e62a6e32af798ddfa50fe8056607b17a Mon Sep 17 00:00:00 2001 From: Joe Beda Date: Fri, 31 Oct 2014 10:22:24 -0700 Subject: [PATCH] Get docker deb from GCS. Also lock to 1.3.0 due to issues in 1.3.1 (docker/docker#8889) --- cluster/saltbase/salt/docker/init.sls | 88 +++++++++++++++++++-------- 1 file changed, 61 insertions(+), 27 deletions(-) diff --git a/cluster/saltbase/salt/docker/init.sls b/cluster/saltbase/salt/docker/init.sls index ba6da221b2ac4..3c9f1309ba20f 100644 --- a/cluster/saltbase/salt/docker/init.sls +++ b/cluster/saltbase/salt/docker/init.sls @@ -7,18 +7,21 @@ bridge-utils: pkg.installed -{% if grains['os_family'] != 'RedHat' %} +{% if grains.os_family == 'RedHat' %} +docker-io: + pkg: + - installed -docker-repo: - pkgrepo.managed: - - humanname: Docker Repo - - name: deb https://get.docker.com/ubuntu docker main - - key_url: https://get.docker.com/gpg +docker: + service.running: + - enable: True - require: - - pkg: pkg-core + - pkg: docker-io -{% if grains.cloud is defined %} -{% if grains.cloud == 'gce' %} +{% else %} + +{% if grains.cloud is defined + and grains.cloud == 'gce' %} # The default GCE images have ip_forwarding explicitly set to 0. # Here we take care of commenting that out. /etc/sysctl.d/11-gce-network-security.conf: @@ -26,8 +29,8 @@ docker-repo: - pattern: '^net.ipv4.ip_forward=0' - repl: '# net.ipv4.ip_forward=0' {% endif %} -{% endif %} +# TODO: This should really be based on network strategy instead of os_family net.ipv4.ip_forward: sysctl.present: - value: 1 @@ -37,41 +40,72 @@ cbr0: - cidr: {{ grains['cbr-cidr'] }} - mtu: 1460 -{% endif %} +purge-old-docker: + pkg.removed: + - pkgs: + - lxc-docker-1.2.0 -{% if grains['os_family'] == 'RedHat' %} +{{ environment_file }}: + file.managed: + - source: salt://docker/docker-defaults + - template: jinja + - user: root + - group: root + - mode: 644 + - makedirs: true -docker-io: - pkg: - - installed +# We are caching the Docker deb file in GCS for reliability and speed. To +# update this to a new version of docker, do the following: +# 1. Find new deb name with: +# curl https://get.docker.com/ubuntu/dists/docker/main/binary-amd64/Packages +# 2. Download based on that: +# curl -O https://get.docker.com/ubuntu/pool/main/<...> +# 3. Upload to GCS (the cache control makes : +# gsutil cp gs://kubernetes-release/docker/ +# 4. Make it world readable: +# gsutil acl ch -R -g all:R gs://kubernetes-release/docker/ +# 5. Get a hash of the deb: +# shasum +# 6. Update this file with new deb name, new hash and new version +# 7. Add the old version to purge-old-docker above. -docker: - service.running: - - enable: True - - require: - - pkg: docker-io +{% set storage_base='https://storage.googleapis.com/kubernetes-release/docker/' %} +{% set deb='lxc-docker-1.3.0_1.3.0-20141016165047-c78088f_amd64.deb' %} +{% set deb_hash='sha1=99c2135e4f1f469b771226c3846e0b6accb6056a' %} +{% set docker_ver='1.3.0' %} -{% else %} +/var/cache/docker-install/{{ deb }}: + file.managed: + - source: {{ storage_base }}{{ deb }} + - source_hash: {{ deb_hash }} + - user: root + - group: root + - mode: 644 + - makedirs: true -{{ environment_file }}: +# Drop the license file into /usr/share so that everyting is crystal clear. +/usr/share/doc/docker/apache.txt: file.managed: - - source: salt://docker/docker-defaults - - template: jinja + - source: {{ storage_base }}apache2.txt + - source_hash: sha1=2b8b815229aa8a61e483fb4ba0588b8b6c491890 - user: root - group: root - mode: 644 - makedirs: true -lxc-docker: - pkg.installed +lxc-docker-{{ docker_ver }}: + pkg.installed: + - sources: + - lxc-docker-{{ docker_ver }}: /var/cache/docker-install/{{ deb }} docker: service.running: - enable: True - require: - - pkg: lxc-docker + - pkg: lxc-docker-{{ docker_ver }} - watch: - file: {{ environment_file }} - container_bridge: cbr0 + - pkg: lxc-docker-{{ docker_ver }} {% endif %}