4 This cookbook sets up Docker engine etc.
8 - [Requirements](#requirements)
9 - [platforms](#platforms)
10 - [packages](#packages)
11 - [Attributes](#attributes)
14 - [docker-grid::default](#docker-griddefault)
15 - [docker-grid::compose](#docker-gridcompose)
16 - [docker-grid::dind-compose](#docker-griddind-compose)
17 - [docker-grid::engine](#docker-gridengine)
18 - [docker-grid::registry](#docker-gridregistry)
19 - [docker-grid::registry-docker-compose](#docker-gridregistry-docker-compose)
20 - [docker-grid::registry-server](#docker-gridregistry-server)
21 - [Role Examples](#role-examples)
22 - [SSL server keys and certificates management by `ssl_cert` cookbook](#ssl-server-keys-and-certificates-management-by-ssl_cert-cookbook)
23 - [License and Authors](#license-and-authors)
28 - CentOS, Red Hat Enterprise Linux >= 7.2 (in baremetal or LXD (Ubuntu >= 14.04))
30 - Ubuntu >= 14.04 (in baremetal or LXD (Ubuntu >= 14.04))
37 |Key|Type|Description, example|Default|
39 |`['docker-grid']['install_flavor']`|String|`'dockerproject'` or `'os-repository'`|`'dockerproject'`|
40 |`['docker-grid']['dockerproject']['enable_new_repo']`|Boolean|flag to use the new repository.|`true`|
41 |`['docker-grid']['dockerproject']['apt_new_repo_sections']`|String|APT line's section. e.g. `'stable edge'`, `'edge test'`,...|`'stable'`|
42 |`['docker-grid']['dockerproject']['yum_new_repo_extra_enablerepo']`|String|e.g. `'docker-ce-edge,docker-ce-test'`|`''`|
43 |`['docker-grid']['dockerproject']['package_name']`|String|If the `'enable_new_repo'` is `true`, `'docker-ce'` will be automatically set.|`'docker-engine'`|
44 |`['docker-grid']['apt_repo']['url']`|String|If the `'enable_new_repo'` is `true`, the new repository URL will be automatically set.|`'https://apt.dockerproject.org/repo'`|
45 |`['docker-grid']['apt_repo']['keyserver']`|String|for the old repository only.|`'hkp://p80.pool.sks-keyservers.net:80'`|
46 |`['docker-grid']['apt_repo']['recv-keys']`|String|for the old repository only.|`'58118E89F3A912897C070ADBF76221572C52609D'`|
47 |`['docker-grid']['apt_repo']['override_apt_line']`|String|If you set this attribute, apt-line settings with the `['docker-grid']['apt_repo']['url']` attribute is overrridden. e.g. `'deb https://apt.dockerproject.org/repo ubuntu-xenial main'`|`''`|
48 |`['docker-grid']['yum_repo']['baseurl']`|String|for the old repository only.|`'https://yum.dockerproject.org/repo/main/centos/$releasever/'`|
49 |`['docker-grid']['yum_repo']['gpgcheck']`|String|for the old repository only. `'0'`: disabled, `'1'`: enabled.|`'1'`|
50 |`['docker-grid']['yum_repo']['gpgkey']`|String|for the old repository only.|`'https://yum.dockerproject.org/gpg'`|
51 |`['docker-grid']['compose']['install_flavor']`|String|`'dockerproject'` or `'os-repository'` or `'pypi'`|`'dockerproject'`|
52 |`['docker-grid']['compose']['skip_setup']`|Boolean||`false`|
53 |`['docker-grid']['compose']['auto_upgrade']`|Boolean|upgrade/reinstall the docker-compose automatically. Note: this flag is ignored in the case of `os-repository`.|`false`|
54 |`['docker-grid']['compose']['version']`|String|Note: this version is ignored in the case of `os-repository`. `''` (empty) means the latest version. This version is ignored in the case of `'os-repository'`.|`'1.21.1'`|
55 |`['docker-grid']['compose']['release_base_url']`|String||`"https://github.com/docker/compose/releases/download/#{['docker-grid']['compose']['version']}"`|
56 |`['docker-grid']['compose']['release_url']`|String||`"#{node['docker-grid']['compose']['release_base_url']}/docker-compose-#{node['kernel']['name']}-#{node['kernel']['machine']}"`|
57 |`['docker-grid']['compose']['home_dir']`|String||`'/opt/docker-compose'`|
58 |`['docker-grid']['compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['home_dir']}/app"`|
59 |`['docker-grid']['dind-compose']['app_dir']`|String|docker-compose application root directory for Docker in Docker.|`"#{node['docker-grid']['compose']['app_dir']}/docker-in-docker"`|
60 |`['docker-grid']['dind-compose']['data_dir']`|String|persistent data directory.|`"#{node['docker-grid']['dind-compose']['app_dir']}/data"`|
61 |`['docker-grid']['dind-compose']['config']`|Hash|`docker-compose.yml` configurations.|See `attributes/default.rb`|
62 |`['docker-grid']['engine']['skip_setup']`|Boolean||`false`|
63 |`['docker-grid']['engine']['version_on_centos']`|String|Docker version for CentOS. `''` (empty) means the latest version.|`'17.12.1.ce-1'`|
64 |`['docker-grid']['engine']['version_on_debian']`|String|Docker version for Debian. `''` (empty) means the latest version.|`'17.12.1~ce-0'`|
65 |`['docker-grid']['engine']['version_on_ubuntu']`|String|Docker version for Ubuntu. `''` (empty) means the latest version.|`'17.12.1~ce-0'`|
66 |`['docker-grid']['engine']['version']`|String|Docker **exact** version. `''` (empty) or `'latest'` means the latest version. Note: this **default** value is overwritten by the `version_on_{centos or ubuntu}`. But if you would override this attribute once, the `version_on_{centos or ubuntu}` values are ignored.|See default.rb|
67 |`['docker-grid']['engine']['storage-driver_on_centos']`|String|Docker storage driver (overlay, devicemapper, ...) for CentOS.|`'overlay'`|
68 |`['docker-grid']['engine']['storage-driver_on_debian']`|String|Docker storage driver (aufs, overlay, ...) for Debian.|`'overlay2'`|
69 |`['docker-grid']['engine']['storage-driver_on_ubuntu']`|String|Docker storage driver (aufs, overlay, ...) for Ubuntu.|`'aufs'`|
70 |`['docker-grid']['engine']['storage-driver']`|String||See default.rb|
71 |`['docker-grid']['engine']['userns-remap']`|String|e.g. `'default'` (`dockremap` user/group) or your specified user/group name. Note: it is available in Docker 1.10/later and (Ubuntu or RHEL family 7.2/later).|`nil` (inactive)|
72 |`['docker-grid']['engine']['daemon_extra_options']`|String|ref. `docker daemon --help`.|`'-H fd://'`|
73 |`['docker-grid']['engine']['users_allow']`|Array|Non-root users allowed to manage Docker daemon.|`[]`|
74 |`['docker-grid']['registry']['with_ssl_cert_cookbook']`|Boolean|If this attribute is true, `node['docker-grid']['registry']['docker-compose']['config']` are are overridden by the following `common_name` attributes.|`false`|
75 |`['docker-grid']['registry']['ssl_cert']['common_name']`|String|Registry server common name for TLS|`node['fqdn']`|
76 |`['docker-grid']['registry']['server']['config']`|Hash|Registry server configurations.|See `attributes/default.rb`|
77 |`['docker-grid']['registry']['docker-compose']['app_dir']`|String||`"#{node['docker-grid']['compose']['app_dir']}/registry"`|
78 |`['docker-grid']['registry']['docker-compose']['host_data_volume']`|String|Data directory path on the host filesystem or `nil` (unset).|`'/var/lib/docker-registry'`|
79 |`['docker-grid']['registry']['docker-compose']['config_format_version']`|String|`docker-compose.yml` format version. `'1'` or `'2'`|`'1'`|
80 |`['docker-grid']['registry']['docker-compose']['service_name']`|String|Docker registry service name in the `docker-compose.yml`|`'registry'`|
81 |`['docker-grid']['registry']['docker-compose']['config']`|Hash|`docker-compose.yml` configurations. See attributes/default.rb and [_Deploying a registry server_](https://docs.docker.com/registry/deploying/#/managing-with-compose) |See `attributes/default.rb`|
82 |`['docker-grid']['registry']['docker-compose']['registry-config']`|Hash|See [_Overriding the entire configuration file_](https://docs.docker.com/registry/configuration/#/overriding-the-entire-configuration-file)|`nil`|
88 #### docker-grid::default
90 This recipe does nothing.
92 #### docker-grid::compose
94 This recipe installs docker-compose.
96 #### docker-grid::dind-compose
98 This recipe sets up Docker Compose configurations for a Docker in Docker service.
100 #### docker-grid::engine
102 This recipe sets up Docker engine.
104 #### docker-grid::registry
106 This recipe sets up Docker Compose configurations for the Docker registry service.
108 #### docker-grid::registry-docker-compose
110 This recipe is alias of the `docker-grid::registry` recipe.
112 #### docker-grid::registry-server
114 This recipe sets up a Docker registry service on real host.
118 - `roles/docker-new-repo.rb`: installs the `docker-ce` package by the new repository.
121 name 'docker-new-repo'
122 description 'Docker CE by the new repository'
130 'install_flavor' => 'dockerproject',
132 'enable_new_repo' => true,
135 #'skip_setup' => true, # default: false
136 'auto_upgrade' => true, # default: false
137 'release_base_url' => 'https://github.com/docker/compose/releases/download/1.17.1',
140 'version' => '', # latest
141 #'skip_setup' => true, # default: false
142 # new package: `docker-ce`
143 #'version_on_centos' => '17.09.0.ce-1',
144 #'version_on_ubuntu' => '17.05.0~ce-0',
145 'storage-driver_on_centos' => 'devicemapper',
146 'storage-driver_on_ubuntu' => 'overlay2', # default: aufs
152 - `roles/docker.rb`: installs the `docker-engine` package by the old repository.
156 description 'Docker Engine distributed by dockerproject'
159 'recipe[docker-grid::engine]',
164 'install_flavor' => 'dockerproject',
166 'version_on_centos' => '17.03.1.ce-1',
167 'version_on_debian' => '17.03.1~ce-0',
168 'version_on_ubuntu' => '17.03.1~ce-0',
169 'storage-driver_on_centos' => 'overlay',
170 'storage-driver_on_debian' => 'overlay2',
171 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs'
172 #'userns-remap' => 'default', # default: nil (inactive)
173 'daemon_extra_options' => '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24',
179 - `roles/docker4latest_ubuntu.rb`: installs the `docker-ce` package to the latest Ubuntu.
182 name 'docker4latest_ubuntu'
183 description 'Docker for the latest Ubuntu'
191 'install_flavor' => 'dockerproject',
193 'enable_new_repo' => true,
194 'package_name' => 'docker-ce', # new package name.
196 # install the package for the newer distribution of ubuntu.
199 #'override_apt_line' => 'deb [arch=amd64] https://download.docker.com/linux/ubuntu artful stable', # not active yet
200 'override_apt_line' => 'deb [arch=amd64] https://download.docker.com/linux/ubuntu zesty stable',
202 #'override_apt_line' => 'deb https://apt.dockerproject.org/repo ubuntu-zesty main',
203 #'override_apt_line' => 'deb https://apt.dockerproject.org/repo ubuntu-xenial main',
206 #'skip_setup' => true, # default: false
207 'auto_upgrade' => true, # default: false
208 'release_base_url' => 'https://github.com/docker/compose/releases/download/1.17.1',
211 # new package: `docker-ce``
212 'version' => '17.09.0~ce-0~ubuntu',
213 #'version' => '17.06.2~ce-0~ubuntu',
214 # old package: `docker-engine``
215 #'version' => '17.05.0~ce-0~ubuntu-zesty',
216 #'version' => '17.03.1~ce-0~ubuntu-yakkety',
217 #'version' => '1.12.3-0~xenial',
218 'storage-driver_on_ubuntu' => 'overlay2', # default: aufs
224 - `roles/docker-rhel.rb`: installs the `docker` package.
228 description 'Docker Engine distributed by RHEL'
231 'recipe[docker-grid::engine]',
236 'install_flavor' => 'os-repository',
238 'version_on_centos' => '1.12.5-14', # docker package
239 'version_on_ubuntu' => '1.12.3-0ubuntu4~16.04.2', # docker.io package
240 'storage-driver_on_centos' => 'overlay',
241 'storage-driver_on_ubuntu' => 'overlay', # default: aufs
242 #'userns-remap' => 'default',
243 'daemon_extra_options' => '-H fd://',
244 # for RHEL docker package >= 1.12: '-H fd://' option automatically removed by this cookbook.
245 # See https://github.com/docker/docker/issues/22847
251 - `roles/docker-ubuntu.rb`: installs the `docker.io` package.
255 description 'Docker Engine distributed by Ubuntu'
258 'recipe[docker-grid::engine]',
263 'install_flavor' => 'os-repository',
265 'version_on_centos' => '1.12.5-14', # docker package
266 'version_on_ubuntu' => '1.12.3-0ubuntu4~16.04.2', # docker.io package
267 'storage-driver_on_centos' => 'overlay',
268 'storage-driver_on_ubuntu' => 'overlay', # default: aufs
269 #'userns-remap' => 'default',
270 'daemon_extra_options' => '-H fd://',
276 - `roles/docker-registry.rb`: on Docker.
279 name 'docker-registry'
280 description 'Docker Registry Server'
283 'recipe[docker-grid::registry]',
289 'version_on_centos' => '17.03.1.ce-1',
290 'version_on_debian' => '17.03.1~ce-0',
291 'version_on_ubuntu' => '17.03.1~ce-0',
292 'storage-driver_on_centos' => 'overlay',
293 'storage-driver_on_debian' => 'overlay2',
294 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs'
295 'userns-remap' => '',
296 'daemon_extra_options' => \
297 '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24', \
298 # for development environment only.
299 #+ ' --insecure-registry registry.docker.example.com:5000',
302 'docker-compose' => {
303 'config_format_version' => '1',
304 'host_data_volume' => nil,
306 # in docker-compose.yml
307 # See: https://docs.docker.com/registry/deploying/#/managing-with-compose
309 'restart' => 'always',
310 'image' => 'registry:2',
315 'REGISTRY_HTTP_TLS_CERTIFICATE' => '/certs/domain.crt',
316 'REGISTRY_HTTP_TLS_KEY' => '/certs/domain.key',
317 'REGISTRY_AUTH' => 'htpasswd',
318 'REGISTRY_AUTH_HTPASSWD_PATH' => '/auth/htpasswd',
319 'REGISTRY_AUTH_HTPASSWD_REALM' => 'Registry Realm',
322 '/path/data:/var/lib/registry',
323 '/path/certs:/certs',
334 - `roles/docker-registry-with-ssl-cert.rb`: on Docker.
337 name 'docker-registry-with-ssl-cert'
338 description 'Docker Registry Server'
340 registry_fqdn = 'registry.docker.example.com'
343 #'recipe[ssl_cert::server_key_pairs]', # docker-grid <= 0.3.9
344 'recipe[docker-grid::registry]',
355 'version_on_centos' => '17.03.1.ce-1',
356 'version_on_debian' => '17.03.1~ce-0',
357 'version_on_ubuntu' => '17.03.1~ce-0',
358 'storage-driver_on_centos' => 'overlay',
359 'storage-driver_on_debian' => 'overlay2',
360 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs'
361 'userns-remap' => '',
362 'daemon_extra_options' => \
363 '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24',
366 'with_ssl_cert_cookbook' => true,
368 'common_name' => registry_fqdn,
370 'docker-compose' => {
371 'config_format_version' => '1',
372 'host_data_volume' => nil,
374 # in docker-compose.yml
375 # See: https://docs.docker.com/registry/deploying/#/managing-with-compose
377 'restart' => 'always',
378 'image' => 'registry:2',
383 # REGISTRY_HTTP_TLS_{CERTIFICATE,KEY} will be set automatically.
384 'REGISTRY_AUTH' => 'htpasswd',
385 'REGISTRY_AUTH_HTPASSWD_PATH' => '/auth/htpasswd',
386 'REGISTRY_AUTH_HTPASSWD_REALM' => 'Registry Realm',
388 #'REGISTRY_PROXY_REMOTEURL' => 'https://registry-1.docker.io',
391 # Volumes for the server certificate and key files will be set automatically.
392 '/path/data:/var/lib/registry',
403 - `roles/docker-registry-by-entire-config.rb`: on Docker.
406 name 'docker-registry-by-entire-config'
407 description 'Docker Registry Server'
410 'recipe[docker-grid::registry]',
416 'version_on_centos' => '17.03.1.ce-1',
417 'version_on_debian' => '17.03.1~ce-0',
418 'version_on_ubuntu' => '17.03.1~ce-0',
419 'storage-driver_on_centos' => 'overlay',
420 'storage-driver_on_debian' => 'overlay2',
421 'storage-driver_on_ubuntu' => 'overlay2', # default: 'aufs'
422 'userns-remap' => '',
423 'daemon_extra_options' => \
424 '-H fd:// --bip=192.168.128.1/24 --fixed-cidr=192.168.128.0/24', \
425 # for development environment only.
426 #+ ' --insecure-registry registry.docker.example.com:5000',
429 'docker-compose' => {
430 'registry-config' => {
432 # in ./etc/config.yml
433 # See: https://docs.docker.com/registry/configuration/#/overriding-the-entire-configuration-file
437 'config_format_version' => '1',
439 # in ./docker-compose.yml
440 # See: https://docs.docker.com/registry/deploying/#/managing-with-compose
442 'restart' => 'always',
443 'image' => 'registry:2',
448 # -> ./etc/config.yml
451 # Volumes for the ./etc/config.yml will be set automatically.
452 #'./etc/config.yml:/etc/docker/registry/config.yml:ro',
453 '/path/data:/var/lib/registry',
464 - `roles/registry-server-with-ssl-cert.rb`: on real host.
467 name 'registry-server-with-ssl-cert'
468 description 'Docker Registry Server'
470 registry_fqdn = 'registry.docker.example.com'
473 'recipe[docker-grid::registry-server]',
484 'with_ssl_cert_cookbook' => true,
486 'common_name' => registry_fqdn,
492 'rootdirectory' => '/var/lib/docker-registry',
496 'remoteurl' => 'https://registry-1.docker.io',
505 ### SSL server keys and certificates management by `ssl_cert` cookbook
507 - create vault items.
510 $ ruby -rjson -e 'puts JSON.generate({"private" => File.read("registry.docker.example.com.prod.key")})' \
511 > > ~/tmp/registry.docker.example.com.prod.key.json
513 $ ruby -rjson -e 'puts JSON.generate({"public" => File.read("registry.docker.example.com.prod.crt")})' \
514 > > ~/tmp/registry.docker.example.com.prod.crt.json
518 $ knife vault create ssl_server_keys registry.docker.example.com.prod \
519 > --json ~/tmp/registry.docker.example.com.prod.key.json
521 $ knife vault create ssl_server_certs registry.docker.example.com.prod \
522 > --json ~/tmp/registry.docker.example.com.prod.crt.json
525 - grant reference permission to the Docker Registry host
528 $ knife vault update ssl_server_keys registry.docker.example.com.prod -S 'name:registry-host.example.com'
529 $ knife vault update ssl_server_certs registry.docker.example.com.prod -S 'name:registry-host.example.com'
532 - modify run_list and attributes
536 #'recipe[ssl_cert::server_key_pairs]', # docker-grid <= 0.3.9
537 'recipe[docker-grid::registry]',
543 'registry.docker.example.com',
548 'with_ssl_cert_cookbook' => true,
550 'common_name' => 'registry.docker.example.com',
558 ## License and Authors
560 - Author:: whitestar at osdn.jp
563 Copyright 2016-2017, whitestar
565 Licensed under the Apache License, Version 2.0 (the "License");
566 you may not use this file except in compliance with the License.
567 You may obtain a copy of the License at
569 http://www.apache.org/licenses/LICENSE-2.0
571 Unless required by applicable law or agreed to in writing, software
572 distributed under the License is distributed on an "AS IS" BASIS,
573 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
574 See the License for the specific language governing permissions and
575 limitations under the License.