trust anchorsct-ops-2015-03-22-v02

1 files changed, 56 insertions, 0 deletions

diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp b/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
new file mode 100644
index 0000000..67f75f9
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
@@ -0,0 +1,56 @@
+# Install docker from https://get.docker.com/ubuntu
+class sunet::dockerhost {
+  apt::source {'docker_official':
+     location           => 'https://get.docker.com/ubuntu',
+     release            => 'docker',
+     repos              => 'main',
+     key                => 'A88D21E9',
+     include_src        => false
+  }
+  package {'lxc-docker':
+     ensure             => latest,
+  }
+
+  class {'docker':
+     manage_package     => false,
+  }
+
+  package { 'unbound': ensure => 'latest' }
+  service { 'unbound': ensure => 'running' }
+
+  file { '/usr/local/etc/docker.d/20unbound':
+    ensure  => file,
+    path    => '/usr/local/etc/docker.d/20unbound',
+    mode    => '0755',
+    content => template('sunet/dockerhost/20unbound.erb'),
+  }
+
+  file { '/etc/logrotate.d/docker-containers':
+    ensure  => file,
+    path    => '/etc/logrotate.d/docker-containers',
+    mode    => '0644',
+    content => template('sunet/dockerhost/logrotate_docker-containers.erb'),
+  }
+
+  file { '/etc/unbound/unbound.conf.d/docker.conf':
+    ensure  => file,
+    path    => '/etc/unbound/unbound.conf.d/docker.conf',
+    mode    => '0644',
+    content => template('sunet/dockerhost/unbound_docker.conf.erb'),
+    notify  => Service['unbound'],
+  }
+
+  ufw::allow { 'allow-docker-resolving_udp':
+    port  => '53',
+    ip    => $::ipaddress_docker0,    # both IPv4 and IPv6
+    from  => '172.16.0.0/12',
+    proto => 'udp',
+  }
+  ufw::allow { 'allow-docker-resolving_tcp':
+    port  => '53',
+    ip    => $::ipaddress_docker0,    # both IPv4 and IPv6
+    from  => '172.16.0.0/12',
+    proto => 'tcp',
+  }
+
+}