summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
blob: 2552644a5e99f8b928f5346742cabfdbe55b7d2f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# Common use of docker::run
define sunet::docker_run(
  $image,
  $imagetag            = hiera('sunet_docker_default_tag', 'latest'),
  $volumes             = [],
  $ports               = [],
  $env                 = [],
  $net                 = 'bridge',
  $extra_parameters    = [],
  $command             = ""
) {

  # Make container use unbound resolver on dockerhost
  # If docker was just installed, facter will not know the IP of docker0. Thus the pick.
  $dns = $net ? {
    'host'  => [],  # docker refuses --dns with --net host
    default => [pick($::ipaddress_docker0, '172.17.42.1')],
  }

  $image_tag = "${image}:${imagetag}"
  docker::image { $image_tag : } ->

  docker::run {$name :
    use_name           => true,
    image              => $image_tag,
    volumes            => flatten([$volumes,
                           '/etc/passwd:/etc/passwd:ro',  # uid consistency
                           '/etc/group:/etc/group:ro',    # gid consistency
                           ]),
    ports              => $ports,
    env                => $env,
    net                => $net,
    extra_parameters   => flatten([$extra_parameters,
                                   '--rm',
                                   ]),
    dns                => $dns,
    verify_checksum    => false,    # Rely on registry security for now. eduID risk #31.
    command            => $command,
    pre_start          => 'run-parts /usr/local/etc/docker.d',
    post_start         => 'run-parts /usr/local/etc/docker.d',
    pre_stop           => 'run-parts /usr/local/etc/docker.d',
  }

}