make systemd MountFlags configurable

Signed-off-by: Sean OMeara <[email protected]>

README.md

@@ -20,23 +20,23 @@ This cookbook is concerned with the [Docker](http://docker.io) container engine
 The following platforms have been tested with Test Kitchen: You may be able to get it working on other platforms, with appropriate configuration of cgroups and storage back ends.
 
 ```
-|--------------+-------+-------+-------|--------|--------|
-|              | 1.7.1 | 1.8.3 | 1.9.1 | 1.10.3 | 1.11.1 |
-|--------------+-------+-------+-------|--------|--------|
-| debian-7     | X     | X     | X     | X      | X      |
-|--------------+-------+-------+-------|--------|--------|
-| debian-8     | X     | X     | X     | X      | X      |
-|--------------+-------+-------+-------|--------|--------|
-| centos-7     | X     | X     | X     | X      | X      |
-|--------------+-------+-------+-------|--------|--------|
-| fedora       |       |       | X     | X      | X      |
-|--------------+-------+-------+-------|--------|--------|
-| ubuntu-12.04 | X     | X     | X     | X      | X      |
-|--------------+-------+-------+-------|--------|--------|
-| ubuntu-14.04 | X     | X     | X     | X      | X      |
-|--------------+-------+-------+-------|--------|--------|
-| ubuntu-16.04 |       |       |       |        | X      |
-|--------------+-------+-------+-------|--------|--------|
+|--------------+-------+-------+-------|--------|--------|--------|
+|              | 1.7.1 | 1.8.3 | 1.9.1 | 1.10.3 | 1.11.1 | 1.12.3 |
+|--------------+-------+-------+-------|--------|--------|--------|
+| debian-7     | X     | X     | X     | X      | X      | X      |
+|--------------+-------+-------+-------|--------|--------|--------|
+| debian-8     | X     | X     | X     | X      | X      | X      |
+|--------------+-------+-------+-------|--------|--------|--------|
+| centos-7     | X     | X     | X     | X      | X      | X      |
+|--------------+-------+-------+-------|--------|--------|--------|
+| fedora       |       |       | X     | X      | X      | X      |
+|--------------+-------+-------+-------|--------|--------|--------|
+| ubuntu-12.04 | X     | X     | X     | X      | X      | X      |
+|--------------+-------+-------+-------|--------|--------|--------|
+| ubuntu-14.04 | X     | X     | X     | X      | X      | X      |
+|--------------+-------+-------+-------|--------|--------|--------|
+| ubuntu-16.04 |       |       |       |        | X      | X      |
+|--------------+-------+-------+-------|--------|--------|--------|
 ```
 
 ## Cookbook Dependencies
@@ -448,6 +448,7 @@ The `docker_service` resource property list mostly corresponds to the options fo
 - `userland_proxy`- Enables or disables docker-proxy
 - `disable_legacy_registry` - Do not contact legacy registries
 - `userns_remap` - Enable user namespace remapping options - `default`, `uid`, `uid:gid`, `username`, `username:groupname` (see: [Docker User Namespaces](see: https://docs.docker.com/v1.10/engine/reference/commandline/daemon/#daemon-user-namespace-options))
+- `mount_flags` - Set the systemd mount propagation flag. Defaults to slave.
 
 #### Miscellaneous Options
 

libraries/docker_service_base.rb

@@ -49,6 +49,7 @@ class DockerServiceBase < DockerBase
     property :labels, [String, Array], coerce: proc { |v| coerce_daemon_labels(v) }, desired_state: false
     property :log_driver, %w( json-file syslog journald gelf fluentd awslogs splunk none )
     property :log_opts, ArrayType
+    property :mount_flags, String, default: 'slave'
     property :mtu, [String, nil]
     property :pidfile, String, default: lazy { "/var/run/#{docker_name}.pid" }
     property :registry_mirror, [String, nil]
@@ -59,7 +60,7 @@ class DockerServiceBase < DockerBase
     property :userland_proxy, [Boolean, nil]
     property :disable_legacy_registry, [Boolean, nil]
     property :userns_remap, [String, nil]
-
+    
     # These are options specific to systemd configuration such as
     # LimitNOFILE or TasksMax that you may wannt to use to customize
     # the environment in which Docker runs.

libraries/docker_service_manager_systemd.rb

@@ -27,7 +27,8 @@ class DockerServiceManagerSystemd < DockerServiceBase
         mode '0644'
         variables(
           docker_name: docker_name,
-          docker_socket: connect_socket.sub(%r{unix://|fd://}, '')
+          docker_socket: connect_socket.sub(%r{unix://|fd://}, ''),
+          docker_mount_flags: mount_flags
         )
         cookbook 'docker'
         action :create
@@ -59,7 +60,8 @@ class DockerServiceManagerSystemd < DockerServiceBase
           config: new_resource,
           docker_daemon_cmd: docker_daemon_cmd,
           systemd_args: systemd_args,
-          docker_wait_ready: "#{libexec_dir}/#{docker_name}-wait-ready"
+          docker_wait_ready: "#{libexec_dir}/#{docker_name}-wait-ready",
+          docker_mount_flags: mount_flags
         )
         cookbook 'docker'
         notifies :run, 'execute[systemctl daemon-reload]', :immediately

templates/default/systemd/docker.service-override.erb

@@ -26,7 +26,7 @@ ExecStartPre=/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
 ExecStart=<%= @docker_daemon_cmd %>
 ExecStartPost=<%= @docker_wait_ready %>
 Restart=always
-MountFlags=private
+MountFlags=<%= @docker_mount_flags %>
 LimitNOFILE=1048576
 LimitNPROC=1048576
 LimitCORE=infinity

templates/default/systemd/docker.service.erb

@@ -7,7 +7,7 @@ Requires=<%= @docker_name %>.socket
 [Service]
 Type=notify
 ExecStart=/usr/bin/docker daemon -H fd://
-MountFlags=slave
+MountFlags=<%= @docker_mount_flags %>
 LimitNOFILE=1048576
 LimitNPROC=1048576
 LimitCORE=infinity