diff --git a/README.md b/README.md index aa79e1b214..ed99023bf3 100644 --- a/README.md +++ b/README.md @@ -20,23 +20,23 @@ This cookbook is concerned with the [Docker](http://docker.io) container engine The following platforms have been tested with Test Kitchen: You may be able to get it working on other platforms, with appropriate configuration of cgroups and storage back ends. ``` -|--------------+-------+-------+-------|--------|--------| -| | 1.7.1 | 1.8.3 | 1.9.1 | 1.10.3 | 1.11.1 | -|--------------+-------+-------+-------|--------|--------| -| debian-7 | X | X | X | X | X | -|--------------+-------+-------+-------|--------|--------| -| debian-8 | X | X | X | X | X | -|--------------+-------+-------+-------|--------|--------| -| centos-7 | X | X | X | X | X | -|--------------+-------+-------+-------|--------|--------| -| fedora | | | X | X | X | -|--------------+-------+-------+-------|--------|--------| -| ubuntu-12.04 | X | X | X | X | X | -|--------------+-------+-------+-------|--------|--------| -| ubuntu-14.04 | X | X | X | X | X | -|--------------+-------+-------+-------|--------|--------| -| ubuntu-16.04 | | | | | X | -|--------------+-------+-------+-------|--------|--------| +|--------------+-------+-------+-------|--------|--------|--------| +| | 1.7.1 | 1.8.3 | 1.9.1 | 1.10.3 | 1.11.1 | 1.12.3 | +|--------------+-------+-------+-------|--------|--------|--------| +| debian-7 | X | X | X | X | X | X | +|--------------+-------+-------+-------|--------|--------|--------| +| debian-8 | X | X | X | X | X | X | +|--------------+-------+-------+-------|--------|--------|--------| +| centos-7 | X | X | X | X | X | X | +|--------------+-------+-------+-------|--------|--------|--------| +| fedora | | | X | X | X | X | +|--------------+-------+-------+-------|--------|--------|--------| +| ubuntu-12.04 | X | X | X | X | X | X | +|--------------+-------+-------+-------|--------|--------|--------| +| ubuntu-14.04 | X | X | X | X | X | X | +|--------------+-------+-------+-------|--------|--------|--------| +| ubuntu-16.04 | | | | | X | X | +|--------------+-------+-------+-------|--------|--------|--------| ``` ## Cookbook Dependencies @@ -448,6 +448,7 @@ The `docker_service` resource property list mostly corresponds to the options fo - `userland_proxy`- Enables or disables docker-proxy - `disable_legacy_registry` - Do not contact legacy registries - `userns_remap` - Enable user namespace remapping options - `default`, `uid`, `uid:gid`, `username`, `username:groupname` (see: [Docker User Namespaces](see: https://docs.docker.com/v1.10/engine/reference/commandline/daemon/#daemon-user-namespace-options)) +- `mount_flags` - Set the systemd mount propagation flag. Defaults to slave. #### Miscellaneous Options diff --git a/libraries/docker_service_base.rb b/libraries/docker_service_base.rb index 88b5f7bcef..bb3d245c71 100644 --- a/libraries/docker_service_base.rb +++ b/libraries/docker_service_base.rb @@ -49,6 +49,7 @@ class DockerServiceBase < DockerBase property :labels, [String, Array], coerce: proc { |v| coerce_daemon_labels(v) }, desired_state: false property :log_driver, %w( json-file syslog journald gelf fluentd awslogs splunk none ) property :log_opts, ArrayType + property :mount_flags, String, default: 'slave' property :mtu, [String, nil] property :pidfile, String, default: lazy { "/var/run/#{docker_name}.pid" } property :registry_mirror, [String, nil] @@ -59,7 +60,7 @@ class DockerServiceBase < DockerBase property :userland_proxy, [Boolean, nil] property :disable_legacy_registry, [Boolean, nil] property :userns_remap, [String, nil] - + # These are options specific to systemd configuration such as # LimitNOFILE or TasksMax that you may wannt to use to customize # the environment in which Docker runs. diff --git a/libraries/docker_service_manager_systemd.rb b/libraries/docker_service_manager_systemd.rb index f6eb81dc1c..1f5ebef712 100644 --- a/libraries/docker_service_manager_systemd.rb +++ b/libraries/docker_service_manager_systemd.rb @@ -27,7 +27,8 @@ class DockerServiceManagerSystemd < DockerServiceBase mode '0644' variables( docker_name: docker_name, - docker_socket: connect_socket.sub(%r{unix://|fd://}, '') + docker_socket: connect_socket.sub(%r{unix://|fd://}, ''), + docker_mount_flags: mount_flags ) cookbook 'docker' action :create @@ -59,7 +60,8 @@ class DockerServiceManagerSystemd < DockerServiceBase config: new_resource, docker_daemon_cmd: docker_daemon_cmd, systemd_args: systemd_args, - docker_wait_ready: "#{libexec_dir}/#{docker_name}-wait-ready" + docker_wait_ready: "#{libexec_dir}/#{docker_name}-wait-ready", + docker_mount_flags: mount_flags ) cookbook 'docker' notifies :run, 'execute[systemctl daemon-reload]', :immediately diff --git a/templates/default/systemd/docker.service-override.erb b/templates/default/systemd/docker.service-override.erb index ba1248ab0e..8c0f83eaa7 100644 --- a/templates/default/systemd/docker.service-override.erb +++ b/templates/default/systemd/docker.service-override.erb @@ -26,7 +26,7 @@ ExecStartPre=/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 ExecStart=<%= @docker_daemon_cmd %> ExecStartPost=<%= @docker_wait_ready %> Restart=always -MountFlags=private +MountFlags=<%= @docker_mount_flags %> LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity diff --git a/templates/default/systemd/docker.service.erb b/templates/default/systemd/docker.service.erb index e07c8b44b3..5c924d8a9a 100644 --- a/templates/default/systemd/docker.service.erb +++ b/templates/default/systemd/docker.service.erb @@ -7,7 +7,7 @@ Requires=<%= @docker_name %>.socket [Service] Type=notify ExecStart=/usr/bin/docker daemon -H fd:// -MountFlags=slave +MountFlags=<%= @docker_mount_flags %> LimitNOFILE=1048576 LimitNPROC=1048576 LimitCORE=infinity