devstack-plugin-container/devstack/lib/docker

#!/bin/bash

# Dependencies:
#
# - functions
# - ``STACK_USER`` must be defined

# stack.sh
# ---------
# - install_docker

# The following variables are assumed to be defined by certain functions:
#
# - ``http_proxy`` ``https_proxy`` ``no_proxy``

# Save trace setting
_XTRACE_DOCKER=$(set +o | grep xtrace)
set +o xtrace


# Defaults
# --------

DOCKER_ENGINE_SOCKET_FILE=${DOCKER_ENGINE_SOCKET_FILE:-/var/run/docker.sock}
DOCKER_ENGINE_PORT=${DOCKER_ENGINE_PORT:-2375}
DOCKER_CLUSTER_STORE=${DOCKER_CLUSTER_STORE:-}
DOCKER_GROUP=${DOCKER_GROUP:-$STACK_USER}
DOCKER_CGROUP_DRIVER=${DOCKER_CGROUP_DRIVER:-}
ENABLE_CLEAR_CONTAINER=$(trueorfalse False ENABLE_CLEAR_CONTAINER)

# Functions
# ---------

function check_docker {
    if is_ubuntu; then
       dpkg -s docker-engine > /dev/null 2>&1 || dpkg -s docker-ce > /dev/null 2>&1
    else
       rpm -q docker-engine > /dev/null 2>&1 || rpm -q docker > /dev/null 2>&1 || rpm -q docker-ce > /dev/null 2>&1
    fi
}

function install_docker {
    if [[ -z "$os_PACKAGE" ]]; then
        GetOSVersion
    fi

    local lsb_dist=${os_VENDOR,,}
    local dist_version=${os_CODENAME}
    local arch=$(dpkg --print-architecture)
    if is_ubuntu; then
        if uname -r | grep -q -- '-generic' && dpkg -l 'linux-image-*-generic' | grep -qE '^ii|^hi' 2>/dev/null; then
            apt_get install linux-image-extra-$(uname -r) linux-image-extra-virtual
        else
            (>&2 echo "WARNING: Current kernel is not supported by the linux-image-extra-virtual package. Docker may not work.")
        fi
        apt_get install apt-transport-https ca-certificates software-properties-common
        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
        sudo add-apt-repository -y \
            "deb [arch=${arch}] https://download.docker.com/linux/${lsb_dist} \
            ${dist_version} \
            stable"
        REPOS_UPDATED=False apt_get_update
        apt_get install docker-ce
    elif is_fedora; then
        if [[ "$lsb_dist" = "centos" ]]; then
            sudo yum-config-manager \
                --add-repo \
                https://download.docker.com/linux/centos/docker-ce.repo
        elif [[ "$lsb_dist" = "fedora" ]]; then
            sudo dnf config-manager \
                --add-repo \
                https://download.docker.com/linux/fedora/docker-ce.repo
        fi
        yum_install docker-ce
    fi
    if [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then
        # Clear Container can't run inside VM, so check whether virtualization
        # is enabled or not
        if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then
            if is_ubuntu; then
                install_clear_container_ubuntu
            elif is_fedora; then
                install_clear_container_fedora
            fi
        else
            (>&2 echo "WARNING: Clear Container needs the CPU extensions svm or vmx which is not enabled. Skipping Clear Container installation.")
        fi
    fi
}

function configure_docker {
    # After an ./unstack it will be stopped. So it is ok if it returns exit-code == 1
    sudo systemctl stop docker.service || true

    local cluster_store_opts=""
    if [[ -n "$DOCKER_CLUSTER_STORE" ]]; then
        cluster_store_opts+="\"cluster-store\": \"$DOCKER_CLUSTER_STORE\","
    fi
    local runtime_opts=""
    if [[ "$ENABLE_CLEAR_CONTAINER" == "True" ]]; then
        if sudo grep -E 'svm|vmx' /proc/cpuinfo &> /dev/null; then
            runtime_opts+="\"runtimes\": {
                \"cor\": {
                    \"path\": \"/usr/bin/cc-oci-runtime\"
                }
            },"
        fi
    fi
    local docker_config_file=/etc/docker/daemon.json
    local debug
    if [[ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]]; then
        debug=true
    else
        debug=false
    fi
    sudo mkdir -p $(dirname ${docker_config_file})
    cat <<EOF | sudo tee $docker_config_file >/dev/null
{
    $cluster_store_opts
    $runtime_opts
    "debug": ${debug},
    "group": "$DOCKER_GROUP",
EOF
    if [[ -n "$DOCKER_CGROUP_DRIVER" ]]; then

    cat <<EOF | sudo tee -a $docker_config_file >/dev/null
    "exec-opts": ["native.cgroupdriver=${DOCKER_CGROUP_DRIVER}"],
EOF
    fi

    cat <<EOF | sudo tee -a $docker_config_file >/dev/null
    "hosts": [
        "unix://$DOCKER_ENGINE_SOCKET_FILE",
        "tcp://0.0.0.0:$DOCKER_ENGINE_PORT"
    ]
}
EOF

    # NOTE(hongbin): We override ExecStart to workaround issue 22339.
    # https://github.com/docker/docker/issues/22339
    local docker_drop_in_file=/etc/systemd/system/docker.service.d/docker.conf
    sudo mkdir -p $(dirname ${docker_drop_in_file})
    cat <<EOF | sudo tee $docker_drop_in_file >/dev/null
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --config-file=$docker_config_file
Environment="HTTP_PROXY=$http_proxy" "HTTPS_PROXY=$https_proxy" "NO_PROXY=$no_proxy"
EOF
    sudo systemctl daemon-reload
    sudo systemctl --no-block restart docker.service
}

function stop_docker {
    sudo systemctl stop docker.service || true
}

function install_clear_container_ubuntu {
    sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/ /' >> /etc/apt/sources.list.d/cc-oci-runtime.list"
    curl -fsSL http://download.opensuse.org/repositories/home:/clearlinux:/preview:/clear-containers-2.1/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add -
    REPOS_UPDATED=False apt_get_update
    apt_get install cc-oci-runtime
}

function install_clear_container_fedora {
    source /etc/os-release
    local lsb_dist=${os_VENDOR,,}
    if [[ "$lsb_dist" = "fedora" ]]; then
        sudo -E dnf config-manager \
            --add-repo \
            http://download.opensuse.org/repositories/home:clearlinux:preview:clear-containers-2.1/Fedora\_$VERSION_ID/home:clearlinux:preview:clear-containers-2.1.repo
    fi
    yum_install cc-oci-runtime linux-container
}

# Restore xtrace
$_XTRACE_DOCKER