Safe Haskell | None |
---|
Docker support for propellor
The existance of a docker container is just another Property of a system, which propellor can set up. See config.hs for an example.
- installed :: Property
- configured :: Property
- container :: ContainerName -> Image -> Host
- docked :: [Host] -> ContainerName -> RevertableProperty
- memoryLimited :: Property
- garbageCollected :: Property
- type Image = String
- type ContainerName = String
- dns :: String -> Property
- hostname :: String -> Property
- name :: String -> Property
- publish :: String -> Property
- expose :: String -> Property
- user :: String -> Property
- volume :: String -> Property
- volumes_from :: ContainerName -> Property
- workdir :: String -> Property
- memory :: String -> Property
- cpuShares :: Int -> Property
- link :: ContainerName -> ContainerAlias -> Property
- type ContainerAlias = String
- chain :: String -> IO ()
Host properties
Configures docker with an authentication file, so that images can be pushed to index.docker.io. Optional.
container :: ContainerName -> Image -> HostSource
Starts accumulating the properties of a Docker container.
container "web-server" "debian" & publish "80:80" & Apt.installed {"apache2"] & ...
docked :: [Host] -> ContainerName -> RevertablePropertySource
Ensures that a docker container is set up and running, finding its configuration in the passed list of hosts.
The container has its own Properties which are handled by running propellor inside the container.
Additionally, the container can have DNS attributes, such as a CNAME. These become attributes of the host(s) it's docked in.
Reverting this property ensures that the container is stopped and removed.
memoryLimited :: PropertySource
Configures the kernel to respect docker memory limits.
This assumes the system boots using grub 2. And that you don't need any other GRUB_CMDLINE_LINUX_DEFAULT settings.
Only takes effect after reboot. (Not automated.)
garbageCollected :: PropertySource
Causes *any* docker images that are not in use by running containers to be deleted. And deletes any containers that propellor has set up before that are not currently running. Does not delete any containers that were not set up using propellor.
Generally, should come after the properties for the desired containers.
type ContainerName = StringSource
A short descriptive name for a container. Should not contain whitespace or other unusual characters, only [a-zA-Z0-9_-] are allowed
Container configuration
publish :: String -> PropertySource
Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort)
volume :: String -> PropertySource
Mount a volume Create a bind mount with: [host-dir]:[container-dir]:[rw|ro] With just a directory, creates a volume in the container.
volumes_from :: ContainerName -> PropertySource
Mount a volume from the specified container into the current container.
cpuShares :: Int -> PropertySource
CPU shares (relative weight).
By default, all containers run at the same priority, but you can tell the kernel to give more CPU time to a container using this property.
link :: ContainerName -> ContainerAlias -> PropertySource
Link with another container on the same host.
type ContainerAlias = StringSource
A short alias for a linked container. Each container has its own alias namespace.
Internal use
chain :: String -> IO ()Source
Called when propellor is running inside a docker container. The string should be the container's ContainerId.
This process is effectively init inside the container. It even needs to wait on zombie processes!
Fork a thread to run the SimpleSh server in the background. In the foreground, run an interactive bash (or sh) shell, so that the user can interact with it when attached to the container.
When the system reboots, docker restarts the container, and this is run again. So, to make the necessary services get started on boot, this needs to provision the container then. However, if the container is already being provisioned by the calling propellor, it would be redundant and problimatic to also provisoon it here.
The solution is a flag file. If the flag file exists, then the container was already provisioned. So, it must be a reboot, and time to provision again. If the flag file doesn't exist, don't provision here.