propellor-0.5.0: property-based host configuration management in haskell

Safe HaskellNone

Propellor.Property.Docker

Description

Docker support for propellor

The existance of a docker container is just another Property of a system, which propellor can set up. See config.hs for an example.

Synopsis

Documentation

configured :: PropertySource

Configures docker with an authentication file, so that images can be pushed to index.docker.io.

type ContainerName = StringSource

A short descriptive name for a container. Should not contain whitespace or other unusual characters, only [a-zA-Z0-9_-] are allowed

container :: ContainerName -> Image -> HostSource

Starts accumulating the properties of a Docker container.

 container "web-server" "debian"
    & publish "80:80"
    & Apt.installed {"apache2"]
    & ...

docked :: [Host] -> ContainerName -> RevertablePropertySource

Ensures that a docker container is set up and running. The container has its own Properties which are handled by running propellor inside the container.

Reverting this property ensures that the container is stopped and removed.

garbageCollected :: PropertySource

Causes *any* docker images that are not in use by running containers to be deleted. And deletes any containers that propellor has set up before that are not currently running. Does not delete any containers that were not set up using propellor.

Generally, should come after the properties for the desired containers.

type RunParam = StringSource

Parameters to pass to `docker run` when creating a container.

type Image = StringSource

A docker image, that can be used to run a container.

dns :: String -> PropertySource

Set custom dns server for container.

hostname :: String -> PropertySource

Set container host name.

name :: String -> PropertySource

Set name for container. (Normally done automatically.)

publish :: String -> PropertySource

Publish a container's port to the host (format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort)

user :: String -> PropertySource

Username or UID for container.

volume :: String -> PropertySource

Mount a volume Create a bind mount with: [host-dir]:[container-dir]:[rw|ro] With just a directory, creates a volume in the container.

volumes_from :: ContainerName -> PropertySource

Mount a volume from the specified container into the current container.

workdir :: String -> PropertySource

Work dir inside the container.

memory :: String -> PropertySource

Memory limit for container. Format: numberunit, where unit = b, k, m or g

link :: ContainerName -> ContainerAlias -> PropertySource

Link with another container on the same host.

type ContainerAlias = StringSource

A short alias for a linked container. Each container has its own alias namespace.

data ContainerId Source

A container is identified by its name, and the host on which it's deployed.

data ContainerIdent Source

Two containers with the same ContainerIdent were started from the same base image (possibly a different version though), and with the same RunParams.

chain :: String -> IO ()Source

Called when propellor is running inside a docker container. The string should be the container's ContainerId.

This process is effectively init inside the container. It even needs to wait on zombie processes!

Fork a thread to run the SimpleSh server in the background. In the foreground, run an interactive bash (or sh) shell, so that the user can interact with it when attached to the container.

When the system reboots, docker restarts the container, and this is run again. So, to make the necessary services get started on boot, this needs to provision the container then. However, if the container is already being provisioned by the calling propellor, it would be redundant and problimatic to also provisoon it here.

The solution is a flag file. If the flag file exists, then the container was already provisioned. So, it must be a reboot, and time to provision again. If the flag file doesn't exist, don't provision here.

provisionContainer :: ContainerId -> PropertySource

Once a container is running, propellor can be run inside it to provision it.

Note that there is a race here, between the simplesh server starting up in the container, and this property being run. So, retry connections to the client for up to 1 minute.

listContainers :: ContainerFilter -> IO [ContainerId]Source

Only lists propellor managed containers.

propellorIdent :: FilePathSource

The ContainerIdent of a container is written to /.propellor-ident inside it. This can be checked to see if the container has the same ident later.

namedPipe :: ContainerId -> FilePathSource

Named pipe used for communication with the container.