From ca4305ae360435f7e5115813604c444e9c02fd5f Mon Sep 17 00:00:00 2001 From: Paula Muir Date: Fri, 25 Nov 2022 16:01:07 +0000 Subject: [PATCH] Revert "(maint) Hardening manifests and tasks" --- manifests/compose.pp | 5 +- manifests/machine.pp | 5 +- manifests/plugin.pp | 11 ++-- manifests/registry.pp | 4 +- manifests/run.pp | 99 +++++++++++++++++++------------- manifests/secrets.pp | 11 ++-- manifests/services.pp | 13 ++--- manifests/stack.pp | 6 +- manifests/swarm.pp | 4 +- spec/shared_examples/machine.rb | 2 +- spec/shared_examples/plugin.rb | 11 ++-- spec/shared_examples/registry.rb | 2 +- spec/shared_examples/run.rb | 6 +- spec/shared_examples/secrets.rb | 8 +-- spec/shared_examples/services.rb | 10 ++-- spec/shared_examples/stack.rb | 4 +- spec/shared_examples/swarm.rb | 4 +- tasks/node_ls.rb | 8 +-- tasks/node_rm.rb | 8 +-- tasks/node_update.rb | 14 ++--- tasks/service_create.json | 4 +- tasks/service_create.rb | 32 ++++++----- tasks/service_rm.rb | 6 +- tasks/service_scale.rb | 10 ++-- tasks/service_update.rb | 12 ++-- tasks/swarm_init.rb | 22 +++---- tasks/swarm_join.rb | 12 ++-- tasks/swarm_leave.rb | 6 +- tasks/swarm_token.rb | 6 +- 29 files changed, 178 insertions(+), 167 deletions(-) diff --git a/manifests/compose.pp b/manifests/compose.pp index a649dc3a..c0dec680 100644 --- a/manifests/compose.pp +++ b/manifests/compose.pp @@ -71,6 +71,8 @@ } if $facts['os']['family'] == 'windows' { + $docker_download_command = "if (Invoke-WebRequest ${docker_compose_url} ${proxy_opt} -UseBasicParsing -OutFile \"${docker_compose_location_versioned}\") { exit 0 } else { exit 1}" # lint:ignore:140chars + exec { "Install Docker Compose ${version}": command => template('docker/windows/download_docker_compose.ps1.erb'), provider => powershell, @@ -87,11 +89,10 @@ ensure_packages(['curl']) } - $compose_install = "curl -s -S -L ${proxy_opt} ${docker_compose_url} -o ${docker_compose_location_versioned}" exec { "Install Docker Compose ${version}": path => '/usr/bin/', cwd => '/tmp', - command => $compose_install, + command => "curl -s -S -L ${proxy_opt} ${docker_compose_url} -o ${docker_compose_location_versioned}", creates => $docker_compose_location_versioned, require => Package['curl'], } diff --git a/manifests/machine.pp b/manifests/machine.pp index 776a909f..9c51bfb2 100644 --- a/manifests/machine.pp +++ b/manifests/machine.pp @@ -56,6 +56,8 @@ } if $facts['os']['family'] == 'windows' { + $docker_download_command = "if (Invoke-WebRequest ${docker_machine_url} ${proxy_opt} -UseBasicParsing -OutFile \"${docker_machine_location_versioned}\") { exit 0 } else { exit 1}" # lint:ignore:140chars + exec { "Install Docker Machine ${version}": command => template('docker/windows/download_docker_machine.ps1.erb'), provider => powershell, @@ -72,11 +74,10 @@ ensure_packages(['curl']) } - $install_command = ['curl', '-s', '-S', '-L', $proxy_opt, $docker_machine_url, '-o', $docker_machine_location_versioned] # lint:ignore:140chars exec { "Install Docker Machine ${version}": path => '/usr/bin/', cwd => '/tmp', - command => $install_command, + command => "curl -s -S -L ${proxy_opt} ${docker_machine_url} -o ${docker_machine_location_versioned}", creates => $docker_machine_location_versioned, require => Package['curl'], } diff --git a/manifests/plugin.pp b/manifests/plugin.pp index dd72b7b5..836aaea1 100644 --- a/manifests/plugin.pp +++ b/manifests/plugin.pp @@ -85,7 +85,7 @@ } ) - $exec_rm = [$docker_command, 'rm', $docker_plugin_remove_flags] + $exec_rm = "${docker_command} rm ${docker_plugin_remove_flags}" $onlyif_rm = "${docker_command} ls --format='{{.PluginReference}}' | grep -w ${plugin_name}" exec { "plugin remove ${plugin_name}": @@ -105,7 +105,7 @@ } ) - $exec_enable = [$docker_command, 'enable', $docker_plugin_enable_flags] + $exec_enable = "${docker_command} enable ${docker_plugin_enable_flags}" $onlyif_enable = "${docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w ${plugin_name}" exec { "plugin enable ${plugin_name}": @@ -116,15 +116,12 @@ onlyif => $onlyif_enable, } } elsif $enabled == false { - $else_command = [$docker_command, 'disable', $plugin_name] - $else_unless = "${docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w ${plugin_name}" - exec { "disable ${plugin_name}": - command => $else_command, + command => "${docker_command} disable ${plugin_name}", environment => 'HOME=/root', path => ['/bin', '/usr/bin',], timeout => 0, - unless => $else_unless, + unless => "${docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w ${plugin_name}", } } } diff --git a/manifests/registry.pp b/manifests/registry.pp index d4bcf14f..53524be7 100644 --- a/manifests/registry.pp +++ b/manifests/registry.pp @@ -112,7 +112,7 @@ default => $pass_hash } - $_auth_command = [$auth_cmd, '||', "(rm -f \"/${_local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}\"; exit 1;)"] # lint:ignore:140chars + $_auth_command = "${auth_cmd} || (rm -f \"/${_local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}\"; exit 1;)" file { "/${_local_user_home}/registry-auth-puppet_receipt_${server_strip}_${local_user}": ensure => $ensure, @@ -125,7 +125,7 @@ # server may be an URI, which can contain / $server_strip = regsubst($server, '[/:]', '_', 'G') $passfile = "${::docker_user_temp_path}/registry-auth-puppet_receipt_${server_strip}_${local_user}" - $_auth_command = ["if (-not (${auth_cmd}))", "{ Remove-Item -Path ${passfile}", '-Force', '-Recurse', '-EA', 'SilentlyContinue; exit 1 } else { exit 0 }'] # lint:ignore:140chars + $_auth_command = "if (-not (${auth_cmd})) { Remove-Item -Path ${passfile} -Force -Recurse -EA SilentlyContinue; exit 1 } else { exit 0 }" # lint:ignore:140chars if $ensure == 'absent' { file { $passfile: diff --git a/manifests/run.pp b/manifests/run.pp index 7f44aecf..8b7e5a1a 100644 --- a/manifests/run.pp +++ b/manifests/run.pp @@ -373,10 +373,8 @@ } if $restart_on_unhealthy { - $unhealthy_command = [$docker_command, 'restart', $sanitised_title] - exec { "Restart unhealthy container ${title} with docker": - command => $unhealthy_command, + command => "${docker_command} restart ${sanitised_title}", onlyif => $restart_check, environment => $exec_environment, path => $exec_path, @@ -387,24 +385,18 @@ if $restart { if $ensure == 'absent' { - $restart_stop_command = [$docker_command, 'stop', '--time', $stop_wait_time, $sanitised_title] - $restart_stop_onlyif = [[$docker_command, 'inspect', $sanitised_title]] - exec { "stop ${title} with docker": - command => $restart_stop_command, - onlyif => $restart_stop_onlyif, + command => "${docker_command} stop --time=${stop_wait_time} ${sanitised_title}", + onlyif => "${docker_command} inspect ${sanitised_title}", environment => $exec_environment, path => $exec_path, provider => $exec_provider, timeout => $exec_timeout, } - $restart_remove_command = "${docker_command} rm -v ${sanitised_title}" - $restart_remove_onlyif = [[$docker_command, 'inspect', $sanitised_title]] - exec { "remove ${title} with docker": - command => $restart_remove_command, - onlyif => $restart_remove_onlyif, + command => "${docker_command} rm -v ${sanitised_title}", + onlyif => "${docker_command} inspect ${sanitised_title}", environment => $exec_environment, path => $exec_path, provider => $exec_provider, @@ -429,26 +421,57 @@ $exec_unless = $inspect } - $docker_params_changed_args = { - sanitised_title => $sanitised_title, - osfamily => $facts['os']['family'], - command => join($run_with_docker_command, ' '), - cidfile => $cidfile, - image => $image, - volumes => $volumes, - ports => $ports, - stop_wait_time => $stop_wait_time, - container_running => $running, - # logfile_path => ($facts['os']['family'] == 'windows') ? { - # true => ::docker_user_temp_path, - # default => '/tmp', - # }, - } + if versioncmp($facts['puppetversion'], '6') < 0 { + exec { "run ${title} with docker": + command => join($run_with_docker_command, ' '), + unless => $exec_unless, + environment => $exec_environment, + path => $exec_path, + provider => $exec_provider, + timeout => $exec_timeout, + } + + if $running == false { + exec { "stop ${title} with docker": + command => "${docker_command} stop --time=${stop_wait_time} ${sanitised_title}", + onlyif => $container_running_check, + environment => $exec_environment, + path => $exec_path, + provider => $exec_provider, + timeout => $exec_timeout, + } + } else { + exec { "start ${title} with docker": + command => "${docker_command} start ${sanitised_title}", + unless => $container_running_check, + environment => $exec_environment, + path => $exec_path, + provider => $exec_provider, + timeout => $exec_timeout, + } + } + } else { + $docker_params_changed_args = { + sanitised_title => $sanitised_title, + osfamily => $facts['os']['family'], + command => join($run_with_docker_command, ' '), + cidfile => $cidfile, + image => $image, + volumes => $volumes, + ports => $ports, + stop_wait_time => $stop_wait_time, + container_running => $running, + # logfile_path => ($facts['os']['family'] == 'windows') ? { + # true => ::docker_user_temp_path, + # default => '/tmp', + # }, + } - $detect_changes = Deferred('docker_params_changed', [$docker_params_changed_args]) + $detect_changes = Deferred('docker_params_changed', [$docker_params_changed_args]) - notify { "${title}_docker_params_changed": - message => $detect_changes, + notify { "${title}_docker_params_changed": + message => $detect_changes, + } } } } else { @@ -494,12 +517,9 @@ if $ensure == 'absent' { if $facts['os']['family'] == 'windows' { - $absent_stop_command = "${docker_command} stop --time ${stop_wait_time} ${sanitised_title}" - $absent_stop_onlyif = "${docker_command} inspect ${sanitised_title}" - exec { "stop container ${service_prefix}${sanitised_title}": - command => $absent_stop_command, - onlyif => $absent_stop_onlyif, + command => "${docker_command} stop --time=${stop_wait_time} ${sanitised_title}", + onlyif => "${docker_command} inspect ${sanitised_title}", environment => $exec_environment, path => $exec_path, provider => $exec_provider, @@ -516,12 +536,9 @@ notify => Exec["remove container ${service_prefix}${sanitised_title}"], } } - $absent_remove_command = "${docker_command} rm -v ${sanitised_title}" - $absent_remove_onlyif = "${docker_command} inspect ${sanitised_title}" - exec { "remove container ${service_prefix}${sanitised_title}": - command => $absent_remove_command, - onlyif => $absent_remove_onlyif, + command => "${docker_command} rm -v ${sanitised_title}", + onlyif => "${docker_command} inspect ${sanitised_title}", environment => $exec_environment, path => $exec_path, refreshonly => true, diff --git a/manifests/secrets.pp b/manifests/secrets.pp index 851a2dc0..3991540c 100644 --- a/manifests/secrets.pp +++ b/manifests/secrets.pp @@ -27,8 +27,8 @@ } ) - $exec_secret = [$docker_command, $docker_secrets_flags] - $unless_secret = [$docker_command, 'inspect', $secret_name] + $exec_secret = "${docker_command} ${docker_secrets_flags}" + $unless_secret = "${docker_command} inspect ${secret_name}" exec { "${title} docker secret create": command => $exec_secret, @@ -38,12 +38,9 @@ } if $ensure == 'absent' { - $absent_secret_command = [$docker_command, 'rm', $secret_name] - $absent_secret_onlyif = [$docker_command, 'inspect', $secret_name] - exec { "${title} docker secret rm": - command => $absent_secret_command, - onlyif => $absent_secret_onlyif, + command => "${docker_command} rm ${secret_name}", + onlyif => "${docker_command} inspect ${secret_name}", path => ['/bin', '/usr/bin',], } } diff --git a/manifests/services.pp b/manifests/services.pp index c0495a75..3e8d58ca 100644 --- a/manifests/services.pp +++ b/manifests/services.pp @@ -132,7 +132,7 @@ } ) - $exec_create = [$docker_command, 'create', '--name', $docker_service_create_flags] + $exec_create = "${docker_command} create --name ${docker_service_create_flags}" $unless_create = "docker service ps ${service_name}" exec { "${title} docker service create": @@ -163,7 +163,7 @@ } ) - $exec_update = [$docker_command, 'update', $docker_service_flags] + $exec_update = "${docker_command} update ${docker_service_flags}" exec { "${title} docker service update": command => $exec_update, @@ -182,7 +182,7 @@ } ) - $exec_scale = [$docker_command, 'scale', "${service_name}=${replicas}"] + $exec_scale = "${docker_command} scale ${service_name}=${replicas}" exec { "${title} docker service scale": command => $exec_scale, @@ -194,12 +194,9 @@ } if $ensure == 'absent' { - $service_command = ['docker', 'service', 'rm', $service_name] - $service_onlyif = ['docker', 'service', 'ps', $service_name] - exec { "${title} docker service remove": - command => $service_command, - onlyif => $service_onlyif, + command => "docker service rm ${service_name}", + onlyif => "docker service ps ${service_name}", path => $exec_path, provider => $exec_provider, timeout => $exec_timeout, diff --git a/manifests/stack.pp b/manifests/stack.pp index 6aae5b5c..da722a12 100644 --- a/manifests/stack.pp +++ b/manifests/stack.pp @@ -59,7 +59,7 @@ } ) - $exec_stack = [$docker_command, 'deploy', $docker_stack_flags, $stack_name] + $exec_stack = "${docker_command} deploy ${docker_stack_flags} ${stack_name}" exec { "docker stack create ${stack_name}": command => $exec_stack, @@ -70,10 +70,8 @@ } if $ensure == 'absent' { - $destroy_command = [$docker_command, 'rm', $stack_name] - exec { "docker stack destroy ${stack_name}": - command => $destroy_command, + command => "${docker_command} rm ${stack_name}", onlyif => $check_stack, path => $exec_path, provider => $provider, diff --git a/manifests/swarm.pp b/manifests/swarm.pp index 25ae31e0..f84a5ece 100644 --- a/manifests/swarm.pp +++ b/manifests/swarm.pp @@ -117,7 +117,7 @@ } ) - $exec_init = [$docker_command, $docker_swarm_init_flags] + $exec_init = "${docker_command} ${docker_swarm_init_flags}" exec { 'Swarm init': command => $exec_init, @@ -138,7 +138,7 @@ } ) - $exec_join = [$docker_command, $docker_swarm_join_flags, $manager_ip] + $exec_join = "${docker_command} ${docker_swarm_join_flags} ${manager_ip}" exec { 'Swarm join': command => $exec_join, diff --git a/spec/shared_examples/machine.rb b/spec/shared_examples/machine.rb index e447f2ef..3541d5d6 100644 --- a/spec/shared_examples/machine.rb +++ b/spec/shared_examples/machine.rb @@ -62,7 +62,7 @@ is_expected.to contain_exec("Install Docker Machine #{version}").with( 'path' => '/usr/bin/', 'cwd' => '/tmp', - 'command' => ['curl', '-s', '-S', '-L', proxy_opt, docker_machine_url, '-o', docker_machine_location_versioned], + 'command' => "curl -s -S -L #{proxy_opt} #{docker_machine_url} -o #{docker_machine_location_versioned}", 'creates' => docker_machine_location_versioned, ).that_requires( 'Package[curl]', diff --git a/spec/shared_examples/plugin.rb b/spec/shared_examples/plugin.rb index da1cf33f..793cd3ac 100644 --- a/spec/shared_examples/plugin.rb +++ b/spec/shared_examples/plugin.rb @@ -43,7 +43,7 @@ 'force_remove' => force_remove, ) - exec_rm = [docker_command, 'rm', docker_plugin_remove_flags] + exec_rm = "#{docker_command} rm #{docker_plugin_remove_flags}" onlyif_rm = "#{docker_command} ls --format='{{.PluginReference}}' | grep -w #{plugin_name}" it { @@ -64,7 +64,7 @@ 'timeout' => timeout, ) - exec_enable = [docker_command, 'enable', docker_plugin_enable_flags] + exec_enable = "#{docker_command} enable #{docker_plugin_enable_flags}" onlyif_enable = "#{docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w #{plugin_name}" it { @@ -77,16 +77,13 @@ ) } else - else_command = [docker_command, 'disable', plugin_name] - else_unless = "#{docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w #{plugin_name}" - it { is_expected.to contain_exec("disable #{plugin_name}").with( - 'command' => else_command, + 'command' => "#{docker_command} disable #{plugin_name}", 'environment' => 'HOME=/root', 'path' => ['/bin', '/usr/bin'], 'timeout' => 0, - 'unless' => else_unless, + 'unless' => "#{docker_command} ls -f enabled=false --format='{{.PluginReference}}' | grep -w #{plugin_name}", ) } end diff --git a/spec/shared_examples/registry.rb b/spec/shared_examples/registry.rb index a7390da8..6efc1701 100644 --- a/spec/shared_examples/registry.rb +++ b/spec/shared_examples/registry.rb @@ -81,7 +81,7 @@ else server_strip = server.gsub('[/:]', '_') passfile = "#{facts['docker_user_temp_path']}/registry-auth-puppet_receipt_#{server_strip}_#{local_user}" - auth_command = ["if (-not (#{auth_cmd}))", "{ Remove-Item -Path #{passfile}", '-Force', '-Recurse', '-EA', 'SilentlyContinue; exit 1 } else { exit 0 }'] + auth_command = "if (-not (#{auth_cmd})) { Remove-Item -Path #{passfile} -Force -Recurse -EA SilentlyContinue; exit 0 } else { exit 0 }" if ensure_value == 'absent' it { diff --git a/spec/shared_examples/run.rb b/spec/shared_examples/run.rb index ca016b34..112e5a5c 100644 --- a/spec/shared_examples/run.rb +++ b/spec/shared_examples/run.rb @@ -138,7 +138,7 @@ if restart_on_unhealthy it { is_expected.to contain_exec("Restart unhealthy container #{title} with docker").with( - 'command' => [docker_command, 'restart', sanitised_title], + 'command' => "#{docker_command} restart #{sanitised_title}", 'onlyif' => restart_check, 'environment' => exec_environment, 'path' => exec_path, @@ -152,8 +152,8 @@ if ensure_value == 'absent' it { is_expected.to contain_exec("stop #{title} with docker").with( - 'command' => [docker_command, 'stop', "--time=#{stop_wait_time}", sanitised_title], - 'onlyif' => [docker_command, 'inspect', sanitised_title], + 'command' => "#{docker_command} stop --time=#{stop_wait_time} #{sanitised_title}", + 'onlyif' => "#{docker_command} inspect #{sanitised_title}", 'environment' => exec_environment, 'path' => exec_path, 'provider' => exec_provider, diff --git a/spec/shared_examples/secrets.rb b/spec/shared_examples/secrets.rb index f6475e89..e3e5c00b 100644 --- a/spec/shared_examples/secrets.rb +++ b/spec/shared_examples/secrets.rb @@ -16,8 +16,8 @@ 'secret_path' => secret_path, ) - exec_secret = [docker_command, docker_secrets_flags] - unless_secret = [docker_command, 'inspect', secret_name] + exec_secret = "#{docker_command} #{docker_secrets_flags}" + unless_secret = "#{docker_command} inspect #{secret_name}" it { is_expected.to contain_exec("#{title} docker secret create").with( @@ -31,8 +31,8 @@ if ensure_value == 'absent' it { is_expected.to contain_exec("#{title} docker secret rm").with( - 'command' => [docker_command, 'rm', secret_name], - 'onlyif' => [docker_command, 'inspect', secret_name], + 'command' => "#{docker_command} rm #{secret_name}", + 'onlyif' => "#{docker_command} inspect #{secret_name}", 'path' => ['/bin', '/usr/bin'], ) } diff --git a/spec/shared_examples/services.rb b/spec/shared_examples/services.rb index 760424bf..3ccf20f3 100644 --- a/spec/shared_examples/services.rb +++ b/spec/shared_examples/services.rb @@ -56,7 +56,7 @@ 'command' => command, ) - exec_create = [docker_command, 'create', '--name', docker_service_create_flags] + exec_create = "#{docker_command} create --name #{docker_service_create_flags}" unless_create = "docker service ps #{service_name == :undef ? '' : service_name}" it { @@ -88,7 +88,7 @@ 'registry_mirror' => registry_mirror, ) - exec_update = [docker_command, 'update', docker_service_flags] + exec_update = "#{docker_command} update #{docker_service_flags}" it { is_expected.to contain_exec("#{title} docker service update").with( @@ -108,7 +108,7 @@ # 'extra_params' => Array(extra_params), # ) - exec_scale = [docker_command, 'scale', "#{service_name}=#{replicas}"] + exec_scale = "#{docker_command} scale #{service_name}=#{replicas}" it { is_expected.to contain_exec("#{title} docker service scale").with( @@ -124,8 +124,8 @@ if ensure_value == 'absent' it { is_expected.to contain_exec("#{title} docker service remove").with( - 'command' => ['docker', 'service', 'rm', service_name], - 'onlyif' => ['docker', 'service', 'ps', service_name], + 'command' => "docker service rm #{service_name}", + 'onlyif' => "docker service ps #{service_name}", 'path' => exec_path, 'provider' => exec_provider, 'timeout' => exec_timeout, diff --git a/spec/shared_examples/stack.rb b/spec/shared_examples/stack.rb index 9a84f038..0ded5444 100644 --- a/spec/shared_examples/stack.rb +++ b/spec/shared_examples/stack.rb @@ -34,7 +34,7 @@ 'resolve_image' => resolve_image, ) - exec_stack = [docker_command, 'deploy', docker_stack_flags, stack_name] + exec_stack = "#{docker_command} deploy #{docker_stack_flags} #{stack_name}" it { is_expected.to contain_exec("docker stack create #{stack_name}").with( @@ -49,7 +49,7 @@ if ensure_value == 'absent' it { is_expected.to contain_exec("docker stack destroy #{stack_name}").with( - 'command' => [docker_command, 'rm', stack_name], + 'command' => "#{docker_command} rm #{stack_name}", 'onlyif' => check_stack, 'path' => exec_path, 'provider' => provider, diff --git a/spec/shared_examples/swarm.rb b/spec/shared_examples/swarm.rb index 608dbd43..5a7357d4 100644 --- a/spec/shared_examples/swarm.rb +++ b/spec/shared_examples/swarm.rb @@ -57,7 +57,7 @@ 'snapshot_interval' => snapshot_interval, ) - exec_init = [docker_command, docker_swarm_init_flags] + exec_init = "#{docker_command} #{docker_swarm_init_flags}" it { is_expected.to contain_exec('Swarm init').with( @@ -79,7 +79,7 @@ 'token' => token, ) - exec_join = [docker_command, docker_swarm_join_flags, manager_ip] + exec_join = "#{docker_command} #{docker_swarm_join_flags} #{manager_ip}" it { is_expected.to contain_exec('Swarm join').with( diff --git a/tasks/node_ls.rb b/tasks/node_ls.rb index cae0e80d..54294a28 100755 --- a/tasks/node_ls.rb +++ b/tasks/node_ls.rb @@ -6,11 +6,11 @@ require 'puppet' def node_ls(filter, quiet) - cmd = ['docker', 'node', 'ls'] - cmd.concat([" --filter=#{filter}"]) unless filter.nil? - cmd.concat([' --quiet']) unless quiet.nil? + cmd_string = 'docker node ls' + cmd_string += " --filter=#{filter}" unless filter.nil? + cmd_string += ' --quiet' unless quiet.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/node_rm.rb b/tasks/node_rm.rb index 893d96c3..9b92a576 100755 --- a/tasks/node_rm.rb +++ b/tasks/node_rm.rb @@ -6,11 +6,11 @@ require 'puppet' def node_rm(force, node) - cmd = ['docker', 'node', 'rm'] - cmd.concat([' --force']) unless force.nil? - cmd.concat([" #{node}"]) unless node.nil? + cmd_string = 'docker node rm' + cmd_string += ' --force' unless force.nil? + cmd_string += " #{node}" unless node.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/node_update.rb b/tasks/node_update.rb index c18cd738..9bc22c6a 100755 --- a/tasks/node_update.rb +++ b/tasks/node_update.rb @@ -6,25 +6,25 @@ require 'puppet' def node_update(availability, role, label_add, label_rm, node) - cmd = ['docker', 'node', 'update'] - cmd.concat([" --availability #{availability}"]) unless availability.nil? - cmd.concat([" --role #{role}"]) unless role.nil? + cmd_string = 'docker node update' + cmd_string += " --availability #{availability}" unless availability.nil? + cmd_string += " --role #{role}" unless role.nil? if label_add.is_a? Array label_add.each do |param| - cmd.concat([" --label-add #{param}"]) + cmd_string += " --label-add #{param}" end end if label_rm.is_a? Array label_rm.each do |param| - cmd.concat([" --label-rm #{param}"]) + cmd_string += " --label-rm #{param}" end end - cmd.concat([" #{node}"]) unless node.nil? + cmd_string += " #{node}" unless node.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/service_create.json b/tasks/service_create.json index 50bb5486..404cf00e 100644 --- a/tasks/service_create.json +++ b/tasks/service_create.json @@ -16,7 +16,7 @@ }, "expose": { "description": "Publish service ports externally to the swarm", - "type": "Variant[Array,Undef]" + "type": "Variant[String,Array,Undef]" }, "env": { "description": "Set environment variables", @@ -24,7 +24,7 @@ }, "command": { "description": "Command to run on the container", - "type": "Variant[Array,Undef]" + "type": "Variant[String,Array,Undef]" }, "extra_params": { "description": "Allows you to pass any other flag that the Docker service create supports.", diff --git a/tasks/service_create.rb b/tasks/service_create.rb index eae44f82..6e2872de 100755 --- a/tasks/service_create.rb +++ b/tasks/service_create.rb @@ -4,27 +4,33 @@ require 'json' require 'open3' require 'puppet' -require 'shellwords' def service_create(image, replicas, expose, env, command, extra_params, service, detach) - cmd = ['docker', 'service', 'create'] - cmd.concat(extra_params) unless extra_params.nil? || extra_params.empty? - - cmd.concat(['--name', service]) unless service.nil? - cmd.concat(['--replicas', replicas.to_s]) unless replicas.nil? - cmd.concat(['--publish', Shellwords.join(expose)]) unless expose.nil? - + cmd_string = 'docker service create' + if extra_params.is_a? Array + extra_params.each do |param| + cmd_string += " #{param}" + end + end + cmd_string += " --name #{service}" unless service.nil? + cmd_string += " --replicas #{replicas}" unless replicas.nil? + cmd_string += " --publish #{expose}" unless expose.nil? if env.is_a? Hash env.each do |key, value| - cmd.concat(['--env', Shellwords.escape("#{key}=#{value}")]) + cmd_string += " --env #{key}='#{value}'" end end - cmd.append(image) unless image.nil? - cmd.append('-d') unless !detach || detach.nil? - cmd.concat(command) unless command.nil? || command.empty? + if command.is_a? Array + cmd_string += command.join(' ') + elsif command && command.to_s != 'undef' + cmd_string += command.to_s + end + + cmd_string += ' -d' unless detach.nil? + cmd_string += " #{image}" unless image.nil? - stdout, stderr, status = Open3.capture3(*cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/service_rm.rb b/tasks/service_rm.rb index 6bdadaf8..01f59f19 100755 --- a/tasks/service_rm.rb +++ b/tasks/service_rm.rb @@ -6,10 +6,10 @@ require 'puppet' def service_rm(service) - cmd = ['docker', 'service', 'rm'] - cmd.concat([" #{service}"]) unless service.nil? + cmd_string = 'docker service rm' + cmd_string += " #{service}" unless service.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/service_scale.rb b/tasks/service_scale.rb index 94e3c1ff..f954316a 100755 --- a/tasks/service_scale.rb +++ b/tasks/service_scale.rb @@ -6,12 +6,12 @@ require 'puppet' def service_scale(service, scale, detach) - cmd = ['docker', 'service', 'scale'] - cmd.concat([" #{service}"]) unless service.nil? - cmd.concat(["=#{scale}"]) unless scale.nil? - cmd.concat([' -d']) unless detach.nil? + cmd_string = 'docker service scale' + cmd_string += " #{service}" unless service.nil? + cmd_string += "=#{scale}" unless scale.nil? + cmd_string += ' -d' unless detach.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/service_update.rb b/tasks/service_update.rb index c4238240..52eeb4d1 100755 --- a/tasks/service_update.rb +++ b/tasks/service_update.rb @@ -6,24 +6,24 @@ require 'puppet' def service_update(image, service, constraint_add, constraint_rm) - cmd = ['docker', 'service', 'update'] - cmd.concat([" --image #{image}"]) unless image.nil? + cmd_string = 'docker service update' + cmd_string += " --image #{image}" unless image.nil? if constraint_add.is_a? Array constraint_add.each do |param| - cmd.concat([" --constraint-add #{param}"]) + cmd_string += " --constraint-add #{param}" end end if constraint_rm.is_a? Array constraint_rm.each do |param| - cmd.concat([" --constraint-rm #{param}"]) + cmd_string += " --constraint-rm #{param}" end end - cmd.concat([" #{service}"]) unless service.nil? + cmd_string += " #{service}" unless service.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/swarm_init.rb b/tasks/swarm_init.rb index 5afc302a..78c49af0 100755 --- a/tasks/swarm_init.rb +++ b/tasks/swarm_init.rb @@ -6,18 +6,18 @@ require 'puppet' def swarm_init(advertise_addr, autolock, cert_expiry, dispatcher_heartbeat, external_ca, force_new_cluster, listen_addr, max_snapshots, snapshot_interval) - cmd = ['docker', 'swarm', 'init'] - cmd.concat([" --advertise-addr=#{advertise_addr}"]) unless advertise_addr.nil? - cmd.concat([' --autolock']) unless autolock.nil? - cmd.concat([' --cert-expiry']) unless cert_expiry.nil? - cmd.concat([" --dispatcher-heartbeat=#{dispatcher_heartbeat}"]) unless dispatcher_heartbeat.nil? - cmd.concat([" --external-ca=#{external_ca}"]) unless external_ca.nil? - cmd.concat([' --force-new-cluster']) unless force_new_cluster.nil? - cmd.concat([" --listen-addr=#{listen_addr}"]) unless listen_addr.nil? - cmd.concat([" --max-snapshots=#{max_snapshots}"]) unless max_snapshots.nil? - cmd.concat([" --snapshot-interval=#{snapshot_interval}"]) unless snapshot_interval.nil? + cmd_string = 'docker swarm init' + cmd_string += " --advertise-addr=#{advertise_addr}" unless advertise_addr.nil? + cmd_string += ' --autolock' unless autolock.nil? + cmd_string += ' --cert-expiry' unless cert_expiry.nil? + cmd_string += " --dispatcher-heartbeat=#{dispatcher_heartbeat}" unless dispatcher_heartbeat.nil? + cmd_string += " --external-ca=#{external_ca}" unless external_ca.nil? + cmd_string += ' --force-new-cluster' unless force_new_cluster.nil? + cmd_string += " --listen-addr=#{listen_addr}" unless listen_addr.nil? + cmd_string += " --max-snapshots=#{max_snapshots}" unless max_snapshots.nil? + cmd_string += " --snapshot-interval=#{snapshot_interval}" unless snapshot_interval.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/swarm_join.rb b/tasks/swarm_join.rb index 23b1045e..c98471d5 100755 --- a/tasks/swarm_join.rb +++ b/tasks/swarm_join.rb @@ -6,13 +6,13 @@ require 'puppet' def swarm_join(advertise_addr, listen_addr, token, manager_ip) - cmd = ['docker', 'swarm', 'join'] - cmd.concat([" --advertise-addr=#{advertise_addr}"]) unless advertise_addr.nil? - cmd.concat([" --listen-addr=#{listen_addr}"]) unless listen_addr.nil? - cmd.concat([" --token=#{token}"]) unless token.nil? - cmd.concat([" #{manager_ip}"]) unless manager_ip.nil? + cmd_string = 'docker swarm join' + cmd_string += " --advertise-addr=#{advertise_addr}" unless advertise_addr.nil? + cmd_string += " --listen-addr=#{listen_addr}" unless listen_addr.nil? + cmd_string += " --token=#{token}" unless token.nil? + cmd_string += " #{manager_ip}" unless manager_ip.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/swarm_leave.rb b/tasks/swarm_leave.rb index ddbffc1d..d6bc6bbb 100755 --- a/tasks/swarm_leave.rb +++ b/tasks/swarm_leave.rb @@ -6,9 +6,9 @@ require 'puppet' def swarm_leave(force) - cmd = ['docker', 'swarm', 'leave'] - cmd.concat([' -f']) if force == 'true' - stdout, stderr, status = Open3.capture3(cmd) + cmd_string = 'docker swarm leave ' + cmd_string += ' -f' if force == 'true' + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end diff --git a/tasks/swarm_token.rb b/tasks/swarm_token.rb index d825bb8d..35eae179 100755 --- a/tasks/swarm_token.rb +++ b/tasks/swarm_token.rb @@ -6,10 +6,10 @@ require 'puppet' def swarm_token(node_role) - cmd = ['docker', 'swarm', 'join-token', '-q'] - cmd.concat([" #{node_role}"]) unless node_role.nil? + cmd_string = 'docker swarm join-token -q' + cmd_string += " #{node_role}" unless node_role.nil? - stdout, stderr, status = Open3.capture3(cmd) + stdout, stderr, status = Open3.capture3(cmd_string) raise Puppet::Error, "stderr: '#{stderr}'" if status != 0 stdout.strip end