Merge pull request #2104 from jbeda/gcs-docker-install

Get docker deb from GCS

cluster/saltbase/salt/docker/init.sls

@@ -7,27 +7,30 @@
 bridge-utils:
   pkg.installed
 
-{% if grains['os_family'] != 'RedHat' %}
+{% if grains.os_family == 'RedHat' %}
+docker-io:
+  pkg:
+    - installed
 
-docker-repo:
-  pkgrepo.managed:
-    - humanname: Docker Repo
-    - name: deb https://get.docker.com/ubuntu docker main
-    - key_url: https://get.docker.com/gpg
+docker:
+  service.running:
+    - enable: True
     - require:
-      - pkg: pkg-core
+      - pkg: docker-io
 
-{% if grains.cloud is defined %}
-{% if grains.cloud == 'gce' %}
+{% else %}
+
+{% if grains.cloud is defined
+   and grains.cloud == 'gce' %}
 # The default GCE images have ip_forwarding explicitly set to 0.
 # Here we take care of commenting that out.
 /etc/sysctl.d/11-gce-network-security.conf:
   file.replace:
     - pattern: '^net.ipv4.ip_forward=0'
     - repl: '# net.ipv4.ip_forward=0'
 {% endif %}
-{% endif %}
 
+# TODO: This should really be based on network strategy instead of os_family
 net.ipv4.ip_forward:
   sysctl.present:
     - value: 1
@@ -37,41 +40,72 @@ cbr0:
     - cidr: {{ grains['cbr-cidr'] }}
     - mtu: 1460
 
-{% endif %}
+purge-old-docker:
+  pkg.removed:
+    - pkgs:
+      - lxc-docker-1.2.0
 
-{% if grains['os_family'] == 'RedHat' %}
+{{ environment_file }}:
+  file.managed:
+    - source: salt://docker/docker-defaults
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 644
+    - makedirs: true
 
-docker-io:
-  pkg:
-    - installed
+# We are caching the Docker deb file in GCS for reliability and speed.  To
+# update this to a new version of docker, do the following:
+# 1. Find new deb name with:
+#    curl https://get.docker.com/ubuntu/dists/docker/main/binary-amd64/Packages
+# 2. Download based on that:
+#    curl -O https://get.docker.com/ubuntu/pool/main/<...>
+# 3. Upload to GCS (the cache control makes :
+#    gsutil cp <deb> gs://kubernetes-release/docker/<deb>
+# 4. Make it world readable:
+#    gsutil acl ch -R -g all:R gs://kubernetes-release/docker/<deb>
+# 5. Get a hash of the deb:
+#    shasum <deb>
+# 6. Update this file with new deb name, new hash and new version
+# 7. Add the old version to purge-old-docker above.
 
-docker:
-  service.running:
-    - enable: True
-    - require:
-      - pkg: docker-io
+{% set storage_base='https://storage.googleapis.com/kubernetes-release/docker/' %}
+{% set deb='lxc-docker-1.3.0_1.3.0-20141016165047-c78088f_amd64.deb' %}
+{% set deb_hash='sha1=99c2135e4f1f469b771226c3846e0b6accb6056a' %}
+{% set docker_ver='1.3.0' %}
 
-{% else %}
+/var/cache/docker-install/{{ deb }}:
+  file.managed:
+    - source: {{ storage_base }}{{ deb }}
+    - source_hash: {{ deb_hash }}
+    - user: root
+    - group: root
+    - mode: 644
+    - makedirs: true
 
-{{ environment_file }}:
+# Drop the license file into /usr/share so that everyting is crystal clear.
+/usr/share/doc/docker/apache.txt:
   file.managed:
-    - source: salt://docker/docker-defaults
-    - template: jinja
+    - source: {{ storage_base }}apache2.txt
+    - source_hash: sha1=2b8b815229aa8a61e483fb4ba0588b8b6c491890
     - user: root
     - group: root
     - mode: 644
     - makedirs: true
 
-lxc-docker:
-  pkg.installed
+lxc-docker-{{ docker_ver }}:
+  pkg.installed:
+    - sources:
+      - lxc-docker-{{ docker_ver }}: /var/cache/docker-install/{{ deb }}
 
 docker:
   service.running:
     - enable: True
     - require:
-      - pkg: lxc-docker
+      - pkg: lxc-docker-{{ docker_ver }}
     - watch:
       - file: {{ environment_file }}
       - container_bridge: cbr0
+      - pkg: lxc-docker-{{ docker_ver }}
 
 {% endif %}