From 9e728d3e5b0bf1730f30884fb6d502c20f8ad443 Mon Sep 17 00:00:00 2001
From: Charlie Sharpsteen <chuck@puppet.com>
Date: Sat, 20 Aug 2022 12:53:08 -0400
Subject: [PATCH 1/3] Remove deb_family_systemd_volume from docker_exp

The `deb_family_systemd_volume` logic hardcoded a
`--volume /sys/fs/cgroup:/sys/fs/cgroup:ro` flag when provisioning
Debian or Ubuntu containers in order to allow SystemD to run.

However, this mount is no longer sufficient when the docker host
is running a Kernel with CGroupsV2 and a SystemD version that defaults
to using `systemd.enableUnifiedCgroupHierarchy=true`:

  https://github.com/docker/for-mac/issues/6073

Ubuntu 22.04 fits these criteria.

In these conditions, `--cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw`
must be used. However, attempting to pass these flags to `docker_exp`
via `docker_run_opts` causes `docker run` to fail due to a conflict
with the hardcoded mount from `deb_family_systemd_volume`:

```
stderr:docker: Error response from daemon: Duplicate mount point: /sys/fs/cgroup.
```

This commit removes the `deb_family_systemd_volume` logic as:

 - CGroup mounts must be configured for any OS family using SystemD, not
   just Debian and Ubuntu.

 - The user should be able to exercise full control over mount flags
   via `docker_run_opts`.
---
 tasks/docker_exp.rb | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/tasks/docker_exp.rb b/tasks/docker_exp.rb
index 9b730c4..ef8d7d5 100755
--- a/tasks/docker_exp.rb
+++ b/tasks/docker_exp.rb
@@ -18,12 +18,7 @@ def provision(docker_platform, inventory_location, vars)
     docker_run_opts = var_hash['docker_run_opts'].flatten.join(' ') unless var_hash['docker_run_opts'].nil?
   end
 
-  deb_family_systemd_volume = if (docker_platform =~ %r{debian|ubuntu}) && (docker_platform !~ %r{debian8|ubuntu14})
-                                '--volume /sys/fs/cgroup:/sys/fs/cgroup:ro'
-                              else
-                                ''
-                              end
-  creation_command = "docker run -d -it #{deb_family_systemd_volume} --privileged #{docker_run_opts} #{docker_platform}"
+  creation_command = "docker run -d -it --privileged #{docker_run_opts} #{docker_platform}"
   container_id = run_local_command(creation_command).strip[0..11]
   fix_missing_tty_error_message(container_id) unless platform_is_windows?(docker_platform)
   node = { 'uri' => container_id,

From dacb093d1bb0b252eefea8f87c13602dda3310b3 Mon Sep 17 00:00:00 2001
From: jordanbreen28 <jordan.breen@perforce.com>
Date: Tue, 21 Mar 2023 12:59:51 +0000
Subject: [PATCH 2/3] (Maint) - remove deb_family_system_volume

This commit removes any reference to deb_family_system_volume.
---
 tasks/docker.rb     | 16 ++++++++++------
 tasks/docker_exp.rb |  6 ++++++
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/tasks/docker.rb b/tasks/docker.rb
index d0535bb..76a2975 100755
--- a/tasks/docker.rb
+++ b/tasks/docker.rb
@@ -161,11 +161,7 @@ def provision(image, inventory_location, vars)
   warn '!!! Using private port forwarding!!!'
   front_facing_port = random_ssh_forwarding_port
   full_container_name = "#{image.gsub(%r{[\/:\.]}, '_')}-#{front_facing_port}"
-  deb_family_systemd_volume = if (image =~ %r{debian|ubuntu}) && (image !~ %r{debian8|ubuntu14})
-                                '--volume /sys/fs/cgroup:/sys/fs/cgroup:ro'
-                              else
-                                ''
-                              end
+
   node = {
     'uri' => "#{hostname}:#{front_facing_port}",
     'config' => {
@@ -184,7 +180,15 @@ def provision(image, inventory_location, vars)
     node['vars'] = var_hash
     docker_run_opts = var_hash['docker_run_opts'].flatten.join(' ') unless var_hash['docker_run_opts'].nil?
   end
-  creation_command = "docker run -d -it --privileged #{deb_family_systemd_volume} --tmpfs /tmp:exec -p #{front_facing_port}:22 --name #{full_container_name} "
+
+  unless docker_run_opts.nil?
+    docker_run_opts += ' --volume /sys/fs/cgroup:/sys/fs/cgroup:rw' if (image =~ %r{debian|ubuntu}) \
+    && (docker_run_opts !~ %r{--volume /sys/fs/cgroup:/sys/fs/cgroup})
+    docker_run_opts += ' --cgroupns=host' if (image =~ %r{debian|ubuntu}) \
+    && (docker_run_opts !~ %r{--cgroupns})
+  end
+
+  creation_command = "docker run -d -it --privileged --tmpfs /tmp:exec -p #{front_facing_port}:22 --name #{full_container_name} "
   creation_command += "#{docker_run_opts} " unless docker_run_opts.nil?
   creation_command += image
   run_local_command(creation_command).strip
diff --git a/tasks/docker_exp.rb b/tasks/docker_exp.rb
index ef8d7d5..a162b14 100755
--- a/tasks/docker_exp.rb
+++ b/tasks/docker_exp.rb
@@ -17,6 +17,12 @@ def provision(docker_platform, inventory_location, vars)
     var_hash = YAML.safe_load(vars)
     docker_run_opts = var_hash['docker_run_opts'].flatten.join(' ') unless var_hash['docker_run_opts'].nil?
   end
+  unless docker_run_opts.nil?
+    docker_run_opts += ' --volume /sys/fs/cgroup:/sys/fs/cgroup:rw' if (docker_platform =~ %r{debian|ubuntu}) \
+    && (docker_run_opts !~ %r{--volume /sys/fs/cgroup:/sys/fs/cgroup})
+    docker_run_opts += ' --cgroupns=host' if (docker_platform =~ %r{debian|ubuntu}) \
+    && (docker_run_opts !~ %r{--cgroupns})
+  end
 
   creation_command = "docker run -d -it --privileged #{docker_run_opts} #{docker_platform}"
   container_id = run_local_command(creation_command).strip[0..11]

From 9bd9713c2b32c442b2617bb04729d4a8670624c2 Mon Sep 17 00:00:00 2001
From: jordanbreen28 <jordan.breen@perforce.com>
Date: Wed, 22 Mar 2023 15:54:37 +0000
Subject: [PATCH 3/3] (Maint) - add volume flag to debian/ubuntu

---
 README.md           | 11 +++++++++++
 tasks/docker.rb     | 11 +++++------
 tasks/docker_exp.rb | 14 ++++++++------
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 609f494..00a711b 100644
--- a/README.md
+++ b/README.md
@@ -144,6 +144,17 @@ Ran on 1 node in 33.96 seconds
 
 Provision allows for passing additional command line arguments to the docker run when specifying `vars['docker_run_opts']` as an array of arguments.
 
+When running Debian or Ubuntu containers, the following flags will be added to the $docker_run_opts by default.
+```
+--volume /sys/fs/cgroup:/sys/fs/cgroup:rw --cgroupns=host
+```
+
+These defaults can be overriden by passing the flags with different values i.e.
+
+```
+--volume /sys/fs/cgroup:/sys/fs/cgroup:ro --cgroupns=private
+```
+
 ```
 $ bundle exec bolt --modulepath /Users/tp/workspace/git/ task run provision::docker --targets localhost  action=provision platform=ubuntu:14.04 inventory=/Users/tp/workspace/git/provision vars='{ "docker_run_opts": ["-p 8086:8086", "-p 3000:3000"]}'
 ```
diff --git a/tasks/docker.rb b/tasks/docker.rb
index 76a2975..eca209a 100755
--- a/tasks/docker.rb
+++ b/tasks/docker.rb
@@ -175,18 +175,17 @@ def provision(image, inventory_location, vars)
       'os-release' => os_release_facts,
     },
   }
+  docker_run_opts = ''
   unless vars.nil?
     var_hash = YAML.safe_load(vars)
     node['vars'] = var_hash
     docker_run_opts = var_hash['docker_run_opts'].flatten.join(' ') unless var_hash['docker_run_opts'].nil?
   end
 
-  unless docker_run_opts.nil?
-    docker_run_opts += ' --volume /sys/fs/cgroup:/sys/fs/cgroup:rw' if (image =~ %r{debian|ubuntu}) \
-    && (docker_run_opts !~ %r{--volume /sys/fs/cgroup:/sys/fs/cgroup})
-    docker_run_opts += ' --cgroupns=host' if (image =~ %r{debian|ubuntu}) \
-    && (docker_run_opts !~ %r{--cgroupns})
-  end
+  docker_run_opts += ' --volume /sys/fs/cgroup:/sys/fs/cgroup:rw' if (image =~ %r{debian|ubuntu}) \
+  && (docker_run_opts !~ %r{--volume /sys/fs/cgroup:/sys/fs/cgroup})
+  docker_run_opts += ' --cgroupns=host' if (image =~ %r{debian|ubuntu}) \
+  && (docker_run_opts !~ %r{--cgroupns})
 
   creation_command = "docker run -d -it --privileged --tmpfs /tmp:exec -p #{front_facing_port}:22 --name #{full_container_name} "
   creation_command += "#{docker_run_opts} " unless docker_run_opts.nil?
diff --git a/tasks/docker_exp.rb b/tasks/docker_exp.rb
index a162b14..65deb16 100755
--- a/tasks/docker_exp.rb
+++ b/tasks/docker_exp.rb
@@ -13,16 +13,17 @@ def provision(docker_platform, inventory_location, vars)
   include PuppetLitmus::InventoryManipulation
   inventory_full_path = File.join(inventory_location, '/spec/fixtures/litmus_inventory.yaml')
   inventory_hash = get_inventory_hash(inventory_full_path)
+
+  docker_run_opts = ''
   unless vars.nil?
     var_hash = YAML.safe_load(vars)
     docker_run_opts = var_hash['docker_run_opts'].flatten.join(' ') unless var_hash['docker_run_opts'].nil?
   end
-  unless docker_run_opts.nil?
-    docker_run_opts += ' --volume /sys/fs/cgroup:/sys/fs/cgroup:rw' if (docker_platform =~ %r{debian|ubuntu}) \
-    && (docker_run_opts !~ %r{--volume /sys/fs/cgroup:/sys/fs/cgroup})
-    docker_run_opts += ' --cgroupns=host' if (docker_platform =~ %r{debian|ubuntu}) \
-    && (docker_run_opts !~ %r{--cgroupns})
-  end
+
+  docker_run_opts += ' --volume /sys/fs/cgroup:/sys/fs/cgroup:rw' if (docker_platform =~ %r{debian|ubuntu}) \
+  && (docker_run_opts !~ %r{--volume /sys/fs/cgroup:/sys/fs/cgroup})
+  docker_run_opts += ' --cgroupns=host' if (docker_platform =~ %r{debian|ubuntu}) \
+  && (docker_run_opts !~ %r{--cgroupns})
 
   creation_command = "docker run -d -it --privileged #{docker_run_opts} #{docker_platform}"
   container_id = run_local_command(creation_command).strip[0..11]
@@ -34,6 +35,7 @@ def provision(docker_platform, inventory_location, vars)
     var_hash = YAML.safe_load(vars)
     node['vars'] = var_hash
   end
+
   group_name = 'docker_nodes'
   add_node_to_group(inventory_hash, node, group_name)
   File.open(inventory_full_path, 'w') { |f| f.write inventory_hash.to_yaml }