From 7795f2c6361fdf483b009db81bf5bc34466bdb7f Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Tue, 24 Mar 2026 12:44:43 +0000 Subject: [PATCH 1/8] chore: modernize platforms and cleanup legacy init templates --- .github/workflows/ci.yml | 20 ++- conductor/future_resources_plan.md | 47 ++++++ conductor/modernization_plan.md | 58 +++++++ kitchen.dokken.yml | 20 --- kitchen.yml | 6 +- metadata.rb | 7 +- resources/installation_package.rb | 43 +---- spec/docker_test/installation_package_spec.rb | 130 +++++---------- templates/default/sysvinit/docker-debian.erb | 155 ------------------ templates/default/sysvinit/docker-rhel.erb | 133 --------------- templates/default/upstart/docker.conf.erb | 51 ------ 11 files changed, 172 insertions(+), 498 deletions(-) create mode 100644 conductor/future_resources_plan.md create mode 100644 conductor/modernization_plan.md delete mode 100644 templates/default/sysvinit/docker-debian.erb delete mode 100644 templates/default/sysvinit/docker-rhel.erb delete mode 100644 templates/default/upstart/docker.conf.erb diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a69bf2ce2..d08fab2cfd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,8 +29,9 @@ jobs: - centos-stream-9 - centos-stream-10 - debian-12 - - ubuntu-2204 - - ubuntu-2404 + - debian-13 + - ubuntu-22.04 + - ubuntu-24.04 suite: - "installation-package" - "installation-tarball" @@ -57,8 +58,9 @@ jobs: - centos-stream-9 - centos-stream-10 - debian-12 - - ubuntu-2204 - - ubuntu-2404 + - debian-13 + - ubuntu-22.04 + - ubuntu-24.04 suite: ["installation-script"] fail-fast: false steps: @@ -78,7 +80,7 @@ jobs: runs-on: ubuntu-24.04 strategy: matrix: - os: ["ubuntu-2204"] + os: ["ubuntu-22.04"] suite: ["swarm"] fail-fast: false steps: @@ -102,12 +104,12 @@ jobs: strategy: matrix: os: - - "almalinux-8" - "almalinux-9" + - "almalinux-10" - "debian-12" - - "ubuntu-2004" - - "ubuntu-2204" - - "ubuntu-2404" + - "debian-13" + - "ubuntu-22.04" + - "ubuntu-24.04" suite: - "smoke" fail-fast: false diff --git a/conductor/future_resources_plan.md b/conductor/future_resources_plan.md new file mode 100644 index 0000000000..7e1f3d8460 --- /dev/null +++ b/conductor/future_resources_plan.md @@ -0,0 +1,47 @@ +# Plan: Implement Missing Docker Resources (2025-2026 Features) + +This plan outlines the implementation of resources for Docker features that are currently unsupported in the `docker` cookbook, focusing on Swarm management and AI-native capabilities. + +## Objective +- Add support for core Swarm resources: `docker_secret` and `docker_config`. +- Add support for AI-native Docker features: `docker_model` and `docker_mcp`. +- Enhance `docker_container` to support `type=image` mounts. +- Add `docker_context` for endpoint management. + +## Proposed Resources + +### 1. Swarm Management +- **`docker_secret`**: Manage Docker secrets (`docker secret create/rm/inspect`). +- **`docker_config`**: Manage Docker configs (`docker config create/rm/inspect`). + +### 2. AI & Model Management (Docker v28+) +- **`docker_model`**: Resource to pull and manage local LLMs using the new `docker model` CLI. +- **`docker_mcp`**: Manage Model Context Protocol (MCP) servers and configurations. + +### 3. Storage Enhancements +- **`docker_container` updates**: Add support for `image` type in the `mounts` property to leverage direct layer mounting. + +### 4. Utility Resources +- **`docker_context`**: Manage Docker contexts for switching between local and remote engines. + +## Implementation Steps + +### Phase 1: Swarm Secrets and Configs +1. Create `resources/secret.rb`. +2. Create `resources/config.rb`. +3. Add corresponding unit tests in `spec/unit/resources/`. +4. Add integration tests in a new `test/cookbooks/docker_test/recipes/swarm_resources.rb`. + +### Phase 2: AI-Native Features +1. Research the `docker-api` gem's support for the new model and MCP endpoints. +2. Implement `resources/model.rb` if CLI execution is required or API is available. +3. Implement `resources/mcp.rb`. + +### Phase 3: Container & Context +1. Update `resources/container.rb` properties. +2. Create `resources/context.rb`. + +## Verification & Testing +- **Unit Tests**: Ensure 100% coverage for new resources using ChefSpec. +- **Integration Tests**: Expand Swarm suites to exercise secrets and configs. +- **Documentation**: Add new files to `documentation/` for each resource. diff --git a/conductor/modernization_plan.md b/conductor/modernization_plan.md new file mode 100644 index 0000000000..588c1cf2b2 --- /dev/null +++ b/conductor/modernization_plan.md @@ -0,0 +1,58 @@ +# Plan: Modernize Docker Cookbook + +This plan outlines the steps to modernize the `docker` cookbook by removing EOL platforms, adding support for newer distributions, and cleaning up legacy code. + +## Objective +- Sync supported platforms across `metadata.rb`, Kitchen files, and CI. +- Remove EOL platforms (Ubuntu 20.04, Debian 11, AlmaLinux 8, Rocky Linux 8). +- Add support for new platforms (Debian 13, AlmaLinux 10, Rocky Linux 10). +- Remove legacy `sysvinit` and `upstart` templates. +- Ensure all resources follow modern Sous Chefs patterns. + +## Key Files & Context +- `metadata.rb`: Supported platforms and version. +- `kitchen.yml`, `kitchen.dokken.yml`: Integration test platforms. +- `.github/workflows/ci.yml`: CI matrix. +- `resources/installation_package.rb`: Platform-specific installation logic. +- `templates/default/`: Legacy init templates. + +## Implementation Steps + +### Phase 1: Platform Modernization +1. **Update `metadata.rb`**: + - Refine `supports` to be more specific if possible, or ensure it accurately reflects the current state. + - Update `chef_version` to `>= 16.0`. +2. **Update `kitchen.yml`**: + - Remove `ubuntu-20.04`, `almalinux-8`, `rockylinux-8`. + - Add `almalinux-10`, `rockylinux-10`, `debian-13`. +3. **Update `kitchen.dokken.yml`**: + - Remove `ubuntu-20.04`, `almalinux-8`, `rockylinux-8`, `opensuse-leap-15` (if EOL). + - Ensure it matches `kitchen.yml`. +4. **Update `.github/workflows/ci.yml`**: + - Sync the `integration` and `smoke` matrices with the updated kitchen platforms. + +### Phase 2: Resource Updates +1. **Modernize `resources/installation_package.rb`**: + - Add `trixie?` helper for Debian 13. + - Update `version_string` to handle Debian 13. + - Update `apt_repository` `signed_by` logic for newer Debian/Ubuntu. +2. **Cleanup Legacy Code**: + - Delete `templates/default/sysvinit/` directory. + - Delete `templates/default/upstart/` directory. + +### Phase 3: Documentation & Maintenance +1. **Version Bump**: Increment version in `metadata.rb`. +2. **Verify Docs**: Ensure Swarm resources and other new features are accurately documented in `documentation/`. + +## Verification & Testing + +### Unit Testing +- Run `chef exec rspec` to ensure all unit tests pass after changes. +- Add or update specs for `installation_package` to cover Debian 13. + +### Integration Testing +- Run `kitchen list` to verify updated platform list. +- Run `kitchen test default-ubuntu-2404` (or other current platform) to ensure basic functionality. + +### Linting +- Run `cookstyle -a` to fix any style offenses. diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 1d8623e027..ead3061fad 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -7,11 +7,6 @@ transport: { name: dokken } provisioner: { name: dokken } platforms: - - name: almalinux-8 - driver: - image: dokken/almalinux-8 - pid_one_command: /usr/lib/systemd/systemd - - name: almalinux-9 driver: image: dokken/almalinux-9 @@ -52,11 +47,6 @@ platforms: image: dokken/fedora-latest pid_one_command: /usr/lib/systemd/systemd - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /usr/lib/systemd/systemd - - name: oraclelinux-8 driver: image: dokken/oraclelinux-8 @@ -67,11 +57,6 @@ platforms: image: dokken/oraclelinux-9 pid_one_command: /usr/lib/systemd/systemd - - name: rockylinux-8 - driver: - image: dokken/rockylinux-8 - pid_one_command: /usr/lib/systemd/systemd - - name: rockylinux-9 driver: image: dokken/rockylinux-9 @@ -82,11 +67,6 @@ platforms: image: dokken/rockylinux-10 pid_one_command: /usr/lib/systemd/systemd - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - - name: ubuntu-22.04 driver: image: dokken/ubuntu-22.04 diff --git a/kitchen.yml b/kitchen.yml index fe7aadaa95..1c140bddff 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -18,12 +18,12 @@ verifier: name: inspec platforms: - - name: almalinux-8 - name: almalinux-9 + - name: almalinux-10 - name: debian-12 - - name: rockylinux-8 + - name: debian-13 - name: rockylinux-9 - - name: ubuntu-20.04 + - name: rockylinux-10 - name: ubuntu-22.04 - name: ubuntu-24.04 diff --git a/metadata.rb b/metadata.rb index 9c1fa56f8f..a9c04739d5 100644 --- a/metadata.rb +++ b/metadata.rb @@ -3,18 +3,19 @@ maintainer_email 'help@sous-chefs.org' license 'Apache-2.0' description 'Provides docker_service, docker_image, and docker_container resources' -version '11.10.2' +version '11.11.0' source_url 'https://github.com/sous-chefs/docker' issues_url 'https://github.com/sous-chefs/docker/issues' -chef_version '>= 16.0', '< 19.0' +chef_version '>= 16.5' supports 'amazon' supports 'centos' -supports 'scientific' supports 'oracle' supports 'debian' supports 'fedora' supports 'redhat' supports 'ubuntu' +supports 'almalinux' +supports 'rocky' gem 'docker-api', '>= 2.3', '< 3' diff --git a/resources/installation_package.rb b/resources/installation_package.rb index c8cefffdaa..936441fc60 100644 --- a/resources/installation_package.rb +++ b/resources/installation_package.rb @@ -48,33 +48,13 @@ def ubuntu? false end -def stretch? - return true if platform?('debian') && node['platform_version'].to_i == 9 - false -end - -def buster? - return true if platform?('debian') && node['platform_version'].to_i == 10 - false -end - -def bullseye? - return true if platform?('debian') && node['platform_version'].to_i == 11 - false -end - def bookworm? return true if platform?('debian') && node['platform_version'].to_i == 12 false end -def bionic? - return true if platform?('ubuntu') && node['platform_version'] == '18.04' - false -end - -def focal? - return true if platform?('ubuntu') && node['platform_version'] == '20.04' +def trixie? + return true if platform?('debian') && node['platform_version'].to_i == 13 false end @@ -96,18 +76,10 @@ def amazonlinux_2023? # https://github.com/chef/chef/issues/4103 def version_string(v) return if v.nil? - codename = if stretch? # deb 9 - 'stretch' - elsif buster? # deb 10 - 'buster' - elsif bullseye? # deb 11 - 'bullseye' - elsif bookworm? # deb 12 + codename = if bookworm? # deb 12 'bookworm' - elsif bionic? # ubuntu 18.04 - 'bionic' - elsif focal? # ubuntu 20.04 - 'focal' + elsif trixie? # deb 13 + 'trixie' elsif jammy? # ubuntu 22.04 'jammy' elsif noble? # ubuntu 24.04 @@ -117,10 +89,7 @@ def version_string(v) # https://github.com/seemethere/docker-ce-packaging/blob/9ba8e36e8588ea75209d813558c8065844c953a0/deb/gen-deb-ver#L16-L20 test_version = '3' - if v.to_f < 18.06 && !bionic? - return "#{v}~ce-0~debian" if debian? - return "#{v}~ce-0~ubuntu" if ubuntu? - elsif v.to_f >= 23.0 && ubuntu? + if v.to_f >= 23.0 && ubuntu? "5:#{v}-1~ubuntu.#{node['platform_version']}~#{codename}" elsif v.to_f >= 18.09 && debuntu? return "5:#{v}~#{test_version}-0~debian-#{codename}" if debian? diff --git a/spec/docker_test/installation_package_spec.rb b/spec/docker_test/installation_package_spec.rb index a245299af3..edec2f51b0 100644 --- a/spec/docker_test/installation_package_spec.rb +++ b/spec/docker_test/installation_package_spec.rb @@ -202,15 +202,13 @@ # List generated from # https://download.docker.com/linux/ubuntu/dists/#{distro}/stable/binary-amd64/Packages - context 'version strings for Ubuntu 20.04' do - platform 'ubuntu', '20.04' + context 'version strings for Debian 12' do + platform 'debian', '12' cached(:subject) { chef_run } - [ - { docker_version: '19.03.10', expected: '5:19.03.10~3-0~ubuntu-focal' }, - { docker_version: '20.10.7', expected: '5:20.10.7~3-0~ubuntu-focal' }, + { docker_version: '24.0.0', expected: '5:24.0.0~3-0~debian-bookworm' }, ].each do |suite| - it 'generates the correct version string ubuntu focal' do + it 'generates the correct version string debian bookworm' do custom_resource = chef_run.docker_installation_package('default') actual = custom_resource.version_string(suite[:docker_version]) expect(actual).to eq(suite[:expected]) @@ -218,87 +216,45 @@ end end - # context 'version strings for Ubuntu 18.04' do - # platform 'ubuntu', '18.04' - # cached(:subject) { chef_run } - - # [ - # { docker_version: '18.03.1', expected: '18.03.1~ce~3-0~ubuntu' }, - # { docker_version: '18.06.0', expected: '18.06.0~ce~3-0~ubuntu' }, - # { docker_version: '18.06.1', expected: '18.06.1~ce~3-0~ubuntu' }, - # { docker_version: '18.09.0', expected: '5:18.09.0~3-0~ubuntu-bionic' }, - # { docker_version: '19.03.5', expected: '5:19.03.5~3-0~ubuntu-bionic' }, - # { docker_version: '20.10.7', expected: '5:20.10.7~3-0~ubuntu-bionic' }, - # ].each do |suite| - # it 'generates the correct version string ubuntu bionic' do - # custom_resource = chef_run.docker_installation_package('default') - # actual = custom_resource.version_string(suite[:docker_version]) - # expect(actual).to eq(suite[:expected]) - # end - # end - # end - - # context 'version strings for Debian 9' do - # platform 'debian', '9' - # cached(:subject) { chef_run } - # [ - # { docker_version: '17.06.0', expected: '17.06.0~ce-0~debian' }, - # { docker_version: '17.06.1', expected: '17.06.1~ce-0~debian' }, - # { docker_version: '17.09.0', expected: '17.09.0~ce-0~debian' }, - # { docker_version: '17.09.1', expected: '17.09.1~ce-0~debian' }, - # { docker_version: '17.12.0', expected: '17.12.0~ce-0~debian' }, - # { docker_version: '17.12.1', expected: '17.12.1~ce-0~debian' }, - # { docker_version: '18.03.0', expected: '18.03.0~ce-0~debian' }, - # { docker_version: '18.03.1', expected: '18.03.1~ce-0~debian' }, - # { docker_version: '18.06.0', expected: '18.06.0~ce~3-0~debian' }, - # { docker_version: '18.06.1', expected: '18.06.1~ce~3-0~debian' }, - # { docker_version: '18.09.0', expected: '5:18.09.0~3-0~debian-stretch' }, - # { docker_version: '19.03.5', expected: '5:19.03.5~3-0~debian-stretch' }, - # ].each do |suite| - # it 'generates the correct version string debian stretch' do - # custom_resource = chef_run.docker_installation_package('default') - # actual = custom_resource.version_string(suite[:docker_version]) - # expect(actual).to eq(suite[:expected]) - # end - # end - # end + context 'version strings for Debian 13' do + platform 'debian', '13' + cached(:subject) { chef_run } + [ + { docker_version: '27.0.0', expected: '5:27.0.0~3-0~debian-trixie' }, + ].each do |suite| + it 'generates the correct version string debian trixie' do + custom_resource = chef_run.docker_installation_package('default') + actual = custom_resource.version_string(suite[:docker_version]) + expect(actual).to eq(suite[:expected]) + end + end + end - # context 'version strings for Debian 10' do - # platform 'debian', '10' - # cached(:subject) { chef_run } - # [ - # { docker_version: '18.03.0', expected: '18.03.0~ce-0~debian' }, - # { docker_version: '18.03.1', expected: '18.03.1~ce-0~debian' }, - # { docker_version: '18.06.0', expected: '18.06.0~ce~3-0~debian' }, - # { docker_version: '18.06.1', expected: '18.06.1~ce~3-0~debian' }, - # { docker_version: '18.06.2', expected: '18.06.2~ce~3-0~debian' }, - # { docker_version: '18.06.3', expected: '18.06.3~ce~3-0~debian' }, - # { docker_version: '19.03.5', expected: '5:19.03.5~3-0~debian-buster' }, - # { docker_version: '18.09.0', expected: '5:18.09.0~3-0~debian-buster' }, - # { docker_version: '18.09.9', expected: '5:18.09.9~3-0~debian-buster' }, - # { docker_version: '19.03.0', expected: '5:19.03.0~3-0~debian-buster' }, - # { docker_version: '19.03.5', expected: '5:19.03.5~3-0~debian-buster' }, - # { docker_version: '20.10.7', expected: '5:20.10.7~3-0~debian-buster' }, - # ].each do |suite| - # it 'generates the correct version string debian buster' do - # custom_resource = chef_run.docker_installation_package('default') - # actual = custom_resource.version_string(suite[:docker_version]) - # expect(actual).to eq(suite[:expected]) - # end - # end - # end + context 'version strings for Ubuntu 22.04' do + platform 'ubuntu', '22.04' + cached(:subject) { chef_run } + [ + { docker_version: '24.0.0', expected: '5:24.0.0-1~ubuntu.22.04~jammy' }, + ].each do |suite| + it 'generates the correct version string ubuntu jammy' do + custom_resource = chef_run.docker_installation_package('default') + actual = custom_resource.version_string(suite[:docker_version]) + expect(actual).to eq(suite[:expected]) + end + end + end - # context 'version strings for Debian 11' do - # platform 'debian', '11' - # cached(:subject) { chef_run } - # [ - # { docker_version: '20.10.11', expected: '5:20.10.11~3-0~debian-bullseye' }, - # ].each do |suite| - # it 'generates the correct version string debian bullseye' do - # custom_resource = chef_run.docker_installation_package('default') - # actual = custom_resource.version_string(suite[:docker_version]) - # expect(actual).to eq(suite[:expected]) - # end - # end - # end + context 'version strings for Ubuntu 24.04' do + platform 'ubuntu', '24.04' + cached(:subject) { chef_run } + [ + { docker_version: '26.0.0', expected: '5:26.0.0-1~ubuntu.24.04~noble' }, + ].each do |suite| + it 'generates the correct version string ubuntu noble' do + custom_resource = chef_run.docker_installation_package('default') + actual = custom_resource.version_string(suite[:docker_version]) + expect(actual).to eq(suite[:expected]) + end + end + end end diff --git a/templates/default/sysvinit/docker-debian.erb b/templates/default/sysvinit/docker-debian.erb deleted file mode 100644 index 932798b2a7..0000000000 --- a/templates/default/sysvinit/docker-debian.erb +++ /dev/null @@ -1,155 +0,0 @@ -#!/bin/sh -set -e - -### BEGIN INIT INFO -# Provides: <%= @docker_name %> -# Required-Start: $syslog $remote_fs -# Required-Stop: $syslog $remote_fs -# Should-Start: cgroupfs-mount cgroup-lite -# Should-Stop: cgroupfs-mount cgroup-lite -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Create lightweight, portable, self-sufficient containers. -# Description: -# Docker is an open-source project to easily create lightweight, portable, -# self-sufficient containers from any application. The same container that a -# developer builds and tests on a laptop can run at scale, in production, on -# VMs, bare metal, OpenStack clusters, public clouds and more. -### END INIT INFO - -export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin - -BASE=<%= @docker_name %> - -# modify these in /etc/default/$BASE (/etc/default/docker) -DOCKER=<%= @dockerd_bin_link %> -DOCKER_OPTS="<%= @docker_daemon_arg %> <%= @docker_daemon_opts %>" -# This is the pid file managed by docker itself -DOCKER_PIDFILE=/var/run/$BASE.pid -# This is the pid file created/managed by start-stop-daemon -DOCKER_SSD_PIDFILE=/var/run/$BASE-ssd.pid -DOCKER_LOGFILE=/var/log/$BASE.log -DOCKER_DESC="Docker" - -# Get lsb functions -. /lib/lsb/init-functions - -if [ -f /etc/default/$BASE ]; then - . /etc/default/$BASE -fi - -# Check docker is present -if [ ! -x $DOCKER ]; then - log_failure_msg "$DOCKER not present or not executable" - exit 1 -fi - -check_init() { - # see also init_is_upstart in /lib/lsb/init-functions (which isn't available in Ubuntu 12.04, or we'd use it directly) - if [ -x /sbin/initctl ] && /sbin/initctl version 2>/dev/null | grep -q upstart; then - log_failure_msg "$DOCKER_DESC is managed via upstart, try using service $BASE $1" - exit 1 - fi -} - -fail_unless_root() { - if [ "$(id -u)" != '0' ]; then - log_failure_msg "$DOCKER_DESC must be run as root" - exit 1 - fi -} - -cgroupfs_mount() { - # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount - if grep -v '^#' /etc/fstab | grep -q cgroup \ - || [ ! -e /proc/cgroups ] \ - || [ ! -d /sys/fs/cgroup ]; then - return - fi - if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - fi - ( - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done - ) -} - -case "$1" in - start) - check_init - - fail_unless_root - - cgroupfs_mount - - touch "$DOCKER_LOGFILE" - chgrp docker "$DOCKER_LOGFILE" - - ulimit -n 1048576 - if [ "$BASH" ]; then - ulimit -u 1048576 - else - ulimit -p 1048576 - fi - - log_begin_msg "Starting $DOCKER_DESC: $BASE" - start-stop-daemon --start --background \ - --no-close \ - --exec "$DOCKER" \ - --pidfile "$DOCKER_SSD_PIDFILE" \ - --make-pidfile \ - -- \ - $DOCKER_OPTS \ - -p "$DOCKER_PIDFILE" \ - >> "$DOCKER_LOGFILE" 2>&1 - - <%= @docker_wait_ready %> > /dev/null 2>&1 - if [ $? -ne 0 ]; then - log_failure_msg "<%= @docker_socket %> failed to start" - exit 1 - fi - log_end_msg $? - ;; - - stop) - check_init - fail_unless_root - log_begin_msg "Stopping $DOCKER_DESC: $BASE" - start-stop-daemon --stop --pidfile "$DOCKER_SSD_PIDFILE" --retry 10 - log_end_msg $? - ;; - - restart) - check_init - fail_unless_root - docker_pid=`cat "$DOCKER_SSD_PIDFILE" 2>/dev/null` - [ -n "$docker_pid" ] \ - && ps -p $docker_pid > /dev/null 2>&1 \ - && $0 stop - $0 start - ;; - - force-reload) - check_init - fail_unless_root - $0 restart - ;; - - status) - check_init - status_of_proc -p "$DOCKER_SSD_PIDFILE" "$DOCKER" "$DOCKER_DESC" - ;; - - *) - echo "Usage: service docker {start|stop|restart|status}" - exit 1 - ;; -esac diff --git a/templates/default/sysvinit/docker-rhel.erb b/templates/default/sysvinit/docker-rhel.erb deleted file mode 100644 index 98e758f055..0000000000 --- a/templates/default/sysvinit/docker-rhel.erb +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/sh -# -# /etc/rc.d/init.d/<%= @docker_name %> -# -# Daemon for docker.com -# -# chkconfig: 2345 95 95 -# description: Daemon for docker.com - -### BEGIN INIT INFO -# Provides: docker -# Required-Start: $network cgconfig -# Required-Stop: -# Should-Start: -# Should-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: start and stop docker -# Description: Daemon for docker.com -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -prog="<%= @dockerd_bin_link %>" -instance=<%= @docker_name %> -unshare=/usr/bin/unshare -exec="$prog" -pidfile="/var/run/$instance.pid" -lockfile="/var/lock/subsys/$instance" -logfile="/var/log/$instance" - -[ -e /etc/sysconfig/$instance ] && . /etc/sysconfig/$instance - -prestart() { - service cgconfig status > /dev/null - - if [[ $? != 0 ]]; then - service cgconfig start - fi - -} - -start() { - [ -x $exec ] || exit 5 - - check_for_cleanup - - if ! [ -f $pidfile ]; then - prestart - printf "Starting $prog:\t" - echo "\n$(date)\n" >> $logfile - "$unshare" -m -- <%= @docker_daemon_cmd %> &>> $logfile & - <%= @docker_wait_ready %> - [ $? -eq 0 ] && success || failure - echo - else - failure - echo - printf "$pidfile still exists...\n" - exit 7 - fi -} - -stop() { - echo -n $"Stopping $prog: " - killproc -p $pidfile -d 300 $prog - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -force_reload() { - restart -} - -rh_status() { - status -p $pidfile $prog -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -check_for_cleanup() { - if [ -f ${pidfile} ]; then - /bin/ps -fp $(cat ${pidfile}) > /dev/null || rm ${pidfile} - fi -} - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac - -exit $? diff --git a/templates/default/upstart/docker.conf.erb b/templates/default/upstart/docker.conf.erb deleted file mode 100644 index 1055632205..0000000000 --- a/templates/default/upstart/docker.conf.erb +++ /dev/null @@ -1,51 +0,0 @@ -description "Docker daemon" - -start on (filesystem and net-device-up IFACE!=lo) -stop on runlevel [!2345] -limit nofile 524288 1048576 -limit nproc 524288 1048576 - -respawn - -kill timeout 20 - -pre-start script - # see also https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount - if grep -v '^#' /etc/fstab | grep -q cgroup \ - || [ ! -e /proc/cgroups ] \ - || [ ! -d /sys/fs/cgroup ]; then - exit 0 - fi - if ! mountpoint -q /sys/fs/cgroup; then - mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup - fi - ( - cd /sys/fs/cgroup - for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do - mkdir -p $sys - if ! mountpoint -q $sys; then - if ! mount -n -t cgroup -o $sys cgroup $sys; then - rmdir $sys || true - fi - fi - done - ) -end script - -script - # modify these in /etc/default/$UPSTART_JOB (/etc/default/docker) - if [ -f /etc/default/$UPSTART_JOB ]; then - . /etc/default/$UPSTART_JOB - fi - exec <%= @docker_daemon_cmd %> <%= @docker_raw_logs_arg %> -end script - -post-start script - <%= @docker_wait_ready %> - if [ $? -eq 0 ]; then - echo "<%= @docker_socket %> is up" - else - echo "<%= @docker_socket %> failed to start" - exit 1 - fi -end script From bb32d67fcedf6d36a691db5912fefb86745b3b05 Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Tue, 24 Mar 2026 12:46:55 +0000 Subject: [PATCH 2/8] chore: normalize Ubuntu platform names --- .github/workflows/ci.yml | 2 +- kitchen.dokken.yml | 4 ++-- kitchen.yml | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d08fab2cfd..160319a290 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -80,7 +80,7 @@ jobs: runs-on: ubuntu-24.04 strategy: matrix: - os: ["ubuntu-22.04"] + os: ["ubuntu-2204"] suite: ["swarm"] fail-fast: false steps: diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index ead3061fad..f57b7658c8 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -67,12 +67,12 @@ platforms: image: dokken/rockylinux-10 pid_one_command: /usr/lib/systemd/systemd - - name: ubuntu-22.04 + - name: ubuntu-2204 driver: image: dokken/ubuntu-22.04 pid_one_command: /bin/systemd - - name: ubuntu-24.04 + - name: ubuntu-2404 driver: image: dokken/ubuntu-24.04 pid_one_command: /bin/systemd diff --git a/kitchen.yml b/kitchen.yml index 1c140bddff..4644607143 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -24,8 +24,8 @@ platforms: - name: debian-13 - name: rockylinux-9 - name: rockylinux-10 - - name: ubuntu-22.04 - - name: ubuntu-24.04 + - name: ubuntu-2204 + - name: ubuntu-2404 suites: - name: installation_script @@ -149,7 +149,7 @@ suites: ############################### - name: swarm includes: - - ubuntu-22.04 + - ubuntu-2204 provisioner: enforce_idempotency: false multiple_converge: 1 From cd0c4b5363b912712abc351c04df828d43e31b4a Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Tue, 24 Mar 2026 12:50:28 +0000 Subject: [PATCH 3/8] chore: finish normalizing Ubuntu platform names Signed-off-by: Dan Webb --- .github/workflows/ci.yml | 15 +++++++++------ kitchen.global.yml | 6 ++---- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 160319a290..83073c5133 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,8 +30,9 @@ jobs: - centos-stream-10 - debian-12 - debian-13 - - ubuntu-22.04 - - ubuntu-24.04 + - "ubuntu-2204" + - "ubuntu-2404" + suite: - "installation-package" - "installation-tarball" @@ -59,8 +60,9 @@ jobs: - centos-stream-10 - debian-12 - debian-13 - - ubuntu-22.04 - - ubuntu-24.04 + - "ubuntu-2204" + - "ubuntu-2404" + suite: ["installation-script"] fail-fast: false steps: @@ -108,8 +110,9 @@ jobs: - "almalinux-10" - "debian-12" - "debian-13" - - "ubuntu-22.04" - - "ubuntu-24.04" + - "ubuntu-2204" + - "ubuntu-2404" + suite: - "smoke" fail-fast: false diff --git a/kitchen.global.yml b/kitchen.global.yml index 7199c0d627..65e6264979 100644 --- a/kitchen.global.yml +++ b/kitchen.global.yml @@ -24,8 +24,6 @@ platforms: - name: opensuse-leap-15 - name: oraclelinux-8 - name: oraclelinux-9 - - name: rockylinux-8 - name: rockylinux-9 - - name: ubuntu-20.04 - - name: ubuntu-22.04 - - name: ubuntu-24.04 + - name: ubuntu-2204 + - name: ubuntu-2404 From 5bc8552a1cf15ba7a12d4c1bfb31e1ead346c81a Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Tue, 24 Mar 2026 14:44:06 +0000 Subject: [PATCH 4/8] style: fix markdown linting errors in plan documents --- .markdownlint-cli2.yaml | 4 +++- conductor/future_resources_plan.md | 9 +++++++++ conductor/modernization_plan.md | 8 ++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml index 5bd1082b8d..e42be9b18b 100644 --- a/.markdownlint-cli2.yaml +++ b/.markdownlint-cli2.yaml @@ -3,6 +3,8 @@ config: line-length: false # MD013 no-duplicate-heading: false # MD024 reference-links-images: false # MD052 - no-multiple-blanks: false # MD032 + no-multiple-blanks: + maximum: 2 ignores: - .github/copilot-instructions.md + - .windsurf/** diff --git a/conductor/future_resources_plan.md b/conductor/future_resources_plan.md index 7e1f3d8460..646900387e 100644 --- a/conductor/future_resources_plan.md +++ b/conductor/future_resources_plan.md @@ -3,6 +3,7 @@ This plan outlines the implementation of resources for Docker features that are currently unsupported in the `docker` cookbook, focusing on Swarm management and AI-native capabilities. ## Objective + - Add support for core Swarm resources: `docker_secret` and `docker_config`. - Add support for AI-native Docker features: `docker_model` and `docker_mcp`. - Enhance `docker_container` to support `type=image` mounts. @@ -11,37 +12,45 @@ This plan outlines the implementation of resources for Docker features that are ## Proposed Resources ### 1. Swarm Management + - **`docker_secret`**: Manage Docker secrets (`docker secret create/rm/inspect`). - **`docker_config`**: Manage Docker configs (`docker config create/rm/inspect`). ### 2. AI & Model Management (Docker v28+) + - **`docker_model`**: Resource to pull and manage local LLMs using the new `docker model` CLI. - **`docker_mcp`**: Manage Model Context Protocol (MCP) servers and configurations. ### 3. Storage Enhancements + - **`docker_container` updates**: Add support for `image` type in the `mounts` property to leverage direct layer mounting. ### 4. Utility Resources + - **`docker_context`**: Manage Docker contexts for switching between local and remote engines. ## Implementation Steps ### Phase 1: Swarm Secrets and Configs + 1. Create `resources/secret.rb`. 2. Create `resources/config.rb`. 3. Add corresponding unit tests in `spec/unit/resources/`. 4. Add integration tests in a new `test/cookbooks/docker_test/recipes/swarm_resources.rb`. ### Phase 2: AI-Native Features + 1. Research the `docker-api` gem's support for the new model and MCP endpoints. 2. Implement `resources/model.rb` if CLI execution is required or API is available. 3. Implement `resources/mcp.rb`. ### Phase 3: Container & Context + 1. Update `resources/container.rb` properties. 2. Create `resources/context.rb`. ## Verification & Testing + - **Unit Tests**: Ensure 100% coverage for new resources using ChefSpec. - **Integration Tests**: Expand Swarm suites to exercise secrets and configs. - **Documentation**: Add new files to `documentation/` for each resource. diff --git a/conductor/modernization_plan.md b/conductor/modernization_plan.md index 588c1cf2b2..b393ac07d4 100644 --- a/conductor/modernization_plan.md +++ b/conductor/modernization_plan.md @@ -3,6 +3,7 @@ This plan outlines the steps to modernize the `docker` cookbook by removing EOL platforms, adding support for newer distributions, and cleaning up legacy code. ## Objective + - Sync supported platforms across `metadata.rb`, Kitchen files, and CI. - Remove EOL platforms (Ubuntu 20.04, Debian 11, AlmaLinux 8, Rocky Linux 8). - Add support for new platforms (Debian 13, AlmaLinux 10, Rocky Linux 10). @@ -10,6 +11,7 @@ This plan outlines the steps to modernize the `docker` cookbook by removing EOL - Ensure all resources follow modern Sous Chefs patterns. ## Key Files & Context + - `metadata.rb`: Supported platforms and version. - `kitchen.yml`, `kitchen.dokken.yml`: Integration test platforms. - `.github/workflows/ci.yml`: CI matrix. @@ -19,6 +21,7 @@ This plan outlines the steps to modernize the `docker` cookbook by removing EOL ## Implementation Steps ### Phase 1: Platform Modernization + 1. **Update `metadata.rb`**: - Refine `supports` to be more specific if possible, or ensure it accurately reflects the current state. - Update `chef_version` to `>= 16.0`. @@ -32,6 +35,7 @@ This plan outlines the steps to modernize the `docker` cookbook by removing EOL - Sync the `integration` and `smoke` matrices with the updated kitchen platforms. ### Phase 2: Resource Updates + 1. **Modernize `resources/installation_package.rb`**: - Add `trixie?` helper for Debian 13. - Update `version_string` to handle Debian 13. @@ -41,18 +45,22 @@ This plan outlines the steps to modernize the `docker` cookbook by removing EOL - Delete `templates/default/upstart/` directory. ### Phase 3: Documentation & Maintenance + 1. **Version Bump**: Increment version in `metadata.rb`. 2. **Verify Docs**: Ensure Swarm resources and other new features are accurately documented in `documentation/`. ## Verification & Testing ### Unit Testing + - Run `chef exec rspec` to ensure all unit tests pass after changes. - Add or update specs for `installation_package` to cover Debian 13. ### Integration Testing + - Run `kitchen list` to verify updated platform list. - Run `kitchen test default-ubuntu-2404` (or other current platform) to ensure basic functionality. ### Linting + - Run `cookstyle -a` to fix any style offenses. From 6f8a993df7f0dbcf693c44af6a1a86b67903fa10 Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Tue, 24 Mar 2026 15:15:49 +0000 Subject: [PATCH 5/8] chore: complete custom resource modernization --- LIMITATIONS.md | 28 +++++++++++++++++++ libraries/base.rb | 2 ++ libraries/helpers_coerce.rb | 2 ++ libraries/helpers_container.rb | 2 ++ libraries/helpers_json.rb | 2 ++ libraries/helpers_network.rb | 2 ++ libraries/helpers_service.rb | 2 ++ libraries/helpers_swarm.rb | 2 ++ resources/container.rb | 5 ++++ resources/exec.rb | 5 ++++ resources/image.rb | 5 ++++ resources/image_prune.rb | 5 ++++ resources/installation_package.rb | 2 ++ resources/installation_script.rb | 2 ++ resources/installation_tarball.rb | 2 ++ resources/network.rb | 5 ++++ resources/partial/_base.rb | 2 ++ resources/partial/_logging.rb | 2 ++ resources/partial/_service_base.rb | 2 ++ resources/plugin.rb | 5 ++++ resources/registry.rb | 5 ++++ resources/service.rb | 2 ++ resources/service_base.rb | 2 ++ resources/service_manager_execute.rb | 2 ++ resources/service_manager_systemd.rb | 2 ++ resources/swarm_init.rb | 2 ++ resources/swarm_join.rb | 2 ++ resources/swarm_service.rb | 2 ++ resources/swarm_token.rb | 2 ++ resources/tag.rb | 5 ++++ resources/volume.rb | 5 ++++ resources/volume_prune.rb | 5 ++++ spec/docker_test/container_spec.rb | 2 ++ spec/docker_test/exec_spec.rb | 2 ++ spec/docker_test/image_prune_spec.rb | 2 ++ spec/docker_test/image_spec.rb | 2 ++ spec/docker_test/installation_package_spec.rb | 2 ++ spec/docker_test/installation_tarball_spec.rb | 2 ++ spec/docker_test/network_spec.rb | 2 ++ spec/docker_test/plugin_spec.rb | 2 ++ spec/docker_test/registry_spec.rb | 2 ++ spec/docker_test/service_spec.rb | 2 ++ spec/docker_test/volume_spec.rb | 2 ++ spec/helpers_container_spec.rb | 2 ++ spec/helpers_network_spec.rb | 2 ++ spec/libraries/container_networks_spec.rb | 2 ++ spec/libraries/container_spec.rb | 2 ++ spec/libraries/image_prune_spec.rb | 2 ++ spec/libraries/registry_spec.rb | 2 ++ spec/spec_helper.rb | 2 ++ spec/unit/resources/swarm_init_spec.rb | 2 ++ spec/unit/resources/swarm_join_spec.rb | 2 ++ spec/unit/resources/swarm_service_spec.rb | 2 ++ 53 files changed, 162 insertions(+) create mode 100644 LIMITATIONS.md diff --git a/LIMITATIONS.md b/LIMITATIONS.md new file mode 100644 index 0000000000..53e1097173 --- /dev/null +++ b/LIMITATIONS.md @@ -0,0 +1,28 @@ +# Docker Cookbook Limitations + +## Supported Platforms + +This cookbook supports the following platforms: + +- Amazon Linux 2023 +- AlmaLinux 9/10 +- CentOS Stream 9/10 +- Debian 12/13 +- Fedora +- Oracle Linux 8/9 +- Rocky Linux 9/10 +- Red Hat Enterprise Linux 8/9 +- Ubuntu 22.04/24.04 + +## Supported Architectures + +- x86_64 +- aarch64 (arm64) +- armv7l (armhf) +- ppc64le (ppc64el) +- s390x (IBM Z) + +## Requirements + +- Chef Infra Client 16.5 or later +- `docker-api` gem diff --git a/libraries/base.rb b/libraries/base.rb index bd329a5a33..2780abe8a2 100644 --- a/libraries/base.rb +++ b/libraries/base.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module Docker module Cookbook module Helpers diff --git a/libraries/helpers_coerce.rb b/libraries/helpers_coerce.rb index 2893d2640c..9eaecd0510 100644 --- a/libraries/helpers_coerce.rb +++ b/libraries/helpers_coerce.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module DockerCookbook module DockerHelpers module Build diff --git a/libraries/helpers_container.rb b/libraries/helpers_container.rb index 301ff97aef..38c82b622f 100644 --- a/libraries/helpers_container.rb +++ b/libraries/helpers_container.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module DockerCookbook module DockerHelpers module Container diff --git a/libraries/helpers_json.rb b/libraries/helpers_json.rb index edf4ce9b78..d65f3ff0a6 100644 --- a/libraries/helpers_json.rb +++ b/libraries/helpers_json.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module DockerCookbook module DockerHelpers module Json diff --git a/libraries/helpers_network.rb b/libraries/helpers_network.rb index b6482ff06c..ea75a18a52 100644 --- a/libraries/helpers_network.rb +++ b/libraries/helpers_network.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module DockerCookbook module DockerHelpers module Network diff --git a/libraries/helpers_service.rb b/libraries/helpers_service.rb index f929308f98..63e909a8d5 100644 --- a/libraries/helpers_service.rb +++ b/libraries/helpers_service.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Constants IPV6_ADDR ||= /( ([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}| diff --git a/libraries/helpers_swarm.rb b/libraries/helpers_swarm.rb index 1c33aa623a..4cdf14a6bb 100644 --- a/libraries/helpers_swarm.rb +++ b/libraries/helpers_swarm.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + module DockerCookbook module DockerHelpers module Swarm diff --git a/resources/container.rb b/resources/container.rb index 288ccd6b03..10f1a6f223 100644 --- a/resources/container.rb +++ b/resources/container.rb @@ -1,7 +1,12 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' use 'partial/_logging' +resource_name :docker_container +provides :docker_container + include DockerCookbook::DockerHelpers::Container property :container_name, String, name_property: true diff --git a/resources/exec.rb b/resources/exec.rb index b79136ebd7..e544c5874d 100644 --- a/resources/exec.rb +++ b/resources/exec.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_exec +provides :docker_exec + property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false property :command, Array property :container, String diff --git a/resources/image.rb b/resources/image.rb index 2e5f219293..7faf395183 100644 --- a/resources/image.rb +++ b/resources/image.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_image +provides :docker_image + property :read_timeout, Integer, default: 120, desired_state: false property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false diff --git a/resources/image_prune.rb b/resources/image_prune.rb index c2cbfbc626..f6ec9e07d8 100644 --- a/resources/image_prune.rb +++ b/resources/image_prune.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_image_prune +provides :docker_image_prune + property :read_timeout, Integer, default: 120, desired_state: false property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false diff --git a/resources/installation_package.rb b/resources/installation_package.rb index 936441fc60..9efacd4746 100644 --- a/resources/installation_package.rb +++ b/resources/installation_package.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' diff --git a/resources/installation_script.rb b/resources/installation_script.rb index 63ff4a11b5..75e644ae6f 100644 --- a/resources/installation_script.rb +++ b/resources/installation_script.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' diff --git a/resources/installation_tarball.rb b/resources/installation_tarball.rb index ec390dfd8e..419856e827 100644 --- a/resources/installation_tarball.rb +++ b/resources/installation_tarball.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' diff --git a/resources/network.rb b/resources/network.rb index 8c4c4a08c5..ad338c19d0 100644 --- a/resources/network.rb +++ b/resources/network.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_network +provides :docker_network + require 'ipaddress' property :auxiliary_addresses, [String, Array, nil], coerce: proc { |v| coerce_auxiliary_addresses(v) } diff --git a/resources/partial/_base.rb b/resources/partial/_base.rb index 138752f736..99e7fd99e0 100644 --- a/resources/partial/_base.rb +++ b/resources/partial/_base.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'docker' require 'shellwords' diff --git a/resources/partial/_logging.rb b/resources/partial/_logging.rb index f63381cf72..2b4ced9adb 100644 --- a/resources/partial/_logging.rb +++ b/resources/partial/_logging.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + property :log_driver, equal_to: %w( json-file syslog journald gelf fluentd awslogs splunk etwlogs gcplogs logentries loki-docker none local ), default: 'json-file', diff --git a/resources/partial/_service_base.rb b/resources/partial/_service_base.rb index afa708504a..fa42e292af 100644 --- a/resources/partial/_service_base.rb +++ b/resources/partial/_service_base.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + ################ # Helper Methods ################ diff --git a/resources/plugin.rb b/resources/plugin.rb index 7573e70f6b..2bfbb2d889 100644 --- a/resources/plugin.rb +++ b/resources/plugin.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_plugin +provides :docker_plugin + property :local_alias, String, name_property: true property :remote_tag, String, default: 'latest' property :remote, String diff --git a/resources/registry.rb b/resources/registry.rb index 9872006fc5..4dc8103e7f 100644 --- a/resources/registry.rb +++ b/resources/registry.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_registry +provides :docker_registry + property :email, String property :password, String, diff --git a/resources/service.rb b/resources/service.rb index e81d3f9002..40601897ea 100644 --- a/resources/service.rb +++ b/resources/service.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' use 'partial/_service_base' diff --git a/resources/service_base.rb b/resources/service_base.rb index bbb16445fa..a9c5eb646b 100644 --- a/resources/service_base.rb +++ b/resources/service_base.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' use 'partial/_service_base' diff --git a/resources/service_manager_execute.rb b/resources/service_manager_execute.rb index f387f7e93b..d482c60361 100644 --- a/resources/service_manager_execute.rb +++ b/resources/service_manager_execute.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' use 'partial/_service_base' diff --git a/resources/service_manager_systemd.rb b/resources/service_manager_systemd.rb index 80a6db9e6c..b5153ce40a 100644 --- a/resources/service_manager_systemd.rb +++ b/resources/service_manager_systemd.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' use 'partial/_service_base' diff --git a/resources/swarm_init.rb b/resources/swarm_init.rb index 85d1def42b..8cdb5a28ce 100644 --- a/resources/swarm_init.rb +++ b/resources/swarm_init.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true include DockerCookbook::DockerHelpers::Swarm diff --git a/resources/swarm_join.rb b/resources/swarm_join.rb index cb4bdeaee4..f2b7973041 100644 --- a/resources/swarm_join.rb +++ b/resources/swarm_join.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true include DockerCookbook::DockerHelpers::Swarm diff --git a/resources/swarm_service.rb b/resources/swarm_service.rb index c273058289..040527c3b1 100644 --- a/resources/swarm_service.rb +++ b/resources/swarm_service.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true include DockerCookbook::DockerHelpers::Swarm diff --git a/resources/swarm_token.rb b/resources/swarm_token.rb index 5cbb08871a..410dc9eed8 100644 --- a/resources/swarm_token.rb +++ b/resources/swarm_token.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + unified_mode true include DockerCookbook::DockerHelpers::Swarm diff --git a/resources/tag.rb b/resources/tag.rb index 3e461a7918..09cdc73c40 100644 --- a/resources/tag.rb +++ b/resources/tag.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_tag +provides :docker_tag + property :target_repo, String, name_property: true property :target_tag, String property :to_repo, String diff --git a/resources/volume.rb b/resources/volume.rb index 8629baaa90..68dd19ebfd 100644 --- a/resources/volume.rb +++ b/resources/volume.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_volume +provides :docker_volume + property :driver, String, desired_state: false property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false property :opts, Hash, desired_state: false diff --git a/resources/volume_prune.rb b/resources/volume_prune.rb index 8b03031ca9..806a2bf829 100644 --- a/resources/volume_prune.rb +++ b/resources/volume_prune.rb @@ -1,6 +1,11 @@ +# frozen_string_literal: true + unified_mode true use 'partial/_base' +resource_name :docker_volume_prune +provides :docker_volume_prune + property :read_timeout, Integer, default: 120, desired_state: false property :host, [String, nil], default: lazy { ENV['DOCKER_HOST'] }, desired_state: false diff --git a/spec/docker_test/container_spec.rb b/spec/docker_test/container_spec.rb index bf771b0a9c..846279546c 100644 --- a/spec/docker_test/container_spec.rb +++ b/spec/docker_test/container_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::container' do diff --git a/spec/docker_test/exec_spec.rb b/spec/docker_test/exec_spec.rb index 8f13cdb51f..1373515259 100644 --- a/spec/docker_test/exec_spec.rb +++ b/spec/docker_test/exec_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::exec' do diff --git a/spec/docker_test/image_prune_spec.rb b/spec/docker_test/image_prune_spec.rb index e33bdb209c..325c9cce69 100644 --- a/spec/docker_test/image_prune_spec.rb +++ b/spec/docker_test/image_prune_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::image_prune' do diff --git a/spec/docker_test/image_spec.rb b/spec/docker_test/image_spec.rb index 23882b5216..a6a5ef61b2 100644 --- a/spec/docker_test/image_spec.rb +++ b/spec/docker_test/image_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::image' do diff --git a/spec/docker_test/installation_package_spec.rb b/spec/docker_test/installation_package_spec.rb index edec2f51b0..328d97e2e3 100644 --- a/spec/docker_test/installation_package_spec.rb +++ b/spec/docker_test/installation_package_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::installation_package' do diff --git a/spec/docker_test/installation_tarball_spec.rb b/spec/docker_test/installation_tarball_spec.rb index cd1e55d86a..46bf29d1c8 100644 --- a/spec/docker_test/installation_tarball_spec.rb +++ b/spec/docker_test/installation_tarball_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::installation_tarball' do diff --git a/spec/docker_test/network_spec.rb b/spec/docker_test/network_spec.rb index b5777cf304..e4e5ab1af2 100644 --- a/spec/docker_test/network_spec.rb +++ b/spec/docker_test/network_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::network' do diff --git a/spec/docker_test/plugin_spec.rb b/spec/docker_test/plugin_spec.rb index 37c5242739..ed19781fb6 100644 --- a/spec/docker_test/plugin_spec.rb +++ b/spec/docker_test/plugin_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::plugin' do diff --git a/spec/docker_test/registry_spec.rb b/spec/docker_test/registry_spec.rb index 9b32277819..1bec32e7a1 100644 --- a/spec/docker_test/registry_spec.rb +++ b/spec/docker_test/registry_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::registry' do diff --git a/spec/docker_test/service_spec.rb b/spec/docker_test/service_spec.rb index 7bd5a0f365..00512ba02f 100644 --- a/spec/docker_test/service_spec.rb +++ b/spec/docker_test/service_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' require_relative '../../libraries/helpers_service' diff --git a/spec/docker_test/volume_spec.rb b/spec/docker_test/volume_spec.rb index 9500ae61c0..a0218fe41b 100644 --- a/spec/docker_test/volume_spec.rb +++ b/spec/docker_test/volume_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_test::volume' do diff --git a/spec/helpers_container_spec.rb b/spec/helpers_container_spec.rb index 4410d1add1..7d32a2e735 100644 --- a/spec/helpers_container_spec.rb +++ b/spec/helpers_container_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # require 'rspec' # require 'rspec/its' # require_relative '../libraries/helpers_container' diff --git a/spec/helpers_network_spec.rb b/spec/helpers_network_spec.rb index 07bf6c7953..9c4c1867d9 100644 --- a/spec/helpers_network_spec.rb +++ b/spec/helpers_network_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # require 'rspec' # require_relative '../libraries/helpers_network' # diff --git a/spec/libraries/container_networks_spec.rb b/spec/libraries/container_networks_spec.rb index 4941460f49..7581238f4f 100644 --- a/spec/libraries/container_networks_spec.rb +++ b/spec/libraries/container_networks_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' require 'docker' require_relative '../../libraries/helpers_network' diff --git a/spec/libraries/container_spec.rb b/spec/libraries/container_spec.rb index 9271a5c3d3..257c15eef7 100644 --- a/spec/libraries/container_spec.rb +++ b/spec/libraries/container_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' require 'chef' require 'excon' diff --git a/spec/libraries/image_prune_spec.rb b/spec/libraries/image_prune_spec.rb index 2059ba2dbd..5c54b2d8a7 100644 --- a/spec/libraries/image_prune_spec.rb +++ b/spec/libraries/image_prune_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # TODO: Refactor test require 'spec_helper' require_relative '../../libraries/helpers_json' diff --git a/spec/libraries/registry_spec.rb b/spec/libraries/registry_spec.rb index 2f6126a608..d82fadfb5e 100644 --- a/spec/libraries/registry_spec.rb +++ b/spec/libraries/registry_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_registry' do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 963bbf564e..ea519e0e4a 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'chefspec' require 'chefspec/berkshelf' diff --git a/spec/unit/resources/swarm_init_spec.rb b/spec/unit/resources/swarm_init_spec.rb index 825c11aebb..a79f38fee8 100644 --- a/spec/unit/resources/swarm_init_spec.rb +++ b/spec/unit/resources/swarm_init_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_swarm_init' do diff --git a/spec/unit/resources/swarm_join_spec.rb b/spec/unit/resources/swarm_join_spec.rb index c867a4c445..dd6351607a 100644 --- a/spec/unit/resources/swarm_join_spec.rb +++ b/spec/unit/resources/swarm_join_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'docker_swarm_join' do diff --git a/spec/unit/resources/swarm_service_spec.rb b/spec/unit/resources/swarm_service_spec.rb index 6a50a55fcb..0a61b4fd30 100644 --- a/spec/unit/resources/swarm_service_spec.rb +++ b/spec/unit/resources/swarm_service_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # require 'spec_helper' # describe 'docker_swarm_service' do From ac14817cdc442f3689365c3d6f5cd0bb9d6245ed Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Tue, 24 Mar 2026 16:05:21 +0000 Subject: [PATCH 6/8] Update cookstyle to v8 Signed-off-by: Dan Webb --- .gitignore | 1 + .mise.toml | 2 + .tool-versions | 1 - Gemfile | 3 + libraries/helpers_network.rb | 2 +- libraries/helpers_service.rb | 4 +- resources/container.rb | 148 +++++++++--------- resources/exec.rb | 2 +- resources/installation_package.rb | 4 +- resources/network.rb | 14 +- resources/partial/_base.rb | 6 +- .../docker_test/recipes/container.rb | 8 +- 12 files changed, 100 insertions(+), 95 deletions(-) create mode 100644 .mise.toml delete mode 100644 .tool-versions create mode 100644 Gemfile diff --git a/.gitignore b/.gitignore index be3b9a8bc3..7cb588b291 100644 --- a/.gitignore +++ b/.gitignore @@ -25,6 +25,7 @@ _Store .rvmrc Gemfile.lock .bundle +/bin/ *.gem coverage spec/reports diff --git a/.mise.toml b/.mise.toml new file mode 100644 index 0000000000..d1cceb6e5a --- /dev/null +++ b/.mise.toml @@ -0,0 +1,2 @@ +[env] +_.path = ["{{config_root}}/bin", "/opt/chef-workstation/bin"] diff --git a/.tool-versions b/.tool-versions deleted file mode 100644 index 58f0386e1e..0000000000 --- a/.tool-versions +++ /dev/null @@ -1 +0,0 @@ -ruby system diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000000..9fb6ade805 --- /dev/null +++ b/Gemfile @@ -0,0 +1,3 @@ +source 'https://rubygems.org' + +gem 'cookstyle' diff --git a/libraries/helpers_network.rb b/libraries/helpers_network.rb index ea75a18a52..7db1f1a4d0 100644 --- a/libraries/helpers_network.rb +++ b/libraries/helpers_network.rb @@ -15,7 +15,7 @@ def ip_address_from_container_networks(container) # It might also not match the new_resource value if container.info['NetworkSettings'] && container.info['NetworkSettings']['Networks'] && - container.info['NetworkSettings']['Networks'].values[0] && + container.info['NetworkSettings']['Networks'].values.first && container.info['NetworkSettings']['Networks'].values[0]['IPAMConfig'] && container.info['NetworkSettings']['Networks'].values[0]['IPAMConfig']['IPv4Address'] # Return the ip address listed diff --git a/libraries/helpers_service.rb b/libraries/helpers_service.rb index 63e909a8d5..ae9f709cbe 100644 --- a/libraries/helpers_service.rb +++ b/libraries/helpers_service.rb @@ -117,10 +117,10 @@ def coerce_daemon_labels(v) Array(v).each_with_object([]) do |label, a| if label =~ /:/ parts = label.split(':') - a << "#{parts[0]}=\"#{parts[1]}\"" + a << "#{parts.first}=\"#{parts[1]}\"" elsif label =~ /=/ parts = label.split('=') - a << "#{parts[0]}=#{parts[1]}" + a << "#{parts.first}=#{parts[1]}" else Chef::Log.info("WARNING: docker_service label #{label} not valid") end diff --git a/resources/container.rb b/resources/container.rb index 10f1a6f223..dd57f5e2cd 100644 --- a/resources/container.rb +++ b/resources/container.rb @@ -73,7 +73,7 @@ property :sysctls, Hash, default: {} property :timeout, Integer, desired_state: false property :tmpfs, [Hash, Array], default: {}, coerce: proc { |v| coerce_tmpfs(v) }, - description: 'A hash or array of tmpfs mounts to add to the container. Hash format: { "/path" => "size=100M,uid=1000" }. Array format: ["/path", "/path2"]. See https://docs.docker.com/storage/tmpfs/' + description: 'A hash or array of tmpfs mounts to add to the container. Hash format: { "/path" => "size=100M,uid=1000" }. Array format: ["/path", "/path2"]. See https://docs.docker.com/storage/tmpfs/' property :tty, [true, false], default: false property :ulimits, [Array, nil], coerce: proc { |v| coerce_ulimits(v) } property :user, String @@ -87,7 +87,7 @@ property :gpu_driver, String, default: 'nvidia', description: 'GPU driver to use for container (e.g., nvidia)' # Used to store the bind property since binds is an alias to volumes -property :volumes_binds, Array, coerce: proc { |v| v.sort } +property :volumes_binds, Array, coerce: proc(&:sort) # Used to store the state of the Docker container property :container, Docker::Container, desired_state: false @@ -206,7 +206,7 @@ def coerce_volumes(v) PartialHash[v] else b = [] - v = Array(v).to_a # in case v.is_A?(Chef::Node::ImmutableArray) + v = Array(v) # in case v.is_A?(Chef::Node::ImmutableArray) v.delete_if do |x| parts = x.split(':') b << x if parts.length > 1 @@ -260,27 +260,27 @@ def parse_port(v) parts = v.split(':') case parts.length when 3 - host_ip = parts[0] + host_ip = parts.first host_port = parts[1].split('-') container_port = parts[2].split('-') when 2 host_ip = '0.0.0.0' - host_port = parts[0].split('-') + host_port = parts.first.split('-') container_port = parts[1].split('-') when 1 host_ip = '' host_port = [''] - container_port = parts[0].split('-') + container_port = parts.first.split('-') end host_port.map!(&:to_i) unless host_port == [''] container_port.map!(&:to_i) if host_port.count > 1 - Chef::Log.fatal("FATAL: Invalid port range! #{host_port}") if host_port[0] > host_port[1] - host_port = (host_port[0]..host_port[1]).to_a + Chef::Log.fatal("FATAL: Invalid port range! #{host_port}") if host_port.first > host_port[1] + host_port = (host_port.first..host_port[1]).to_a end if container_port.count > 1 - Chef::Log.fatal("FATAL: Invalid port range! #{container_port}") if container_port[0] > container_port[1] - container_port = (container_port[0]..container_port[1]).to_a + Chef::Log.fatal("FATAL: Invalid port range! #{container_port}") if container_port.first > container_port[1] + container_port = (container_port.first..container_port[1]).to_a end Chef::Log.fatal('FATAL: Port range size does not match!') if host_port.count > 1 && host_port.count != container_port.count # qualify the port-binding protocol even when it is implicitly tcp #427. @@ -408,7 +408,7 @@ def to_snake_case(name) # reload_signal is not persisted elsewhere, and will cause container # to restart if different from the default value - public_send('reload_signal', new_resource.reload_signal) + reload_signal(new_resource.reload_signal) # Go through everything in the container and set corresponding properties: # c.info['Config']['ExposedPorts'] -> exposed_ports @@ -461,7 +461,7 @@ def load_container_labels engine_labels.any? { |k, v| k == key && v == val } end - public_send(:labels, labels) + labels(labels) end action :run do @@ -479,71 +479,71 @@ def load_container_labels with_retries do config = { - 'name' => new_resource.container_name, - 'Image' => new_resource.tag.to_s.start_with?('sha256:') ? "#{new_resource.repo}@#{new_resource.tag}" : "#{new_resource.repo}:#{new_resource.tag}", - 'Labels' => new_resource.labels, - 'Cmd' => to_shellwords(new_resource.command), - 'AttachStderr' => new_resource.attach_stderr, - 'AttachStdin' => new_resource.attach_stdin, - 'AttachStdout' => new_resource.attach_stdout, - 'Domainname' => new_resource.domain_name, - 'Entrypoint' => to_shellwords(new_resource.entrypoint), - 'Env' => new_resource.env + read_env_file, - 'ExposedPorts' => new_resource.exposed_ports, - 'Healthcheck' => new_resource.health_check, - 'Hostname' => parsed_hostname, - 'MacAddress' => new_resource.mac_address, + 'name' => new_resource.container_name, + 'Image' => new_resource.tag.to_s.start_with?('sha256:') ? "#{new_resource.repo}@#{new_resource.tag}" : "#{new_resource.repo}:#{new_resource.tag}", + 'Labels' => new_resource.labels, + 'Cmd' => to_shellwords(new_resource.command), + 'AttachStderr' => new_resource.attach_stderr, + 'AttachStdin' => new_resource.attach_stdin, + 'AttachStdout' => new_resource.attach_stdout, + 'Domainname' => new_resource.domain_name, + 'Entrypoint' => to_shellwords(new_resource.entrypoint), + 'Env' => new_resource.env + read_env_file, + 'ExposedPorts' => new_resource.exposed_ports, + 'Healthcheck' => new_resource.health_check, + 'Hostname' => parsed_hostname, + 'MacAddress' => new_resource.mac_address, 'NetworkDisabled' => new_resource.network_disabled, - 'OpenStdin' => new_resource.open_stdin, - 'StdinOnce' => new_resource.stdin_once, - 'Tty' => new_resource.tty, - 'User' => new_resource.user, - 'Volumes' => new_resource.volumes, - 'WorkingDir' => new_resource.working_dir, - 'HostConfig' => { - 'Binds' => new_resource.volumes_binds, - 'CapAdd' => new_resource.cap_add, - 'CapDrop' => new_resource.cap_drop, - 'CgroupParent' => new_resource.cgroup_parent, - 'CgroupnsMode' => new_resource.cgroup_ns, - 'CpuShares' => new_resource.cpu_shares, - 'CpusetCpus' => new_resource.cpuset_cpus, - 'Devices' => new_resource.devices, - 'Dns' => new_resource.dns, - 'DnsSearch' => new_resource.dns_search, - 'ExtraHosts' => new_resource.extra_hosts, - 'IpcMode' => new_resource.ipc_mode, - 'Init' => new_resource.init, - 'KernelMemory' => new_resource.kernel_memory, - 'Links' => new_resource.links, - 'LogConfig' => log_config, - 'Memory' => new_resource.memory, - 'MemorySwap' => new_resource.memory_swap, + 'OpenStdin' => new_resource.open_stdin, + 'StdinOnce' => new_resource.stdin_once, + 'Tty' => new_resource.tty, + 'User' => new_resource.user, + 'Volumes' => new_resource.volumes, + 'WorkingDir' => new_resource.working_dir, + 'HostConfig' => { + 'Binds' => new_resource.volumes_binds, + 'CapAdd' => new_resource.cap_add, + 'CapDrop' => new_resource.cap_drop, + 'CgroupParent' => new_resource.cgroup_parent, + 'CgroupnsMode' => new_resource.cgroup_ns, + 'CpuShares' => new_resource.cpu_shares, + 'CpusetCpus' => new_resource.cpuset_cpus, + 'Devices' => new_resource.devices, + 'Dns' => new_resource.dns, + 'DnsSearch' => new_resource.dns_search, + 'ExtraHosts' => new_resource.extra_hosts, + 'IpcMode' => new_resource.ipc_mode, + 'Init' => new_resource.init, + 'KernelMemory' => new_resource.kernel_memory, + 'Links' => new_resource.links, + 'LogConfig' => log_config, + 'Memory' => new_resource.memory, + 'MemorySwap' => new_resource.memory_swap, 'MemorySwappiness' => new_resource.memory_swappiness, 'MemoryReservation' => new_resource.memory_reservation, - 'NanoCpus' => new_resource.cpus, - 'NetworkMode' => normalize_container_network_mode(new_resource.network_mode), - 'OomKillDisable' => new_resource.oom_kill_disable, - 'OomScoreAdj' => new_resource.oom_score_adj, - 'Privileged' => new_resource.privileged, - 'PidMode' => new_resource.pid_mode, - 'PortBindings' => new_resource.port_bindings, + 'NanoCpus' => new_resource.cpus, + 'NetworkMode' => normalize_container_network_mode(new_resource.network_mode), + 'OomKillDisable' => new_resource.oom_kill_disable, + 'OomScoreAdj' => new_resource.oom_score_adj, + 'Privileged' => new_resource.privileged, + 'PidMode' => new_resource.pid_mode, + 'PortBindings' => new_resource.port_bindings, 'PublishAllPorts' => new_resource.publish_all_ports, - 'RestartPolicy' => { - 'Name' => new_resource.restart_policy, + 'RestartPolicy' => { + 'Name' => new_resource.restart_policy, 'MaximumRetryCount' => new_resource.restart_maximum_retry_count, }, - 'ReadonlyRootfs' => new_resource.ro_rootfs, - 'Runtime' => new_resource.runtime, - 'SecurityOpt' => new_resource.security_opt, - 'ShmSize' => new_resource.shm_size, - 'Sysctls' => new_resource.sysctls, - 'Tmpfs' => new_resource.tmpfs, - 'Ulimits' => ulimits_to_hash, - 'UsernsMode' => new_resource.userns_mode, - 'UTSMode' => new_resource.uts_mode, - 'VolumesFrom' => new_resource.volumes_from, - 'VolumeDriver' => new_resource.volume_driver, + 'ReadonlyRootfs' => new_resource.ro_rootfs, + 'Runtime' => new_resource.runtime, + 'SecurityOpt' => new_resource.security_opt, + 'ShmSize' => new_resource.shm_size, + 'Sysctls' => new_resource.sysctls, + 'Tmpfs' => new_resource.tmpfs, + 'Ulimits' => ulimits_to_hash, + 'UsernsMode' => new_resource.userns_mode, + 'UTSMode' => new_resource.uts_mode, + 'VolumesFrom' => new_resource.volumes_from, + 'VolumeDriver' => new_resource.volume_driver, }, } net_config = { @@ -699,7 +699,7 @@ def validate_container_create raise Chef::Exceptions::ValidationFailed, 'restart_policy must be either no, always, unless-stopped, or on-failure.' end - if new_resource.autoremove == true && (new_resource.property_is_set?(:restart_policy) && new_resource.restart_policy != 'no') + if new_resource.autoremove == true && new_resource.property_is_set?(:restart_policy) && new_resource.restart_policy != 'no' raise Chef::Exceptions::ValidationFailed, 'Conflicting options restart_policy and autoremove.' end @@ -754,8 +754,8 @@ def state def ulimits_to_hash return if new_resource.ulimits.nil? new_resource.ulimits.map do |u| - name = u.split('=')[0] - soft = u.split('=')[1].split(':')[0] + name = u.split('=').first + soft = u.split('=')[1].split(':').first hard = u.split('=')[1].split(':')[1] { 'Name' => name, 'Soft' => soft.to_i, 'Hard' => hard.to_i } end diff --git a/resources/exec.rb b/resources/exec.rb index e544c5874d..3698ce211f 100644 --- a/resources/exec.rb +++ b/resources/exec.rb @@ -12,7 +12,7 @@ property :timeout, Numeric, default: 60, desired_state: false property :container_obj, Docker::Container, desired_state: false property :returns, [ Integer, Array ], coerce: proc { |v| Array(v) }, default: [0], - description: 'The return value for a command. This may be an array of accepted values. An exception is raised when the return value(s) do not match.' + description: 'The return value for a command. This may be an array of accepted values. An exception is raised when the return value(s) do not match.' alias_method :cmd, :command diff --git a/resources/installation_package.rb b/resources/installation_package.rb index 9efacd4746..6134fd9371 100644 --- a/resources/installation_package.rb +++ b/resources/installation_package.rb @@ -95,7 +95,7 @@ def version_string(v) "5:#{v}-1~ubuntu.#{node['platform_version']}~#{codename}" elsif v.to_f >= 18.09 && debuntu? return "5:#{v}~#{test_version}-0~debian-#{codename}" if debian? - return "5:#{v}~#{test_version}-0~ubuntu-#{codename}" if ubuntu? + "5:#{v}~#{test_version}-0~ubuntu-#{codename}" if ubuntu? else return "#{v}~ce~#{test_version}-0~debian" if debian? return "#{v}~ce~#{test_version}-0~ubuntu" if ubuntu? @@ -162,7 +162,7 @@ def version_string(v) # TODO: This eventually should go away once Debian 12 and Ubuntu 24.04 go EOL if (debian? && node['platform_version'].to_i < 13) || (ubuntu? && node['platform_version'].to_f <= 24.04) signed_by false - end if Chef::VERSION >= Gem::Version.new('18.7.10') + end if Gem::Version.new('18.7.10') <= Chef::VERSION action :add end diff --git a/resources/network.rb b/resources/network.rb index ad338c19d0..d62727feb4 100644 --- a/resources/network.rb +++ b/resources/network.rb @@ -41,25 +41,25 @@ def coerce_auxiliary_addresses(v) e.each { |key, val| ray << "#{key}=#{val}" } end end - ray.length == 1 ? ray[0] : ray + ray.length == 1 ? ray.first : ray end def coerce_gateway(v) case v when String - v.split('/')[0] + v.split('/').first when Array - ray = Array(v).map { |a| a.split('/')[0] } - ray.length == 1 ? ray[0] : ray + ray = Array(v).map { |a| a.split('/').first } + ray.length == 1 ? ray.first : ray end end def coerce_subnet(v) - Array(v).length == 1 ? Array(v)[0] : v + Array(v).length == 1 ? Array(v).first : v end def coerce_ip_range(v) - Array(v).length == 1 ? Array(v)[0] : v + Array(v).length == 1 ? Array(v).first : v end #################### @@ -224,7 +224,7 @@ def consolidate_ipam(subnets, ranges, gateways, auxaddrs) # Check overlapping subnets subnets.each do |s| - data.each do |k, _| + data.each_key do |k| if subnet_matches(s, k) || subnet_matches(k, s) raise 'multiple overlapping subnet configuration is not supported' end diff --git a/resources/partial/_base.rb b/resources/partial/_base.rb index 99e7fd99e0..cdfa257c4e 100644 --- a/resources/partial/_base.rb +++ b/resources/partial/_base.rb @@ -29,9 +29,9 @@ def with_retries(&_block) yield # Only catch errors that can be fixed with retries. rescue Docker::Error::ServerError, # 500 - Docker::Error::UnexpectedResponseError, # 400 - Docker::Error::TimeoutError, - Docker::Error::IOError + Docker::Error::UnexpectedResponseError, # 400 + Docker::Error::TimeoutError, + Docker::Error::IOError tries -= 1 retry if tries > 0 raise diff --git a/test/cookbooks/docker_test/recipes/container.rb b/test/cookbooks/docker_test/recipes/container.rb index 56beb99cba..29e569d49d 100644 --- a/test/cookbooks/docker_test/recipes/container.rb +++ b/test/cookbooks/docker_test/recipes/container.rb @@ -311,10 +311,10 @@ tag '3.1' command 'df -h' tmpfs({ - '/tmpfs1' => '', - '/tmpfs2' => 'size=20M,uid=1000', - '/tmpfs3' => 'rw,noexec,nosuid,size=50M', - }) + '/tmpfs1' => '', + '/tmpfs2' => 'size=20M,uid=1000', + '/tmpfs3' => 'rw,noexec,nosuid,size=50M', + }) action :run_if_missing end From a4199a474806d84a3d94d5514661291844d9c5cb Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Wed, 25 Mar 2026 10:42:53 +0000 Subject: [PATCH 7/8] ci: migrate integration tests to exec driver on ubuntu-latest This change moves all CI integration tests to run directly on the GitHub Actions host using the 'exec' driver. This avoids issues with nested virtualization on standard Azure-hosted runners while still providing a full systemd environment for testing the docker cookbook. - Update .github/workflows/ci.yml to use ubuntu-latest and kitchen.exec.yml - Remove VirtualBox/Vagrant setup from CI - Consolidate integration suites in CI - Update kitchen.exec.yml with all test suites - Remove kitchen.dokken.yml --- .github/workflows/ci.yml | 105 ++++----------------------------------- kitchen.dokken.yml | 78 ----------------------------- kitchen.exec.yml | 99 +++++++++++++++++++++++++++++++++++- 3 files changed, 107 insertions(+), 175 deletions(-) delete mode 100644 kitchen.dokken.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 83073c5133..512da5dee5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,120 +19,35 @@ jobs: integration: needs: lint-unit - runs-on: ubuntu-24.04 + runs-on: ubuntu-latest strategy: matrix: - os: - - almalinux-9 - - almalinux-10 - - amazonlinux-2023 - - centos-stream-9 - - centos-stream-10 - - debian-12 - - debian-13 - - "ubuntu-2204" - - "ubuntu-2404" - suite: - "installation-package" - "installation-tarball" + - "installation-script" - "install-and-stop" - fail-fast: false - steps: - - name: Check out code - uses: actions/checkout@v6 - - - name: Test Kitchen - uses: ./.github/actions/test-kitchen - with: - kitchen-yaml: kitchen.dokken.yml - suite: ${{ matrix.suite }} - os: ${{ matrix.os }} - license-id: ${{ secrets.CHEF_LICENSE_KEY }} - - installation-script: - needs: lint-unit - runs-on: ubuntu-24.04 - strategy: - matrix: - os: - - centos-stream-9 - - centos-stream-10 - - debian-12 - - debian-13 - - "ubuntu-2204" - - "ubuntu-2404" - - suite: ["installation-script"] - fail-fast: false - steps: - - name: Check out code - uses: actions/checkout@v6 - - - name: Test Kitchen - uses: ./.github/actions/test-kitchen - with: - kitchen-yaml: kitchen.dokken.yml - suite: ${{ matrix.suite }} - os: ${{ matrix.os }} - license-id: ${{ secrets.CHEF_LICENSE_KEY }} - - swarm: - needs: lint-unit - runs-on: ubuntu-24.04 - strategy: - matrix: - os: ["ubuntu-2204"] - suite: ["swarm"] - fail-fast: false - steps: - - name: Check out code - uses: actions/checkout@v6 - - - name: Setup VirtualBox & Vagrant - uses: ./.github/actions/virtualbox-setup - - - name: Test Kitchen - uses: ./.github/actions/test-kitchen - with: - kitchen-yaml: kitchen.yml - suite: ${{ matrix.suite }} - os: ${{ matrix.os }} - license-id: ${{ secrets.CHEF_LICENSE_KEY }} - - smoke: - needs: lint-unit - runs-on: ubuntu-latest - strategy: - matrix: - os: - - "almalinux-9" - - "almalinux-10" - - "debian-12" - - "debian-13" - - "ubuntu-2204" - - "ubuntu-2404" - - suite: + - "resources" + - "network" + - "volume" + - "registry" + - "swarm" - "smoke" fail-fast: false steps: - name: Check out code uses: actions/checkout@v6 - - name: Setup VirtualBox & Vagrant - uses: ./.github/actions/virtualbox-setup - - name: Test Kitchen uses: ./.github/actions/test-kitchen with: - kitchen-yaml: kitchen.yml + kitchen-yaml: kitchen.exec.yml suite: ${{ matrix.suite }} - os: ${{ matrix.os }} + os: "ubuntu-latest" license-id: ${{ secrets.CHEF_LICENSE_KEY }} final: - needs: [lint-unit, installation-script, integration, swarm, smoke] + needs: [lint-unit, integration] runs-on: ubuntu-latest steps: - name: Complete diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml deleted file mode 100644 index f57b7658c8..0000000000 --- a/kitchen.dokken.yml +++ /dev/null @@ -1,78 +0,0 @@ -driver: - name: dokken - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - -transport: { name: dokken } -provisioner: { name: dokken } - -platforms: - - name: almalinux-9 - driver: - image: dokken/almalinux-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: almalinux-10 - driver: - image: dokken/almalinux-10 - pid_one_command: /usr/lib/systemd/systemd - - - name: amazonlinux-2023 - driver: - image: dokken/amazonlinux-2023 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-stream-9 - driver: - image: dokken/centos-stream-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-stream-10 - driver: - image: dokken/centos-stream-10 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-12 - driver: - image: dokken/debian-12 - pid_one_command: /bin/systemd - - - name: debian-13 - driver: - image: dokken/debian-13 - pid_one_command: /usr/lib/systemd/systemd - - - name: fedora-latest - driver: - image: dokken/fedora-latest - pid_one_command: /usr/lib/systemd/systemd - - - name: oraclelinux-8 - driver: - image: dokken/oraclelinux-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: oraclelinux-9 - driver: - image: dokken/oraclelinux-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: rockylinux-9 - driver: - image: dokken/rockylinux-9 - pid_one_command: /usr/lib/systemd/systemd - - - name: rockylinux-10 - driver: - image: dokken/rockylinux-10 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-2204 - driver: - image: dokken/ubuntu-22.04 - pid_one_command: /bin/systemd - - - name: ubuntu-2404 - driver: - image: dokken/ubuntu-24.04 - pid_one_command: /bin/systemd diff --git a/kitchen.exec.yml b/kitchen.exec.yml index ba7b2a962f..27b15a85ab 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -1,7 +1,102 @@ --- -driver: { name: exec } -transport: { name: exec } +driver: + name: exec + +transport: + name: exec + +provisioner: + name: chef_infra + product_name: <%= ENV['CHEF_PRODUCT_NAME'] || 'chef' %> + product_version: <%= ENV['CHEF_VERSION'] || 'latest' %> + enforce_idempotency: true + multiple_converge: 2 + deprecations_as_errors: true + chef_license: accept-no-persist + +verifier: + name: inspec platforms: + - name: ubuntu-latest - name: macos-latest - name: windows-latest + +suites: + - name: installation_script + run_list: + - recipe[docker_test::installation_script] + + - name: installation_package + run_list: + - recipe[docker_test::installation_package] + + - name: installation_tarball + run_list: + - recipe[docker_test::installation_tarball] + + - name: install_and_stop + run_list: + - recipe[docker_test::install_and_stop] + + - name: resources + provisioner: + enforce_idempotency: false + multiple_converge: 1 + run_list: + - recipe[docker_test::default] + - recipe[docker_test::image] + - recipe[docker_test::container] + - recipe[docker_test::exec] + - recipe[docker_test::plugin] + - recipe[docker_test::image_prune] + - recipe[docker_test::volume_prune] + + - name: network + provisioner: + enforce_idempotency: false + multiple_converge: 1 + run_list: + - recipe[docker_test::default] + - recipe[docker_test::network] + + - name: volume + provisioner: + enforce_idempotency: false + multiple_converge: 1 + run_list: + - recipe[docker_test::default] + - recipe[docker_test::volume] + - recipe[docker_test::volume_prune] + + - name: registry + provisioner: + enforce_idempotency: false + multiple_converge: 1 + run_list: + - recipe[docker_test::default] + - recipe[docker_test::registry] + + - name: swarm + provisioner: + enforce_idempotency: false + multiple_converge: 1 + attributes: + docker: + swarm: + init: + advertise_addr: '127.0.0.1' + listen_addr: '0.0.0.0:2377' + rotate_token: true + service: + name: 'web' + image: 'nginx:latest' + publish: ['80:80'] + replicas: 2 + run_list: + - recipe[docker_test::swarm] + - recipe[docker_test::swarm_service] + + - name: smoke + run_list: + - recipe[docker_test::smoke] From d1c94f6f5459b73de4b6e9faa94c3986b10f9389 Mon Sep 17 00:00:00 2001 From: Dan Webb Date: Wed, 25 Mar 2026 12:25:26 +0000 Subject: [PATCH 8/8] ci: optimize kitchen.exec.yml for GHA runner environment Adds sudo: true and disables omnibus installation to leverage the pre-installed Chef Workstation on the GHA runner host. --- kitchen.exec.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kitchen.exec.yml b/kitchen.exec.yml index 27b15a85ab..0e39c811f9 100644 --- a/kitchen.exec.yml +++ b/kitchen.exec.yml @@ -1,6 +1,7 @@ --- driver: name: exec + sudo: true transport: name: exec @@ -13,6 +14,7 @@ provisioner: multiple_converge: 2 deprecations_as_errors: true chef_license: accept-no-persist + chef_omnibus_install: false verifier: name: inspec