Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

rkt (3) Versions 0.2.0

This cookbook allows management of coreos rkt

Policyfile
Berkshelf
Knife
cookbook 'rkt', '~> 0.2.0', :supermarket
cookbook 'rkt', '~> 0.2.0'
knife supermarket install rkt
knife supermarket download rkt
README
Dependencies
Changelog
Quality 0%

chef-rkt

build status cookbook version


This cookbook has its home on gitlab.com and has a mirror
on github.com. Development is done on gitlab.com only.


Chef cookbook for management of coreos rkt.

Requirements

Supported distributions:

  • EL 7 (CentOS, RHEL, ...) (with kernel >=3.18)
  • Ubuntu >=14.04
  • Debian 8 (with kernel >=3.18)

rkt requires kernel >=3.18.

Recipe install_mainline_kernel can help with installation of mainline kernel on EL 7 systems.

Usage

Installation of rkt

  • Usage in other cookbook
    • Add depends 'rkt' to metadata.rb of your cookbook
    • Include it in some recipe:
include_recipe 'rkt'
  • Usage in the run list of your node
{
  "name":"examplenode",
  "run_list": [
    "recipe[rkt]"
  ]
}

Use rkt resources

Fetch and start etcd:

rkt_image 'coreos.com/etcd:v2.3.0' do
  trust_keys_from_https true
end

rkt_pod 'myetcd' do
  image 'coreos.com/etcd:v2.3.0'
end

and the same with one command:

rkt_pod 'myetcd' do
  image 'coreos.com/etcd:v2.3.0'
  trust_keys_from_https true
end

remove and cleanup:

rkt_pod 'myetcd' do
  action :delete
end

rkt_image 'coreos.com/etcd:v2.3.0' do
  action :delete
end

rkt_trust 'coreos.com/etcd' do
  action :delete
end

Recipes

Recipes in this cookbook can help with installation of coreos rkt. Management of rkt resources is done via custom resources, which are documented below.

default

The default recipe invokes the installation recipe install only.

install

This recipe is responsible for rkt installation and includes some other recipes if needed.

Two different installation types of rkt are supported:

There is also a check of kernel version for possible known issues.

Attributes

Key Default Description
['rkt']['install']['type'] tgz Installation type of rkt
['rkt']['install']['kernel_check'] true Check the kernel version for possible issues

install_package

This recipe installs rkt from packages. If needed, repository configuration recipe repository gets invoked.

Currently almost no distributions are providing rkt packages, see more information on this topic below.

Attributes

Key Default Description
['rkt']['install']['package']['name'] rkt Package name of rkt
['rkt']['install']['package']['manage_repository'] true Controls if repository management should be done

install_tgz

This recipe installs rkt from release tarballs with compiled rkt. Installation includes:

  • Automatic download of specified rkt release
  • Constancy and integrity check
  • Creation of needed directories
  • Creation of garbage collection cronjob
  • Creation of sudo configuration if needed

Attributes

Key Default Description
['rkt']['install']['tgz']['version'] see [attributes/default.rb] Version of rkt which should be installed
['rkt']['install']['tgz']['sudo'] true Controls if sudo configuration should be done

repository

This recipe is automatically invoked by install_package if repository configuration should be done.

Right now, almost no distributions are packaging rkt.
I maintain rkt project on OpenBuild Service, where I'm building the packages from release tarballs with compiled rkt for some distributions.
I see this as intermediary solution (but probably for some years:D), so the quality claim of this packages isn't on the usual level of distributors (they just work, nothing more).

You can use this repositories without this cookbook too.

install_mainline_kernel

This recipe needs to be invoked manually via runlist if needed.
This recipe configures needed repositories and installs a mainline kernel for EL7 systems.

EL7 distributions use an old kernel with some bugs in overlayfs, which is used by rkt.
By using the mainline kernel it's possible to avoid such problems.

Resources

rkt_image

Resource implementation of rkt commands for image handling:

Syntax

rkt_image 'coreos.com/dnsmasq:v0.3.0' do
  action :create
  trust_keys_from_https true
end

The full syntax:

rkt_image 'name' do
  image_url                String # defaults to 'name' if not specified
  no_store                 TrueClass, FalseClass
  trust_keys_from_https    TrueClass, FalseClass
  action                   Symbol # defaults to :create if not specified
end

Actions

  • :create - Default. Fetch image
  • :delete - Delete image

Properties

Property Default Description
image_url [name] URL of image to fetch
no_store false Ignore the local store by fetching
trust_keys_from_https false Automatically trust keys fetched via HTTPS

rkt_net

This resource creates a network, which can be used by rkt pods.

See rkt networking documentation for more information and details.

Syntax

rkt_net 'podnet' do
  action :create
  type 'macvlan',
  options master: 'enp0s25',
          mode: 'private'
  ipam type: 'host-local',
       subnet: '192.168.0.0/24'
end

The full syntax:

rkt_net 'name' do
  name                     String # defaults to 'name' if not specified
  type                     String
  action                   Symbol # defaults to :create if not specified
  options                  Hash
  ipam                     Hash
end

rkt_pod

Run image in a pod.

This resource creates systemd container services (or upstart for Ubuntu 14.04) with rkt- prefix and starts them.

Syntax

rkt_pod 'dnsmasq' do
  action :create
  image 'coreos.com/dnsmasq:v0.3.0'
  volumes data_volume: {
            kind: 'host',
            source: '/data'
          },
          log_volume: {
            kind: 'host',
            source: '/var/log/container'
          }
  net 'podnet'
end

The full syntax:

rkt_pod 'name' do
  name                     String # defaults to 'name' if not specified
  image                    String
  trust_keys_from_https    TrueClass, FalseClass
  action                   Symbol # defaults to :create if not specified
  volumes                  Hash
  net                      String, Array, Hash
end

Actions

  • :create - Default. Create a new pod and start it
  • :delete - Delete pod

Properties

Property Default Description
name [name] Name of pod
image Image which should be run
trust_keys_from_https false Automatically trust keys fetched via HTTPS
volumes Volumes which should be mounted
net Network options for the pod

Advanced network options

You can specify multiple networks as Array in the net property:

rkt_pod 'dnsmasq' do
  action :create
  image 'coreos.com/dnsmasq:v0.3.0'
  net ['podnet', 'internalnet']
end

If you use host-local IP provider for pod-net and internal-net and want to specify static IPs for the pod, you can pass a Hash in the net property:

rkt_pod 'dnsmasq' do
  action :create
  image 'coreos.com/dnsmasq:v0.3.0'
  net podnet: '192.168.0.1',
      internalnet: '192.168.2.1'
end

rkt_trust

Resource implementation of rkt trust command.

Syntax

rkt_trust 'coreos.com/etcd' do
  action :create
  trust_keys_from_https true
end

The full syntax:

rkt_trust 'name' do
  prefix                   String # defaults to 'name' if not specified
  insecure_allow_http      TrueClass, FalseClass
  skip_fingerprint_review  TrueClass, FalseClass
  trust_keys_from_https    TrueClass, FalseClass
  action                   Symbol # defaults to :create if not specified
end

Actions

  • :create - Default. Create a trust for a key, which verifies images.
  • :delete - Delete a trust for a key

Properties

Property Default Description
prefix [name] Prefix for the key
insecure_allow_http false Allow HTTP usage for key discovery
skip_fingerprint_review false Accept the key without fingerprint verification
trust_keys_from_https false Automatically trust keys fetched via HTTPS

Note: fingerprint verification isn't supported yet.
You have to trust keys fetched via HTTPS or to skip fingerprint review.

Issues

You can find known issues here. Feel free to open a new issue if needed.

Contributing

Please see the [contribution guide](CONTRIBUTING.md).

Copyright 2016 Artem Sidorenko and contributors.

Licensed under Apache 2.0

See the COPYRIGHT file at the top-level directory of this distribution
and at https://gitlab.com/artem-sidorenko/chef-rkt/blob/master/COPYRIGHT

Dependent cookbooks

systemd >= 0.0.0
yum >= 0.0.0
apt >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Changelog

0.2.0

  • Using rkt 1.10.1 as default version for tarball installations
  • Update the upstream signature files to asc for tarball installations
  • Support of volumes for rkt_pod resources added
  • Support of net property for rkt_pod resources added
  • Support of rkt_net resources added
  • Several improvements of tests and test setup

0.1.0

  • Using rkt 1.5.1 as default version for tarball installations
  • Cronjob for garbage collection in the tarball installations
  • Checking of kernel version for possible problems with overlayfs (during gc)
  • LWRPs rkt_trust, rkt_image and rkt_pod
  • Installation of rkt from packages

0.0.1

  • First public release
  • Installation of rkt from binary tarballs is implemented

Collaborator Number Metric
            

0.2.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.2.0 failed this metric

FC108: Resource should not define a property named 'name': rkt/resources/net.rb:15
FC108: Resource should not define a property named 'name': rkt/resources/pod.rb:13
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.2.0 failed this metric

Failure: Cookbook should not contain binaries. Found:
rkt/files/default/coreos_app_sign.key
rkt/files/default/gpg-rkt-repository.key
rkt/files/default/rpm-gpg-elrepo.key

Testing File Metric
            

0.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number