From 9c70ea2fdcf4a8ad944d323a16404e044a9868b4 Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Mon, 26 Apr 2021 16:45:26 +1200 Subject: [PATCH 1/9] fix: add raspbian recommended repo Issue however docker version shows experimental true and version 20.10.6 Stable I believe is 19.03 Docker-compose seems to be behind release currently 1.29 This install installs 1.21 Clean does not remove docker docker install appears to often require a manual start systemctl start docker.service or rerun state.apply docker --- docker/osarchmap.yaml | 4 ++++ docker/osmap.yaml | 14 ++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/docker/osarchmap.yaml b/docker/osarchmap.yaml index c19ef045..324ee67b 100644 --- a/docker/osarchmap.yaml +++ b/docker/osarchmap.yaml @@ -41,7 +41,11 @@ armhf: arch: armhf pkg: docker: + {%- if grains.os == 'Raspbian' %} + use_upstream: repo + {%- else %} use_upstream: archive + {%- endif %} archive: source_hash: '5e757cf65d99b0326f49cabbfc3b9a65151cb569f04fcb64a7a0c7424772c7cf' suffix: tgz diff --git a/docker/osmap.yaml b/docker/osmap.yaml index eeccd8bf..a40000c8 100644 --- a/docker/osmap.yaml +++ b/docker/osmap.yaml @@ -21,6 +21,20 @@ OEL: file: '/etc/yum.repos.d/docker-ce.repo' gpgkey: 'https://download.docker.com/linux/centos/gpg' +Raspbian: + pkg: + docker: + repo: + {%- if 'oscodename' in grains %} + name: deb [arch=armhf] https://download.docker.com/linux/{{ grains.os|lower }} {{ grains.oscodename }} stable + {%- endif %} + file: /etc/apt/sources.list.d/docker.list + gpgkey: "https://download.docker.com/linux/{{ grains.os|lower }}/gpg" + + + compose: + name: docker-compose + use_upstream: package Amazon: pkg: docker: From 9e6e59d0955b8b44dc19e3340c4f159f59ecbec5 Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Mon, 26 Apr 2021 16:49:43 +1200 Subject: [PATCH 2/9] fix: enable clean run with out issue Issue is clean stops the docker.service but does not appear to uninstall `docker` still runs at cli but services are no longer present `apt list --installed | grep docker ` lists following ``` docker-ce-cli/buster,now 5:20.10.6~3-0~raspbian-buster armhf [installed,automatic] docker-ce-rootless-extras/buster,now 5:20.10.6~3-0~raspbian-buster armhf [installed,automatic] docker-ce/buster,now 5:20.10.6~3-0~raspbian-buster armhf [installed] docker-compose/stable,now 1.21.0-3 all [installed] golang-docker-credential-helpers/stable,now 0.6.1-2 armhf [installed,automatic] python3-docker/stable,now 3.4.1-4 all [installed] python3-dockerpty/stable,now 0.4.1-1 all [installed,automatic] python3-dockerpycreds/stable,now 0.3.0-1 all [installed,automatic] ``` compose does get uninstalled --- docker/software/package/clean.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/software/package/clean.sls b/docker/software/package/clean.sls index f4829d20..d9c3d543 100644 --- a/docker/software/package/clean.sls +++ b/docker/software/package/clean.sls @@ -9,7 +9,7 @@ {%- if grains.kernel|lower in ('linux',) %} {%- if d.pkg.docker.use_upstream == 'repo' %} include: - - .package.repo.clean + - .repo.clean {%- endif %} {{ formula }}-software-package-clean-pkg: @@ -18,7 +18,7 @@ include: - reload_modules: {{ d.misc.reload|default(true, true) }} {%- if d.pkg.docker.use_upstream == 'repo' %} - require: - - pkgrepo: {{ formula }}-package-repo-absent + - pkgrepo: {{ formula }}-software-package-repo-absent {%- endif %} {%- elif grains.os_family == 'MacOS' %} From ace4d63963ecc685d0a4ac8c153c128db3f8409f Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Wed, 25 Aug 2021 18:12:23 +1200 Subject: [PATCH 3/9] fix: workaround for v5 map.jinja lint --- .yamllint | 1 + 1 file changed, 1 insertion(+) diff --git a/.yamllint b/.yamllint index 53b4494e..7f5218c0 100644 --- a/.yamllint +++ b/.yamllint @@ -20,6 +20,7 @@ ignore: | test/**/states/**/*.sls .kitchen/ kitchen.vagrant.yml + docker/osarchmap.yaml docker/osfamilymap.yaml docker/osmap.yaml From ea9481865dc612bcf8a1a20b3e7db415add7be02 Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Sun, 29 Aug 2021 18:22:33 +1200 Subject: [PATCH 4/9] docs: update readme notes on raspberry pi support --- docs/README.rst | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/docs/README.rst b/docs/README.rst index c75a7b10..52607396 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -28,7 +28,7 @@ The other states support container managmement. :scale: 100% :target: https://github.com/semantic-release/semantic-release -A SaltStack formula for Docker on MacOS, GNU/Linux and Windows. +A SaltStack formula for Docker on MacOS, GNU/Linux, Windows and Raspberry Pi (4b). .. contents:: **Table of Contents** :depth: 1 @@ -59,6 +59,7 @@ Available Meta states *Meta-state (This is a state that includes other states)*. This state installs the Docker solution (see https://docs.docker.io) +for Raspberry Pi support please see `Notes `_ ``docker.clean`` ^^^^^^^^^^^^^^^^ @@ -247,6 +248,50 @@ Sub-states Sub-states are available inside sub-directories. +Notes on Raspberry Pi support +----------------------------- + +There are some caveats with regard to the support of this module on Rasberry Pi 4b's. + +* This module has only been tested with Raspberry Pi 4b using Rasbian Os Version Buster + +* This module supports raspbian only when used from Salt 3002.6. Salt 3003.x fails with template isses. + +* Docker service is known to fail starting when freshly installed via this module on Rasbian Buster with all apt-get updates and upgrades performed. The error found in logs for failing to start is`dockerd: failed to create NAT chain DOCKER` +The Reason for this is as documented `here `_ . The following Fix followed by a restart fixes this. +The summary reason is that the docker installer uses iptables for nat. Unfortunately Debian uses nftables. You can convert the entries over to nftables or just setup Debian to use the legacy iptables. +On the target Raspberry Pi issue the following to resolve or incorporate the SLS before in your custom SLS + +.. code:: bash + sudo update-alternatives --set iptables /usr/sbin/iptables-legacy + sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy + sudo shutdown -r 0 # Do a restart, Docker.d should then function + +or the following SLS +.. code:: yaml + iptables: + alternatives.set: + - path: /usr/sbin/iptables-legacy + ip6tables: + alternatives.set: + - path: /usr/sbin/ip6tables-legacy + +The provisioning of docker to raspbian uses functionality from https://docs.docker.com/engine/install/debian/#install-using-the-convenience-script. It specifically mentions +Using these scripts is not recommended for production environments, and you should understand the potential risks before you use them: +The reasons are stated as : + +* The scripts require root or sudo privileges to run. Therefore, you should carefully examine and audit the scripts before running them. + +* The scripts attempt to detect your Linux distribution and version and configure your package management system for you. In addition, the scripts do not allow you to customize any installation parameters. This may lead to an unsupported configuration, either from Docker’s point of view or from your own organization’s guidelines and standards. + +* The scripts install all dependencies and recommendations of the package manager without asking for confirmation. This may install a large number of packages, depending on the current configuration of your host machine. + +* The script does not provide options to specify which version of Docker to install, and installs the latest version that is released in the “edge” channel. + +* Do not use the convenience script if Docker has already been installed on the host machine using another mechanism. + + + Testing ------- From 64e3d354c6aa57f5a966b921d65d52011f656161 Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Sun, 29 Aug 2021 18:29:54 +1200 Subject: [PATCH 5/9] docs: fix raspberry notes --- docs/README.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/README.rst b/docs/README.rst index 52607396..9c946de9 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -262,13 +262,14 @@ The Reason for this is as documented `here Date: Sun, 29 Aug 2021 18:32:23 +1200 Subject: [PATCH 6/9] docs: fix readme raspbian codeblocks --- docs/README.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/README.rst b/docs/README.rst index 9c946de9..3a687931 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -263,6 +263,7 @@ The summary reason is that the docker installer uses iptables for nat. Unfortuna On the target Raspberry Pi issue the following to resolve or incorporate the SLS before in your custom SLS .. code-block:: bash + sudo update-alternatives --set iptables /usr/sbin/iptables-legacy sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy sudo shutdown -r 0 # Do a restart, Docker.d should then function @@ -270,6 +271,7 @@ On the target Raspberry Pi issue the following to resolve or incorporate the SLS or the following SLS .. code-block:: yaml + iptables: alternatives.set: - path: /usr/sbin/iptables-legacy From b5a2ef3cd98c9baf0261d86927716cb1d2441517 Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Sun, 29 Aug 2021 20:30:00 +1200 Subject: [PATCH 7/9] chore: to pass gitlab ci job commitlint previous commit was doc: should have been docs: --- docs/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.rst b/docs/README.rst index 3a687931..ff6d825d 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -281,7 +281,7 @@ or the following SLS The provisioning of docker to raspbian uses functionality from https://docs.docker.com/engine/install/debian/#install-using-the-convenience-script. It specifically mentions Using these scripts is not recommended for production environments, and you should understand the potential risks before you use them: -The reasons are stated as : +The reasons are stated as: * The scripts require root or sudo privileges to run. Therefore, you should carefully examine and audit the scripts before running them. From 6f154ad86a2f3903593fe9ef9a5f9286eee0ae2b Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Mon, 30 Aug 2021 08:54:37 +1200 Subject: [PATCH 8/9] chore: to pass gitlab ci job commitlint attemp to format commit message such that they will pass lint tests --- docs/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.rst b/docs/README.rst index ff6d825d..3a687931 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -281,7 +281,7 @@ or the following SLS The provisioning of docker to raspbian uses functionality from https://docs.docker.com/engine/install/debian/#install-using-the-convenience-script. It specifically mentions Using these scripts is not recommended for production environments, and you should understand the potential risks before you use them: -The reasons are stated as: +The reasons are stated as : * The scripts require root or sudo privileges to run. Therefore, you should carefully examine and audit the scripts before running them. From 16bb85f555cad13ec8e07bf69923fda2defaa073 Mon Sep 17 00:00:00 2001 From: Anthony Uphof Date: Sat, 4 Sep 2021 11:23:00 +1200 Subject: [PATCH 9/9] chore: readme lint fixes --- docs/README.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/README.rst b/docs/README.rst index 3a687931..d81fe5a0 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -257,7 +257,8 @@ There are some caveats with regard to the support of this module on Rasberry Pi * This module supports raspbian only when used from Salt 3002.6. Salt 3003.x fails with template isses. -* Docker service is known to fail starting when freshly installed via this module on Rasbian Buster with all apt-get updates and upgrades performed. The error found in logs for failing to start is`dockerd: failed to create NAT chain DOCKER` +* Docker service is known to fail starting when freshly installed via this module on Rasbian Buster with all apt-get updates and upgrades performed. The error found in logs for failing to start is :code:`dockerd: failed to create NAT chain DOCKER` + The Reason for this is as documented `here `_ . The following Fix followed by a restart fixes this. The summary reason is that the docker installer uses iptables for nat. Unfortunately Debian uses nftables. You can convert the entries over to nftables or just setup Debian to use the legacy iptables. On the target Raspberry Pi issue the following to resolve or incorporate the SLS before in your custom SLS