defaults = { 'apt': { 'packages': { 'docker-ce': {}, 'docker-ce-cli': {}, 'docker-compose-plugin': {}, }, 'repos': { 'docker': { 'items': { 'deb https://download.docker.com/linux/debian {os_release} stable', }, }, }, }, 'nftables': { 'forward': { 'docker-engine': [ 'ct state { related, established } accept', 'ip saddr 172.16.0.0/12 accept', ], }, 'postrouting': { 'docker-engine': [ 'ip saddr 172.16.0.0/12 masquerade', ], }, }, 'docker-engine': { 'config': { 'iptables': False, 'no-new-privileges': True, }, }, 'zfs': { 'datasets': { 'tank/docker-data': {}, }, }, } @metadata_reactor.provides( 'icinga2_api/docker-engine/services', ) def monitoring(metadata): services = { 'DOCKER PROCESS': { 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -C dockerd -c 1:', }, } for app in metadata.get('docker-engine/containers', {}): services[f'DOCKER CONTAINER {app}'] = { 'command_on_monitored_host': f'sudo /usr/local/share/icinga/plugins/check_docker_container {app}' } return { 'icinga2_api': { 'docker-engine': { 'services': services, }, }, } @metadata_reactor.provides( 'backups/paths', 'zfs/datasets', ) def zfs(metadata): datasets = {} for app in metadata.get('docker-engine/containers', {}): datasets[f'tank/docker-data/{app}'] = { 'mountpoint': f'/var/opt/docker-engine/{app}', 'needed_by': { f'directory:/var/opt/docker-engine/{app}', }, } return { 'backups': { 'paths': { v['mountpoint'] for v in datasets.values() }, }, 'zfs': { 'datasets': datasets, }, }