Add support for sysctls (#172)

2026-01-02 12:59:36 -05:00 · 2019-08-15 11:23:39 -04:00 · 2019-08-15 11:23:39 -04:00 · 42354a7e62
commit 42354a7e62
parent ea2352d0ee
4 changed files with 60 additions and 1 deletions
--- a/docker/resource_docker_container.go
+++ b/docker/resource_docker_container.go
@ -712,6 +712,12 @@ func resourceDockerContainer() *schema.Resource {
 					},
 				},
 			},
+
+			"sysctls": {
+				Type:     schema.TypeMap,
+				Optional: true,
+				ForceNew: true,
+			},
 		},
 	}
 }
--- a/docker/resource_docker_container_funcs.go
+++ b/docker/resource_docker_container_funcs.go
@ -304,6 +304,10 @@ func resourceDockerContainerCreate(d *schema.ResourceData, meta interface{}) err
 		hostConfig.PidMode = container.PidMode(v.(string))
 	}

+	if v, ok := d.GetOk("sysctls"); ok {
+		hostConfig.Sysctls = mapTypeMapValsToString(v.(map[string]interface{}))
+	}
+
 	var retContainer container.ContainerCreateCreatedBody

 	if retContainer, err = client.ContainerCreate(context.Background(), config, hostConfig, networkingConfig, d.Get("name").(string)); err != nil {
--- a/docker/resource_docker_container_test.go
+++ b/docker/resource_docker_container_test.go
@ -264,6 +264,40 @@ func TestAccDockerContainer_tmpfs(t *testing.T) {
 	})
 }

+func TestAccDockerContainer_sysctls(t *testing.T) {
+	var c types.ContainerJSON
+
+	testCheck := func(*terraform.State) error {
+		if len(c.HostConfig.Sysctls) != 1 {
+			return fmt.Errorf("Incorrect number of sysctls: expected 1, got %d", len(c.HostConfig.Sysctls))
+		}
+
+		if ctl, ok := c.HostConfig.Sysctls["net.ipv4.ip_forward"]; ok {
+			if ctl != "1" {
+				return fmt.Errorf("Bad value for sysctl net.ipv4.ip_forward: expected 1, got %s", ctl)
+			}
+		} else {
+			return fmt.Errorf("net.ipv4.ip_forward not found in Sysctls")
+		}
+
+		return nil
+	}
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDockerContainerSysctlsConfig,
+				Check: resource.ComposeTestCheckFunc(
+					testAccContainerRunning("docker_container.foo", &c),
+					testCheck,
+				),
+			},
+		},
+	})
+}
+
 func TestAccDockerContainer_customized(t *testing.T) {
 	var c types.ContainerJSON

@ -1696,3 +1730,18 @@ attach = true
 must_run = false
 }
 `
+
+const testAccDockerContainerSysctlsConfig = `
+resource "docker_image" "foo" {
+	name = "nginx:latest"
+}
+
+resource "docker_container" "foo" {
+	name = "tf-test"
+	image = "${docker_image.foo.latest}"
+
+	sysctls = {
+		"net.ipv4.ip_forward" = "1"
+	}
+}
+`
--- a/website/docs/r/container.html.markdown
+++ b/website/docs/r/container.html.markdown
@ -105,7 +105,7 @@ data is stored in them. See [the docker documentation][linkdoc] for more details
 * `pid_mode` - (Optional, string) The PID (Process) Namespace mode for the container. Either `container:<name|id>` or `host`.
 * `userns_mode` - (Optional, string) Sets the usernamespace mode for the container when usernamespace remapping option is enabled.
 * `healthcheck` - (Optional, block) See [Healthcheck](#healthcheck) below for details.
-
+* `sysctls` - (Optional, map) A map of kernel parameters (sysctls) to set in the container.
 <a id="capabilities"></a>
 ### Capabilities