Merge pull request #1040 from nathanleclaire/engine_options

Implement configurable engine options

commands/commands.go

@@ -166,6 +166,31 @@ var sharedCreateFlags = []cli.Flag{
 		),
 		Value: "none",
 	},
+	cli.StringSliceFlag{
+		Name:  "engine-flag",
+		Usage: "Specify arbitrary flags to include with the created engine in the form flag=value",
+		Value: &cli.StringSlice{},
+	},
+	cli.StringSliceFlag{
+		Name:  "engine-insecure-registry",
+		Usage: "Specify insecure registries to allow with the created engine",
+		Value: &cli.StringSlice{},
+	},
+	cli.StringSliceFlag{
+		Name:  "engine-registry-mirror",
+		Usage: "Specify registry mirrors to use",
+		Value: &cli.StringSlice{},
+	},
+	cli.StringSliceFlag{
+		Name:  "engine-label",
+		Usage: "Specify labels for the created engine",
+		Value: &cli.StringSlice{},
+	},
+	cli.StringFlag{
+		Name:  "engine-storage-driver",
+		Usage: "Specify a storage driver to use with the engine",
+		Value: "aufs",
+	},
 	cli.BoolFlag{
 		Name:  "swarm",
 		Usage: "Configure Machine with Swarm",

commands/create.go

@@ -69,7 +69,14 @@ func cmdCreate(c *cli.Context) {
 			ServerCertPath: filepath.Join(utils.GetMachineDir(), name, "server.pem"),
 			ServerKeyPath:  filepath.Join(utils.GetMachineDir(), name, "server-key.pem"),
 		},
-		EngineOptions: &engine.EngineOptions{},
+		EngineOptions: &engine.EngineOptions{
+			ArbitraryFlags:   c.StringSlice("engine-flag"),
+			InsecureRegistry: c.StringSlice("engine-insecure-registry"),
+			Labels:           c.StringSlice("engine-label"),
+			RegistryMirror:   c.StringSlice("engine-registry-mirror"),
+			StorageDriver:    c.String("engine-storage-driver"),
+			TlsVerify:        true,
+		},
 		SwarmOptions: &swarm.SwarmOptions{
 			IsSwarm:   c.Bool("swarm"),
 			Master:    c.Bool("swarm-master"),

docs/index.md

@@ -480,6 +480,85 @@ INFO[0038] "dev" has been created and is now the active machine.
 INFO[0038] To point your Docker client at it, run this in your shell: eval "$(docker-machine env dev)"
 ```
 
+##### Specifying configuration options for the created Docker engine
+
+As part of the process of creation, Docker Machine installs Docker and
+configures it with some sensible defaults.  For instance, it allows connection
+from the outside world over TCP with TLS-based encryption and defaults to AUFS
+as the [storage
+driver](https://docs.docker.com/reference/commandline/cli/#daemon-storage-driver-option)
+when available.
+
+There are several cases where the user might want to set options for the created
+Docker engine (also known as the Docker _daemon_) themselves.  For example, they
+may want to allow connection to a [registry](https://docs.docker.com/registry/)
+that they are running themselves using the `--insecure-registry` flag for the
+daemon.  Docker Machine supports the configuration of such options for the
+created engines via the `create` command flags which begin with `--engine`.
+
+Note that Docker Machine simply sets the configured parameters on the daemon
+and does not set up any of the "dependencies" for you.  For instance, if you
+specify that the created daemon should use `btrfs` as a storage driver, you
+still must ensure that the proper dependencies are installed, the BTRFS
+filesystem has been created, and so on.
+
+The following is an example usage:
+
+```
+$ docker-machine create -d virtualbox \
+    --engine-label foo=bar \
+    --engine-label spam=eggs \
+    --engine-storage-driver devicemapper \
+    --engine-insecure-registry registry.myco.com \
+    foobarmachine
+```
+
+This will create a virtual machine running locally in Virtualbox which uses the
+`devicemapper` storage backend, has the key-value pairs `foo=bar` and
+`spam=eggs` as labels on the engine, and allows pushing / pulling from the
+insecure registry located at `registry.myco.com`.  You can verify much of this
+by inspecting the output of `docker info`:
+
+```
+$ eval $(docker-machine env foobarmachine)
+$ docker version
+Containers: 0
+Images: 0
+Storage Driver: devicemapper
+...
+Name: foobarmachine
+...
+Labels:
+ foo=bar
+ spam=eggs
+ provider=virtualbox
+```
+
+The supported flags are as follows:
+
+- `--engine-insecure-registry`: Specify [insecure registries](https://docs.docker.com/reference/commandline/cli/#insecure-registries) to allow with the created engine
+- `--engine-registry-mirror`: Specify [registry mirrors](https://github.com/docker/docker/blob/master/docs/sources/articles/registry_mirror.md) to use
+- `--engine-label`: Specify [labels](https://docs.docker.com/userguide/labels-custom-metadata/#daemon-labels) for the created engine
+- `--engine-storage-driver`: Specify a [storage driver](https://docs.docker.com/reference/commandline/cli/#daemon-storage-driver-option) to use with the engine
+
+If the engine supports specifying the flag multiple times (such as with
+`--label`), then so does Docker Machine.
+
+In addition to this subset of daemon flags which are directly supported, Docker
+Machine also supports an additional flag, `--engine-flag`, which can be used to
+specify arbitrary daemon options with the syntax `--engine-flag
+flagname=value`.  For example, to specify that the daemon should use `8.8.8.8`
+as the DNS server for all containers, and always use the `syslog` [log
+driver](https://docs.docker.com/reference/run/#logging-drivers-log-driver) you
+could run the following create command:
+
+```
+$ docker-machine create -d virtualbox \
+    --engine-flag dns=8.8.8.8 \
+    --engine-flag log-driver=syslog \
+    gdns
+```
+
 #### config
 
 Show the Docker client configuration for a machine.

libmachine/engine/engine.go

@@ -1,16 +1,18 @@
 package engine
 
 type EngineOptions struct {
-	Dns            []string
-	GraphDir       string
-	Ipv6           bool
-	Labels         []string
-	LogLevel       string
-	StorageDriver  string
-	SelinuxEnabled bool
-	TlsCaCert      string
-	TlsCert        string
-	TlsKey         string
-	TlsVerify      bool
-	RegistryMirror []string
+	ArbitraryFlags   []string
+	Dns              []string
+	GraphDir         string
+	Ipv6             bool
+	InsecureRegistry []string
+	Labels           []string
+	LogLevel         string
+	StorageDriver    string
+	SelinuxEnabled   bool
+	TlsCaCert        string
+	TlsCert          string
+	TlsKey           string
+	TlsVerify        bool
+	RegistryMirror   []string
 }

libmachine/host.go

@@ -118,7 +118,7 @@ func (h *Host) Create(name string) error {
 			return err
 		}
 
-		if err := provisioner.Provision(*h.HostOptions.SwarmOptions, *h.HostOptions.AuthOptions); err != nil {
+		if err := provisioner.Provision(*h.HostOptions.SwarmOptions, *h.HostOptions.AuthOptions, *h.HostOptions.EngineOptions); err != nil {
 			return err
 		}
 	}
@@ -315,7 +315,7 @@ func (h *Host) ConfigureAuth() error {
 		return err
 	}
 
-	if err := provision.ConfigureAuth(provisioner, *h.HostOptions.AuthOptions); err != nil {
+	if err := provision.ConfigureAuth(provisioner); err != nil {
 		return err
 	}
 

libmachine/provision/boot2docker.go

@@ -5,10 +5,12 @@ import (
 	"errors"
 	"fmt"
 	"path"
+	"text/template"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/machine/drivers"
 	"github.com/docker/machine/libmachine/auth"
+	"github.com/docker/machine/libmachine/engine"
 	"github.com/docker/machine/libmachine/provision/pkgaction"
 	"github.com/docker/machine/libmachine/swarm"
 	"github.com/docker/machine/ssh"
@@ -31,6 +33,8 @@ func NewBoot2DockerProvisioner(d drivers.Driver) Provisioner {
 type Boot2DockerProvisioner struct {
 	OsReleaseInfo *OsRelease
 	Driver        drivers.Driver
+	AuthOptions   auth.AuthOptions
+	EngineOptions engine.EngineOptions
 	SwarmOptions  swarm.SwarmOptions
 }
 
@@ -127,18 +131,49 @@ func (provisioner *Boot2DockerProvisioner) GetDockerOptionsDir() string {
 	return "/var/lib/boot2docker"
 }
 
-func (provisioner *Boot2DockerProvisioner) GenerateDockerOptions(dockerPort int, authOptions auth.AuthOptions) (*DockerOptions, error) {
-	defaultDaemonOpts := getDefaultDaemonOpts(provisioner.Driver.DriverName(), authOptions)
-	daemonOpts := fmt.Sprintf("-H tcp://0.0.0.0:%d", dockerPort)
+func (provisioner *Boot2DockerProvisioner) GetAuthOptions() auth.AuthOptions {
+	return provisioner.AuthOptions
+}
+
+func (provisioner *Boot2DockerProvisioner) GenerateDockerOptions(dockerPort int) (*DockerOptions, error) {
+	var (
+		engineCfg bytes.Buffer
+	)
+
+	driverNameLabel := fmt.Sprintf("provider=%s", provisioner.Driver.DriverName())
+	provisioner.EngineOptions.Labels = append(provisioner.EngineOptions.Labels, driverNameLabel)
+
+	engineConfigTmpl := `
+EXTRA_ARGS='
+{{ range .EngineOptions.Labels }}--label {{.}}
+{{ end }}{{ range .EngineOptions.InsecureRegistry }}--insecure-registry {{.}}
+{{ end }}{{ range .EngineOptions.RegistryMirror }}--registry-mirror {{.}}
+{{ end }}{{ range .EngineOptions.ArbitraryFlags }}--{{.}}
+{{ end }}
+'
+CACERT={{.AuthOptions.CaCertRemotePath}}
+DOCKER_HOST='-H tcp://0.0.0.0:{{.DockerPort}}'
+DOCKER_STORAGE={{.EngineOptions.StorageDriver}}
+DOCKER_TLS=auto
+SERVERKEY={{.AuthOptions.ServerKeyRemotePath}}
+SERVERCERT={{.AuthOptions.ServerCertRemotePath}}
+`
+	t, err := template.New("engineConfig").Parse(engineConfigTmpl)
+	if err != nil {
+		return nil, err
+	}
+
+	engineConfigContext := EngineConfigContext{
+		DockerPort:    dockerPort,
+		AuthOptions:   provisioner.AuthOptions,
+		EngineOptions: provisioner.EngineOptions,
+	}
+
+	t.Execute(&engineCfg, engineConfigContext)
+
 	daemonOptsDir := path.Join(provisioner.GetDockerOptionsDir(), "profile")
-	opts := fmt.Sprintf("%s %s", defaultDaemonOpts, daemonOpts)
-	daemonCfg := fmt.Sprintf(`EXTRA_ARGS='%s'
-CACERT=%s
-SERVERCERT=%s
-SERVERKEY=%s
-DOCKER_TLS=no`, opts, authOptions.CaCertRemotePath, authOptions.ServerCertRemotePath, authOptions.ServerKeyRemotePath)
 	return &DockerOptions{
-		EngineOptions:     daemonCfg,
+		EngineOptions:     engineCfg.String(),
 		EngineOptionsPath: daemonOptsDir,
 	}, nil
 }
@@ -151,7 +186,11 @@ func (provisioner *Boot2DockerProvisioner) SetOsReleaseInfo(info *OsRelease) {
 	provisioner.OsReleaseInfo = info
 }
 
-func (provisioner *Boot2DockerProvisioner) Provision(swarmOptions swarm.SwarmOptions, authOptions auth.AuthOptions) error {
+func (provisioner *Boot2DockerProvisioner) Provision(swarmOptions swarm.SwarmOptions, authOptions auth.AuthOptions, engineOptions engine.EngineOptions) error {
+	provisioner.SwarmOptions = swarmOptions
+	provisioner.AuthOptions = authOptions
+	provisioner.EngineOptions = engineOptions
+
 	if err := provisioner.SetHostname(provisioner.Driver.GetMachineName()); err != nil {
 		return err
 	}
@@ -171,7 +210,13 @@ func (provisioner *Boot2DockerProvisioner) Provision(swarmOptions swarm.SwarmOpt
 		return err
 	}
 
-	if err := ConfigureAuth(provisioner, authOptions); err != nil {
+	if err := makeDockerOptionsDir(provisioner); err != nil {
+		return err
+	}
+
+	provisioner.AuthOptions = setRemoteAuthOptions(provisioner)
+
+	if err := ConfigureAuth(provisioner); err != nil {
 		return err
 	}
 

libmachine/provision/engine_config_context.go

@@ -0,0 +1,12 @@
+package provision
+
+import (
+	"github.com/docker/machine/libmachine/auth"
+	"github.com/docker/machine/libmachine/engine"
+)
+
+type EngineConfigContext struct {
+	DockerPort    int
+	AuthOptions   auth.AuthOptions
+	EngineOptions engine.EngineOptions
+}

libmachine/provision/provisioner.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/docker/machine/drivers"
 	"github.com/docker/machine/libmachine/auth"
+	"github.com/docker/machine/libmachine/engine"
 	"github.com/docker/machine/libmachine/provision/pkgaction"
 	"github.com/docker/machine/libmachine/swarm"
 	"github.com/docker/machine/ssh"
@@ -16,11 +17,14 @@ var provisioners = make(map[string]*RegisteredProvisioner)
 // Distribution specific actions
 type Provisioner interface {
 	// Create the files for the daemon to consume configuration settings (return struct of content and path)
-	GenerateDockerOptions(dockerPort int, authOptions auth.AuthOptions) (*DockerOptions, error)
+	GenerateDockerOptions(dockerPort int) (*DockerOptions, error)
 
 	// Get the directory where the settings files for docker are to be found
 	GetDockerOptionsDir() string
 
+	// Return the auth options used to configure remote connection for the daemon.
+	GetAuthOptions() auth.AuthOptions
+
 	// Run a package action e.g. install
 	Package(name string, action pkgaction.PackageAction) error
 
@@ -39,7 +43,7 @@ type Provisioner interface {
 	//     3. Configure the daemon to accept connections over TLS.
 	//     4. Copy the needed certificates to the server and local config dir.
 	//     5. Configure / activate swarm if applicable.
-	Provision(swarmOptions swarm.SwarmOptions, authOptions auth.AuthOptions) error
+	Provision(swarmOptions swarm.SwarmOptions, authOptions auth.AuthOptions, engineOptions engine.EngineOptions) error
 
 	// Perform action on a named service e.g. stop
 	Service(name string, action pkgaction.ServiceAction) error

libmachine/provision/ubuntu.go

@@ -3,10 +3,12 @@ package provision
 import (
 	"bytes"
 	"fmt"
+	"text/template"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/docker/machine/drivers"
 	"github.com/docker/machine/libmachine/auth"
+	"github.com/docker/machine/libmachine/engine"
 	"github.com/docker/machine/libmachine/provision/pkgaction"
 	"github.com/docker/machine/libmachine/swarm"
 	"github.com/docker/machine/ssh"
@@ -32,6 +34,8 @@ type UbuntuProvisioner struct {
 	packages      []string
 	OsReleaseInfo *OsRelease
 	Driver        drivers.Driver
+	AuthOptions   auth.AuthOptions
+	EngineOptions engine.EngineOptions
 	SwarmOptions  swarm.SwarmOptions
 }
 
@@ -82,7 +86,10 @@ func (provisioner *UbuntuProvisioner) dockerDaemonResponding() bool {
 	return true
 }
 
-func (provisioner *UbuntuProvisioner) Provision(swarmOptions swarm.SwarmOptions, authOptions auth.AuthOptions) error {
+func (provisioner *UbuntuProvisioner) Provision(swarmOptions swarm.SwarmOptions, authOptions auth.AuthOptions, engineOptions engine.EngineOptions) error {
+	provisioner.SwarmOptions = swarmOptions
+	provisioner.AuthOptions = authOptions
+	provisioner.EngineOptions = engineOptions
 	if err := provisioner.SetHostname(provisioner.Driver.GetMachineName()); err != nil {
 		return err
 	}
@@ -101,7 +108,13 @@ func (provisioner *UbuntuProvisioner) Provision(swarmOptions swarm.SwarmOptions,
 		return err
 	}
 
-	if err := ConfigureAuth(provisioner, authOptions); err != nil {
+	if err := makeDockerOptionsDir(provisioner); err != nil {
+		return err
+	}
+
+	provisioner.AuthOptions = setRemoteAuthOptions(provisioner)
+
+	if err := ConfigureAuth(provisioner); err != nil {
 		return err
 	}
 
@@ -159,18 +172,54 @@ func (provisioner *UbuntuProvisioner) CompatibleWithHost() bool {
 	return provisioner.OsReleaseInfo.Id == "ubuntu"
 }
 
+func (provisioner *UbuntuProvisioner) GetAuthOptions() auth.AuthOptions {
+	return provisioner.AuthOptions
+}
+
 func (provisioner *UbuntuProvisioner) SetOsReleaseInfo(info *OsRelease) {
 	provisioner.OsReleaseInfo = info
 }
 
-func (provisioner *UbuntuProvisioner) GenerateDockerOptions(dockerPort int, authOptions auth.AuthOptions) (*DockerOptions, error) {
-	defaultDaemonOpts := getDefaultDaemonOpts(provisioner.Driver.DriverName(), authOptions)
-	daemonOpts := fmt.Sprintf("--host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:%d", dockerPort)
+func (provisioner *UbuntuProvisioner) GenerateDockerOptions(dockerPort int) (*DockerOptions, error) {
+	var (
+		engineCfg bytes.Buffer
+	)
+
+	driverNameLabel := fmt.Sprintf("provider=%s", provisioner.Driver.DriverName())
+	provisioner.EngineOptions.Labels = append(provisioner.EngineOptions.Labels, driverNameLabel)
+
+	engineConfigTmpl := `
+DOCKER_OPTS='
+-H tcp://0.0.0.0:{{.DockerPort}}
+-H unix:///var/run/docker.sock
+--storage-driver {{.EngineOptions.StorageDriver}}
+--tlsverify
+--tlscacert {{.AuthOptions.CaCertRemotePath}}
+--tlscert {{.AuthOptions.ServerCertRemotePath}}
+--tlskey {{.AuthOptions.ServerKeyRemotePath}}
+{{ range .EngineOptions.Labels }}--label {{.}}
+{{ end }}{{ range .EngineOptions.InsecureRegistry }}--insecure-registry {{.}}
+{{ end }}{{ range .EngineOptions.RegistryMirror }}--registry-mirror {{.}}
+{{ end }}{{ range .EngineOptions.ArbitraryFlags }}--{{.}}
+{{ end }}
+'
+`
+	t, err := template.New("engineConfig").Parse(engineConfigTmpl)
+	if err != nil {
+		return nil, err
+	}
+
+	engineConfigContext := EngineConfigContext{
+		DockerPort:    dockerPort,
+		AuthOptions:   provisioner.AuthOptions,
+		EngineOptions: provisioner.EngineOptions,
+	}
+
+	t.Execute(&engineCfg, engineConfigContext)
+
 	daemonOptsDir := "/etc/default/docker"
-	opts := fmt.Sprintf("%s %s", defaultDaemonOpts, daemonOpts)
-	daemonCfg := fmt.Sprintf("export DOCKER_OPTS=\\\"%s\\\"", opts)
 	return &DockerOptions{
-		EngineOptions:     daemonCfg,
+		EngineOptions:     engineCfg.String(),
 		EngineOptionsPath: daemonOptsDir,
 	}, nil
 }

libmachine/provision/utils.go

@@ -37,12 +37,35 @@ func installDockerGeneric(p Provisioner) error {
 	return nil
 }
 
-func ConfigureAuth(p Provisioner, authOptions auth.AuthOptions) error {
+func makeDockerOptionsDir(p Provisioner) error {
+	dockerDir := p.GetDockerOptionsDir()
+	if _, err := p.SSHCommand(fmt.Sprintf("sudo mkdir -p %s", dockerDir)); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func setRemoteAuthOptions(p Provisioner) auth.AuthOptions {
+	dockerDir := p.GetDockerOptionsDir()
+	authOptions := p.GetAuthOptions()
+
+	// due to windows clients, we cannot use filepath.Join as the paths
+	// will be mucked on the linux hosts
+	authOptions.CaCertRemotePath = path.Join(dockerDir, "ca.pem")
+	authOptions.ServerCertRemotePath = path.Join(dockerDir, "server.pem")
+	authOptions.ServerKeyRemotePath = path.Join(dockerDir, "server-key.pem")
+
+	return authOptions
+}
+
+func ConfigureAuth(p Provisioner) error {
 	var (
 		err error
 	)
 
 	machineName := p.GetDriver().GetMachineName()
+	authOptions := p.GetAuthOptions()
 	org := machineName
 	bits := 2048
 
@@ -92,46 +115,30 @@ func ConfigureAuth(p Provisioner, authOptions auth.AuthOptions) error {
 		return err
 	}
 
-	dockerDir := p.GetDockerOptionsDir()
-
-	if _, err := p.SSHCommand(fmt.Sprintf("sudo mkdir -p %s", dockerDir)); err != nil {
-		return err
-	}
-
 	// upload certs and configure TLS auth
 	caCert, err := ioutil.ReadFile(authOptions.CaCertPath)
 	if err != nil {
 		return err
 	}
 
-	// due to windows clients, we cannot use filepath.Join as the paths
-	// will be mucked on the linux hosts
-	machineCaCertPath := path.Join(dockerDir, "ca.pem")
-	authOptions.CaCertRemotePath = machineCaCertPath
-
 	serverCert, err := ioutil.ReadFile(authOptions.ServerCertPath)
 	if err != nil {
 		return err
 	}
-	machineServerCertPath := path.Join(dockerDir, "server.pem")
-	authOptions.ServerCertRemotePath = machineServerCertPath
-
 	serverKey, err := ioutil.ReadFile(authOptions.ServerKeyPath)
 	if err != nil {
 		return err
 	}
-	machineServerKeyPath := path.Join(dockerDir, "server-key.pem")
-	authOptions.ServerKeyRemotePath = machineServerKeyPath
 
-	if _, err = p.SSHCommand(fmt.Sprintf("echo \"%s\" | sudo tee %s", string(caCert), machineCaCertPath)); err != nil {
+	if _, err := p.SSHCommand(fmt.Sprintf("echo \"%s\" | sudo tee %s", string(caCert), authOptions.CaCertRemotePath)); err != nil {
 		return err
 	}
 
-	if _, err = p.SSHCommand(fmt.Sprintf("echo \"%s\" | sudo tee %s", string(serverKey), machineServerKeyPath)); err != nil {
+	if _, err := p.SSHCommand(fmt.Sprintf("echo \"%s\" | sudo tee %s", string(serverCert), authOptions.ServerCertRemotePath)); err != nil {
 		return err
 	}
 
-	if _, err = p.SSHCommand(fmt.Sprintf("echo \"%s\" | sudo tee %s", string(serverCert), machineServerCertPath)); err != nil {
+	if _, err := p.SSHCommand(fmt.Sprintf("echo \"%s\" | sudo tee %s", string(serverKey), authOptions.ServerKeyRemotePath)); err != nil {
 		return err
 	}
 
@@ -153,7 +160,7 @@ func ConfigureAuth(p Provisioner, authOptions auth.AuthOptions) error {
 		dockerPort = dPort
 	}
 
-	dkrcfg, err := p.GenerateDockerOptions(dockerPort, authOptions)
+	dkrcfg, err := p.GenerateDockerOptions(dockerPort)
 	if err != nil {
 		return err
 	}
@@ -166,16 +173,12 @@ func ConfigureAuth(p Provisioner, authOptions auth.AuthOptions) error {
 		return err
 	}
 
-	return nil
-}
+	// TODO: Do not hardcode daemon port, ask the driver
+	if err := utils.WaitForDocker(ip, dockerPort); err != nil {
+		return err
+	}
 
-func getDefaultDaemonOpts(driverName string, authOptions auth.AuthOptions) string {
-	return fmt.Sprintf(`--tlsverify --tlscacert=%s --tlskey=%s --tlscert=%s %s`,
-		authOptions.CaCertRemotePath,
-		authOptions.ServerKeyRemotePath,
-		authOptions.ServerCertRemotePath,
-		fmt.Sprintf("--label=provider=%s", driverName),
-	)
+	return nil
 }
 
 func configureSwarm(p Provisioner, swarmOptions swarm.SwarmOptions) error {
@@ -204,11 +207,6 @@ func configureSwarm(p Provisioner, swarmOptions swarm.SwarmOptions) error {
 	parts := strings.Split(u.Host, ":")
 	port := parts[1]
 
-	// TODO: Do not hardcode daemon port, ask the driver
-	if err := utils.WaitForDocker(ip, 2376); err != nil {
-		return err
-	}
-
 	if _, err := p.SSHCommand(fmt.Sprintf("sudo docker pull %s", swarm.DockerImage)); err != nil {
 		return err
 	}

libmachine/provision/utils_test.go

@@ -15,14 +15,14 @@ func TestGenerateDockerOptionsBoot2Docker(t *testing.T) {
 		Driver: &fakedriver.FakeDriver{},
 	}
 	dockerPort := 1234
-	authOptions := auth.AuthOptions{
+	p.AuthOptions = auth.AuthOptions{
 		CaCertRemotePath:     "/test/ca-cert",
 		ServerKeyRemotePath:  "/test/server-key",
 		ServerCertRemotePath: "/test/server-cert",
 	}
 	engineConfigPath := "/var/lib/boot2docker/profile"
 
-	dockerCfg, err := p.GenerateDockerOptions(dockerPort, authOptions)
+	dockerCfg, err := p.GenerateDockerOptions(dockerPort)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -35,16 +35,16 @@ func TestGenerateDockerOptionsBoot2Docker(t *testing.T) {
 		t.Fatalf("-H docker port invalid; expected %d", dockerPort)
 	}
 
-	if strings.Index(dockerCfg.EngineOptions, fmt.Sprintf("CACERT=%s", authOptions.CaCertRemotePath)) == -1 {
-		t.Fatalf("CACERT option invalid; expected %s", authOptions.CaCertRemotePath)
+	if strings.Index(dockerCfg.EngineOptions, fmt.Sprintf("CACERT=%s", p.AuthOptions.CaCertRemotePath)) == -1 {
+		t.Fatalf("CACERT option invalid; expected %s", p.AuthOptions.CaCertRemotePath)
 	}
 
-	if strings.Index(dockerCfg.EngineOptions, fmt.Sprintf("SERVERKEY=%s", authOptions.ServerKeyRemotePath)) == -1 {
-		t.Fatalf("SERVERKEY option invalid; expected %s", authOptions.ServerKeyRemotePath)
+	if strings.Index(dockerCfg.EngineOptions, fmt.Sprintf("SERVERKEY=%s", p.AuthOptions.ServerKeyRemotePath)) == -1 {
+		t.Fatalf("SERVERKEY option invalid; expected %s", p.AuthOptions.ServerKeyRemotePath)
 	}
 
-	if strings.Index(dockerCfg.EngineOptions, fmt.Sprintf("SERVERCERT=%s", authOptions.ServerCertRemotePath)) == -1 {
-		t.Fatalf("SERVERCERT option invalid; expected %s", authOptions.ServerCertRemotePath)
+	if strings.Index(dockerCfg.EngineOptions, fmt.Sprintf("SERVERCERT=%s", p.AuthOptions.ServerCertRemotePath)) == -1 {
+		t.Fatalf("SERVERCERT option invalid; expected %s", p.AuthOptions.ServerCertRemotePath)
 	}
 }
 
@@ -54,13 +54,13 @@ func TestMachinePortBoot2Docker(t *testing.T) {
 	}
 	dockerPort := 2376
 	bindUrl := fmt.Sprintf("tcp://0.0.0.0:%d", dockerPort)
-	authOptions := auth.AuthOptions{
+	p.AuthOptions = auth.AuthOptions{
 		CaCertRemotePath:     "/test/ca-cert",
 		ServerKeyRemotePath:  "/test/server-key",
 		ServerCertRemotePath: "/test/server-cert",
 	}
 
-	cfg, err := p.GenerateDockerOptions(dockerPort, authOptions)
+	cfg, err := p.GenerateDockerOptions(dockerPort)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -86,13 +86,13 @@ func TestMachineCustomPortBoot2Docker(t *testing.T) {
 	}
 	dockerPort := 3376
 	bindUrl := fmt.Sprintf("tcp://0.0.0.0:%d", dockerPort)
-	authOptions := auth.AuthOptions{
+	p.AuthOptions = auth.AuthOptions{
 		CaCertRemotePath:     "/test/ca-cert",
 		ServerKeyRemotePath:  "/test/server-key",
 		ServerCertRemotePath: "/test/server-cert",
 	}
 
-	cfg, err := p.GenerateDockerOptions(dockerPort, authOptions)
+	cfg, err := p.GenerateDockerOptions(dockerPort)
 	if err != nil {
 		t.Fatal(err)
 	}

test/integration/driver-amazonec2.bats

@@ -101,6 +101,55 @@ export MACHINE_STORAGE_PATH=/tmp/machine-bats-test-$DRIVER
   [ "$status" -eq 0  ]
 }
 
+@test "$DRIVER: create with arbitrary engine option" {
+  run machine create -d $DRIVER \
+    --engine-flag log-driver=none \
+    $NAME
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: check created engine option (log driver)" {
+  docker $(machine config $NAME) run --name nolog busybox echo this should not be logged
+  run docker $(machine config $NAME) logs nolog
+  [ $status -eq 1 ]
+}
+
+@test "$DRIVER: rm after arbitrary engine option create" {
+  run machine rm $NAME
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: create with supported engine options" {
+  run machine create -d $DRIVER \
+    --engine-label spam=eggs \
+    --engine-storage-driver devicemapper \
+    --engine-insecure-registry registry.myco.com \
+    $NAME
+  echo "$output"
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: check for engine label" {
+  spamlabel=$(docker $(machine config $NAME) info | grep spam)
+  [[ $spamlabel =~ "spam=eggs" ]]
+}
+
+@test "$DRIVER: check for engine storage driver" {
+  storage_driver_info=$(docker $(machine config $NAME) info | grep "Storage Driver")
+  [[ $storage_driver_info =~ "devicemapper" ]]
+}
+
+@test "$DRIVER: check for insecure registry setting" {
+  ir_option=$(machine ssh $NAME -- cat /etc/default/docker | grep insecure-registry)
+  [[ $ir_option =~ "registry.myco.com" ]]
+}
+
+@test "$DRIVER: rm after supported engine option create" {
+  run machine rm $NAME
+  [ $status -eq 0 ]
+}
+
+
 @test "$DRIVER: machine should not exist" {
   run machine active $NAME
   [ "$status" -eq 1  ]

test/integration/driver-digitalocean.bats

@@ -108,6 +108,55 @@ export MACHINE_STORAGE_PATH=/tmp/machine-bats-test-$DRIVER
   [ "$status" -eq 0  ]
 }
 
+@test "$DRIVER: create with arbitrary engine option" {
+  run machine create -d $DRIVER \
+    --engine-flag log-driver=none \
+    $NAME
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: check created engine option (log driver)" {
+  docker $(machine config $NAME) run --name nolog busybox echo this should not be logged
+  run docker $(machine config $NAME) logs nolog
+  [ $status -eq 1 ]
+}
+
+@test "$DRIVER: rm after arbitrary engine option create" {
+  run machine rm $NAME
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: create with supported engine options" {
+  run machine create -d $DRIVER \
+    --engine-label spam=eggs \
+    --engine-storage-driver devicemapper \
+    --engine-insecure-registry registry.myco.com \
+    $NAME
+  echo "$output"
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: check for engine labels" {
+  spamlabel=$(docker $(machine config $NAME) info | grep spam)
+  [[ $spamlabel =~ "spam=eggs" ]]
+}
+
+@test "$DRIVER: check for engine storage driver" {
+  storage_driver_info=$(docker $(machine config $NAME) info | grep "Storage Driver")
+  [[ $storage_driver_info =~ "devicemapper" ]]
+}
+
+@test "$DRIVER: check for insecure registry setting" {
+  ir_option=$(machine ssh $NAME -- cat /etc/default/docker | grep insecure-registry)
+  [[ $ir_option =~ "registry.myco.com" ]]
+}
+
+@test "$DRIVER: rm after supported engine option create" {
+  run machine rm $NAME
+  [ $status -eq 0 ]
+}
+
+
 @test "$DRIVER: machine should not exist" {
   run machine active $NAME
   [ "$status" -eq 1  ]

test/integration/driver-virtualbox.bats

@@ -212,6 +212,54 @@ buildMachineWithOldIsoCheckUpgrade() {
   [ "$status" -eq 1  ]
 }
 
+@test "$DRIVER: create with arbitrary engine option" {
+  run machine create -d $DRIVER \
+    --engine-flag log-driver=none \
+    $NAME
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: check created engine option (log driver)" {
+  docker $(machine config $NAME) run --name nolog busybox echo this should not be logged
+  run docker $(machine config $NAME) logs nolog
+  [ $status -eq 1 ]
+}
+
+@test "$DRIVER: rm after arbitrary engine option create" {
+  run machine rm $NAME
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: create with supported engine options" {
+  run machine create -d $DRIVER \
+    --engine-label spam=eggs \
+    --engine-storage-driver devicemapper \
+    --engine-insecure-registry registry.myco.com \
+    $NAME
+  echo "$output"
+  [ $status -eq 0 ]
+}
+
+@test "$DRIVER: check for engine labels" {
+  spamlabel=$(docker $(machine config $NAME) info | grep spam)
+  [[ $spamlabel =~ "spam=eggs" ]]
+}
+
+@test "$DRIVER: check for engine storage driver" {
+  storage_driver_info=$(docker $(machine config $NAME) info | grep "Storage Driver")
+  [[ $storage_driver_info =~ "devicemapper" ]]
+}
+
+@test "$DRIVER: check for insecure registry setting" {
+  ir_option=$(machine ssh $NAME -- cat /var/lib/boot2docker/profile | grep insecure-registry)
+  [[ $ir_option =~ "registry.myco.com" ]]
+}
+
+@test "$DRIVER: rm after supported engine option create" {
+  run machine rm $NAME
+  [ $status -eq 0 ]
+}
+
 @test "$DRIVER: create too small disk size" {
   run machine create -d $DRIVER --virtualbox-disk-size 0 $NAME
   [ "$status" -eq 1  ]
@@ -310,7 +358,6 @@ buildMachineWithOldIsoCheckUpgrade() {
   [[ ${output} == "$CUSTOM_CPUCOUNT" ]]
 }
 
-
 @test "$DRIVER: machine should show running after create with env" {
   run machine ls
   [ "$status" -eq 0  ]