Added daemon.json configuration and CA Authorities

2025-08-15 13:48:28 +02:00 · 2018-12-20 13:54:02 +02:00 · 2018-12-20 13:54:02 +02:00 · 4751c3e03a
commit 4751c3e03a
parent fa1a56824e
5 changed files with 49 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -52,6 +52,14 @@ Docker Compose installation options.

 A list of system users to be added to the `docker` group (so they can use Docker on the server).

+    docker_certificate_authorities:
+      - name: example.com
+        file: 'files/ca.crt'
+      - name: another.example.com
+        url: 'https://some.url.example.com/certificates/ca.crt'
+
+A list of [Certificate Authorities](https://docs.docker.com/engine/security/certificates/) to add during the install.
+
 ## Use with Ansible (and `docker` Python library)

 Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -27,3 +27,9 @@ docker_yum_repo_enable_test: 0

 # A list of users who will be added to the docker group.
 docker_users: []
+
+# Options to add to the docker daemon.json
+docker_daemon_options: 
+
+# List of user specified certificate authorities
+docker_certificate_authorities: []
--- a/tasks/docker-certificates.yml
+++ b/tasks/docker-certificates.yml
@ -0,0 +1,22 @@
+---
+- name: Create folder for certificates
+  file:
+    path: /etc/docker/certs.d/{{item.name}}
+    state: directory
+  with_items: '{{docker_certificate_authorities}}'
+
+- name: Install certificate from url
+  get_url:
+    url: '{{item.url}}'
+    dest: /etc/docker/certs.d/{{item.name}}
+  with_items: '{{docker_certificate_authorities}}'
+  when: item.url is defined
+  notify: restart docker
+
+- name: Install certificate from file
+  copy:
+    src: '{{item.file}}'
+    dest: /etc/docker/certs.d/{{item.name}}/
+  with_items: '{{docker_certificate_authorities}}'
+  when: item.file is defined
+  notify: restart docker
--- a/tasks/docker-daemon-json.yml
+++ b/tasks/docker-daemon-json.yml
@ -0,0 +1,7 @@
+---
+- name: Configure docker daemon.json file
+  template:
+    src: '{{ docker_daemon_options | to_nice_json }}'
+    dest: /etc/docker/daemon.json
+    mode: 0644
+  notify: restart docker
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -11,6 +11,12 @@
    state: "{{ docker_package_state }}"
  notify: restart docker

+- import_tasks: docker-daemon-json.yml
+  when: docker_daemon_options
+
+- import_tasks: docker-certificates.yml
+  when: docker_certificate_authorities
+
 # TODO: Remove this shim once 18.09.1 or later is released.
 - import_tasks: docker-1809-shim.yml
  when: ansible_service_mgr == 'systemd'