Merge d3d12cc08f into 94b787389d

.ansible/roles/geerlingguy.docker

@@ -0,0 +1 @@
+/home/20235703336@samba.afip.gob.ar/dev/awx/ansible/roles/afreisinger.docker

.gitignore

@@ -2,4 +2,4 @@
 */__pycache__
 *.pyc
 .cache
-
+/files/registry-prd-ca.crt

README.md

@@ -131,6 +131,26 @@ docker_daemon_options:
 
 Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
 
+```yaml
+docker_service_settings:
+  - HTTP_PROXY=http://proxy.example.com:80
+  - HTTPS_PROXY=https://proxy.example.com:443
+  - NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp
+```
+
+Custom docker service configuration. Should only be used for `HTTP/HTTPS proxy` settings.
+
+```yaml
+docker_custom_registries:
+  - host: "registry.prd.example.com"
+    ca_file: "registry-prd-example-ca.crt"
+  - host: "registry.dev.example.com"
+    ca_file: "registry-dev-example-ca.crt"
+```
+
+Custom trust private Docker registries with custom Certificate Authorities (CAs).
+Place the CA files under the files/ directory of your role or playbook. Each CA will be installed under /etc/docker/certs.d/\<host>/ca.crt.
+
 ## Use with Ansible (and `docker` Python library)
 
 Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:

defaults/main.yml

@@ -66,3 +66,9 @@ docker_users: []
 
 # Docker daemon options as a dict
 docker_daemon_options: {}
+
+# Docker HTTP/HTTPS proxy settings as list of environment configurations
+docker_service_settings: []
+
+# Docker local registries
+docker_custom_registries: []

files/bar.txt

@@ -0,0 +1 @@
+-- files for use with the copy resource

files/foo.sh

@@ -0,0 +1 @@
+-- script files for use with the script resource

files/registry-prd-example-ca.crt

@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+

tasks/main.yml

@@ -65,6 +65,37 @@
   when: docker_daemon_options.keys() | length > 0
   notify: restart docker
 
+- name: Create docker config target directory
+  file:
+    path: /etc/systemd/system/docker.service.d
+    state: directory
+    mode: 0755
+  when: docker_service_settings | length > 0
+
+- name: Configure docker service environment.
+  template:
+    src: http-proxy.conf.j2
+    dest: /etc/systemd/system/docker.service.d/http-proxy.conf
+    mode: 0644
+  when: docker_service_settings | length > 0
+  notify: restart docker
+
+- name: Create certs directories for Docker registries
+  file:
+    path: "/etc/docker/certs.d/{{ item.host }}"
+    state: directory
+    mode: '0755'
+  loop: "{{ docker_custom_registries }}"
+  when: item.host | length > 0 and item.ca_file | length > 0
+
+- name: Copy CA certificates for Docker registries
+  copy:
+    src: "files/{{ item.ca_file }}"
+    dest: "/etc/docker/certs.d/{{ item.host }}/ca.crt"
+  loop: "{{ docker_custom_registries }}"
+  when: item.host | length > 0 and item.ca_file | length > 0
+  notify: restart docker
+
 - name: Ensure Docker is started and enabled at boot.
   service:
     name: docker

tasks/setup-Debian.yml

@@ -17,8 +17,8 @@
     update_cache: true
   when: docker_add_repo | bool
 
-- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
-  name: Ensure old versions of Docker are not installed.
+  # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+- name: Ensure old versions of Docker are not installed.
   package:
     name: "{{ docker_obsolete_packages }}"
     state: absent

templates/http-proxy.conf.j2

@@ -0,0 +1,4 @@
+[Service]
+{% for docker_service_setting in docker_service_settings %}
+Environment="{{ docker_service_setting }}"
+{% endfor %}