diff --git a/.ansible/roles/geerlingguy.docker b/.ansible/roles/geerlingguy.docker new file mode 120000 index 0000000..4b3e7dc --- /dev/null +++ b/.ansible/roles/geerlingguy.docker @@ -0,0 +1 @@ +/home/20235703336@samba.afip.gob.ar/dev/awx/ansible/roles/afreisinger.docker \ No newline at end of file diff --git a/.gitignore b/.gitignore index 8840c8f..ebba623 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,4 @@ */__pycache__ *.pyc .cache - +/files/registry-prd-ca.crt \ No newline at end of file diff --git a/README.md b/README.md index d1398b9..53ae5ac 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,26 @@ docker_daemon_options: Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`. +```yaml +docker_service_settings: + - HTTP_PROXY=http://proxy.example.com:80 + - HTTPS_PROXY=https://proxy.example.com:443 + - NO_PROXY=localhost,127.0.0.1,docker-registry.example.com,.corp +``` + +Custom docker service configuration. Should only be used for `HTTP/HTTPS proxy` settings. + +```yaml +docker_custom_registries: + - host: "registry.prd.example.com" + ca_file: "registry-prd-example-ca.crt" + - host: "registry.dev.example.com" + ca_file: "registry-dev-example-ca.crt" +``` + +Custom trust private Docker registries with custom Certificate Authorities (CAs). +Place the CA files under the files/ directory of your role or playbook. Each CA will be installed under /etc/docker/certs.d/\/ca.crt. + ## Use with Ansible (and `docker` Python library) Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role: diff --git a/defaults/main.yml b/defaults/main.yml index e6b1e92..eee82e5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -66,3 +66,9 @@ docker_users: [] # Docker daemon options as a dict docker_daemon_options: {} + +# Docker HTTP/HTTPS proxy settings as list of environment configurations +docker_service_settings: [] + +# Docker local registries +docker_custom_registries: [] diff --git a/files/bar.txt b/files/bar.txt new file mode 100644 index 0000000..904bbd9 --- /dev/null +++ b/files/bar.txt @@ -0,0 +1 @@ +-- files for use with the copy resource \ No newline at end of file diff --git a/files/foo.sh b/files/foo.sh new file mode 100644 index 0000000..2912302 --- /dev/null +++ b/files/foo.sh @@ -0,0 +1 @@ +-- script files for use with the script resource \ No newline at end of file diff --git a/files/registry-prd-example-ca.crt b/files/registry-prd-example-ca.crt new file mode 100644 index 0000000..89c3ebd --- /dev/null +++ b/files/registry-prd-example-ca.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +-----END CERTIFICATE----- + diff --git a/tasks/main.yml b/tasks/main.yml index dcd47de..d8568e4 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -65,6 +65,37 @@ when: docker_daemon_options.keys() | length > 0 notify: restart docker +- name: Create docker config target directory + file: + path: /etc/systemd/system/docker.service.d + state: directory + mode: 0755 + when: docker_service_settings | length > 0 + +- name: Configure docker service environment. + template: + src: http-proxy.conf.j2 + dest: /etc/systemd/system/docker.service.d/http-proxy.conf + mode: 0644 + when: docker_service_settings | length > 0 + notify: restart docker + +- name: Create certs directories for Docker registries + file: + path: "/etc/docker/certs.d/{{ item.host }}" + state: directory + mode: '0755' + loop: "{{ docker_custom_registries }}" + when: item.host | length > 0 and item.ca_file | length > 0 + +- name: Copy CA certificates for Docker registries + copy: + src: "files/{{ item.ca_file }}" + dest: "/etc/docker/certs.d/{{ item.host }}/ca.crt" + loop: "{{ docker_custom_registries }}" + when: item.host | length > 0 and item.ca_file | length > 0 + notify: restart docker + - name: Ensure Docker is started and enabled at boot. service: name: docker diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 253876b..191491f 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -17,8 +17,8 @@ update_cache: true when: docker_add_repo | bool -- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions - name: Ensure old versions of Docker are not installed. + # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions +- name: Ensure old versions of Docker are not installed. package: name: "{{ docker_obsolete_packages }}" state: absent diff --git a/templates/http-proxy.conf.j2 b/templates/http-proxy.conf.j2 new file mode 100644 index 0000000..0201283 --- /dev/null +++ b/templates/http-proxy.conf.j2 @@ -0,0 +1,4 @@ +[Service] +{% for docker_service_setting in docker_service_settings %} +Environment="{{ docker_service_setting }}" +{% endfor %} \ No newline at end of file