add custom trust private Docker registries

.ansible/roles/geerlingguy.docker

@@ -0,0 +1 @@
+/home/20235703336@samba.afip.gob.ar/dev/awx/ansible/roles/afreisinger.docker

.gitignore

@@ -2,4 +2,4 @@
 */__pycache__
 *.pyc
 .cache
-
+/files/registry-prd-ca.crt

README.md

@@ -140,6 +140,17 @@ docker_service_settings:
 
 Custom docker service configuration. Should only be used for `HTTP/HTTPS proxy` settings.
 
+```yaml
+docker_custom_registries:
+  - host: "registry.prd.example.com"
+    ca_file: "registry-prd-example-ca.crt"
+  - host: "registry.dev.example.com"
+    ca_file: "registry-dev-example-ca.crt"
+```
+
+Custom trust private Docker registries with custom Certificate Authorities (CAs).
+Place the CA files under the files/ directory of your role or playbook. Each CA will be installed under /etc/docker/certs.d/\<host>/ca.crt.
+
 ## Use with Ansible (and `docker` Python library)
 
 Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:

defaults/main.yml

@@ -69,3 +69,6 @@ docker_daemon_options: {}
 
 # Docker HTTP/HTTPS proxy settings as list of environment configurations
 docker_service_settings: []
+
+# Docker local registries
+docker_custom_registries: []

files/bar.txt

@@ -0,0 +1 @@
+-- files for use with the copy resource

files/foo.sh

@@ -0,0 +1 @@
+-- script files for use with the script resource

files/registry-prd-example-ca.crt

@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+

tasks/main.yml

@@ -80,6 +80,22 @@
   when: docker_service_settings | length > 0
   notify: restart docker
 
+- name: Create certs directories for Docker registries
+  file:
+    path: "/etc/docker/certs.d/{{ item.host }}"
+    state: directory
+    mode: '0755'
+  loop: "{{ docker_custom_registries }}"
+  when: item.host | length > 0 and item.ca_file | length > 0
+
+- name: Copy CA certificates for Docker registries
+  copy:
+    src: "files/{{ item.ca_file }}"
+    dest: "/etc/docker/certs.d/{{ item.host }}/ca.crt"
+  loop: "{{ docker_custom_registries }}"
+  when: item.host | length > 0 and item.ca_file | length > 0
+  notify: restart docker
+
 - name: Ensure Docker is started and enabled at boot.
   service:
     name: docker

tasks/setup-Debian.yml

@@ -17,8 +17,8 @@
     update_cache: true
   when: docker_add_repo | bool
 
-- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
-  name: Ensure old versions of Docker are not installed.
+  # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+- name: Ensure old versions of Docker are not installed.
   package:
     name: "{{ docker_obsolete_packages }}"
     state: absent