Mirrors/geerlingguy.ansible-role-docker
1
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-docker.git synced 2025-10-15 11:15:35 +02:00
Code Issues Projects Releases Wiki Activity

add custom trust private Docker registries

Browse Source
This commit is contained in:
afreisinger 2025-05-30 02:31:30 -03:00
parent 4109c98925
commit d3d12cc08f
9 changed files with 39 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.ansible/roles/geerlingguy.docker Symbolic link
View File

@ -0,0 +1 @@
/home/20235703336@samba.afip.gob.ar/dev/awx/ansible/roles/afreisinger.docker

2
.gitignore vendored
View File

@ -2,4 +2,4 @@
*/__pycache__ */__pycache__
*.pyc *.pyc
.cache .cache
/files/registry-prd-ca.crt

11
README.md
View File

@ -140,6 +140,17 @@ docker_service_settings:
Custom docker service configuration. Should only be used for `HTTP/HTTPS proxy` settings. Custom docker service configuration. Should only be used for `HTTP/HTTPS proxy` settings.
```yaml
docker_custom_registries:
- host: "registry.prd.example.com"
ca_file: "registry-prd-example-ca.crt"
- host: "registry.dev.example.com"
ca_file: "registry-dev-example-ca.crt"
```
Custom trust private Docker registries with custom Certificate Authorities (CAs).
Place the CA files under the files/ directory of your role or playbook. Each CA will be installed under /etc/docker/certs.d/\<host>/ca.crt.
## Use with Ansible (and `docker` Python library) ## Use with Ansible (and `docker` Python library)
Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role: Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:

3
defaults/main.yml
View File

@ -69,3 +69,6 @@ docker_daemon_options: {}
# Docker HTTP/HTTPS proxy settings as list of environment configurations # Docker HTTP/HTTPS proxy settings as list of environment configurations
docker_service_settings: [] docker_service_settings: []
# Docker local registries
docker_custom_registries: []

1
files/bar.txt Normal file
View File

@ -0,0 +1 @@
-- files for use with the copy resource

1
files/foo.sh Normal file
View File

@ -0,0 +1 @@
-- script files for use with the script resource

3
files/registry-prd-example-ca.crt Normal file
View File

@ -0,0 +1,3 @@
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

16
tasks/main.yml
View File

@ -80,6 +80,22 @@
when: docker_service_settings | length > 0 when: docker_service_settings | length > 0
notify: restart docker notify: restart docker
- name: Create certs directories for Docker registries
file:
path: "/etc/docker/certs.d/{{ item.host }}"
state: directory
mode: '0755'
loop: "{{ docker_custom_registries }}"
when: item.host | length > 0 and item.ca_file | length > 0
- name: Copy CA certificates for Docker registries
copy:
src: "files/{{ item.ca_file }}"
dest: "/etc/docker/certs.d/{{ item.host }}/ca.crt"
loop: "{{ docker_custom_registries }}"
when: item.host | length > 0 and item.ca_file | length > 0
notify: restart docker
- name: Ensure Docker is started and enabled at boot. - name: Ensure Docker is started and enabled at boot.
service: service:
name: docker name: docker

4
tasks/setup-Debian.yml
View File

@ -17,8 +17,8 @@
update_cache: true update_cache: true
when: docker_add_repo | bool when: docker_add_repo | bool
- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
name: Ensure old versions of Docker are not installed. - name: Ensure old versions of Docker are not installed.
package: package:
name: "{{ docker_obsolete_packages }}" name: "{{ docker_obsolete_packages }}"
state: absent state: absent