https://github.com/turgon37/ansible-docker-server
Ansible role to install and configure docker engine
https://github.com/turgon37/ansible-docker-server
ansible docker-engine docker-server
Last synced: about 1 month ago
JSON representation
Ansible role to install and configure docker engine
- Host: GitHub
- URL: https://github.com/turgon37/ansible-docker-server
- Owner: Turgon37
- License: mit
- Created: 2016-11-19T10:00:13.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2019-07-26T17:45:09.000Z (almost 7 years ago)
- Last Synced: 2025-05-31T23:15:17.006Z (12 months ago)
- Topics: ansible, docker-engine, docker-server
- Language: Python
- Homepage:
- Size: 158 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
Ansible Role Docker server
=========
[](https://travis-ci.org/Turgon37/ansible-docker-server)
:warning: This role is under development, some important (and possibly breaking) changes may happend. Don't use it in production level environments but you can eventually base your own role on this one :hammer:
:grey_exclamation: Before using this role, please know that all my Ansible roles are fully written and accustomed to my IT infrastructure. So, even if they are as generic as possible they will not necessarily fill your needs, I advice you to carrefully analyse what they do and evaluate their capability to be installed securely on your servers.
**This roles configure the docker daemon.**
## Features
Currently this role provide the following features :
* docker engine installation
* docker engine configuration
* docker engine systemd service file
* install the docker-compose tool
* use the native tool for x86 architectures
* use a workaround script + compiled docker image for some other platforms (only armhf for now)
* monitoring items for
* Zabbix
* [local facts](#facts)
## Requirements
### OS Family
This role is available for
* Debian/Raspbian 8/9
* CentOS 7
### Dependencies
If you use the zabbix monitoring profile you will need the role [ansible-zabbix-agent](https://github.com/Turgon37/ansible-zabbix-agent)
## Role Variables
The variables that can be passed to this role and a brief description about them are as follows:
| Name | Types/Values | Description |
| ------------------------------------------| ---------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| docker_server__facts | Boolean | Install the local fact script |
| docker_server__edition | String | Install edition in 'ce' (Community Edition) or 'ee' (Enterprise Edition) |
| docker_server__repository_release_channel | String | The release channel to use in 'stable', 'edge', 'test' |
| docker_server__compose_version | String | The version of docker-compose to install |
| docker_server__compose_state | String | The state of docker-compose tool in 'present', 'absent' |
| docker_server__service_enabled | Boolean | Enable or not the docker service on the host |
| docker_server__service_restartable | Boolean | If the docker configuration change ansible will automatically restart the service unless this variable is set to False. In others words, set this to True if you want ansible automatically restart the docker daemon on configuration changes|
| docker_server__service_restart_stamp_file | String | If service_restartable (above) is set to False, ansible will touch this path instead of restarting docker. This allow you to test the presence of this file with your monitoring tool |
| docker_server__socket_group | String | The name of the linux group the socket will belong to |
| docker_server__socket_group_users | List/Dict (see below) | The list of linux local user name you want to add to socket group |
:exclamation: In a production environment I recommend to set docker_server__service_restartable to False and to handle manually the docker service's restarts
### Socket privileged users configuration
If any of your configured docker listen hosts contains 'unix://' string this role will configure a unix system group to secure it.
Then, you can add some users to this group by using the following configuration:
```
docker_server__socket_group_users:
- userlogin1
```
If you want to revoke user socket access
```
docker_server__socket_group_users:
- name: userlogin1
state: absent
```
## Facts
By default the local fact are installed and expose all variables available with the docker info command line.
You can use this command to get an idea of available keys
```
docker version --format '{{json .}}'
```
In addition, the following facts are available about docker-compose
* ```ansible_local.docker_compose.version_full```
* ```ansible_local.docker_compose.version_major```
## Examples Playbooks
To use this role create or update your playbook according the following examples :
* Exemple of configuration with specific storage driver
```
- hosts: servers
roles:
- docker-server
vars:
storage-driver: devicemapper
storage-opts:
- 'dm.thinpooldev=/dev/mapper/docker-thinpool'
- 'dm.use_deferred_removal=true'
- 'dm.use_deferred_deletion=true'
```
## License
MIT