nils/ansible-role-docker
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update

Browse Source
This commit is contained in:
Nils Cant
2025-11-02 15:29:45 +01:00
parent 78965c8994
commit 714f2b1d3b
5 changed files with 24 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@@ -1 +1 @@
docker_storage_driver: overlay2 docker_allowed_users: []

14
tasks/apt.yml
View File

@@ -3,14 +3,20 @@
apt: apt:
name: ['apt-transport-https', 'ca-certificates', 'gpg'] name: ['apt-transport-https', 'ca-certificates', 'gpg']
#- name: Add docker apt key
# apt_key:
# keyserver: hkp://p80.pool.sks-keyservers.net:80
# id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
- name: Add docker apt key - name: Add docker apt key
apt_key: copy:
keyserver: hkp://p80.pool.sks-keyservers.net:80 src: docker.asc
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 dest: /etc/apt/keyrings/docker.asc
mode: 0644
- name: Add docker repository - name: Add docker repository
apt_repository: apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
- name: Install docker CE - name: Install docker CE
apt: name=docker-ce state=latest apt: name=docker-ce state=latest

22
tasks/docker.yml
View File

@@ -1,13 +1,13 @@
--- ---
- name: Create docker systemd drop-in directory #- name: Create docker systemd drop-in directory
file: # file:
path: /etc/systemd/system/docker.service.d # path: /etc/systemd/system/docker.service.d
state: directory # state: directory
- name: Configure docker startup options #- name: Configure docker startup options
template: # template:
src: docker-systemd-conf.j2 # src: docker-systemd-conf.j2
dest: /etc/systemd/system/docker.service.d/exec.conf # dest: /etc/systemd/system/docker.service.d/exec.conf
notify: # notify:
- restart docker # - restart docker
- systemctl daemon-reload # - systemctl daemon-reload

4
tasks/main.yml
View File

@@ -1,4 +1,4 @@
--- ---
- import_tasks: apt.yml - import_tasks: apt.yml
- import_tasks: tls.yml #- import_tasks: docker.yml
- import_tasks: docker.yml - import_tasks: users.yml

40
tasks/tls.yml
View File

@@ -1,40 +0,0 @@
---
- name: Docker TLS directory
file:
path: /etc/docker/tls
state: directory
- name: Openssl docker ext config file
copy:
content: "subjectAltName = DNS:{{ ansible_fqdn}},IP:127.0.0.1"
dest: "/etc/docker/tls/extfile.cnf"
- name: Generate server CA and server TLS certificates
shell: |
openssl req -new -days 7300 -batch -newkey rsa:4096 -keyout ca.key -nodes -subj "/commonName={{ ansible_fqdn }} docker CA/" -x509 -out ca.pem
openssl genrsa -out server.key 4096
openssl req -subj "/CN={{ ansible_fqdn }}" -sha256 -new -key server.key -out server.csr
openssl x509 -req -days 3650 -sha256 -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -extfile extfile.cnf
args:
chdir: /etc/docker/tls
creates: /etc/docker/tls/*.pem
- name: TLS client extfile
copy:
content: "extendedKeyUsage = clientAuth"
dest: /etc/docker/tls/client-extfile.cnf
- name: Docker client certificate directory
file:
path: "/root/.docker/{{ ansible_fqdn }}"
state: directory
- name: Generate and sign client TLS certificate
shell: |
openssl genrsa -out "/root/.docker/{{ ansible_fqdn }}/key.pem" 4096
openssl req -subj '/CN=client' -new -key "/root/.docker/{{ ansible_fqdn }}/key.pem" -out "/root/.docker/{{ ansible_fqdn }}/client.csr"
openssl x509 -req -days 3650 -sha256 -in "/root/.docker/{{ ansible_fqdn }}/client.csr" -CA ca.pem -CAkey ca.key -CAcreateserial -out "/root/.docker/{{ ansible_fqdn }}/cert.pem" -extfile client-extfile.cnf
cp /etc/docker/tls/ca.pem "/root/.docker/{{ ansible_fqdn }}"
args:
chdir: /etc/docker/tls
creates: "/root/.docker/{{ ansible_fqdn }}/cert.pem"