Ansible Role: setup-secure-remote-docker-daemon

This role sets up and secures a Docker daemon that can be accessed remotely using TLS.

Requirements

No special requirements. This role will install Docker before configuration.

Role Variables

Required Parameters

• rootca_certificate: The certificate for the RootCA that will be used to verify clients. Enter as text.
• server_certificate: The server certificate used to authenticate the Docker server. Enter as text.
• server_privatekey: The private key for the server, matching the server certificate. Enter as text.

Optional Parameters

• docker_port: Default is 2376.

• certificates_dir [default=/docker-tls]: The directory on the remote machine where certificates will be stored.

• cert_filename [default=server-certificate.pem]: Name of the server certificate file on the remote machine.

• privkey_filename [default=server-privatekey.pem]: Name of the server private key file on the remote machine.

• cacert_filename [default=rootca-certificate.pem]: Name of the RootCA certificate file on the remote machine.

Example Playbook

Here’s a sample playbook using this role. In this example, the certificates and private key are retrieved from files using the lookup method from jinja2.

- hosts: sandbox

  vars:
    certdir: "/home/my_certificate_directory"

  tasks:
    - include_role:
        name: FlorianKempenich.setup-secure-remote-docker-daemon
      vars:
        rootca_certificate: "{{ lookup('file', '{{ certdir }}/rootca-certificate.pem') }}"
        server_certificate: "{{ lookup('file', '{{ certdir }}/server/server-certificate.pem') }}"
        server_privatekey: "{{ lookup('file', '{{ certdir }}/server/server-privatekey.pem') }}"

License

MIT License.

Author Information

You can follow my work on my blog: Florian Kempenich