haxorof.docker_ce
Ansible Role for Docker CE (Community Edition)
IMPORTANT! This role might work even if it doesn’t list support for all distribution versions.
This Ansible role helps you to install and set up Docker CE (Community Edition) on various Linux distributions. The aim is to simplify the process for users, making the installation and configuration consistent across different systems.
ansible-galaxy role install haxorof.docker_ce
Features
- Easy installation and configuration of Docker CE on supported Linux distributions.
- Installs Docker SDK and Docker Compose.
- Tries to support installation of Docker plugins.
- Attempts to uninstall Docker CE and its related configurations efficiently.
- Adjusts configurations to avoid problems in certain distributions.
- Simplifies setting up Docker as per Center for Internet Security (CIS) guidelines.
Supported Distributions
Note! Some versions of the distributions below may only have Python 2.7. These are compatible only with Ansible versions below 10.0.0 (or ansible-core versions below 2.17), as support for Python 2.7 was removed in Ansible 10.0.0 (ansible-core 2.17).
- AlmaLinux1
- Amazon Linux1
- CentOS1
- CentOS Stream
- Debian
- Fedora
- Linux Mint1 (based on Ubuntu)
- Raspbian (based on Debian)
- RHEL
- Rocky Linux1
- Ubuntu
1 Note: Docker does not fully support Docker CE on these distributions, and some features may not function.
Other distributions may work with this role as well. You can disable distribution checks by setting docker_do_checks to no.
Changelog
See the changelog here.
Ansible Compatibility
- Ansible
9.0.0or later (ansible-core2.16or later)
Due to support for multiple Ansible versions, you may see some deprecation warnings. You can check the Ansible documentation to learn how to disable these warnings.
This role is designed to support the latest and previous major Ansible releases. For supported versions, see here.
Ansible Collection Requirements
If you have only ansible-core installed, the following collections must also be installed for this role to function:
- ansible.posix
- community.general
Requirements
No extra requirements.
Role Variables
Variables related to this role can be found here.
Dependencies
None.
Example Playbook
Here are some examples to show what this role can do.
Simplest Example
- hosts: docker
roles:
- role: haxorof.docker_ce
Configure Docker Daemon to Use Proxy
- hosts: docker
vars:
docker_daemon_envs:
HTTP_PROXY: http://localhost:3128/
NO_PROXY: localhost,127.0.0.1,docker-registry.somecorporation.com
roles:
- haxorof.docker_ce
Ensure Ansible Can Use Docker Modules After Installation
- hosts: test-host
vars:
docker_sdk: true
docker_compose: true
roles:
- haxorof.docker_ce
post_tasks:
- name: Test hello container
become: yes
docker_container:
name: hello
image: hello-world
- name: Test hello service
become: yes
docker_service:
project_name: hello
definition:
version: '3'
services:
hello:
image: "hello-world"
CIS Security Compliant Docker Engine Installation
This minimal example shows the necessary role configuration to pass the Docker benchmark checks:
- hosts: docker
vars:
docker_plugins:
- type: authz
alias: opa-docker-authz
name: openpolicyagent/opa-docker-authz-v2:0.9
args: opa-args="-policy-file /opa/policies/authz.rego"
docker_enable_audit: yes
docker_daemon_config:
icc: false
log-driver: journald
userns-remap: default
live-restore: true
userland-proxy: false
no-new-privileges: true
roles:
- haxorof.docker_ce
If the above configuration requires Linux user namespaces, you may need to adjust GRUB settings and reboot the host.
Example of required changes, which will need a reboot:
# https://success.docker.com/article/user-namespace-runtime-error
- hosts: docker
roles:
- role: jtyr.grub_cmdline
vars:
grub_cmdline_add_args:
- namespace.unpriv_enable=1
- user_namespace.enable=1
become: yes
tasks:
- name: set user.max_user_namespaces
sysctl:
name: user.max_user_namespaces
value: 15000
sysctl_set: yes
state: present
reload: yes
become: yes
For a complete working example on CentOS 7, check here.
Automated Test Matrix
Here are the latest test results from the automated tests in the tests directory:
Note! Not all distributions listed below provide the latest version of Docker CE.
Test Suites
| Suite | ID | Comment |
|---|---|---|
| s-1 | t_config | |
| s-2 | t_postinstall | |
| s-3 | t_auditd |
Test Matrix
| Symbol | Definition |
|---|---|
| :heavy_check_mark: | All tests passed |
| :x: | At least one test failed / Not supported |
| :heavy_minus_sign: | No test done / Not yet tested |
| # | s-1 | s-2 | s-3 | updated |
|---|---|---|---|---|
| AlmaLinux 8 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| AlmaLinux 9 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| Amazon Linux 2 | :heavy_check_mark: | :x: | :heavy_check_mark: | 2024-08-02 |
| Amazon Linux 2023 | :heavy_check_mark: | :x: | :heavy_check_mark: | 2024-08-02 |
| CentOS Stream 9 | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | 2024-08-02 |
| Debian 11 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| Debian 12 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| Fedora 39 | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | 2024-08-02 |
| Fedora 40 | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | 2024-08-02 |
| Rocky Linux 8 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| Rocky Linux 9 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| Ubuntu 20.04 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| Ubuntu 22.04 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-02 |
| Ubuntu 24.04 | :heavy_minus_sign: | :heavy_minus_sign: | :heavy_minus_sign: | 2024-08-02 |
| RHEL 8 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-12 |
| RHEL 9 | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | 2024-08-12 |
License
This is an open-source project under the MIT license.
Installs and configures Docker Community Edition (CE) on AlmaLinux/Rocky/CentOS/Fedora/RHEL/Ubuntu/Debian/Mint/Raspbian
ansible-galaxy install haxorof.docker_ce