ansibleguy.infra_docker_minimal

Overview Versions Insights

Ansible Role - Docker Setup

Ansible Role to deploy a basic docker installation on a linux server.

Buy me a coffee

Molecule Test Status YamlLint Test Status PyLint Test Status Ansible-Lint Test Status Ansible Galaxy

Tested:

  • Debian 11
  • Debian 12

Install

# latest
ansible-galaxy role install git+https://github.com/ansibleguy/infra_docker_minimal

# from galaxy
ansible-galaxy install ansibleguy.infra_docker_minimal

# or to custom role-path
ansible-galaxy install ansibleguy.infra_docker_minimal --roles-path ./roles

Usage

You want a simple Ansible GUI? Check-out my Ansible WebUI

Config

You can configure docker using the 'docker' variable/dictionary.

docker:
  tcp:
    enable: true  # enable docker-service listening on tcp
    bind: '0.0.0.0'

  compose:
    enable: true  # install docker-compose
    plugin: true  # default; install docker-compose-plugin ('docker compose' instead of 'docker-compose')

  tls:
    enable: true
    cert: '/etc/ssl/certs/docker.crt'
    key: '/etc/ssl/private/docker.pem'
    # ca: '/etc/ssl/certs/docker.ca.crt'
    # verify_client: true

  nftables:
    clean: true  # set bridge_none, disable_iptables and reload to true
    bridge_none: false  # set bridge=none argument on docker-startup
    disable_iptables: false  # set iptables=false argument on docker-startup
    reload: false  # reload nftables after a docker.service restart to remove its auto-added iptables-rules

Execution

Run the playbook:

ansible-playbook -K -D -i inventory/hosts.yml playbook.yml

Functionality

To keep it short => it will set-up docker like described here.

There is also an option to install docker-compose on the target host.

  • Package installation

    • Docker prerequisites

    • Docker base-packages

    • Default opt-outs:

      • docker-compose

    • Default opt-ins:

      • docker server component (else only client will be installed)

Info

  • Note: This role currently only supports debian-based systems

  • Note: If you are using NFTables you will have problems running docker.

    Docker does not support NFTables natively. The 'docker-ce'/'docker-ce-cli' package has IPTables set as its dependency.

    One CAN keep the NFTables ruleset clean when running docker with the parameter 'iptables=false'. It is even cleaner if 'bridge=none' is set!

    After that only a few IPTables rules are added. To completely eliminate this docker-ruleset one needs to reload NFTables whenever docker is restarted.

    This Ansible role lets you configure this behaviour as can be seen in the example below!

    If you use NFTables you might also want to look into the ansibleguy.infra_nftables role!

About

Role to deploy a minimal docker setup on a linux server

role docker nftables
Install
ansible-galaxy install ansibleguy.infra_docker_minimal
GitHub repository
2 stars
0 forks
0 open issues
License
other
Downloads
3.8k
Owner
AnsibleGuy
[email protected] | GPG: https://badges.ansibleguy.net/public.gpg