# Docker role

This role will install Docker on a target machine running Debian or Ubuntu.

<!-- TOC -->
* [Docker role](#docker-role)
  * [Variable reference](#variable-reference)
    * [Optional variables](#optional-variables)
  * [Example](#example)
    * [Select the Docker version](#select-the-docker-version)
    * [Select the Docker-compose version](#select-the-docker-compose-version)
  * [Informations](#informations)
    * [Important about the network](#important-about-the-network)
    * [Update of docker-compose](#update-of-docker-compose)
<!-- TOC -->

## Variable reference

### Optional variables

| Variable               | Description                                                                                | Default value |
|------------------------|--------------------------------------------------------------------------------------------|---------------|
| docker_compose         | install docker-compose                                                                     | `true`        |
| docker_user            | name of the user who is going to use docker                                                | `root`        |
| docker_rootless        | run the Docker daemon as a non-root user (Rootless mode)                                   | `false`       |
| docker_pinned          | see section [Select the Docker version](#select-the-docker-version) bellow                 | None          |
| docker_compose_version | see section [Select the Docker-compose version](#select-the-docker-compose-version) bellow | None          |
| docker_registry_login  | see bellow                                                                                 | None          |

`docker_registry_login` is used when you need to define an url/username/password to access specific dockers registries.

The object is defined like this:
```
docker_registry_login:
  - url: "docker.talas.dev"
    username: "user"
    password: "pass"
  - url: "something"
    username: "user"
    password: "pass"
```

## Example
### Select the Docker version

By default, the latest version of Docker will be installed, but you can specify a version by setting this variable:
```
docker_pinned: "17.09.0~ce-0~debian"
# Or only pin the major version
docker_pinned: "27*"
```
To find out the list of available versions, use this command on the target server:
```
# apt-cache madison docker-ce
 docker-ce | 17.09.0~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
 docker-ce | 17.06.2~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
 docker-ce | 17.06.1~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
 docker-ce | 17.06.0~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
 docker-ce | 17.03.2~ce-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
 docker-ce | 17.03.1~ce-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
 docker-ce | 17.03.0~ce-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
```

### Select the Docker-compose version

By default, this role will install the latest version of docker-compose.
You can also select a specific docker-compose version by setting this variable:
```
docker_compose_version: "1.17.1"
```
You can find the list of docker-compose release here: https://github.com/docker/compose/releases/

## Informations
### Important about the network

This role let docker create the docker0 bridge interface. This means that if docker sees a route for all the rfc1918 networks (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16), it will fail.

This basically is the case for the machines in the DMZ: all those routes are defined so that the default gateway can be the BGP router, typically you have such configuration for their DMZ interface:
```
# DMZ6
auto eth136
       iface eth136 inet static
       address 10.12.36.96
       netmask 24
       dns-nameservers 10.12.1.207 10.12.1.2
       dns-search talas.com


# static route
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.12.36.254 dev eth136
up route add -net 172.16.0.0 netmask 255.240.0.0 gw 10.12.36.254 dev eth136
up route add -net 192.168.0.0 netmask 255.255.0.0 gw 10.12.36.254 dev eth136
```

To allow doker to create the docker0 interface, you basically have to remove the last line. Currently we don't use any 192.168.0.0/16 network so it won't be an issue.

### Update of docker-compose

To perform an update, add this parameter: `--extra-vars "docker_compose_update_now=true"` , *true* is case-sensitive since it's evaluated as a string in this case.

This role will also update if this parameter is present: `--extra-vars "global_update_now=true"` , *true* is also case-sensitive since it's evaluated as a string in this case.

The update will be skipped if you already have the latest version of the binary.