senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/ansible/roles/docker/readme.md
okinrev 327ac36a30 BASE: completing the initial repo state
2025-12-03 22:56:50 +01:00

103 lines
4.9 KiB
Markdown
Raw Blame History

# Docker role
This role will install Docker on a target machine running Debian or Ubuntu.
<!-- TOC -->
* [Docker role](#docker-role)
* [Variable reference](#variable-reference)
* [Optional variables](#optional-variables)
* [Example](#example)
* [Select the Docker version](#select-the-docker-version)
* [Select the Docker-compose version](#select-the-docker-compose-version)
* [Informations](#informations)
* [Important about the network](#important-about-the-network)
* [Update of docker-compose](#update-of-docker-compose)
<!-- TOC -->
## Variable reference
### Optional variables
| Variable | Description | Default value |
|------------------------|--------------------------------------------------------------------------------------------|---------------|
| docker_compose | install docker-compose | `true` |
| docker_user | name of the user who is going to use docker | `root` |
| docker_rootless | run the Docker daemon as a non-root user (Rootless mode) | `false` |
| docker_pinned | see section [Select the Docker version](#select-the-docker-version) bellow | None |
| docker_compose_version | see section [Select the Docker-compose version](#select-the-docker-compose-version) bellow | None |
| docker_registry_login | see bellow | None |
`docker_registry_login` is used when you need to define an url/username/password to access specific dockers registries.
The object is defined like this:
```
docker_registry_login:
- url: "docker.talas.dev"
username: "user"
password: "pass"
- url: "something"
username: "user"
password: "pass"
```
## Example
### Select the Docker version
By default, the latest version of Docker will be installed, but you can specify a version by setting this variable:
```
docker_pinned: "17.09.0~ce-0~debian"
# Or only pin the major version
docker_pinned: "27*"
```
To find out the list of available versions, use this command on the target server:
```
# apt-cache madison docker-ce
docker-ce | 17.09.0~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
docker-ce | 17.06.2~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
docker-ce | 17.06.1~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
docker-ce | 17.06.0~ce-0~debian | https://download.docker.com/linux/debian stretch/stable amd64 Packages
docker-ce | 17.03.2~ce-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
docker-ce | 17.03.1~ce-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
docker-ce | 17.03.0~ce-0~debian-stretch | https://download.docker.com/linux/debian stretch/stable amd64 Packages
```
### Select the Docker-compose version
By default, this role will install the latest version of docker-compose.
You can also select a specific docker-compose version by setting this variable:
```
docker_compose_version: "1.17.1"
```
You can find the list of docker-compose release here: https://github.com/docker/compose/releases/
## Informations
### Important about the network
This role let docker create the docker0 bridge interface. This means that if docker sees a route for all the rfc1918 networks (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16), it will fail.
This basically is the case for the machines in the DMZ: all those routes are defined so that the default gateway can be the BGP router, typically you have such configuration for their DMZ interface:
```
# DMZ6
auto eth136
iface eth136 inet static
address 10.12.36.96
netmask 24
dns-nameservers 10.12.1.207 10.12.1.2
dns-search talas.com
# static route
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.12.36.254 dev eth136
up route add -net 172.16.0.0 netmask 255.240.0.0 gw 10.12.36.254 dev eth136
up route add -net 192.168.0.0 netmask 255.255.0.0 gw 10.12.36.254 dev eth136
```
To allow doker to create the docker0 interface, you basically have to remove the last line. Currently we don't use any 192.168.0.0/16 network so it won't be an issue.
### Update of docker-compose
To perform an update, add this parameter: `--extra-vars "docker_compose_update_now=true"` , *true* is case-sensitive since it's evaluated as a string in this case.
This role will also update if this parameter is present: `--extra-vars "global_update_now=true"` , *true* is also case-sensitive since it's evaluated as a string in this case.
The update will be skipped if you already have the latest version of the binary.
Reference in a new issue View git blame Copy permalink