Crafted by Megabyte Labs
- Overview
- Features
- Quick Start
- Variables
- Supported Operating Systems
- Dependencies
- Example Playbook
- Contributing
- License
This repository is the home of an Ansible role that installs Docker on nearly any platform. Docker is a set of platform-as-a-service products that use OS-level virtualization to deliver software in packages called containers. Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels.
Installs docker-compose:
- Both Mac OS X and Windows install Docker Desktop which includes Docker Compose as well as Notary, Kubernetes, and Credential Helper.
- Installs docker-compose if the
docker_install_compose
variable is set to true. docker-compose allows you to configure Docker containers in groups.
Ensures Docker is installed:
- Installs Docker on the target machine.
- Ensures Docker is started on boot.
- If the target Docker host is a Linux machine and the
docker_snap_install
variable is set to true, then Docker will be installed as a snap package.
Adds specified users to docker group:
- If the variable
docker_users
is set to an array of usernames then those users will be added to the docker group which allows them access to Docker.
Generates TLS certificates:
- Generates TLS/HTTPS certificates so that the Docker host can be controlled remotely. This is useful if you are using a centralized method of controlling all of your Docker hosts (like Portainer). This step only runs if the
docker_tls
variable is set to true. - The certificates required for connecting to the Docker host are copied to the Ansible host's
~/.docker
folder.
Looking to install Docker without having to deal with Ansible? Simply run the following command that correlates to your operating system:
Linux/macOS:
curl -sS https://install.doctor/docker | bash
Windows:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://install.doctor/docker?os=win'))
Important Note: Before running the commands above you should probably directly access the URL to make sure the code is legit. We already know it is safe but, before running any script on your computer, you should inspect it.
You can also check out Install Doctor. It is an app we created that can install any Ansible role with a one-liner. It has some other nifty features too like the ability to install binaries on-the-fly without requiring a password. However, if you would like to incorporate this role into an Ansible playbook (and customize settings) then please continue reading below.
This role contains variables that you can customize. The variables you can customize are located in defaults/main.yml
. By default, the variables use sensible defaults but you may want to customize the role depending on your use case. The variables, along with descriptions, are listed below:
Name | Default Value | Description |
---|---|---|
Docker | Heyooo |
|
docker_apt_arch | amd64 |
The processor architecture to use (Debian/Ubuntu only) |
docker_apt_gpg_key | "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" |
The URL of the apt repository's GPG key (Debian/Ubuntu only) |
docker_apt_ignore_key_error | true |
Whether or not to ignore errors when adding the apt repository's GPG key (Debian/Ubuntu only) |
docker_apt_release_channel | stable |
The release channel to use on Debian/Ubuntu. You can set the value of this variable to either stable or edge . |
docker_apt_repository | See defaults/main.yml |
The apt repository to use (Debian/Ubuntu only) |
docker_compose_path | `/usr/local/bin/docker | compose- The target destination of the docker-compose` binary that will be installed |
docker_edition |
ce |
Edition can be either ce (Community Edition) or ee (Enterprise Edition). |
docker_install_compose | true |
Whether or not to install docker-compose |
docker_no_plugins | false |
Should the below Docker plugins be installed? Fast container image distribution plugin with lazy pulling - https://github.com/containerd/stargz-snapshotter A Docker volume plugin, managing persistent container volumes - https://github.com/rancher/convoy Docker Client Plugins Manager - build new plugins, publish them on Docker Hub - https://github.com/lukaszlach/clip |
docker_package | `docker | {{ docker_edition }}` - The name of the Docker package to install |
docker_restart_handler_state | restarted |
The state that the Docker service should assume when a restart event is triggered |
docker_snap_install | false |
Whether or not to use snap to install Docker - you can use this if there are issues with your configuration. Certificates (used by Portainer, for instance) will not be generated for a snap install. More information about the certificates is detailed below. |
docker_tls | true |
When set to true, the role will configure Docker for TLS network connections and generate the required certificates. The certificates will be stored in /etc/ssl/docker on the client and in the ~/.docker folder on the host. To reiterate, after each client machine installs Docker and generates certificates, the certificates are copied to the Ansible host machine. You can then use these certificates to connect to Docker daemons remotely (with Portainer, for instance). |
docker_tls_country | US |
The country to use when configuring TLS |
docker_tls_division | Megabyte Labs |
The division to use when configuring TLS |
docker_tls_fqdn | {{ fqdn | default('machine.example.com') }} |
The FQDN to use when configuring TLS - this should be set to the FQDN of the Docker host that's being configured |
docker_tls_locality | The Hood |
The locality to use when configuring TLS |
docker_tls_organization | Megabyte LLC |
The organization to use when configuring TLS |
docker_tls_state | New Jersey |
The state to use when configuring TLS |
docker_users |
[] |
A list of users to add to the docker group |
docker_yum_gpg_key | https://download.docker.com/linux/centos/gpg |
The URL of the GPG key to validate against when downloading from the specified yum repository |
docker_yum_repo_url | See defaults/main.yml |
The yum repository URL to retrieve the installation packages (CentOS/Fedora/RedHat only) |
https_repository_prefix | https:// |
Allows you to customize what the apt repository URL starts with. This is useful if you are using something like apt-cacher-ng as a proxy cache which requires the URL to start with http://HTTPS/. (Debian/Ubuntu only) |
#π¬ Example implementation of the docker_edition variable
docker_edition:
- subitem: string
- subitem2: string
#π¬ Example implementation of the docker_users variable
docker_users:
- `ansible_user`
- secondaryuser
- serviceaccount
The chart below shows the operating systems that we have tested this role on. It is automatically generated using the Ansible Molecule tests located in the molecule/
folder. There is CI logic in place to automatically handle the testing of Windows, macOS, Ubuntu, Fedora, CentOS, Debian, and Archlinux. If your operating system is not listed but is a variant of one of the systems we test (i.e. a Debian-flavored system or a RedHat-flavored system) then it is possible that the role will still work.
OS Family | OS Version | Status | Idempotent | Tested On |
---|
What does idempotent mean? Idempotent means that if you run this role twice in row then there will be no changes to the system the second time around.
We spent a lot of time perfecting our CI configurations and build tools. If you are interested in learning more about how we perfected our process then you might find our Ansible common files and Ansible documentation repositories interesting. See the CONTRIBUTING.md guide for more details.
Most of our roles rely on Ansible Galaxy collections. Some of our projects are also dependent on other roles and collections that are published on Ansible Galaxy. Before you run this role, you will need to install the collection and role dependencies, as well as the Python requirements, by running:
if type poetry &> /dev/null; then poetry install --no-root; else pip3 install -r .config/assets/requirements.txt; fi
ansible-galaxy install -r requirements.yml
Alternatively, you can simply run bash .config/scripts/start.sh
if you are new to Ansible and do not mind the development requirements also being installed. This is the easy way of making sure that everything works properly.
Although the only tool necessary to run this play on a standard machine is Ansible (a Python package), we include several other Python dependencies that are required for specialized use cases and development. The table below details these packages:
Package | Description | Required |
---|---|---|
ansible | A configuration management system that can remotely configure computers | βοΈ |
docker | Enables the capability of provisioning Docker containers with Ansible | βοΈ |
python-vagrant | Required for provisioning Vagrant VMs | βοΈ |
pywinrm | Required for provisioning Windows machines that are using WinRM | βοΈ |
ansible-lint | Linting tool for Ansible files | |
ansibler | Custom tool used to generate advanced documentation (e.g. it generates the compatibility chart and some other charts) | |
black | Python file auto-formatter included in case project utilizes Python test scripts | |
blocklint | Linting tool that prevents certain words from entering the code base | |
flake8 | Python linter that reports Python syntax and style errors | |
mod-ansible-autodoc | Custom fork of ansible-autodoc which allows us to auto-generate documentation based on comments in the role's YAML files | |
molecule | Test framework for Ansible | |
molecule-docker | Molecule plugin for provisioning Docker containers | |
molecule-vagrant | Molecule plugin for provisioning Vagrant VMs | |
pre-commit-hooks | Suite of tools useful for linting | |
proselint | Linter used to generate English-language improvements (used to improve documentation) | |
yamllint | Linter for YAML files that ensures proper syntax and styling is used |
Although most of our roles do not have dependencies, there are some cases where another role has to be installed before the logic can continue. At the beginning of the play, the Ansible Galaxy role dependencies listed in meta/main.yml
will run. These dependencies are configured to only run once per playbook. If you include more than one of our roles in your playbook that have dependencies in common then the dependency installation will be skipped after the first run. Some of our roles also utilize helper roles directly from the task files which helps keep our main playbook (Gas Station) DRY.
The requirements.yml
file contains a full list of the Ansible Galaxy dependencies required by this role (i.e. meta/main.yml
role dependencies, helper roles, collections, etc.). For your convenience, a list of the role dependencies along with quick descriptions is below:
role_dependencies
This role is dependent on multiple Ansible Galaxy collections. The collections along with a links to their source are listed below.
With the dependencies installed, all you have to do is add the role to your main playbook. The role handles the become
behavior so you can simply add the role to your playbook without having to worry about commands that should not be run as root:
- hosts: all
roles:
- professormanhattan.docker
If you are incorporating this role into a pre-existing playbook, then it might be prudent to copy the requirements outlined in pyproject.toml
and requirements.yml
to their corresponding files in the root of your playbook so you only have to worry about installing one set of requirements during future use. Note that the dependencies in pyproject.toml
can be moved to the more traditional requirements.txt
, if that is what you are currently using to track Python dependencies.
You can find an example of a playbook that incorporates this role in our main playbook (a.k.a. Gas Station). The playbook is an excellent example for someone learning how to use Ansible. It also incorporates a lot of well-thought out build tools that more advanced Ansible users can appreciate. And people who could care less about Ansible can also benefit from it because it allows you to more or less turn your computer (and network) into the ultimate development enivornment. The bottom line is that it is an awesome project that developers should know about!
Contributions, issues, and feature requests are welcome! Feel free to check the issues page. If you would like to contribute, please take a look at the contributing guide.
Sponsorship
Dear Awesome Person,
I create open source projects out of love. Although I have a job, shelter, and as much fast food as I can handle, it would still be pretty cool to be appreciated by the community for something I have spent a lot of time and money on. Please consider sponsoring me! Who knows? Maybe I will be able to quit my job and publish open source full time.
Sincerely,
Brian Zalewski
Below you will find a list of services we leverage that offer special incentives for signing up for their services through our special links:
- Improvement: Complete documentation
- Test: Complete
Copyright Β© 2020-2021 Megabyte LLC. This project is MIT licensed.