Ansible Role to deploy a basic docker installation on a linux server.
Tested:
- Debian 11
- Debian 12
# latest
ansible-galaxy role install git+https://github.com/ansibleguy/infra_docker_minimal
# from galaxy
ansible-galaxy install ansibleguy.infra_docker_minimal
# or to custom role-path
ansible-galaxy install ansibleguy.infra_docker_minimal --roles-path ./roles
You want a simple Ansible GUI? Check-out my Ansible WebUI
You can configure docker using the 'docker' variable/dictionary.
docker:
tcp:
enable: true # enable docker-service listening on tcp
bind: '0.0.0.0'
compose:
enable: true # install docker-compose
plugin: true # default; install docker-compose-plugin ('docker compose' instead of 'docker-compose')
tls:
enable: true
cert: '/etc/ssl/certs/docker.crt'
key: '/etc/ssl/private/docker.pem'
# ca: '/etc/ssl/certs/docker.ca.crt'
# verify_client: true
nftables:
clean: true # set bridge_none, disable_iptables and reload to true
bridge_none: false # set bridge=none argument on docker-startup
disable_iptables: false # set iptables=false argument on docker-startup
reload: false # reload nftables after a docker.service restart to remove its auto-added iptables-rules
Run the playbook:
ansible-playbook -K -D -i inventory/hosts.yml playbook.yml
To keep it short => it will set-up docker like described here.
There is also an option to install docker-compose on the target host.
- Package installation
-
Docker prerequisites
-
Docker base-packages
-
Default opt-outs:
- docker-compose
-
Default opt-ins:
- docker server component (else only client will be installed)
-
-
Note: This role currently only supports debian-based systems
-
Note: If you are using NFTables you will have problems running docker.
Docker does not support NFTables natively. The 'docker-ce'/'docker-ce-cli' package has IPTables set as its dependency.
One CAN keep the NFTables ruleset clean when running docker with the parameter 'iptables=false'. It is even cleaner if 'bridge=none' is set!
After that only a few IPTables rules are added. To completely eliminate this docker-ruleset one needs to reload NFTables whenever docker is restarted.
This Ansible role lets you configure this behaviour as can be seen in the example below!
If you use NFTables you might also want to look into the ansibleguy.infra_nftables role!