debops.docker_server default variables
Sections
Docker packages and installation
- docker_server__distribution
The OS distribution which is used to select upstream APT repository.
docker_server__distribution: '{{ ansible_local.core.distribution|d(ansible_distribution) }}'
- docker_server__distribution_release
The OS distribution release which is used to select upstream APT repository.
docker_server__distribution_release: '{{ ansible_local.core.distribution_release|d(ansible_distribution_release) }}'
- docker_server__upstream
By default debops.docker_server
installs Docker from the system distribution
repositories. Here you can enable upstream repositories and install the
upstream version of Docker.
Note that switching from upstream to default on one host, may not always
work. You may need to manually remove the upstream version and configuration.
docker_server__upstream: '{{ ansible_local.docker_server.upstream
|d(docker_server__distribution_release == "stretch") }}'
- docker_server__upstream_edition
For upstream repositories the edition to be installed: ce or ee. Note that Docker EE is not supported on Debian.
docker_server__upstream_edition: 'ce'
- docker_server__upstream_channel
For upstream repositories choose the stable or edge channel.
docker_server__upstream_channel: 'stable'
- docker_server__upstream_key
APT GPG key id used to sign the upstream Docker packages.
docker_server__upstream_key: '{{ "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
if (docker_server__upstream_edition == "ce")
else "DD911E995A64A202E85907D6BC14F10B6D085F96" }}'
- docker_server__upstream_packagename
The full Docker package name to be installed if installing from upstream.
docker_server__upstream_packagename: '{{ "docker-" + docker_server__upstream_edition }}'
- docker_server__upstream_arch_map
A YAML dictionary that maps the ansible_architecture
variable with its
corresponding processor architecture used in the Docker repository URLs.
docker_server__upstream_arch_map:
'x86_64': 'amd64'
'aarch64': 'arm64'
'armhf': 'armhf'
'armv7l': 'armhf'
- docker_server__upstream_repository
Address of the Docker upstream APT repository.
docker_server__upstream_repository: '{{ "deb [arch="
+ docker_server__upstream_arch_map[ansible_architecture]
+ "] https://download.docker.com/linux/" + docker_server__distribution|lower + " "
+ docker_server__distribution_release + " " + docker_server__upstream_channel }}'
- docker_server__packagename
The full docker package name to be installed.
docker_server__packagename: '{{ docker_server__upstream_packagename
if docker_server__upstream|d()
else "docker.io" }}'
- docker_server__mandatory_packages
List of mandatory packages to install with Docker.
docker_server__mandatory_packages:
- '{{ "apt-transport-https"
if (ansible_distribution_release in
[ "wheezy", "jessie", "stretch",
"precise", "trusty", "xenial" ])
else [] }}'
- 'ca-certificates'
- 'curl'
- 'gnupg2'
- 'software-properties-common'
- docker_server__base_packages
List of base packages to install with Docker.
docker_server__base_packages:
- '{{ [ "aufs-tools" ]
if (ansible_distribution_release in
["trusty", "wheezy", "jessie", "stretch", "buster" ])
else [] }}'
- '{{ [ "virtualenv" ] if docker_server__install_virtualenv else [] }}'
- "bridge-utils"
- '{{ [ "cgroup-lite" ] if (ansible_distribution_release in ["trusty"]) else [] }}'
- '{{ [] if docker_server__upstream|bool else "docker-compose" }}'
- docker_server__packages
List of additional packages to install with Docker.
docker_server__packages: []
- docker_server__version
Specify the Docker version installed on a host. This variable is populated automatically via Ansible local facts and shouldn't be set manually.
docker_server__version: '{{ ansible_local.docker_server.version|d("0.0.0") }}'
Docker Python environment
The role prepares a separate Python virtualenv for Docker-related commands and Ansible modules. See Docker virtualenv support for more details.
- docker_server__install_virtualenv
Whether to install Python virtualenv for Docker.
docker_server__install_virtualenv: '{{ docker_server__upstream }}'
- docker_server__virtualenv
Root path of the Docker virtualenv.
docker_server__virtualenv: '/usr/local/lib/docker/virtualenv'
- docker_server__virtualenv_python_interpreter
Absolute path to the Python interpreter which will be exposed for Ansible modules to work correctly with Docker virtualenv.
docker_server__virtualenv_python_interpreter: '{{ docker_server__virtualenv + "/bin/python" }}'
- docker_server__virtualenv_python_symlink
Absolute path for the docker-python symlink.
docker_server__virtualenv_python_symlink: '/usr/local/bin/docker-python'
- docker_server__default_pip_packages
List of default Python packages to install in Docker virtualenv. The
corresponding binaries will be symlinked in the /usr/local/bin/
directory to allow access from outside of the Python virtualenv.
See docker_server__pip_packages for more details.
docker_server__default_pip_packages:
- name: 'docker'
- name: 'docker-compose'
path: '/usr/local/bin/docker-compose'
src: '{{ docker_server__virtualenv + "/bin/docker-compose" }}'
- docker_server__pip_packages
List of additional Python packages to install in Docker virtualenv. See docker_server__pip_packages for more details.
docker_server__pip_packages: []
Docker authentication
- docker_server__admins
List of UNIX accounts which should be added to the docker
system group
which giving them access to the Docker UNIX socket.
docker_server__admins: '{{ ansible_local.core.admin_users|d([]) }}'
Network configuration
- docker_server__bridge
Name of the bridge to use instead of the autogenerated docker0
bridge.
The bridge should already exist on the server.
docker_server__bridge: ''
- docker_server__fixed_cidr
Fixed subnet in CIDR format to confine dynamically allocated IP addresses. Should be included in the IP address range set on the bridge.
docker_server__fixed_cidr: ''
- docker_server__dns_nameserver
List of IP addresses of nameservers used by Docker. By default they are gathered from the resolvconf configuration using Ansible facts.
docker_server__dns_nameserver: '{{ ansible_local.resolvconf.upstream_nameservers
|d(ansible_dns.nameservers
if ("127.0.0.1" not in ansible_dns.nameservers)
else []) }}'
- docker_server__dns_search
List of DNS search domains to use by Docker.
docker_server__dns_search: '{{ ansible_dns.search | d([]) }}'
Remote Docker connection (TCP)
- docker_server__tcp
Enable or disable listening for incoming TCP connections.
docker_server__tcp: False
- docker_server__tcp_bind
IP address of the interface to listen on for incoming connections (all interfaces by default).
docker_server__tcp_bind: '0.0.0.0'
- docker_server__unencrypted_tcp_port
Port on which to listen for incoming unencrypted connections.
docker_server__unencrypted_tcp_port: '2375'
- docker_server__tls_tcp_port
Port on which to listen for incoming TLS connections.
docker_server__tls_tcp_port: '2376'
- docker_server__tcp_port
Port on which to listen for incoming TCP connections.
docker_server__tcp_port: '{{ docker_server__tls_tcp_port
if (docker_server__pki|d() | bool)
else docker_server__unencrypted_tcp_port }}'
- docker_server__tcp_allow
List of IP addresses or subnets in CIDR format which are allowed to connect to the Docker daemon over TCP. If it's not specified, remote connections are denied by the firewall.
docker_server__tcp_allow: []
- docker_server__tcp_listen
Default TCP connection configured in addition to local socket connection.
docker_server__tcp_listen: '{{ ("tcp://" + docker_server__tcp_bind + ":" +
docker_server__tcp_port)
if (docker_server__tcp|d() | bool) else "" }}'
- docker_server__custom_ports
List of additional TCP/UDP ports to allow in the firewall, useful for other Docker-related services, like Swarm, Consul.
docker_server__custom_ports: []
Docker configuration options
- docker_server__env_http_proxy
Http Proxy settings for the Docker daemon
docker_server__env_http_proxy: '{{ ansible_env.http_proxy | d() }}'
- docker_server__env_https_proxy
Https Proxy settings for the Docker daemon
docker_server__env_https_proxy: '{{ ansible_env.https_proxy | d() }}'
- docker_server__env_no_proxy
No Proxy settings for the Docker daemon
docker_server__env_no_proxy: '{{ ansible_env.no_proxy | d() }}'
- docker_server__listen
List of host connections configured in the Docker daemon (--host
parameter).
docker_server__listen:
- '{{ "unix:///var/run/docker.sock" }}'
- '{{ docker_server__tcp_listen }}'
- docker_server__labels
Dictionary with labels configured on the Docker daemon, each key is the label name and value is the label attribute. Examples:
1docker_server__labels:
2 'com.example.environment': 'production'
3 'com.example.storage': 'extfs'
docker_server__labels: {}
- docker_server__debug
Start Docker daemon in debug mode.
docker_server__debug: False
- docker_server__live_restore
Enables keeping containers alive during daemon downtime. Only supported from Docker version 1.12 and above.
docker_server__live_restore: True
- docker_server__data_root
Root path of the Docker runtime.
docker_server__data_root: '/var/lib/docker'
- docker_server__registry_mirrors
List of registry mirrors.
docker_server__registry_mirrors: []
- docker_server__storage_driver
Storage driver for Docker volumes.
docker_server__storage_driver: '{{ ansible_local.docker_server.storage_driver
|d("aufs"
if (ansible_distribution_release in ["wheezy", "jessie" ])
else "overlay2") }}'
- docker_server__storage_options
Additional Docker storage driver options.
docker_server__storage_options: {}
- docker_server__log_driver
Log driver for Docker volumes (default: "json-file").
docker_server__log_driver: '{{ ansible_local.docker_server.log_driver
| d("json-file") }}'
- docker_server__custom_daemon_options
Allows passing of arbitrary/unsupported configuration options to 'daemon.json'.
Example:
docker_server__custom_daemon_options: {"default-address-pools": [ {"base":"192.168.51.0/20","size": 28 } ]}
docker_server__custom_daemon_options: {}
# {"cgroup-parent": "limit-docker-memory.slice"}
- docker_server__options
List of additional options passed to docker daemon. Examples:
1docker_server__options:
2 - '--icc=false'
3 - '--insecure-registry=10.1.0.0/16'
docker_server__options: []
PKI and certificates
- docker_server__pki
Enable or disable support for PKI certificates managed by debops.pki.
docker_server__pki: '{{ ansible_local.pki.enabled|d() | bool }}'
- docker_server__pki_path
Directory where PKI files are located on the remote host.
docker_server__pki_path: '{{ ansible_local.pki.base_path|d("/etc/pki") }}'
- docker_server__pki_realm
Name of the PKI realm used by Docker.
docker_server__pki_realm: '{{ ansible_local.pki.realm|d("system") }}'
- docker_server__pki_ca
Name of the Root CA certificate file used by Docker.
docker_server__pki_ca: 'CA.crt'
- docker_server__pki_crt
Name of the host certificate used by Docker.
docker_server__pki_crt: 'default.crt'
- docker_server__pki_key
Name of the private key file used by Docker.
docker_server__pki_key: 'default.key'
Firewall and ferment support
- docker_server__ferm_post_hook
Enable or disable installation for the ferm post hook.
docker_server__ferm_post_hook: '{{ ansible_local.ferm.enabled|d()|bool }}'
Configuration for other Ansible roles
- docker_server__keyring__dependent_apt_keys
Configuration for the debops.keyring Ansible role.
docker_server__keyring__dependent_apt_keys:
- id: '{{ docker_server__upstream_key }}'
repo: '{{ docker_server__upstream_repository }}'
state: '{{ "present" if docker_server__upstream|bool else "absent" }}'
- docker_server__python__dependent_packages3
Configuration for the debops.python Ansible role.
docker_server__python__dependent_packages3:
- 'python3-setuptools'
- 'python3-virtualenv'
- 'python3-dev'
- docker_server__python__dependent_packages2
Configuration for the debops.python Ansible role.
docker_server__python__dependent_packages2:
- 'python-setuptools'
- 'python-virtualenv'
- 'python-dev'
- docker_server__etc_services__dependent_list
Configuration for debops.etc_services role which registers port numbers for Docker REST API.
docker_server__etc_services__dependent_list:
- name: 'docker'
port: '{{ docker_server__unencrypted_tcp_port }}'
comment: 'Docker REST API (plain text)'
- name: 'docker-s'
port: '{{ docker_server__tls_tcp_port }}'
comment: 'Docker REST API (SSL)'
- docker_server__ferm__dependent_rules
Configuration for debops.ferm role which opens access to the Docker REST API in the firewall.
docker_server__ferm__dependent_rules:
# Support for ferment has been dropped from DebOps
- type: 'custom'
weight: '99'
role: 'docker'
name: 'ferment_rules'
rule_state: 'absent'
- type: 'accept'
dport: '{{ [ docker_server__tcp_port ] + docker_server__custom_ports }}'
protocol: [ 'tcp', 'udp' ]
saddr: '{{ docker_server__tcp_allow }}'
accept_any: False
weight: '50'
role: 'docker'
name: 'service_rules'