debops.docker_server default variables

APT packages

docker_server__upstream

Enable or disable support for upstream APT repository for Docker. The APT repository is managed by the debops.extrepo Ansible role.

docker_server__upstream: False
docker_server__base_packages

List of APT packages to install for Docker support.

docker_server__base_packages:
  - '{{ ["docker-ce", "docker-compose-plugin"]
        if docker_server__upstream | bool
        else ["docker.io", "docker-compose"] }}'
docker_server__packages

List of additional APT packages to install with Docker.

docker_server__packages: []
docker_server__version

Variable which contains the version of the Docker package installed on a host. This variable is populated automatically via Ansible local facts and shouldn't be set manually. It can be used in the Ansible inventory to augment Docker configuration.

docker_server__version: '{{ ansible_local.docker_server.version | d("0.0.0") }}'

Service integration

docker_server__ferm_post_hook

Docker needs to be restarted on any changes in the firewall configuration to inject its own firewall rules. This boolean variable will tell the role to install the ferm hook script when debops.ferm Ansible role is used to control the firewall.

docker_server__ferm_post_hook: '{{ ansible_local.ferm.enabled | d() | bool }}'
docker_server__resolved_integration

Enable or disable support for systemd-resolved service integration to permit host DNS resolver to resolve queries inside Docker containers.

docker_server__resolved_integration: '{{ True
                                         if ((ansible_local.resolved.state | d()) == "enabled")
                                         else False }}'
docker_server__resolved_address

IP address on which systemd-resolved service will listen for DNS queries. By default it's the docker0 bridge IP address.

docker_server__resolved_address: '172.17.0.1'
docker_server__resolved_networks

List of networks in the CIDR format, which will be allowed to send DNS requests to the systemd-resolved service through the firewall.

docker_server__resolved_networks: [ '172.17.0.0/16' ]
docker_server__swarm_support

If enabled, the debops.ferm role will create firewall rules which permit traffic needed for Docker Swarm cluster.

docker_server__swarm_support: False
docker_server__swarm_networks

List of networks in the CIDR format, which will be allowed to send Docker Swarm communication traffic to a given Docker Swarm node.

docker_server__swarm_networks: [ '{{ ansible_default_ipv4.network
                                     + "/" + ansible_default_ipv4.prefix }}' ]

Docker authentication

docker_server__admins

List of UNIX accounts which should be added to the docker system group, which allows them the read-write access to the Docker UNIX socket.

docker_server__admins: '{{ ansible_local.core.admin_users | d([]) }}'

Docker main configuration file

These variables define the contents of the /etc/docker/daemon.json configuration file. See docker_server__configuration for more details.

docker_server__default_configuration

List of configuration options defined by default in the role.

docker_server__default_configuration:

  # Send logs to journald by default
  - name: 'log-driver'
    config:
      'log-driver': 'journald'
    state: '{{ "present"
               if ((ansible_local.journald.enabled | d()) | bool)
               else "ignore" }}'

  # Specify upstream nameservers only if they are not local
  - name: 'remote-nameservers'
    config:
      'dns': '{{ ansible_dns.nameservers }}'
    state: '{{ "present"
               if (not ansible_dns.nameservers
                   | intersect(["127.0.0.1", "127.0.0.53"]))
               else "ignore" }}'

  # Use host's systemd-resolved to resolve DNS queries
  - name: 'resolved-nameserver'
    config:
      'dns': ['{{ docker_server__resolved_address }}']
    state: '{{ "present"
               if (docker_server__resolved_integration | bool)
               else "ignore" }}'
docker_server__configuration

List of Docker configuration options defined on all hosts in the Ansible inventory.

docker_server__configuration: []
docker_server__group_configuration

List of Docker configuration options defined on hosts in a specific Ansible inventory group.

docker_server__group_configuration: []
docker_server__host_configuration

List of Docker configuration options defined on specific hosts in the Ansible inventory.

docker_server__host_configuration: []
docker_server__combined_configuration

Variable which combines all Docker configuration lists and is used in role tasks and templates.

docker_server__combined_configuration: '{{ docker_server__default_configuration
                                           + docker_server__configuration
                                           + docker_server__group_configuration
                                           + docker_server__host_configuration }}'

Configuration for other Ansible roles

docker_server__extrepo__dependent_sources

Configuration for the debops.extrepo Ansible role.

docker_server__extrepo__dependent_sources:

  - name: 'docker-ce'
    state: '{{ "present"
               if (docker_server__upstream | bool)
               else "absent" }}'
docker_server__systemd__dependent_units

Configuration for the debops.systemd Ansible role. By default it's empty, see Docker and systemd integration documentation for more details.

docker_server__systemd__dependent_units: []
docker_server__etc_services__dependent_list

Configuration for the debops.etc_services Ansible role.

docker_server__etc_services__dependent_list:

  - name: 'docker-manager'
    port: '2377'
    protocols: [ 'tcp' ]
    comment: 'Communication with and between Docker manager nodes'

  - name: 'docker-discovery'
    port: '7946'
    comment: 'Docker Swarm overlay network node discovery'

  - name: 'docker-overlay'
    port: '4789'
    protocols: [ 'udp' ]
    comment: 'Docker Swarm overlay network traffic'
docker_server__ferm__dependent_rules

Configuration for the debops.ferm Ansible role.

docker_server__ferm__dependent_rules:

  - name: 'docker_server_resolved_listener'
    type: 'accept'
    daddr: '{{ docker_server__resolved_address }}'
    dport: '53'
    saddr: '{{ docker_server__resolved_networks }}'
    protocol: 'udp'
    rule_state: '{{ "present"
                    if (docker_server__resolved_integration | bool)
                    else "absent" }}'

  - name: 'docker_server_swarm_manager'
    type: 'accept'
    saddr: '{{ docker_server__swarm_networks }}'
    dport: 'docker-manager'
    protocol: 'tcp'
    rule_state: '{{ "present"
                    if (docker_server__swarm_support | bool)
                    else "absent" }}'

  - name: 'docker_server_swarm_discovery'
    type: 'accept'
    saddr: '{{ docker_server__swarm_networks }}'
    dport: 'docker-discovery'
    protocol: [ 'tcp', 'udp' ]
    rule_state: '{{ "present"
                    if (docker_server__swarm_support | bool)
                    else "absent" }}'

  - name: 'docker_server_swarm_overlay'
    type: 'accept'
    saddr: '{{ docker_server__swarm_networks }}'
    dport: 'docker-overlay'
    protocol: 'udp'
    rule_state: '{{ "present"
                    if (docker_server__swarm_support | bool)
                    else "absent" }}'