diff --git a/docs/ansible/readme.md b/docs/ansible/readme.md new file mode 100644 index 0000000..22be6c6 --- /dev/null +++ b/docs/ansible/readme.md @@ -0,0 +1,12 @@ +Add to you playbook.yml + +```yaml +- hosts: docker + gather_facts: yes + become: yes + become_method: sudo + vars: + docker_proxy_url: 192.168.66.72 #you proxy url + roles: + - role: docker-proxy +``` \ No newline at end of file diff --git a/docs/ansible/roles/docker-proxy/defaults/vars.yml b/docs/ansible/roles/docker-proxy/defaults/vars.yml new file mode 100644 index 0000000..8b75764 --- /dev/null +++ b/docs/ansible/roles/docker-proxy/defaults/vars.yml @@ -0,0 +1 @@ +docker_proxy_url: 192.168.66.72 \ No newline at end of file diff --git a/docs/ansible/roles/docker-proxy/tasks/centos.yml b/docs/ansible/roles/docker-proxy/tasks/centos.yml new file mode 100644 index 0000000..3bbcb50 --- /dev/null +++ b/docs/ansible/roles/docker-proxy/tasks/centos.yml @@ -0,0 +1,7 @@ +- name: Get the CA certificate from the proxy and make it a trusted root. + get_url: + url: http://{{ docker_proxy_url }}:3128/ca.crt + dest: /etc/pki/ca-trust/source/anchors/docker_registry_proxy.crt + mode: '0644' +- name: update trusted ca redhat + shell: /bin/update-ca-trust \ No newline at end of file diff --git a/docs/ansible/roles/docker-proxy/tasks/main.yml b/docs/ansible/roles/docker-proxy/tasks/main.yml new file mode 100644 index 0000000..4528f7c --- /dev/null +++ b/docs/ansible/roles/docker-proxy/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: Ensures docker.service.d dir exists + file: > + path=/etc/systemd/system/docker.service.d + recurse=yes + state=directory +- name: Add environment vars pointing Docker to use the proxy + copy: + dest: /etc/systemd/system/docker.service.d/http-proxy.conf + content: | + [Service] + Environment="HTTP_PROXY=http://{{ docker_proxy_url }}:3128/" + Environment="HTTPS_PROXY=http://{{ docker_proxy_url }}:3128/" + +- name: Include ubuntu tasks + include_tasks: ubuntu.yml + when: ansible_os_family == "Debian" + +- name: Include centos tasks + include_tasks: centos.yml + when: ansible_os_family == "RedHat" + +- name: Just force systemd to reread configs (2.4 and above) + ansible.builtin.systemd: + daemon_reload: yes + +- name: Reload service docker, in all cases + ansible.builtin.systemd: + name: docker.service + state: reloaded \ No newline at end of file diff --git a/docs/ansible/roles/docker-proxy/tasks/ubuntu.yml b/docs/ansible/roles/docker-proxy/tasks/ubuntu.yml new file mode 100644 index 0000000..9685bb3 --- /dev/null +++ b/docs/ansible/roles/docker-proxy/tasks/ubuntu.yml @@ -0,0 +1,8 @@ +- name: Get the CA certificate from the proxy and make it a trusted root. + get_url: + url: http://{{ docker_proxy_url }}:3128/ca.crt + dest: /usr/share/ca-certificates/docker_registry_proxy.crt + mode: '0644' + +- name: update trusted ca + shell: /usr/sbin/update-ca-certificates --fresh \ No newline at end of file