Home

ENG - Ansible Docker Role

linux debian ansible

Simple ansible role for configure docker on a remote machine.

Introduction

This work shall be included into an ansible playbook as ansible role. This role is intented to manage containers running on a debian system.

Docker Role

By default this role donwload and run the hello_world container during execution.

Installed Packages

This role will install following packages on the system.

 docker.io
 python3
 python3-pip
 python3-setuptools
 python3-docker

Configurations

Portainer

This role give the option to install and enable portainer, setting the var portainer_enable to true.

If set, the port 9000 will be opened allowing the traffic from all the sources.

Insecure registries

This role allow to configure the an insecure registry using the value insecure_registries.

It is replaced into the /etc/docke/daemon.json, using the template:

{
        "insecure-registries":[  ]
}

Adding containers

In order to add containers you can use active_containers variable as the following:

active_containers:
  - name: 'transmission'
    image: 'lscr.io/linuxserver/transmission:arm64v8-latest'
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /media/data/srv/transmission/downloads:/downloads
      - /media/data/srv/transmission/config:/config
      - /media/data/srv/transmission/watch:/watch
    ports:
      - 0.0.0.0:9091:9091
      - 0.0.0.0:51413:51413
      - 0.0.0.0:51413:51413/udp
    env:
      PUID=1000
      PGID=1000
      #TRANSMISSION_WEB_HOME= #optional
      #USER= #optional
      #PASS= #optional
      #WHITELIST= #optional
      #PEERPORT= #optional
      #HOST_WHITELIST= #optional
    restart_policy: "unless-stopped"
  - name: pihole
    image: pihole/pihole:latest
    ports:
      - 0.0.0.0:53:53/tcp
      - 0.0.0.0:53:53/udp
      - 0.0.0.0:67:67/udp # Only required if you are using Pi-hole as your DHCP server
      - 0.0.0.0:8083:80/tcp
    env:
      TZ: "Europe/Rome"
      WEBPASSWORD: changeme
    volumes:
      - /srv/pihole/etc:/etc/pihole
      - /srv/pihole/dnsmasq:/etc/dnsmasq.d
    capabilities:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart_policy: unless-stopped
  - name: registry
    image: registry:2
    ports:
      - 0.0.0.0:5000:5000/tcp
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /media/data/srv/docker-registry/:/var/lib/registry
    restart_policy: unless-stopped