# https://docs.docker.com/engine/install/debian/ - name: ensure old docker packages are uninstalled apt: name: - docker - docker-engine - docker.io - containerd - runc force_apt_get: yes purge: yes state: absent - name: ensure apt can access https repos apt: name: - ca-certificates - curl - gnupg - lsb-release force_apt_get: yes state: latest - name: add keyrings dir file: state: directory path: "{{ gpg_keyrings_dir }}" - name: download docker gpg key get_url: url: "{{ docker_repo_url ~ '/gpg' }}" dest: "{{ gpg_keyrings_dir }}/docker.asc" mode: a+r - name: add apt repo apt_repository: repo: "deb [arch=amd64 signed-by={{ (gpg_keyrings_dir ~ '/docker.asc') | quote }}] \ {{ docker_repo_url }} {{ ansible_distribution_release }} stable" - name: update repository index apt: force_apt_get: yes update_cache: yes changed_when: no - name: install docker and dependencies apt: name: - docker-ce - docker-ce-cli - containerd.io - docker-compose-plugin - python3-pip force_apt_get: yes state: latest - name: install python docker modules pip: name: - docker - docker-compose>=1.7.0 state: latest - name: enable and start docker service: name: "{{ item }}" enabled: yes state: started loop: - docker - containerd - name: flush handlers meta: flush_handlers - name: create helloworld container docker_container: name: hello-world image: hello-world command_handling: correct init: yes output_logs: yes log_driver: local detach: no network_mode: none register: result changed_when: no failed_when: "{{ result.container.State.ExitCode != 0 or not ('Hello from Docker!' in result.container.Output) }}" - name: create docker network docker_network: name: network driver: bridge internal: no ipam_config: - subnet: "{{ docker_network_subnet }}" gateway: "{{ docker_network_gateway }}" iprange: "{{ docker_network_iprange }}" - name: save ipv4 forwarding to sysctl startup scripts copy: dest: /etc/sysctl.d/91-forwarding.conf content: "net.ipv4.conf.all.forwarding = 1\n" mode: 0644 - name: set ipv4 forwarding sysctl: name: net.ipv4.conf.all.forwarding value: 1 sysctl_set: yes - name: change default iptables policy iptables: chain: FORWARD jump: ACCEPT - name: install iptables-persistent apt: name: iptables-persistent force_apt_get: yes state: latest - name: save current iptables rules community.general.iptables_state: ip_version: ipv4 table: filter state: saved path: /etc/iptables/rules.v4 - name: change docker systemd service lineinfile: path: /lib/systemd/system/docker.service regexp: '^ExecStart=' line: 'ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H tcp://0.0.0.0:{{ docker_remote_port }}' notify: update docker unit file