Last active
February 26, 2018 16:22
-
-
Save trishnaguha/4461615d562e10e4bd72a6df5f45ae9e to your computer and use it in GitHub Desktop.
Playbook for accessing docker daemon remotely
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [tguha@localhost docker-remote-access]$ ls | |
| ansible.cfg inventory remote-access.yml role-secure-docker-daemon | |
| [tguha@dhcp193-190 docker-remote-access]$ cat ansible.cfg | |
| [defaults] | |
| inventory=inventory | |
| [tguha@dhcp193-190 docker-remote-access]$ cat inventory | |
| [daemonhost] | |
| 'IP_OF_DAEMON_HOST' ansible_ssh_private_key_file='PRIVATE_KEY_FILE' | |
| [tguha@dhcp193-190 docker-remote-access]$ cat remote-access.yml | |
| --- | |
| - name: Docker Client Set up | |
| hosts: localhost | |
| connection: local | |
| tasks: | |
| - name: Make ~/.docker directory for docker certs | |
| file: | |
| path: ~/.docker | |
| state: directory | |
| - name: Add Environment variables to ~/.bashrc | |
| lineinfile: | |
| dest: ~/.bashrc | |
| line: "export DOCKER_TLS_VERIFY=1\nexport DOCKER_CERT_PATH=~/.docker/\nexport DOCKER_HOST=tcp://'IP_OF_DAEMON_HOST':2376" | |
| state: present | |
| - name: Source ~/.bashrc file | |
| command: source ~/.bashrc | |
| - name: Docker Daemon Set up | |
| hosts: daemonhost | |
| gather_facts: no | |
| remote_user: fedora | |
| become: yes | |
| become_method: sudo | |
| become_user: root | |
| roles: | |
| - role: role-secure-docker-daemon | |
| dds_host: "{{ inventory_hostname }}" | |
| dds_server_cert_path: /etc/docker | |
| dds_restart_docker: no | |
| tasks: | |
| - name: fetch ca.pem from daemon host | |
| fetch: | |
| src: /root/.docker/ca.pem | |
| dest: ~/.docker/ | |
| fail_on_missing: yes | |
| flat: yes | |
| - name: fetch cert.pem from daemon host | |
| fetch: | |
| src: /root/.docker/cert.pem | |
| dest: ~/.docker/ | |
| fail_on_missing: yes | |
| flat: yes | |
| - name: fetch key.pem from daemon host | |
| fetch: | |
| src: /root/.docker/key.pem | |
| dest: ~/.docker/ | |
| fail_on_missing: yes | |
| flat: yes | |
| - name: Remove Environment variable OPTIONS from /etc/sysconfig/docker | |
| lineinfile: | |
| dest: /etc/sysconfig/docker | |
| regexp: '^OPTIONS' | |
| state: absent | |
| - name: Modify Environment variable OPTIONS in /etc/sysconfig/docker | |
| lineinfile: | |
| dest: /etc/sysconfig/docker | |
| line: "OPTIONS='--selinux-enabled --log-driver=journald --tlsverify --tlscacert=/etc/docker/ca.pem --tlscert=/etc/docker/server-cert.pem --tlskey=/etc/docker/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock'" | |
| state: present | |
| - name: Remove client certs from daemon host | |
| file: | |
| path: /root/.docker | |
| state: absent | |
| - name: Reload Docker daemon | |
| command: systemctl daemon-reload | |
| - name: Restart Docker daemon | |
| command: systemctl restart docker.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment