The Docker package from distribution repositories will be installed by default
(on Jessie it means that the
jessie-backports repository needs to be available,
which is the default in DebOps). You can install the upstream version of Docker
by setting the
docker_upstream: True variable in Ansible’s inventory.
debops.pki was configured on the host, Docker will automatically listen
on its TCP port for incoming TLS connections, which is by default blocked by
ferm firewall. If you don’t use a firewall or have it disabled, you might
want to set
False to disable this behavior.
Docker manages its own network bridge and iptables entries. The ferment
Python script will be installed to allow
ferm firewall to reload Docker
firewall rules automatically, however it does not fully support Docker yet, so
be aware of this when you modify the firewall configuration. You can restart
docker daemon to make sure that all firewall rules are set up correctly.
debops.docker relies on configuration managed by
debops.pki Ansible roles.
This is a list of role variables which your most likely want to define in Ansible inventory to customize Docker:
- List of IP addresses or subnets that can connect to Docker daemon remotely over TLS.
- List of UNIX accounts that have access to Docker daemon socket.
To configure Docker on a given remote host, it needs to be added to
[debops_service_docker] Ansible inventory group: