roles/docker: Install and set up Docker daemon

The *docker* role configures the Docker daemon on the managed machine.

roles/docker/files/generate-docker-key.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -ex
+
+: ${DOCKER_SVC:=${1:-docker}}
+
+dropin=/etc/systemd/system/${DOCKER_SVC}.service.d/protect-system.conf
+
+systemctl stop ${DOCKER_SVC}
+if [ -f ${dropin} ]; then
+	mv ${dropin} ${dropin}.disabled
+	systemctl daemon-reload
+fi
+systemctl start ${DOCKER_SVC}
+test -f /etc/docker/key.json
+systemctl stop ${DOCKER_SVC}
+if [ -f ${dropin}.disabled ]; then
+	mv ${dropin}.disabled ${dropin}
+	systemctl daemon-reload
+fi

roles/docker/files/protect-system.systemd.conf

@@ -0,0 +1,4 @@
+[Service]
+ReadOnlyDirectories=/
+ReadWriteDirectories=/var /run /proc /sys/fs/cgroup /dev/pts
+PrivateTmp=true

roles/docker/files/reset-docker-storage.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+: ${DOCKER_SVC:=${1:-docker}}
+
+
+systemctl stop ${DOCKER_SVC} ${DOCKER_SVC}-storage-setup
+
+docker_pool=$(/sbin/lvm lvs | awk '$1=="docker-pool"{printf "%s/%s\n",$2,$1}')
+if [ -n "${docker_pool}" ]; then
+	/sbin/lvm lvchange -an "${docker_pool}"
+	/sbin/lvm lvremove "${docker_pool}"
+fi
+
+rm -f /etc/sysconfig/${DOCKER_SVC}-storage
+
+find /var/lib/docker -mindepth 1 -delete