roles/docker: Install and set up Docker daemon

The *docker* role configures the Docker daemon on the managed machine.

roles/docker/templates/daemon.json.j2

@@ -0,0 +1,16 @@
+{
+{% if docker_enable_tls %}
+    "tls": true,
+    "tlscert": "/etc/pki/tls/certs/docker.cer",
+    "tlskey": "/etc/pki/tls/private/docker.key",
+    "tlsverify": true,
+    "tlscacert": "/etc/pki/tls/certs/docker-ca.crt",
+    "hosts": [
+{% if docker_allow_outside %}
+        "tcp://[::]:{{ docker_listen_port }}",
+{% endif %}
+        "unix:///var/run/docker.sock"
+    ],
+{% endif %}
+    "log-level": "{{ docker_log_level }}"
+}

roles/docker/templates/docker-latest.sysconfig.j2

@@ -0,0 +1,34 @@
+# /etc/sysconfig/docker-latest
+
+# Modify these options if you want to change the way the docker daemon runs
+OPTIONS='{% if docker_allow_unprivileged|bool %}-G docker {% endif %}--selinux-enabled'
+DOCKER_CERT_PATH=/etc/docker
+
+# If you want to add your own registry to be used for docker search and docker
+# pull use the #ADD_REGISTRY option to list a set of registries, each prepended
+# with --add-registry flag. The first registry added will be the first registry
+# searched.
+#ADD_REGISTRY='--add-registry registry.access.redhat.com'
+
+# If you want to block registries from being used, uncomment the BLOCK_REGISTRY
+# option and give it a set of registries, each prepended with --block-registry
+# flag. For example adding docker.io will stop users from downloading images
+# from docker.io
+# BLOCK_REGISTRY='--block-registry'
+
+# Enable insecure registry communication by appending the registry URL
+# to the INSECURE_REGISTRY variable below and uncommenting it
+# INSECURE_REGISTRY='--insecure-registry '
+
+# On SELinux System, if you remove the --selinux-enabled option, you
+# also need to turn on the docker_transition_unconfined boolean.
+# setsebool -P docker_transition_unconfined
+
+# Location used for temporary files, such as those created by
+# docker load and build operations. Default is /var/lib/docker/tmp
+# Can be overriden by setting the following environment variable.
+# DOCKER_TMPDIR=/var/tmp
+
+# Controls the /etc/cron.daily/docker-logrotate cron job status.
+# To disable, uncomment the line below.
+# LOGROTATE=false

roles/docker/templates/docker-storage-setup.j2

@@ -0,0 +1,14 @@
+# Edit this file to override any configuration options specified in
+# /usr/lib/{{ docker_storage_setup }}/{{ docker_storage_setup }}.
+#
+# For more details refer to "man {{ docker_storage_setup }}"
+
+{% if docker_storage_devs is defined %}
+DEVS="{{ docker_storage_devs|join(' ') }}"
+{% endif %}
+{% if docker_storage_vg is defined %}
+VG={{ docker_storage_vg }}
+{% endif %}
+{% if docker_storage_data_size is defined %}
+DATA_SIZE={{ docker_storage_data_size }}
+{% endif %}

roles/docker/templates/docker.sysconfig.j2

@@ -0,0 +1,18 @@
+# /etc/sysconfig/docker
+
+# Modify these options if you want to change the way the docker daemon runs
+OPTIONS='{% if docker_allow_unprivileged|bool %}-G docker {% endif %}--selinux-enabled --log-driver=journald --signature-verification=false'
+if [ -z "${DOCKER_CERT_PATH}" ]; then
+    DOCKER_CERT_PATH=/etc/docker
+fi
+
+# Do not add registries in this file anymore. Use /etc/containers/registries.conf
+# from the atomic-registries package.
+#
+
+# docker-latest daemon can be used by starting the docker-latest unitfile.
+# To use docker-latest client, uncomment below lines
+#DOCKERBINARY=/usr/bin/docker-latest
+#DOCKERDBINARY=/usr/bin/dockerd-latest
+#DOCKER_CONTAINERD_BINARY=/usr/bin/docker-containerd-latest
+#DOCKER_CONTAINERD_SHIM_BINARY=/usr/bin/docker-containerd-shim-latest

roles/docker/templates/http-proxy.conf.j2

@@ -0,0 +1,12 @@
+{% if http_proxy is defined or http_proxy is defined %}
+[Service]
+{% if http_proxy is defined %}
+Environment=HTTP_PROXY={{ http_proxy }}
+{% endif %}
+{% if https_proxy is defined %}
+Environment=HTTPS_PROXY={{ https_proxy }}
+{% endif %}
+{% if no_proxy is defined %}
+Environment=NO_PROXY={{ no_proxy|join(',') }}
+{% endif %}
+{% endif %}