haxorof/ansible-role-docker-ce

Are best practices for deploying this block documented?

Opened this issue · 1 comments

Deleted user commented

I have a few questions to ask about deployment

  1. Do we need to install Ansible separately
  2. How to deploy CENtos Docker-CE? Do I need to network and which roles do I need to refer to
  3. Whether the practice of Docker-CIS has been integrated into the deployment, or whether it needs to be implemented separately
  4. Do you want to deploy offline? Or do you need to pull yum from the network
  5. Is there a documented best practice
haxorof commented

I have a few questions to ask about deployment

  1. Do we need to install Ansible separately
  2. How to deploy CENtos Docker-CE? Do I need to network and which roles do I need to refer to
  3. Whether the practice of Docker-CIS has been integrated into the deployment, or whether it needs to be implemented separately
  4. Do you want to deploy offline? Or do you need to pull yum from the network
  5. Is there a documented best practice

Hi @zhaocheng173!

To start with I do not know how you plan to use this role if it is for local setup on a single host or install it out on several hosts. So my answers here is more based on deployment scenario where you want to install Docker CE on several hosts. This role requires network connectivity since it will use package managers etc to download required packages to the hosts.

  1. Yes, you install Ansible separately according to normal installation instructions. Best is to install this on a "control node" which will be used to install Docker CE from using this role.
    https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
    https://docs.ansible.com/ansible/latest/network/getting_started/basic_concepts.html

  2. First you need a to have a host where you for example already have basic CentOS installed. Then in the control node where you have your Ansible you will have to install this role with ansible-galaxy command, see: https://galaxy.ansible.com/haxorof/docker_ce
    There are no additional requirements that this and after role is installed then you create your playbook, see examples on page: https://github.com/haxorof/ansible-role-docker-ce

  3. Depends what you mean here about "Docker-CIS has been integrated". CIS Docker benchmarks describes how to harden you installation so I have just examples of how you can set configuration to this role to get more hardened configuration. This example can be found on main page: https://github.com/haxorof/ansible-role-docker-ce
    However to get that working it will requires other roles etc. I have a more fully working test of this but that is more complex as you will see (just something I did as test): https://github.com/haxorof/ansible-role-docker-ce/blob/master/tests/experimental/cis/test_cis.yml

  4. You will need Internet connectivity and working yum. Depending of what "features" you are using in this role it might also fetch different binaries like docker-compose from Github.

  5. Not how to use this role but for Ansible and Docker you will find that on respective site.

Hope that will give you some clarity.

Cheers!