geerlingguy / ansible-role-docker

Ansible Role - Docker
https://galaxy.ansible.com/geerlingguy/docker/
MIT License
1.84k stars 857 forks source link

Option to install rootless #412

Closed paranerd closed 1 year ago

paranerd commented 1 year ago

Hi!

I saw that we're installing the Docker rootless package but we're not actually setting it up. In case I just missed that option, please let me know :-)

Here's what I'm doing currently as a workaround:

- name: 'Disable root docker.service'
  ansible.builtin.systemd:
    name: docker.service
    enabled: false
  when: docker_rootless and docker_disable_root_daemon == true

- name: 'Disable root docker.socket'
  ansible.builtin.systemd:
    name: docker.socket
    enabled: false
  when: docker_rootless and docker_disable_root_daemon == true

- name: 'Install uidmap for rootless UID mapping'
  ansible.builtin.package:
    name: uidmap
    state: present
  when: docker_rootless

- name: 'Install Docker rootless'
  become: false
  ansible.builtin.shell: dockerd-rootless-setuptool.sh install
  args:
    creates: /home/{{ ansible_user }}/.config/systemd/user/docker.service
  when: docker_rootless

- name: 'Set capabilities for rootlesskit'
  community.general.capabilities:
    path: /usr/bin/rootlesskit
    capability: '{{ docker_capabilities | join(",") }}=ep'
    state: present
  register: docker_capabilities_update
  when: docker_rootless

- name: 'Restart docker service'
  become: false
  ansible.builtin.systemd:
    state: restarted
    name: docker
    scope: user
  when: docker_rootless and docker_capabilities_update.changed

- name: 'Get current user ID'
  getent:
    database: passwd
    key: '{{ ansible_user }}'
  when: docker_rootless

- name: 'Add export for path'
  become: false
  ansible.builtin.lineinfile:
    path: /home/{{ ansible_user }}/.bashrc
    line: export path=/usr/bin:$PATH
    create: yes
  when: docker_rootless

- name: 'Add export for DOCKER_HOST'
  become: false
  ansible.builtin.lineinfile:
    path: /home/{{ ansible_user }}/.bashrc
    line: export DOCKER_HOST=unix:///run/user/{{ getent_passwd[ansible_user][1] }}/docker.sock
    create: yes
  when: docker_rootless

with the following variables:

docker_rootless: true
docker_disable_root_daemon: true
docker_capabilities:
  - cap_net_bind_service

Is this something that could find its way into the main package?

reboss commented 1 year ago

Hi paranerd, is #413 roughly what you're looking for? Would really appreciate your feedback :)

paranerd commented 1 year ago

Took a look at the code and it looks awesome to me 🚀 Added a comment.

github-actions[bot] commented 1 year ago

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

github-actions[bot] commented 1 year ago

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.