-
-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support to expose docker-api via tcp #348
base: main
Are you sure you want to change the base?
Added support to expose docker-api via tcp #348
Conversation
This will only add an option regarding the unsafe tcp, I think it would be more proper to update the documentation on how to enable it. Otherwise, we'll soon see an issue regarding tls support. |
With "it" you mean adding to the Readme how to enable secure TLS as well? Regarding adding it to the role: I do not have an environment available to test this out, but I can add the right vars if that helps... |
Yeah, a short guide how to change the template and using the template path variable to enable |
Done, let me know if this is enough info for someone to get the right idea |
Can you add |
Basic test. diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index d5241a1..7d10b7a 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -88,6 +88,8 @@
register: ps_dockerd
changed_when: docker_user[:7] not in ps_dockerd.stdout
failed_when: docker_user[:7] not in ps_dockerd.stdout
+ when:
+ - not docker_expose_docker_api_via_tcp
- name: Verify docker_rootless.sh
ansible.builtin.stat:
@@ -178,6 +180,20 @@
delay: 10
timeout: 120
+ - name: Verify tcp exposure
+ become: true
+ ansible.builtin.shell:
+ cmd: |
+ set -o pipefail
+ ss -ltnp | grep '\:2375.*rootlesskit'
+ args:
+ executable: /bin/bash
+ register: tcp_exposure
+ changed_when: false
+ failed_when: tcp_exposure.rc != 0
+ when:
+ - docker_expose_docker_api_via_tcp
+
- name: Ensure no docker-compose.yml exists
become: true
become_user: "{{ docker_user }}" |
All done 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will actually add the configuration to the Docker daemon running as root, what you need to do is add the service file to the docker_user
, see https://github.com/konstruktoid/ansible-role-docker-rootless/blob/main/tasks/docker_install_rootless.yml#L80-L87
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I don't get what's the request :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
your PR works when running in rootless mode, but in order for it to work in rootles, you'll need to add the user service file to the rootful installastion. https://github.com/konstruktoid/ansible-role-docker-rootless/blob/main/tasks/docker_install_rootless.yml#L80-L87 -> https://github.com/konstruktoid/ansible-role-docker-rootless/blob/main/tasks/docker_install_rootful.yml
Added a var that enables to exposure of the docker API via TCP
Issue #344