docker
======

This role will install Docker and given a list of containers to deploy, will do the following:

1. Create needed docker networks
2. Open up necessary firewall ports
3. Generate docker-compose files (1 per container)
4. Ensure container user/group exists
5. Ensure container persistent directories exist with correct perms and SELinux contexts
6. Generate a systemd service file per container
7. Setup systemd timers to automatically pull new and purge old container images

Requirements
------------

This role is only tested on Fedora/CentOS machines.

Variables
---------

container_user: user name to run containers as (will be generated if not exists)
container_uid: uid of above user name
container_group: group name of container_user
container_gid: gid of above group name

    global_env_vars: # will be set on any container which has include_global_env_vars: true
      - PUID={{ container_uid }}
      - PGID={{ container_gid }}
      - TZ=America/Los_Angeles

    firewall_ports: # list of ports to open up on the host
      - 80/tcp
      - 443/tcp

Since this role sets up each container individually, if multiple containers need to talk directly to each other container networks must be outlined:

This role sets up each container as an individual docker-compose.yml file with a 1-to-1 relationship with it's systemd service. This means we can not rely on docker-compose's built-in networking feature for connecting multiple containers together.

Outline any networks you need via container_networks:

    container_networks:
      - name: backend
        driver: bridge
        subnet: 172.21.10.0/24
        ip_range: 172.21.10.0/24
        gateway: 172.21.10.1

And specify those networks in the corresponding container's dictionary:

    containers:
      - name: nginx
        active: true
        image: linuxserver/nginx
        ports:
          - 80:80
          - 443:443
        volumes:
          - /opt/nginx:/config
        include_global_env_vars: true
        restart: unless-stopped
        memlimit: 300m
        networks:
          - backend

        - name: mysql
          active: true
          image: mysql
          volumes:
            - /opt/mysql:/var/lib/mysql
          include_global_env_vars: false
          environment:
            - MYSQL_ROOT_PASSWORD="{{ vaulted_mysql_root_password }}"
          restart: unless-stopped
          memlimit: 500m
          networks:
            - backend



License
-------

GPLv3