Using Ansible to install Docker

Question

Some time ago I asked a question regarding Ansible and Docker and received this excellent answer. I am now trying to understand that answer a bit better. Essentially, I have a bunch of Ubuntu 14.04 VMs and I want Ansible to install/maintain Docker on all of them.

My Ansible project:

myansible01.example.com:/opt/ansible/
    site.yml
    allservers.yml
    roles/
        common/
            tasks/
                main.yml

Where site.yml is:

---
# file: site.yml
- include: allservers.yml

Where allservers.yml is:

---
# file: allservers.yml
- hosts: all
  user: {{ privileged_user }}
  gather_facts: false
  roles:
  - common

And where roles/common/tasks/main.yml is:

---
# file: roles/common/tasks/main.yml
- name: Add docker apt keys
  apt_key: keyserver=keyserver.ubuntu.com id=36A1D7869245C8950F966E92D8576A8BA88D21E9
- name: Update apt
  apt_repository: repo='deb https://get.docker.com docker main' state=present
- name: Install Docker
  apt: pkg=lxc-docker update_cache=yes

Finally, my /etc/ansible/hosts:

[allservers]
server01.example.com
server02.example.com
server03.example.com
...etc.
server49.example.com
server50.example.com

Several concerns here:

• How do I actually run this so that Ansible installs Docker on all 50 servers? Something like (from the project root) ansible-playbook site.yml -f 10?
• How do I "inject" the privileged_user into the above command?
• Why is the first task "Add docker apt keys" necessary? According to the apt_key docs, we are fetching an apt_key from the Ubuntu repos, but where does that long key come from? What role does this play in installing Docker (I ask because if you go to the Docker Ubuntu installation page it doesn't mention these apt_keys at all)?
• Anything else I need to do for a proper Docker install?

Answer 1

In a more logical order :

Why apt-key ?

apt-key is used to manage the list of keys used by apt to authenticate packages (like docker). Packages which have been authenticated using these keys will be considered trusted. It is useful when you add a repository where a newer / better / up-to-date release of a package you want resides.

(source : man page of apt-key)

If you don't add the key of the repo first, apt won't be able to get the package, and will cry with "W: GPG error: ... The following signatures couldn't be verified because the public key is not available: NO_PUBKEY whatever key number". So this is basically so that you can get the package and install it.

In the docker Ubuntu installation page, there is a clear mention of apt-key at point 3 in the note :

curl -sSL https://get.docker.com/gpg | sudo apt-key add -

Variables

To inject {{ privileged_user }} in your config : you would use a global variable by defining privileged_user in <INVENTORY_FILE_LOCATION>/group_vars/all like that :

---
# Your user
privileged_user: "root"

If this group_vars/all file does not exist, create it.

NB : the default inventory file location is /etc/ansible/hosts, but /usr/local/etc/ansible/hosts on Mac OS X

(see here as well for more info)

Running a playbook

Then, to run your playbook, do :

ansible-playbook -l server49.example.com allservers.yml -v 

-l is if you want to limit to a server in particular for instance, but you can omit it

-v is if you want a verbose output (or -vv, -vvv ...)

EDIT : Starting the docker daemon

If you want to be sure that the docker daemon is started after that, I'd recommend restarting it anyway with :

- name: Start Docker
  service: name=docker state=restarted

Depending on the distributions, it may have been previously started automatically, but from what I understand in the docs here, "Once Docker is installed, you will need to start the Docker daemon".

---

And .... you're good to go ;)