add CA conf for private registry

ansible/group_vars/all/docker

@@ -17,3 +17,9 @@ docker_storage_volume_thinpool_meta: docker-thinpoolmeta
 # Size of the docker storage metadata LVM volume (see lvol module size
 # argument).
 docker_storage_volume_thinpool_meta_size: 1%VG
+
+# URL of docker registry
+docker_registry:
+
+# CA of docker registry
+docker_registry_ca:

ansible/roles/docker/defaults/main.yml

@@ -25,5 +25,11 @@ docker_storage_thinpool_autoextend_threshold: 80
 # Percentage by which to extend thin-provisioned docker storage volumes.
 docker_storage_thinpool_autoextend_percent: 20
 
+# URL of docker registry
+docker_registry:
+
+# CA of docker registry
+docker_registry_ca:
+
 # MTU to pass through to containers not using net=host
 docker_daemon_mtu: 1500

ansible/roles/docker/handlers/main.yml

@@ -4,3 +4,9 @@
     name: docker
     state: restarted
   become: True
+
+- name: reload docker service
+  service:
+    name: docker
+    state: reloaded
+  become: True

ansible/roles/docker/tasks/config.yml

@@ -5,3 +5,11 @@
     dest: /etc/docker/daemon.json
   become: True
   notify: restart docker service
+
+- name: Ensure the CA file for private registry exists
+  copy:
+    src: "{{ docker_registry_ca }}"
+    dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
+  become: True
+  when: docker_registry is not none and docker_registry_ca is not none
+  notify: reload docker service

etc/kayobe/docker.yml

@@ -22,6 +22,12 @@
 # argument).
 #docker_storage_volume_thinpool_meta_size:
 
+# URL of docker registry
+#docker_registry:
+
+# CA of docker registry
+#docker_registry_ca:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes