add ansible example

- support for auto install proxy config to many hosts

Author: borgez

docs/ansible/readme.md

@@ -0,0 +1,12 @@
+Add to you playbook.yml
+
+```yaml
+- hosts: docker
+  gather_facts: yes
+  become: yes
+  become_method: sudo
+  vars:
+    docker_proxy_url: 192.168.66.72 #you proxy url
+  roles:
+    - role: docker-proxy
+```

docs/ansible/roles/docker-proxy/defaults/vars.yml

@@ -0,0 +1 @@
+docker_proxy_url: 192.168.66.72

docs/ansible/roles/docker-proxy/tasks/centos.yml

@@ -0,0 +1,7 @@
+- name: Get the CA certificate from the proxy and make it a trusted root.
+  get_url:
+    url: http://{{ docker_proxy_url }}:3128/ca.crt
+    dest: /etc/pki/ca-trust/source/anchors/docker_registry_proxy.crt
+    mode: '0644'
+- name: update trusted ca redhat
+  shell: /bin/update-ca-trust

docs/ansible/roles/docker-proxy/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: Ensures docker.service.d dir exists
+  file: >
+      path=/etc/systemd/system/docker.service.d
+      recurse=yes
+      state=directory
+- name: Add environment vars pointing Docker to use the proxy
+  copy:
+    dest: /etc/systemd/system/docker.service.d/http-proxy.conf
+    content: |
+      [Service]
+      Environment="HTTP_PROXY=http://{{ docker_proxy_url }}:3128/"
+      Environment="HTTPS_PROXY=http://{{ docker_proxy_url }}:3128/"
+
+- name: Include ubuntu tasks
+  include_tasks: ubuntu.yml
+  when: ansible_os_family == "Debian"
+
+- name: Include centos tasks
+  include_tasks: centos.yml
+  when: ansible_os_family == "RedHat"
+    
+- name: Just force systemd to reread configs (2.4 and above)
+  ansible.builtin.systemd:
+    daemon_reload: yes
+
+- name: Reload service docker, in all cases
+  ansible.builtin.systemd:
+    name: docker.service
+    state: reloaded

docs/ansible/roles/docker-proxy/tasks/ubuntu.yml

@@ -0,0 +1,8 @@
+- name: Get the CA certificate from the proxy and make it a trusted root.
+  get_url:
+    url: http://{{ docker_proxy_url }}:3128/ca.crt
+    dest: /usr/share/ca-certificates/docker_registry_proxy.crt
+    mode: '0644'
+
+- name: update trusted ca
+  shell: /usr/sbin/update-ca-certificates --fresh