Preliminary support to have to run the API over TLS.

defaults/main.yml

@@ -19,6 +19,16 @@ docker_user_home: /home/docker
 docker_defaults_file: /etc/default/docker
 docker_enable_tcp_socket: False
 docker_tcp_socket_port: 2375
+docker_tls_api: True
+docker_tls_native_tls: True
+# Set the following to the your ca and certificates path if native_tls is False
+docker_tls_ca: '/var/lib/docker/swarm/certificates/swarm-root-ca.crt'
+docker_tls_cert: '/var/lib/docker/swarm/certificates/swarm-node.crt'
+docker_tls_key: '/var/lib/docker/swarm/certificates/swarm-node.key'
+#
+docker_tls_verify_clients: True
+docker_enable_api_port: True
 docker_api_port: 2376
 docker_tcp_socket_host: 127.0.0.1
 docker_log_to_journal: True
+docker_daemon_debug: False

tasks/swarm_mgr.yml

@@ -31,7 +31,7 @@
   tags: [ 'docker', 'docker_swarm' ]
 
 - block:
-  - name: Add manager nodes to the docker swarm cluster
+  - name: Add some manager nodes to the docker swarm cluster
     docker_swarm:
       state: join
       advertise_addr: '{{ ansible_default_ipv4.address }}'

templates/daemon.json.j2

@@ -1,5 +1,19 @@
-{% if docker_log_to_journal %}
 {
-  "log-driver": "journald"
+{% if docker_log_to_journal %}
-}
+    "log-driver": "journald",
 {% endif %}
+{% if docker_tls_api %}
+    "tls": true,
+    "tlscacert": "{{ docker_tls_ca }}",
+    "tlscert": "{{ docker_tls_cert }}",
+    "tlskey": "{{ docker_tls_key }}",
+{% if docker_tls_verify_clients %}
+    "tlsverify": true,
+{% endif %}
+{% endif %}
+{% if docker_daemon_debug %}
+    "debug": true
+{% else %}
+    "debug": false
+{% endif %}
+}