docker: add registry CA configuration

Adapted from Kayobe.

Change-Id: Ib07df6dee124c5d55a7a102606717d222b4c5127

roles/docker/defaults/main.yml

@@ -45,6 +45,9 @@ docker_runtime_directory: ""
 docker_registry:
 docker_registry_insecure: false
 
+# Path to a CA file for Docker registry
+docker_registry_ca:
+
 # Whether to configure Docker and containerd for Zun.
 docker_configure_for_zun: false
 containerd_configure_for_zun: "{{ docker_configure_for_zun | bool }}"

roles/docker/tasks/config.yml

@@ -76,6 +76,28 @@
   notify:
     - Reload docker service file
 
+- name: Ensure the path for CA file for private registry exists
+  file:
+    path: "/etc/docker/certs.d/{{ docker_registry }}"
+    owner: root
+    group: root
+    mode: 0700
+    state: directory
+  become: True
+  when: docker_registry is not none and docker_registry_ca is not none
+
+- name: Ensure the CA file for private registry exists
+  copy:
+    src: "{{ docker_registry_ca }}"
+    dest: "/etc/docker/certs.d/{{ docker_registry }}/ca.crt"
+    owner: root
+    group: root
+    mode: 0600
+  become: True
+  when: docker_registry is not none and docker_registry_ca is not none
+  notify:
+    - Restart docker
+
 - name: Flush handlers
   meta: flush_handlers