Add more comments

Author: thejsj

ansible/roles/dock_launch_config/templates/init.tmpl

@@ -10,22 +10,22 @@ mkdir -p /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
 chown ubuntu:ubuntu /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
 chmod 0711 /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}
 
-# Set Vault Tokens
+# Set Vault Tokens (Used for fetching templates)
 {% for item in tokens %}
 echo {{ item.value }} > /opt/runnable/dock-init/consul-resources/vault/{{ node_env }}/{{ item.file_name }}
 {% endfor %}
 
-# Add upstart files
+# Add upstart files for charon and krain
 mkdir -p /docker/app-logs/
 echo {{ krain_base64['stdout'] }} | base64 --decode > /etc/init/krain.conf
 echo {{ charon_base64['stdout'] }} | base64 --decode > /etc/init/charon.conf
 
-# Add Certs
+# Add Certs (Used for genereting Docker client keys + certs)
 mkdir -p /etc/ssl/docker/
-rm /etc/ssl/docker/*
-echo {{ ca_pem_base64['stdout'] }} | base64 --decode > /etc/ssl/docker/ca.pem
+cho {{ ca_pem_base64['stdout'] }} | base64 --decode > /etc/ssl/docker/ca.pem
 echo {{ ca_key_pem_base64['stdout'] }} | base64 --decode > /etc/ssl/docker/ca-key.pem
 echo {{ pass_base64['stdout'] }} | base64 --decode > /etc/ssl/docker/pass
+chmod -R 0440 /etc/ssl/docker/
 
 # Start services
 {% if is_dock_pool %}

ansible/roles/docker/tasks/main.yml

@@ -15,17 +15,6 @@
     owner=root
     group=root
 
-- name: copy docker certs
-  become: true
-  tags: docker_certs
-  when: dock is defined
-  copy:
-    src=certs/
-    dest=/etc/ssl/docker
-    mode=0440
-    owner=root
-    group=root
-
 - name: create core file dir
   become: true
   when: docker_config == "runnable" and core_file_dir != "/var/log"
@@ -110,10 +99,6 @@
     group=root
     mode=0755
 
-- name: restart docker
-  when: (copied_config.changed and restart is defined) or dock is defined
-  command: sudo service docker restart
-
 - name: create docker group
   become: true
   group: