We're hosting our own internal Docker registry and using Ansible to configure the Jenkins slave that will build/upload the containers. Because our registery is non-SSL, we have to add:
"$DOCKER_OPTS --insecure-registry our.registry.com:5000"
to the /etc/default/docker file so the docker daemon runs with this flag on startup. Is the proper way to use an ansible template and just replace the whole file? Or should we use the lineinfile module and just add this one line?
Generally, using lineinfile is an antipattern. "Just one line" typically turns into more, and dealing with escapes and such is always difficult.
I would say it depends on your setup. If you are certain the default /etc/default/docker file across all your docker hosts is the same and all you need to add is the $DOCKER_OPTS option you specified above, then there is no need for lineinfile module. Either template or even copy modules would work, you just put the template in the templates directory or files directory for your roles, respectively. One benefit of using the template module is you can use the --diff option to see what changes it is going to make. Add to that --check for dry run mode with logging enabled, it makes a lot easier to track all the changes made.
But if the docker configuration files varies across your environment, say some of them have different dns servers, I would use lineinfile with regex option. This way you can keep the existing DOCKER_OPTS on the remote hosts, while adding the extra insecure option. Just make sure to use, backup=yes option for lineinfile in case you need to restore the file from backup.
