diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a243ffa..bf25c4e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,12 +19,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: 'geerlingguy.docker' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' @@ -41,23 +41,21 @@ jobs: strategy: matrix: distro: - - rockylinux8 + - rockylinux9 + - ubuntu2404 - ubuntu2204 - - ubuntu2004 - - ubuntu1804 - debian12 - debian11 - - debian10 - - fedora34 + - fedora40 steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: 'geerlingguy.docker' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0b04d24..c9faaea 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,12 +22,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: 'geerlingguy.docker' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' diff --git a/README.md b/README.md index 3449e28..da382f6 100644 --- a/README.md +++ b/README.md @@ -12,13 +12,15 @@ None. Available variables are listed below, along with default values (see `defaults/main.yml`): - # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). - docker_edition: 'ce' - docker_packages: - - "docker-{{ docker_edition }}" - - "docker-{{ docker_edition }}-cli" - - "docker-{{ docker_edition }}-rootless-extras" - docker_packages_state: present +```yaml +# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). +docker_edition: 'ce' +docker_packages: + - "docker-{{ docker_edition }}" + - "docker-{{ docker_edition }}-cli" + - "docker-{{ docker_edition }}-rootless-extras" +docker_packages_state: present +``` The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: @@ -27,66 +29,97 @@ Debian/Ubuntu: `docker-{{ docker_edition }}=` (Note: you have to add th You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play). - docker_service_manage: true - docker_service_state: started - docker_service_enabled: true - docker_restart_handler_state: restarted +```yaml +docker_obsolete_packages: + - docker + - docker.io + - docker-engine + - podman-docker + - containerd + - runc +``` + +A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed. + +```yaml +docker_service_manage: true +docker_service_state: started +docker_service_enabled: true +docker_restart_handler_state: restarted +``` Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`. - docker_install_compose_plugin: false - docker_compose_package: docker-compose-plugin - docker_compose_package_state: present +```yaml +docker_install_compose_plugin: true +docker_compose_package: docker-compose-plugin +docker_compose_package_state: present +``` Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary. - docker_install_compose: true - docker_compose_version: "1.26.0" - docker_compose_arch: "{{ ansible_architecture }}" - docker_compose_path: /usr/local/bin/docker-compose +```yaml +docker_install_compose: false +docker_compose_version: "2.29.2" +docker_compose_arch: "{{ ansible_architecture }}" +docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}" +docker_compose_path: /usr/local/bin/docker-compose +``` Docker Compose installation options. - docker_add_repo: true +```yaml +docker_add_repo: true +``` Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own. - docker_repo_url: https://download.docker.com/linux +```yaml +docker_repo_url: https://download.docker.com/linux +``` The main Docker repo URL, common between Debian and RHEL systems. - docker_apt_release_channel: stable - docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" - docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" - docker_apt_ignore_key_error: True - docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" - docker_apt_filename: "docker" +```yaml +docker_apt_release_channel: stable +docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_ignore_key_error: True +docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" +docker_apt_filename: "docker" +``` (Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release. You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists. - docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo - docker_yum_repo_enable_nightly: '0' - docker_yum_repo_enable_test: '0' - docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" +```yaml +docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" +docker_yum_repo_enable_nightly: '0' +docker_yum_repo_enable_test: '0' +docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" +``` (Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`. You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `docker_yum_repository` as well. - docker_users: - - user1 - - user2 +```yaml +docker_users: + - user1 + - user2 +``` A list of system users to be added to the `docker` group (so they can use Docker on the server). - docker_daemon_options: - storage-driver: "devicemapper" - log-opts: - max-size: "100m" +```yaml +docker_daemon_options: + storage-driver: "overlay2" + log-opts: + max-size: "100m" +``` Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`. diff --git a/defaults/main.yml b/defaults/main.yml index 75a1caf..72c3119 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,7 +6,15 @@ docker_packages: - "docker-{{ docker_edition }}-cli" - "docker-{{ docker_edition }}-rootless-extras" - "containerd.io" + - docker-buildx-plugin docker_packages_state: present +docker_obsolete_packages: + - docker + - docker.io + - docker-engine + - podman-docker + - containerd + - runc # Service options. docker_service_manage: true @@ -21,7 +29,7 @@ docker_compose_package_state: present # Docker Compose options. docker_install_compose: false -docker_compose_version: "v2.11.1" +docker_compose_version: "v2.29.2" docker_compose_arch: "{{ ansible_facts.architecture }}" docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}" docker_compose_path: /usr/local/bin/docker-compose @@ -37,8 +45,8 @@ docker_apt_release_channel: stable # docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible, # and is only necessary until Docker officially supports them. docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_facts.distribution in ['Pop!_OS', 'Linux Mint'] else ansible_facts.distribution }}" -docker_apt_arch: "{{ 'arm64' if ansible_facts.architecture == 'aarch64' else 'amd64' }}" -docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ ansible_facts.distribution | lower }} {{ ansible_facts.distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_arch: "{{ 'arm64' if ansible_facts.architecture == 'aarch64' else 'armhf' if ansible_facts.architecture == 'armv7l' else 'amd64' }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" diff --git a/meta/main.yml b/meta/main.yml index a492efe..c614f0d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - bionic - focal - jammy + - noble - name: Alpine version: - all diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d291e5b..3c2f1e5 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,11 +2,13 @@ role_name_check: 1 dependency: name: galaxy + options: + ignore-errors: true driver: name: docker platforms: - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 6ac5736..75d1f17 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,9 +1,21 @@ --- -- name: Ensure old versions of Docker are not installed. +- name: Ensure apt key is not present in trusted.gpg.d + ansible.builtin.file: + path: /etc/apt/trusted.gpg.d/docker.asc + state: absent + +- name: Ensure the repo referencing the previous trusted.gpg.d key is not present + apt_repository: + repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_facts.distribution_release }} {{ docker_apt_release_channel }}" + state: absent + filename: "{{ docker_apt_filename }}" + update_cache: true + when: docker_add_repo | bool + +- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions + name: Ensure old versions of Docker are not installed. package: - name: - - docker - - docker-engine + name: "{{ docker_obsolete_packages }}" state: absent - name: Ensure dependencies are installed. @@ -14,22 +26,22 @@ state: present when: docker_add_repo | bool -- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems). - apt: - name: gnupg2 - state: present - when: ansible_facts.distribution != 'Ubuntu' or ansible_facts.distribution_version is version('20.04', '<') - - name: Ensure additional dependencies are installed (on Ubuntu >= 20.04). apt: name: gnupg state: present when: ansible_facts.distribution == 'Ubuntu' and ansible_facts.distribution_version is version('20.04', '>=') +- name: Ensure directory exists for /etc/apt/keyrings + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + - name: Add Docker apt key. ansible.builtin.get_url: url: "{{ docker_apt_gpg_key }}" - dest: /etc/apt/trusted.gpg.d/docker.asc + dest: /etc/apt/keyrings/docker.asc mode: '0644' force: false checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}" diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml index b81917a..f68d962 100644 --- a/vars/Archlinux.yml +++ b/vars/Archlinux.yml @@ -1,2 +1,3 @@ --- docker_packages: "docker" +docker_compose_package: docker-compose