From a76a05024a200df6ab301aa34efe633db31e81c6 Mon Sep 17 00:00:00 2001 From: Yethal <26117918+Yethal@users.noreply.github.com> Date: Fri, 10 Nov 2023 16:20:54 +0100 Subject: [PATCH 01/25] Uninstall docker.io on apt distros --- tasks/setup-Debian.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 846e796..69529ba 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -3,6 +3,7 @@ package: name: - docker + - docker.io - docker-engine state: absent From 1dca07177fdbb832e0694843c306b98dd9d86cb7 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 18:59:51 -0800 Subject: [PATCH 02/25] 434 Add GPG keys to keyrings instead of trusted.gpg.d --- defaults/main.yml | 2 +- tasks/setup-Debian.yml | 28 +++++++++++++--------------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8deef24..daad48f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,7 +38,7 @@ docker_apt_release_channel: stable # and is only necessary until Docker officially supports them. docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}" docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" -docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.gpg] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 69529ba..3279803 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -27,25 +27,23 @@ state: present when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=') -- name: Add Docker apt key. - ansible.builtin.get_url: - url: "{{ docker_apt_gpg_key }}" - dest: /etc/apt/trusted.gpg.d/docker.asc - mode: '0644' - force: false - checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}" - register: add_repository_key - ignore_errors: "{{ docker_apt_ignore_key_error }}" - when: docker_add_repo | bool +- name: Ensure directory exists for /etc/apt/keyrings + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' -- name: Ensure curl is present (on older systems without SNI). +- name: Ensure curl is present package: name=curl state=present - when: add_repository_key is failed and docker_add_repo | bool -- name: Add Docker apt key (alternative for older systems without SNI). +- name: Add Docker apt key shell: > - curl -sSL {{ docker_apt_gpg_key }} | apt-key add - - when: add_repository_key is failed and docker_add_repo | bool + curl -sSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes + +- name: Change permissions for /etc/apt/keyrings/docker.gpg + file: + path: /etc/apt/keyrings/docker.gpg + mode: 'a+r' - name: Add Docker repository. apt_repository: From 12ad263ef65367d36c795e19b8dcfbf301c8a645 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 20:23:52 -0800 Subject: [PATCH 03/25] 435 Update apt key ansible task --- tasks/setup-Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 3279803..8bd7e00 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -38,7 +38,7 @@ - name: Add Docker apt key shell: > - curl -sSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes + curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes - name: Change permissions for /etc/apt/keyrings/docker.gpg file: From ae29f9f9c02a2d5fae0e7f58c86077cc6628d761 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 21:14:58 -0800 Subject: [PATCH 04/25] 434 changed_when false for adding docker apt key shell cmd --- tasks/setup-Debian.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 8bd7e00..8c98a68 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -39,6 +39,7 @@ - name: Add Docker apt key shell: > curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes + changed_when: false - name: Change permissions for /etc/apt/keyrings/docker.gpg file: From 6cb849c416970cf9dded79786e4d65f5fa1850cc Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 21:20:56 -0800 Subject: [PATCH 05/25] 435 ansible-lint --- tasks/setup-Debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 8c98a68..7a3cb03 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -36,12 +36,12 @@ - name: Ensure curl is present package: name=curl state=present -- name: Add Docker apt key +- name: Add Docker apt key shell: > curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes changed_when: false -- name: Change permissions for /etc/apt/keyrings/docker.gpg +- name: Change permissions for /etc/apt/keyrings/docker.gpg file: path: /etc/apt/keyrings/docker.gpg mode: 'a+r' From 08ae86e0b5fc3e891e9122b138e6d580e3c2f0f1 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Mon, 18 Dec 2023 11:06:21 -0800 Subject: [PATCH 06/25] 434 update apt key destination --- defaults/main.yml | 2 +- tasks/setup-Debian.yml | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index daad48f..cdf94f0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,7 +38,7 @@ docker_apt_release_channel: stable # and is only necessary until Docker officially supports them. docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}" docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" -docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.gpg] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 7a3cb03..2415cb1 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -33,13 +33,16 @@ state: directory mode: '0755' -- name: Ensure curl is present - package: name=curl state=present - -- name: Add Docker apt key - shell: > - curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes - changed_when: false +- name: Add Docker apt key. + ansible.builtin.get_url: + url: "{{ docker_apt_gpg_key }}" + dest: /etc/apt/keyrings/docker.asc + mode: '0644' + force: false + checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}" + register: add_repository_key + ignore_errors: "{{ docker_apt_ignore_key_error }}" + when: docker_add_repo | bool - name: Change permissions for /etc/apt/keyrings/docker.gpg file: From d8f92e18746617045dc27f376a8049d6253c8024 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Mon, 18 Dec 2023 12:56:14 -0800 Subject: [PATCH 07/25] 434 remove permissions update, add reverse compatibility --- tasks/setup-Debian.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 2415cb1..04b427d 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -44,10 +44,14 @@ ignore_errors: "{{ docker_apt_ignore_key_error }}" when: docker_add_repo | bool -- name: Change permissions for /etc/apt/keyrings/docker.gpg - file: - path: /etc/apt/keyrings/docker.gpg - mode: 'a+r' +- name: Ensure curl is present (on older systems without SNI). + package: name=curl state=present + when: add_repository_key is failed and docker_add_repo | bool + +- name: Add Docker apt key (alternative for older systems without SNI). + shell: > + curl -sSL {{ docker_apt_gpg_key }} | apt-key add - + when: add_repository_key is failed and docker_add_repo | bool - name: Add Docker repository. apt_repository: From f741ddba10bff417b0f86c5ed4deefb99c28e20a Mon Sep 17 00:00:00 2001 From: Chris Schindlbeck Date: Thu, 28 Dec 2023 20:08:47 +0100 Subject: [PATCH 08/25] Fix docker compose plugin on archlinux --- vars/Archlinux.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml index b81917a..f68d962 100644 --- a/vars/Archlinux.yml +++ b/vars/Archlinux.yml @@ -1,2 +1,3 @@ --- docker_packages: "docker" +docker_compose_package: docker-compose From 1175acc9f507e74e7c900d17d3e2afb523f1005a Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 24 Jan 2024 21:49:33 -0600 Subject: [PATCH 09/25] Make local dev with molecule a little easier. --- molecule/default/molecule.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index d291e5b..147da5d 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -2,11 +2,13 @@ role_name_check: 1 dependency: name: galaxy + options: + ignore-errors: true driver: name: docker platforms: - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw From be3b7c289cf3e3b165ba4b9010cbe4fb8b293853 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 24 Jan 2024 22:01:14 -0600 Subject: [PATCH 10/25] A wee bit of modernization. --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/release.yml | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a243ffa..f25e07d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,12 +19,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: 'geerlingguy.docker' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' @@ -41,23 +41,23 @@ jobs: strategy: matrix: distro: + - rockylinux9 - rockylinux8 - ubuntu2204 - ubuntu2004 - - ubuntu1804 - debian12 - debian11 - debian10 - - fedora34 + - fedora39 steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: 'geerlingguy.docker' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0b04d24..c9faaea 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,12 +22,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out the codebase. - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: path: 'geerlingguy.docker' - name: Set up Python 3. - uses: actions/setup-python@v2 + uses: actions/setup-python@v5 with: python-version: '3.x' From 0a410c103153758891225825a74727b2da37e4c9 Mon Sep 17 00:00:00 2001 From: mrodus <25194985+mrodus@users.noreply.github.com> Date: Thu, 1 Feb 2024 16:33:29 +0530 Subject: [PATCH 11/25] Add docker-buildx-plugin to docker_packages --- defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/defaults/main.yml b/defaults/main.yml index 8deef24..ccc3b1c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,6 +6,7 @@ docker_packages: - "docker-{{ docker_edition }}-cli" - "docker-{{ docker_edition }}-rootless-extras" - "containerd.io" + - docker-buildx-plugin docker_packages_state: present # Service options. From cff72d08076e205e815043e764475ebb4aa0ac5c Mon Sep 17 00:00:00 2001 From: Luca Gardi Date: Mon, 26 Feb 2024 13:59:44 +0100 Subject: [PATCH 12/25] Update README.md Fix typo in Yum repos definition --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3449e28..a31968b 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ The main Docker repo URL, common between Debian and RHEL systems. You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists. - docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo + docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" docker_yum_repo_enable_nightly: '0' docker_yum_repo_enable_test: '0' docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" From 5b96593d5cdcac4b53a34dc1df3da7c20c7f06a5 Mon Sep 17 00:00:00 2001 From: Chris Schindlbeck Date: Mon, 27 May 2024 09:26:04 +0200 Subject: [PATCH 13/25] Add Ubuntu 24.04 to CI --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f25e07d..bb4b327 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,7 @@ jobs: distro: - rockylinux9 - rockylinux8 + - ubuntu2404 - ubuntu2204 - ubuntu2004 - debian12 From 820f7426fb5483cca89ae9deb06d68e561c685ab Mon Sep 17 00:00:00 2001 From: James Myatt Date: Mon, 27 May 2024 11:09:35 +0100 Subject: [PATCH 14/25] Enable armhf build for old raspberry pis --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index ccc3b1c..4634b57 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,7 +38,7 @@ docker_apt_release_channel: stable # docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible, # and is only necessary until Docker officially supports them. docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}" -docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" +docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}" docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" From fe69df76fa9d6dc665bd9a4e052978ee7d435830 Mon Sep 17 00:00:00 2001 From: James Myatt Date: Mon, 27 May 2024 11:15:16 +0100 Subject: [PATCH 15/25] Update list of obsolete packages --- tasks/setup-Debian.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 69529ba..582a8c1 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,10 +1,14 @@ --- -- name: Ensure old versions of Docker are not installed. +- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions + name: Ensure old versions of Docker are not installed. package: name: - docker - docker.io - docker-engine + - podman-docker + - containerd + - runc state: absent - name: Ensure dependencies are installed. From 9c4e21caec9045e197e50af0edef2f7f23a1e153 Mon Sep 17 00:00:00 2001 From: James Myatt Date: Sun, 9 Jun 2024 23:15:02 +0100 Subject: [PATCH 16/25] gnupg no longer prerequisite See https://github.com/docker/docker-install/commit/811f32afe518ae963d13ff92a1bcb0a40c80eb3a --- tasks/setup-Debian.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index ec25234..06efe0f 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -19,18 +19,6 @@ state: present when: docker_add_repo | bool -- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems). - apt: - name: gnupg2 - state: present - when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04', '<') - -- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04). - apt: - name: gnupg - state: present - when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=') - - name: Ensure directory exists for /etc/apt/keyrings file: path: /etc/apt/keyrings From 5b3eea8f972bcd2038b028dbb06e46970787acd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Els=C5=91=20Andr=C3=A1s?= Date: Thu, 27 Jun 2024 15:10:27 +0200 Subject: [PATCH 17/25] Allow change obsolete packages --- defaults/main.yml | 7 +++++++ tasks/setup-Debian.yml | 8 +------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index f0ed366..a1effd2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,13 @@ docker_packages: - "docker-{{ docker_edition }}-rootless-extras" - "containerd.io" - docker-buildx-plugin +docker_obsolete_packages: + - docker + - docker.io + - docker-engine + - podman-docker + - containerd + - runc docker_packages_state: present # Service options. diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 06efe0f..a864b3f 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -2,13 +2,7 @@ - # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions name: Ensure old versions of Docker are not installed. package: - name: - - docker - - docker.io - - docker-engine - - podman-docker - - containerd - - runc + name: "{{ docker_obsolete_packages }}" state: absent - name: Ensure dependencies are installed. From ee3bb235784894c5a696f93e686a02ce5abfaf33 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 27 Jun 2024 08:39:51 -0500 Subject: [PATCH 18/25] Add docker_obsolete_packages to README. --- README.md | 106 ++++++++++++++++++++++++++++++---------------- defaults/main.yml | 2 +- 2 files changed, 70 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index a31968b..e679eb4 100644 --- a/README.md +++ b/README.md @@ -12,13 +12,15 @@ None. Available variables are listed below, along with default values (see `defaults/main.yml`): - # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). - docker_edition: 'ce' - docker_packages: - - "docker-{{ docker_edition }}" - - "docker-{{ docker_edition }}-cli" - - "docker-{{ docker_edition }}-rootless-extras" - docker_packages_state: present +```yaml +# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition). +docker_edition: 'ce' +docker_packages: + - "docker-{{ docker_edition }}" + - "docker-{{ docker_edition }}-cli" + - "docker-{{ docker_edition }}-rootless-extras" +docker_packages_state: present +``` The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: @@ -27,66 +29,96 @@ Debian/Ubuntu: `docker-{{ docker_edition }}=` (Note: you have to add th You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play). - docker_service_manage: true - docker_service_state: started - docker_service_enabled: true - docker_restart_handler_state: restarted +```yaml +docker_obsolete_packages: + - docker + - docker.io + - docker-engine + - podman-docker + - containerd + - runc +``` + +A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed. + +```yaml +docker_service_manage: true +docker_service_state: started +docker_service_enabled: true +docker_restart_handler_state: restarted +``` Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`. - docker_install_compose_plugin: false - docker_compose_package: docker-compose-plugin - docker_compose_package_state: present +```yaml +docker_install_compose_plugin: false +docker_compose_package: docker-compose-plugin +docker_compose_package_state: present +``` Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary. - docker_install_compose: true - docker_compose_version: "1.26.0" - docker_compose_arch: "{{ ansible_architecture }}" - docker_compose_path: /usr/local/bin/docker-compose +```yaml +docker_install_compose: true +docker_compose_version: "1.26.0" +docker_compose_arch: "{{ ansible_architecture }}" +docker_compose_path: /usr/local/bin/docker-compose +``` Docker Compose installation options. - docker_add_repo: true +```yaml +docker_add_repo: true +``` Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own. - docker_repo_url: https://download.docker.com/linux +```yaml +docker_repo_url: https://download.docker.com/linux +``` The main Docker repo URL, common between Debian and RHEL systems. - docker_apt_release_channel: stable - docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" - docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" - docker_apt_ignore_key_error: True - docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" - docker_apt_filename: "docker" +```yaml +docker_apt_release_channel: stable +docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_ignore_key_error: True +docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg" +docker_apt_filename: "docker" +``` (Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release. You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists. - docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" - docker_yum_repo_enable_nightly: '0' - docker_yum_repo_enable_test: '0' - docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" +```yaml +docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" +docker_yum_repo_enable_nightly: '0' +docker_yum_repo_enable_test: '0' +docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" +``` (Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`. You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `docker_yum_repository` as well. - docker_users: - - user1 - - user2 +```yaml +docker_users: + - user1 + - user2 +``` A list of system users to be added to the `docker` group (so they can use Docker on the server). - docker_daemon_options: - storage-driver: "devicemapper" - log-opts: - max-size: "100m" +```yaml +docker_daemon_options: + storage-driver: "devicemapper" + log-opts: + max-size: "100m" +``` Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`. diff --git a/defaults/main.yml b/defaults/main.yml index a1effd2..7449b5b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,7 @@ docker_packages: - "docker-{{ docker_edition }}-rootless-extras" - "containerd.io" - docker-buildx-plugin +docker_packages_state: present docker_obsolete_packages: - docker - docker.io @@ -14,7 +15,6 @@ docker_obsolete_packages: - podman-docker - containerd - runc -docker_packages_state: present # Service options. docker_service_manage: true From f18394c5552f8d2fdf36cb1bc9a68558e24f3acf Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 16 Jul 2024 13:40:47 -0500 Subject: [PATCH 19/25] CI Updates. --- .github/workflows/ci.yml | 5 +---- meta/main.yml | 1 + 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bb4b327..bf25c4e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,14 +42,11 @@ jobs: matrix: distro: - rockylinux9 - - rockylinux8 - ubuntu2404 - ubuntu2204 - - ubuntu2004 - debian12 - debian11 - - debian10 - - fedora39 + - fedora40 steps: - name: Check out the codebase. diff --git a/meta/main.yml b/meta/main.yml index a492efe..c614f0d 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -22,6 +22,7 @@ galaxy_info: - bionic - focal - jammy + - noble - name: Alpine version: - all From e7ee1a8d1ec9be34fb613e2067cda8771c804b19 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 16 Jul 2024 14:21:20 -0500 Subject: [PATCH 20/25] Fixup CI versions. Drop all older RHEL releases which are broken. --- molecule/default/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 147da5d..3c2f1e5 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -8,7 +8,7 @@ driver: name: docker platforms: - name: instance - image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest" command: ${MOLECULE_DOCKER_COMMAND:-""} volumes: - /sys/fs/cgroup:/sys/fs/cgroup:rw From f666736e7957a17c5b0b39712e97d30bf53cffd7 Mon Sep 17 00:00:00 2001 From: Dan Rough Date: Thu, 30 May 2024 14:12:01 +0100 Subject: [PATCH 21/25] Remove trusted.gpg.d artifacts. Fixes geerlingguy/ansible-role-docker#460 --- tasks/setup-Debian.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index a864b3f..53ee5e5 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,4 +1,17 @@ --- +- name: Ensure apt key is not present in trusted.gpg.d + ansible.builtin.file: + path: /etc/apt/trusted.gpg.d/docker.asc + state: absent + +- name: Ensure the repo referencing the previous trusted.gpg.d key is not present + apt_repository: + repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" + state: absent + filename: "{{ docker_apt_filename }}" + update_cache: true + when: docker_add_repo | bool + - # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions name: Ensure old versions of Docker are not installed. package: From d3cbb31f8d9ff166f9d0e6d5575bd667146c4f32 Mon Sep 17 00:00:00 2001 From: Yemtex <55879864+Yemtex@users.noreply.github.com> Date: Mon, 26 Aug 2024 00:09:55 +0200 Subject: [PATCH 22/25] Updated docker compose and docker compose plugin default values README now shows, that this role is using the recommended docker compose plugin --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e679eb4..f9d5ac1 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ docker_restart_handler_state: restarted Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`. ```yaml -docker_install_compose_plugin: false +docker_install_compose_plugin: true docker_compose_package: docker-compose-plugin docker_compose_package_state: present ``` @@ -59,9 +59,10 @@ docker_compose_package_state: present Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary. ```yaml -docker_install_compose: true -docker_compose_version: "1.26.0" +docker_install_compose: false +docker_compose_version: "2.11.1" docker_compose_arch: "{{ ansible_architecture }}" +docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}" docker_compose_path: /usr/local/bin/docker-compose ``` From 6e27357dedd6b90d0797517da48cd800f6a55bc2 Mon Sep 17 00:00:00 2001 From: Jan Langrehr <32090308+strgalt-t@users.noreply.github.com> Date: Wed, 28 Aug 2024 17:00:43 +0200 Subject: [PATCH 23/25] Bump docker_compose_version to v2.29.2 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 7449b5b..6cbf943 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -29,7 +29,7 @@ docker_compose_package_state: present # Docker Compose options. docker_install_compose: false -docker_compose_version: "v2.11.1" +docker_compose_version: "v2.29.2" docker_compose_arch: "{{ ansible_architecture }}" docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}" docker_compose_path: /usr/local/bin/docker-compose From 78790de1d7df3854179fbd17e4a50e8d0c4c0517 Mon Sep 17 00:00:00 2001 From: Jan Langrehr Date: Sat, 31 Aug 2024 18:43:01 +0200 Subject: [PATCH 24/25] Align docker_compose_version in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f9d5ac1..9e99e48 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Docker Compose Plugin installation options. These differ from the below in that ```yaml docker_install_compose: false -docker_compose_version: "2.11.1" +docker_compose_version: "2.29.2" docker_compose_arch: "{{ ansible_architecture }}" docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}" docker_compose_path: /usr/local/bin/docker-compose From acdf6da58fd0c2f29eef083f73a1d92ab98cf4c0 Mon Sep 17 00:00:00 2001 From: "christophertoney3@gmail.com" <58573081+lanedif@users.noreply.github.com> Date: Sun, 22 Sep 2024 00:28:04 -0400 Subject: [PATCH 25/25] Update README.md Saw some errors in my install that devicemapper was deprecated and that overlay2 is the recommended default: https://docs.docker.com/engine/storage/drivers/select-storage-driver/ --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9e99e48..da382f6 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,7 @@ A list of system users to be added to the `docker` group (so they can use Docker ```yaml docker_daemon_options: - storage-driver: "devicemapper" + storage-driver: "overlay2" log-opts: max-size: "100m" ```