mirror of
https://github.com/geerlingguy/ansible-role-docker.git
synced 2024-11-18 19:10:43 +01:00
Merge branch 'master' into use-ansible-facts
This commit is contained in:
commit
031cdbc034
16
.github/workflows/ci.yml
vendored
16
.github/workflows/ci.yml
vendored
@ -19,12 +19,12 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Check out the codebase.
|
- name: Check out the codebase.
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
path: 'geerlingguy.docker'
|
path: 'geerlingguy.docker'
|
||||||
|
|
||||||
- name: Set up Python 3.
|
- name: Set up Python 3.
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v5
|
||||||
with:
|
with:
|
||||||
python-version: '3.x'
|
python-version: '3.x'
|
||||||
|
|
||||||
@ -41,23 +41,21 @@ jobs:
|
|||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
distro:
|
distro:
|
||||||
- rockylinux8
|
- rockylinux9
|
||||||
|
- ubuntu2404
|
||||||
- ubuntu2204
|
- ubuntu2204
|
||||||
- ubuntu2004
|
|
||||||
- ubuntu1804
|
|
||||||
- debian12
|
- debian12
|
||||||
- debian11
|
- debian11
|
||||||
- debian10
|
- fedora40
|
||||||
- fedora34
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Check out the codebase.
|
- name: Check out the codebase.
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
path: 'geerlingguy.docker'
|
path: 'geerlingguy.docker'
|
||||||
|
|
||||||
- name: Set up Python 3.
|
- name: Set up Python 3.
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v5
|
||||||
with:
|
with:
|
||||||
python-version: '3.x'
|
python-version: '3.x'
|
||||||
|
|
||||||
|
4
.github/workflows/release.yml
vendored
4
.github/workflows/release.yml
vendored
@ -22,12 +22,12 @@ jobs:
|
|||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Check out the codebase.
|
- name: Check out the codebase.
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
path: 'geerlingguy.docker'
|
path: 'geerlingguy.docker'
|
||||||
|
|
||||||
- name: Set up Python 3.
|
- name: Set up Python 3.
|
||||||
uses: actions/setup-python@v2
|
uses: actions/setup-python@v5
|
||||||
with:
|
with:
|
||||||
python-version: '3.x'
|
python-version: '3.x'
|
||||||
|
|
||||||
|
93
README.md
93
README.md
@ -12,13 +12,15 @@ None.
|
|||||||
|
|
||||||
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||||
|
|
||||||
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
|
```yaml
|
||||||
docker_edition: 'ce'
|
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
|
||||||
docker_packages:
|
docker_edition: 'ce'
|
||||||
|
docker_packages:
|
||||||
- "docker-{{ docker_edition }}"
|
- "docker-{{ docker_edition }}"
|
||||||
- "docker-{{ docker_edition }}-cli"
|
- "docker-{{ docker_edition }}-cli"
|
||||||
- "docker-{{ docker_edition }}-rootless-extras"
|
- "docker-{{ docker_edition }}-rootless-extras"
|
||||||
docker_packages_state: present
|
docker_packages_state: present
|
||||||
|
```
|
||||||
|
|
||||||
The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition).
|
The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition).
|
||||||
You can also specify a specific version of Docker to install using the distribution-specific format:
|
You can also specify a specific version of Docker to install using the distribution-specific format:
|
||||||
@ -27,66 +29,97 @@ Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>` (Note: you have to add th
|
|||||||
|
|
||||||
You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
|
You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
|
||||||
|
|
||||||
docker_service_manage: true
|
```yaml
|
||||||
docker_service_state: started
|
docker_obsolete_packages:
|
||||||
docker_service_enabled: true
|
- docker
|
||||||
docker_restart_handler_state: restarted
|
- docker.io
|
||||||
|
- docker-engine
|
||||||
|
- podman-docker
|
||||||
|
- containerd
|
||||||
|
- runc
|
||||||
|
```
|
||||||
|
|
||||||
|
A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
docker_service_manage: true
|
||||||
|
docker_service_state: started
|
||||||
|
docker_service_enabled: true
|
||||||
|
docker_restart_handler_state: restarted
|
||||||
|
```
|
||||||
|
|
||||||
Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
|
Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
|
||||||
|
|
||||||
docker_install_compose_plugin: false
|
```yaml
|
||||||
docker_compose_package: docker-compose-plugin
|
docker_install_compose_plugin: true
|
||||||
docker_compose_package_state: present
|
docker_compose_package: docker-compose-plugin
|
||||||
|
docker_compose_package_state: present
|
||||||
|
```
|
||||||
|
|
||||||
Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
|
Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
|
||||||
|
|
||||||
docker_install_compose: true
|
```yaml
|
||||||
docker_compose_version: "1.26.0"
|
docker_install_compose: false
|
||||||
docker_compose_arch: "{{ ansible_architecture }}"
|
docker_compose_version: "2.29.2"
|
||||||
docker_compose_path: /usr/local/bin/docker-compose
|
docker_compose_arch: "{{ ansible_architecture }}"
|
||||||
|
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
|
||||||
|
docker_compose_path: /usr/local/bin/docker-compose
|
||||||
|
```
|
||||||
|
|
||||||
Docker Compose installation options.
|
Docker Compose installation options.
|
||||||
|
|
||||||
docker_add_repo: true
|
```yaml
|
||||||
|
docker_add_repo: true
|
||||||
|
```
|
||||||
|
|
||||||
Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own.
|
Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own.
|
||||||
|
|
||||||
docker_repo_url: https://download.docker.com/linux
|
```yaml
|
||||||
|
docker_repo_url: https://download.docker.com/linux
|
||||||
|
```
|
||||||
|
|
||||||
The main Docker repo URL, common between Debian and RHEL systems.
|
The main Docker repo URL, common between Debian and RHEL systems.
|
||||||
|
|
||||||
docker_apt_release_channel: stable
|
```yaml
|
||||||
docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
docker_apt_release_channel: stable
|
||||||
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
|
docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
|
||||||
docker_apt_ignore_key_error: True
|
docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
|
||||||
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
|
docker_apt_ignore_key_error: True
|
||||||
docker_apt_filename: "docker"
|
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
|
||||||
|
docker_apt_filename: "docker"
|
||||||
|
```
|
||||||
|
|
||||||
(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
|
(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
|
||||||
|
|
||||||
You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
|
You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
|
||||||
Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists.
|
Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists.
|
||||||
|
|
||||||
docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo
|
```yaml
|
||||||
docker_yum_repo_enable_nightly: '0'
|
docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
|
||||||
docker_yum_repo_enable_test: '0'
|
docker_yum_repo_enable_nightly: '0'
|
||||||
docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
|
docker_yum_repo_enable_test: '0'
|
||||||
|
docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
|
||||||
|
```
|
||||||
|
|
||||||
(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
|
(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
|
||||||
|
|
||||||
You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
|
You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
|
||||||
Usually in combination with changing `docker_yum_repository` as well.
|
Usually in combination with changing `docker_yum_repository` as well.
|
||||||
|
|
||||||
docker_users:
|
```yaml
|
||||||
|
docker_users:
|
||||||
- user1
|
- user1
|
||||||
- user2
|
- user2
|
||||||
|
```
|
||||||
|
|
||||||
A list of system users to be added to the `docker` group (so they can use Docker on the server).
|
A list of system users to be added to the `docker` group (so they can use Docker on the server).
|
||||||
|
|
||||||
docker_daemon_options:
|
```yaml
|
||||||
storage-driver: "devicemapper"
|
docker_daemon_options:
|
||||||
|
storage-driver: "overlay2"
|
||||||
log-opts:
|
log-opts:
|
||||||
max-size: "100m"
|
max-size: "100m"
|
||||||
|
```
|
||||||
|
|
||||||
Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
|
Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
|
||||||
|
|
||||||
|
@ -6,7 +6,15 @@ docker_packages:
|
|||||||
- "docker-{{ docker_edition }}-cli"
|
- "docker-{{ docker_edition }}-cli"
|
||||||
- "docker-{{ docker_edition }}-rootless-extras"
|
- "docker-{{ docker_edition }}-rootless-extras"
|
||||||
- "containerd.io"
|
- "containerd.io"
|
||||||
|
- docker-buildx-plugin
|
||||||
docker_packages_state: present
|
docker_packages_state: present
|
||||||
|
docker_obsolete_packages:
|
||||||
|
- docker
|
||||||
|
- docker.io
|
||||||
|
- docker-engine
|
||||||
|
- podman-docker
|
||||||
|
- containerd
|
||||||
|
- runc
|
||||||
|
|
||||||
# Service options.
|
# Service options.
|
||||||
docker_service_manage: true
|
docker_service_manage: true
|
||||||
@ -21,7 +29,7 @@ docker_compose_package_state: present
|
|||||||
|
|
||||||
# Docker Compose options.
|
# Docker Compose options.
|
||||||
docker_install_compose: false
|
docker_install_compose: false
|
||||||
docker_compose_version: "v2.11.1"
|
docker_compose_version: "v2.29.2"
|
||||||
docker_compose_arch: "{{ ansible_facts.architecture }}"
|
docker_compose_arch: "{{ ansible_facts.architecture }}"
|
||||||
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
|
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
|
||||||
docker_compose_path: /usr/local/bin/docker-compose
|
docker_compose_path: /usr/local/bin/docker-compose
|
||||||
@ -37,8 +45,8 @@ docker_apt_release_channel: stable
|
|||||||
# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
|
# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
|
||||||
# and is only necessary until Docker officially supports them.
|
# and is only necessary until Docker officially supports them.
|
||||||
docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_facts.distribution in ['Pop!_OS', 'Linux Mint'] else ansible_facts.distribution }}"
|
docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_facts.distribution in ['Pop!_OS', 'Linux Mint'] else ansible_facts.distribution }}"
|
||||||
docker_apt_arch: "{{ 'arm64' if ansible_facts.architecture == 'aarch64' else 'amd64' }}"
|
docker_apt_arch: "{{ 'arm64' if ansible_facts.architecture == 'aarch64' else 'armhf' if ansible_facts.architecture == 'armv7l' else 'amd64' }}"
|
||||||
docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ ansible_facts.distribution | lower }} {{ ansible_facts.distribution_release }} {{ docker_apt_release_channel }}"
|
docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
|
||||||
docker_apt_ignore_key_error: true
|
docker_apt_ignore_key_error: true
|
||||||
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
|
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
|
||||||
docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
|
docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
|
||||||
|
@ -22,6 +22,7 @@ galaxy_info:
|
|||||||
- bionic
|
- bionic
|
||||||
- focal
|
- focal
|
||||||
- jammy
|
- jammy
|
||||||
|
- noble
|
||||||
- name: Alpine
|
- name: Alpine
|
||||||
version:
|
version:
|
||||||
- all
|
- all
|
||||||
|
@ -2,11 +2,13 @@
|
|||||||
role_name_check: 1
|
role_name_check: 1
|
||||||
dependency:
|
dependency:
|
||||||
name: galaxy
|
name: galaxy
|
||||||
|
options:
|
||||||
|
ignore-errors: true
|
||||||
driver:
|
driver:
|
||||||
name: docker
|
name: docker
|
||||||
platforms:
|
platforms:
|
||||||
- name: instance
|
- name: instance
|
||||||
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
|
image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
|
||||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||||
volumes:
|
volumes:
|
||||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||||
|
@ -1,9 +1,21 @@
|
|||||||
---
|
---
|
||||||
- name: Ensure old versions of Docker are not installed.
|
- name: Ensure apt key is not present in trusted.gpg.d
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/apt/trusted.gpg.d/docker.asc
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Ensure the repo referencing the previous trusted.gpg.d key is not present
|
||||||
|
apt_repository:
|
||||||
|
repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_facts.distribution_release }} {{ docker_apt_release_channel }}"
|
||||||
|
state: absent
|
||||||
|
filename: "{{ docker_apt_filename }}"
|
||||||
|
update_cache: true
|
||||||
|
when: docker_add_repo | bool
|
||||||
|
|
||||||
|
- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
|
||||||
|
name: Ensure old versions of Docker are not installed.
|
||||||
package:
|
package:
|
||||||
name:
|
name: "{{ docker_obsolete_packages }}"
|
||||||
- docker
|
|
||||||
- docker-engine
|
|
||||||
state: absent
|
state: absent
|
||||||
|
|
||||||
- name: Ensure dependencies are installed.
|
- name: Ensure dependencies are installed.
|
||||||
@ -14,22 +26,22 @@
|
|||||||
state: present
|
state: present
|
||||||
when: docker_add_repo | bool
|
when: docker_add_repo | bool
|
||||||
|
|
||||||
- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems).
|
|
||||||
apt:
|
|
||||||
name: gnupg2
|
|
||||||
state: present
|
|
||||||
when: ansible_facts.distribution != 'Ubuntu' or ansible_facts.distribution_version is version('20.04', '<')
|
|
||||||
|
|
||||||
- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
|
- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
|
||||||
apt:
|
apt:
|
||||||
name: gnupg
|
name: gnupg
|
||||||
state: present
|
state: present
|
||||||
when: ansible_facts.distribution == 'Ubuntu' and ansible_facts.distribution_version is version('20.04', '>=')
|
when: ansible_facts.distribution == 'Ubuntu' and ansible_facts.distribution_version is version('20.04', '>=')
|
||||||
|
|
||||||
|
- name: Ensure directory exists for /etc/apt/keyrings
|
||||||
|
file:
|
||||||
|
path: /etc/apt/keyrings
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
- name: Add Docker apt key.
|
- name: Add Docker apt key.
|
||||||
ansible.builtin.get_url:
|
ansible.builtin.get_url:
|
||||||
url: "{{ docker_apt_gpg_key }}"
|
url: "{{ docker_apt_gpg_key }}"
|
||||||
dest: /etc/apt/trusted.gpg.d/docker.asc
|
dest: /etc/apt/keyrings/docker.asc
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
force: false
|
force: false
|
||||||
checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
|
checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
---
|
---
|
||||||
docker_packages: "docker"
|
docker_packages: "docker"
|
||||||
|
docker_compose_package: docker-compose
|
||||||
|
Loading…
Reference in New Issue
Block a user