From 053d6669f9002c55de98c88ea8932afa8cbebba8 Mon Sep 17 00:00:00 2001
From: till <till@php.net>
Date: Fri, 8 Nov 2019 21:00:46 +0100
Subject: [PATCH] Enhancement: versionlock our package

 - install yum-plugin-versionlock
 - lock the docker-$edition package on what we installed

Related: pngmbh/issues#389
---
 handlers/main.yml                             | 14 +++++++++++++
 molecule/docker-version/tests/test_default.py | 21 ++++++++++++++++---
 tasks/docker-redhat.yml                       | 14 +++++++++++--
 3 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index 7847bc1..8a79894 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,3 +1,17 @@
 ---
 - name: restart docker
   service: "name=docker state={{ docker_restart_handler_state }}"
+
+# some context:
+#  - the repo doesn't offer *all* docker-ce-cli releases
+#  - therefor we lock docker-ce only
+#  - linting:
+#     - we ignore linting since the PR for "versionlock" hasn't been merged in a year
+#     - warn: false for another Ansible warning about "command"
+- name: lock docker package
+  command: "yum versionlock {{ docker_package }}"
+  args:
+    warn: false
+  changed_when: false
+  tags:
+    - skip_ansible_lint
diff --git a/molecule/docker-version/tests/test_default.py b/molecule/docker-version/tests/test_default.py
index dea0eab..8d80e7f 100644
--- a/molecule/docker-version/tests/test_default.py
+++ b/molecule/docker-version/tests/test_default.py
@@ -8,6 +8,14 @@ testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
 ).get_hosts('all')
 
 
+def get_docker_version():
+    docker_version = os.environ.get("DOCKER_VERSION_CI")
+    if not docker_version:
+        docker_version = "18.09.2"
+
+    return docker_version
+
+
 @pytest.mark.parametrize('pkg', [
     'docker-ce',
     'docker-ce-cli',
@@ -26,9 +34,7 @@ def test_srv(host):
 
 
 def test_docker_version(host):
-    docker_version = os.environ.get("DOCKER_VERSION_CI")
-    if not docker_version:
-        docker_version = "18.09.2"
+    docker_version = get_docker_version()
 
     # docker_cli = host.check_output('docker -v')
     # assert docker_cli.find(docker_version) != -1
@@ -37,6 +43,15 @@ def test_docker_version(host):
     assert docker_daemon.find(docker_version) != -1
 
 
+def test_versionlock(host):
+    docker_version = get_docker_version()
+
+    version_lock = host.check_output("yum versionlock list")
+    assert version_lock.find("docker-ce") != -1
+    assert version_lock.find(docker_version) != -1
+    assert version_lock.find("docker-ce-" + docker_version) != -1
+
+
 def test_hosts_file(host):
     f = host.file('/etc/hosts')
 
diff --git a/tasks/docker-redhat.yml b/tasks/docker-redhat.yml
index a7b44c6..d562fd9 100644
--- a/tasks/docker-redhat.yml
+++ b/tasks/docker-redhat.yml
@@ -3,6 +3,12 @@
   debug:
     msg: "Package: {{ __docker_install_name }}, Is 17.03: {{ __docker_17_03 }}"
 
+# Fixme: this should be in ansible or another role
+- name: Install yum versionlock
+  yum:
+    name:
+      - yum-plugin-versionlock
+
 - name: Install Docker 17.03 on CentOS/Redhat
   when: __docker_17_03
   yum:
@@ -12,7 +18,9 @@
       - containerd.io
     conf_file: "{{ docker_yum_config }}"
     state: "{{ docker_package_state }}"
-  notify: restart docker
+  notify:
+    - restart docker
+    - lock docker package
 
 - name: Install Docker on CentOS/Redhat
   when: not __docker_17_03
@@ -21,4 +29,6 @@
       - "{{ __docker_install_name }}"
       - containerd.io
     state: "{{ docker_package_state }}"
-  notify: restart docker
+  notify:
+    - restart docker
+    - lock docker package