Merge pull request #504 from geerlingguy/revert-498-patch-1

Revert "Ensure the Docker daemon options file (`/etc/docker/daemon.json`) is deleted when no longer needed"

.ansible-lint

@@ -1,3 +1,4 @@
 skip_list:
-  - '306'
-  - '106'
+  - 'yaml'
+  - 'risky-shell-pipe'
+  - 'role-name'

.github/stale.yml

@@ -1,56 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
----
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 90
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 30
-
-# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
-onlyLabels: []
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - pinned
-  - security
-  - planned
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Set to true to ignore issues with an assignee (defaults to false)
-exemptAssignees: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 30
-
-pulls:
-  markComment: |-
-    This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
-
-  unmarkComment: >-
-    This pull request is no longer marked for closure.
-
-  closeComment: >-
-    This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
-
-issues:
-  markComment: |-
-    This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
-
-  unmarkComment: >-
-    This issue is no longer marked for closure.
-
-  closeComment: >-
-    This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

.github/workflows/ci.yml

@@ -0,0 +1,70 @@
+---
+name: CI
+'on':
+  pull_request:
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: "0 7 * * 0"
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.docker'
+
+jobs:
+
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.docker'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install yamllint
+
+      - name: Lint code.
+        run: |
+          yamllint .
+
+  molecule:
+    name: Molecule
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        distro:
+          - rockylinux9
+          - ubuntu2404
+          - ubuntu2204
+          - debian12
+          - debian11
+          - fedora40
+
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.docker'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install test dependencies.
+        run: pip3 install ansible molecule molecule-plugins[docker] docker
+
+      - name: Run Molecule tests.
+        run: molecule test
+        env:
+          PY_COLORS: '1'
+          ANSIBLE_FORCE_COLOR: '1'
+          MOLECULE_DISTRO: ${{ matrix.distro }}

.github/workflows/release.yml

@@ -0,0 +1,40 @@
+---
+# This workflow requires a GALAXY_API_KEY secret present in the GitHub
+# repository or organization.
+#
+# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
+# See: https://github.com/ansible/galaxy/issues/46
+
+name: Release
+'on':
+  push:
+    tags:
+      - '*'
+
+defaults:
+  run:
+    working-directory: 'geerlingguy.docker'
+
+jobs:
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the codebase.
+        uses: actions/checkout@v4
+        with:
+          path: 'geerlingguy.docker'
+
+      - name: Set up Python 3.
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install Ansible.
+        run: pip3 install ansible-core
+
+      - name: Trigger a new import on Galaxy.
+        run: >-
+          ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
+          $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+---
+name: Close inactive issues
+'on':
+  schedule:
+    - cron: "55 6 * * 1"  # semi-random time
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 120
+          days-before-close: 60
+          exempt-issue-labels: bug,pinned,security,planned
+          exempt-pr-labels: bug,pinned,security,planned
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          stale-issue-message: |
+            This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-issue-message: |
+            This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          stale-pr-message: |
+            This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-pr-message: |
+            This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,3 +1,5 @@
 *.retry
 */__pycache__
 *.pyc
+.cache
+

.travis.yml

@@ -1,37 +0,0 @@
----
-language: python
-services: docker
-
-env:
-  global:
-    - ROLE_NAME: docker
-  matrix:
-    - MOLECULE_DISTRO: centos8
-    - MOLECULE_DISTRO: centos7
-    - MOLECULE_DISTRO: ubuntu2004
-    - MOLECULE_DISTRO: ubuntu1804
-    - MOLECULE_DISTRO: ubuntu1604
-    - MOLECULE_DISTRO: debian10
-    - MOLECULE_DISTRO: debian9
-    - MOLECULE_DISTRO: fedora31
-
-before_install:
-  # Upgrade Docker to work with docker-py.
-  - curl https://gist.githubusercontent.com/geerlingguy/ce883ad4aec6a5f1187ef93bd338511e/raw/36612d28981d92863f839c5aefe5b7dd7193d6c6/travis-ci-docker-upgrade.sh | sudo bash
-
-install:
-  # Install test dependencies.
-  - pip install molecule yamllint ansible-lint docker
-
-before_script:
-  # Use actual Ansible Galaxy role name for the project directory.
-  - cd ../
-  - mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
-  - cd geerlingguy.$ROLE_NAME
-
-script:
-  # Run tests.
-  - molecule test
-
-notifications:
-  webhooks: https://galaxy.ansible.com/api/v1/notifications/

.yamllint

@@ -7,5 +7,4 @@ rules:
     level: warning
 
 ignore: |
-  .github/stale.yml
-  .travis.yml
+  .github/workflows/stale.yml

README.md

@@ -1,6 +1,6 @@
 # Ansible Role: Docker
 
-[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-docker.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-docker)
+[![CI](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml)
 
 An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
 
@@ -12,54 +12,125 @@ None.
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
-    # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
-    docker_edition: 'ce'
-    docker_package: "docker-{{ docker_edition }}"
-    docker_package_state: present
+```yaml
+# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
+docker_edition: 'ce'
+docker_packages:
+    - "docker-{{ docker_edition }}"
+    - "docker-{{ docker_edition }}-cli"
+    - "docker-{{ docker_edition }}-rootless-extras"
+docker_packages_state: present
+```
 
-The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using the distribution-specific format: Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>`; Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>`.
+The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). 
+You can also specify a specific version of Docker to install using the distribution-specific format: 
+Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>` (Note: you have to add this to all packages);
+Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>` (Note: you have to add this to all packages).
 
-You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
+You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
 
-    docker_service_state: started
-    docker_service_enabled: true
-    docker_restart_handler_state: restarted
+```yaml
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc
+```
 
-Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set these to `stopped` and set the enabled variable to `no`.
+`docker_obsolete_packages` for different os-family:
 
-    docker_install_compose: true
-    docker_compose_version: "1.26.0"
-    docker_compose_path: /usr/local/bin/docker-compose
+- [`RedHat.yaml`](./vars/RedHat.yml)
+- [`Debian.yaml`](./vars/Debian.yml)
+
+A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed.
+
+```yaml
+docker_service_manage: true
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+```
+
+Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
+
+```yaml
+docker_install_compose_plugin: true
+docker_compose_package: docker-compose-plugin
+docker_compose_package_state: present
+```
+
+Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
+
+```yaml
+docker_install_compose: false
+docker_compose_version: "v2.32.1"
+docker_compose_arch: "{{ ansible_architecture }}"
+docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
+docker_compose_path: /usr/local/bin/docker-compose
+```
 
 Docker Compose installation options.
 
-    docker_apt_release_channel: stable
-    docker_apt_arch: amd64
-    docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
-    docker_apt_ignore_key_error: True
-    docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+```yaml
+docker_add_repo: true
+```
 
-(Used only for Debian/Ubuntu.) You can switch the channel to `edge` if you want to use the Edge release.
+Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own.
+
+```yaml
+docker_repo_url: https://download.docker.com/linux
+```
+
+The main Docker repo URL, common between Debian and RHEL systems.
+
+```yaml
+docker_apt_release_channel: stable
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_ignore_key_error: True
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_filename: "docker"
+```
+
+(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
 
 You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
-Usually in combination with changing `docker_apt_repository` as well.
+Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists.
 
-    docker_yum_repo_url: https://download.docker.com/linux/centos/docker-{{ docker_edition }}.repo
-    docker_yum_repo_enable_edge: '0'
-    docker_yum_repo_enable_test: '0'
-    docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
+```yaml
+docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
+docker_yum_repo_enable_nightly: '0'
+docker_yum_repo_enable_test: '0'
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
+```
 
-(Used only for RedHat/CentOS.) You can enable the Edge or Test repo by setting the respective vars to `1`.
+(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
 
 You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
 Usually in combination with changing `docker_yum_repository` as well.
 
-    docker_users:
-      - user1
-      - user2
+```yaml
+docker_users:
+  - user1
+  - user2
+```
 
 A list of system users to be added to the `docker` group (so they can use Docker on the server).
 
+```yaml
+docker_daemon_options:
+  storage-driver: "overlay2"
+  log-opts:
+    max-size: "100m"
+```
+
+Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
+
 ## Use with Ansible (and `docker` Python library)
 
 Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:
@@ -92,6 +163,12 @@ None.
 
 MIT / BSD
 
+## Sponsors
+
+* [We Manage](https://we-manage.de): Helping start-ups and grown-ups scaling their infrastructure in a sustainable way.
+
+The above sponsor(s) are supporting Jeff Geerling on [GitHub Sponsors](https://github.com/sponsors/geerlingguy). You can sponsor Jeff's work too, to help him continue improving these Ansible open source projects!
+
 ## Author Information
 
 This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

defaults/main.yml

@@ -1,31 +1,68 @@
 ---
 # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
 docker_edition: 'ce'
-docker_package: "docker-{{ docker_edition }}"
-docker_package_state: present
+docker_packages:
+  - "docker-{{ docker_edition }}"
+  - "docker-{{ docker_edition }}-cli"
+  - "docker-{{ docker_edition }}-rootless-extras"
+  - "containerd.io"
+  - docker-buildx-plugin
+docker_packages_state: present
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc
 
 # Service options.
+docker_service_manage: true
 docker_service_state: started
 docker_service_enabled: true
 docker_restart_handler_state: restarted
 
+# Docker Compose Plugin options.
+docker_install_compose_plugin: true
+docker_compose_package: docker-compose-plugin
+docker_compose_package_state: present
+
 # Docker Compose options.
-docker_install_compose: true
-docker_compose_version: "1.26.0"
+docker_install_compose: false
+docker_compose_version: "v2.32.1"
+docker_compose_arch: "{{ ansible_architecture }}"
+docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
 docker_compose_path: /usr/local/bin/docker-compose
 
-# Used only for Debian/Ubuntu. Switch 'stable' to 'edge' if needed.
+# Enable repo setup
+docker_add_repo: true
+
+# Docker repo URL.
+docker_repo_url: https://download.docker.com/linux
+
+# Used only for Debian/Ubuntu/Pop!_OS/Linux Mint. Switch 'stable' to 'nightly' if needed.
 docker_apt_release_channel: stable
-docker_apt_arch: amd64
-docker_apt_repository: "deb [arch={{ docker_apt_arch }}] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
+# and is only necessary until Docker officially supports them.
+docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}"
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
 docker_apt_ignore_key_error: true
-docker_apt_gpg_key: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
+docker_apt_filename: "docker"
 
 # Used only for RedHat/CentOS/Fedora.
-docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo
-docker_yum_repo_enable_edge: '0'
+docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
+docker_yum_repo_enable_nightly: '0'
 docker_yum_repo_enable_test: '0'
-docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
 
 # A list of users who will be added to the docker group.
 docker_users: []
+
+# Docker daemon options as a dict
+docker_daemon_options: {}

handlers/main.yml

@@ -1,3 +1,7 @@
 ---
 - name: restart docker
-  service: "name=docker state={{ docker_restart_handler_state }}"
+  service:
+    name: docker
+    state: "{{ docker_restart_handler_state }}"
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: docker_service_manage | bool

meta/main.yml

@@ -7,24 +7,28 @@ galaxy_info:
   description: Docker for Linux.
   company: "Midwestern Mac, LLC"
   license: "license (BSD, MIT)"
-  min_ansible_version: 2.4
+  min_ansible_version: 2.10
   platforms:
-    - name: EL
-      versions:
-        - 7
-        - 8
     - name: Fedora
       versions:
         - all
     - name: Debian
       versions:
-        - stretch
         - buster
+        - bullseye
+        - bookworm
     - name: Ubuntu
       versions:
-        - xenial
         - bionic
         - focal
+        - jammy
+        - noble
+    - name: Alpine
+      version:
+        - all
+    - name: ArchLinux
+      versions:
+        - all
   galaxy_tags:
     - web
     - system

molecule/default/converge.yml

@@ -1,7 +1,7 @@
 ---
 - name: Converge
   hosts: all
-  become: true
+  # become: true
 
   pre_tasks:
     - name: Update apt cache.

molecule/default/molecule.yml

@@ -1,18 +1,18 @@
 ---
+role_name_check: 1
 dependency:
   name: galaxy
+  options:
+    ignore-errors: true
 driver:
   name: docker
-lint: |
-  set -e
-  yamllint .
-  ansible-lint
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
     privileged: true
     pre_build_image: true
 provisioner:

molecule/default/verify.yml

@@ -0,0 +1,51 @@
+---
+- name: Verify Docker Role
+  hosts: all
+  tasks:
+    - name: Verify Docker binary is available
+      command: docker version
+      register: docker_version_result
+      changed_when: false
+      failed_when: docker_version_result.rc != 0
+
+    - name: Show Docker version details
+      debug:
+        msg: >
+          Docker Version Output:
+          {{ docker_version_result.stdout_lines | join('\n') }}
+
+    - name: Verify Docker service is running
+      command: systemctl is-active docker
+      register: docker_service_status
+      when: ansible_service_mgr == 'systemd'
+      changed_when: false
+      failed_when: docker_service_status.stdout.strip() != "active"
+
+    - name: Display Docker service status
+      debug:
+        msg: "Docker service is {{ docker_service_status.stdout.strip() }}"
+      when: ansible_service_mgr == 'systemd'
+
+    - name: Pull the 'hello-world' image
+      command: docker pull hello-world
+      register: docker_pull_result
+      changed_when: true
+      failed_when: docker_pull_result.rc != 0
+
+    - name: Show result of pulling the 'hello-world' image
+      debug:
+        msg: >
+          Pulling 'hello-world' completed with output:
+          {{ docker_pull_result.stdout_lines | join('\n') }}
+
+    - name: Run a test container (hello-world)
+      command: docker run --rm hello-world
+      register: docker_run_result
+      changed_when: true
+      failed_when: docker_run_result.rc != 0
+
+    - name: Display test container output
+      debug:
+        msg: >
+          Running 'hello-world' container completed with output:
+          {{ docker_run_result.stdout_lines | join('\n') }}

tasks/docker-compose.yml

@@ -1,20 +1,31 @@
 ---
 - name: Check current docker-compose version.
-  command: docker-compose --version
-  register: docker_compose_current_version
+  command: "{{ docker_compose_path }} --version"
+  register: docker_compose_vsn
+  check_mode: false
   changed_when: false
   failed_when: false
 
+- set_fact:
+    docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}"
+  when: >
+    docker_compose_vsn.stdout is defined
+    and (docker_compose_vsn.stdout | length > 0)
+
 - name: Delete existing docker-compose version if it's different.
   file:
     path: "{{ docker_compose_path }}"
     state: absent
   when: >
-    docker_compose_current_version.stdout is defined
-    and docker_compose_version not in docker_compose_current_version.stdout
+    docker_compose_current_version is defined
+    and (docker_compose_version | regex_replace('v', '')) not in docker_compose_current_version
 
 - name: Install Docker Compose (if configured).
   get_url:
-    url: https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64
+    url: "{{ docker_compose_url }}"
     dest: "{{ docker_compose_path }}"
     mode: 0755
+  when: >
+    (docker_compose_current_version is not defined)
+    or (docker_compose_current_version | length == 0)
+    or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<'))

tasks/docker-users.yml

@@ -5,3 +5,6 @@
     groups: docker
     append: true
   with_items: "{{ docker_users }}"
+
+- name: Reset ssh connection to apply user changes.
+  meta: reset_connection

tasks/main.yml

@@ -1,14 +1,68 @@
 ---
+- name: Load OS-specific vars.
+  include_vars: "{{ lookup('first_found', params) }}"
+  vars:
+    params:
+      files:
+        - '{{ansible_distribution}}.yml'
+        - '{{ansible_os_family}}.yml'
+        - main.yml
+      paths:
+        - 'vars'
+
 - include_tasks: setup-RedHat.yml
   when: ansible_os_family == 'RedHat'
 
 - include_tasks: setup-Debian.yml
   when: ansible_os_family == 'Debian'
 
-- name: Install Docker.
+- name: Install Docker packages.
   package:
-    name: "{{ docker_package }}"
-    state: "{{ docker_package_state }}"
+    name: "{{ docker_packages }}"
+    state: "{{ docker_packages_state }}"
+  notify: restart docker
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: "ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian']"
+
+- name: Install Docker packages (with downgrade option).
+  package:
+    name: "{{ docker_packages }}"
+    state: "{{ docker_packages_state }}"
+    allow_downgrade: true
+  notify: restart docker
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: "ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']"
+
+- name: Install docker-compose plugin.
+  package:
+    name: "{{ docker_compose_package }}"
+    state: "{{ docker_compose_package_state }}"
+  notify: restart docker
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: "docker_install_compose_plugin | bool == true and (ansible_version.full is version_compare('2.12', '<') or ansible_os_family not in ['RedHat', 'Debian'])"
+
+- name: Install docker-compose-plugin (with downgrade option).
+  package:
+    name: "{{ docker_compose_package }}"
+    state: "{{ docker_compose_package_state }}"
+    allow_downgrade: true
+  notify: restart docker
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: "docker_install_compose_plugin | bool == true and ansible_version.full is version_compare('2.12', '>=') and ansible_os_family in ['RedHat', 'Debian']"
+
+- name: Ensure /etc/docker/ directory exists.
+  file:
+    path: /etc/docker
+    state: directory
+    mode: 0755
+  when: docker_daemon_options.keys() | length > 0
+
+- name: Configure Docker daemon options.
+  copy:
+    content: "{{ docker_daemon_options | to_nice_json }}"
+    dest: /etc/docker/daemon.json
+    mode: 0644
+  when: docker_daemon_options.keys() | length > 0
   notify: restart docker
 
 - name: Ensure Docker is started and enabled at boot.
@@ -16,6 +70,8 @@
     name: docker
     state: "{{ docker_service_state }}"
     enabled: "{{ docker_service_enabled }}"
+  ignore_errors: "{{ ansible_check_mode }}"
+  when: docker_service_manage | bool
 
 - name: Ensure handlers are notified now to avoid firewall conflicts.
   meta: flush_handlers
@@ -23,5 +79,20 @@
 - include_tasks: docker-compose.yml
   when: docker_install_compose | bool
 
-- include_tasks: docker-users.yml
+- name: Get docker group info using getent.
+  getent:
+    database: group
+    key: docker
+    split: ':'
   when: docker_users | length > 0
+
+- name: Check if there are any users to add to the docker group.
+  set_fact:
+    at_least_one_user_to_modify: true
+  when:
+    - docker_users | length > 0
+    - item not in ansible_facts.getent_group["docker"][2]
+  with_items: "{{ docker_users }}"
+
+- include_tasks: docker-users.yml
+  when: at_least_one_user_to_modify is defined

tasks/setup-Debian.yml

@@ -1,9 +1,26 @@
 ---
-- name: Ensure old versions of Docker are not installed.
+- name: Ensure apt key is not present in trusted.gpg.d
+  ansible.builtin.file:
+    path: /etc/apt/trusted.gpg.d/docker.asc
+    state: absent
+
+- name: Ensure old apt source list is not present in /etc/apt/sources.list.d
+  ansible.builtin.file:
+    path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ docker_apt_ansible_distribution | lower }}.list"
+    state: absent
+
+- name: Ensure the repo referencing the previous trusted.gpg.d key is not present
+  apt_repository:
+    repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+    state: absent
+    filename: "{{ docker_apt_filename }}"
+    update_cache: true
+  when: docker_add_repo | bool
+
+- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+  name: Ensure old versions of Docker are not installed.
   package:
-    name:
-      - docker
-      - docker-engine
+    name: "{{ docker_obsolete_packages }}"
     state: absent
 
 - name: Ensure dependencies are installed.
@@ -11,30 +28,39 @@
     name:
       - apt-transport-https
       - ca-certificates
-      - gnupg2
     state: present
+  when: docker_add_repo | bool
+
+- name: Ensure directory exists for /etc/apt/keyrings
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: "0755"
 
 - name: Add Docker apt key.
-  apt_key:
+  ansible.builtin.get_url:
     url: "{{ docker_apt_gpg_key }}"
-    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
-    state: present
+    dest: /etc/apt/keyrings/docker.asc
+    mode: "0644"
+    force: false
+    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
   register: add_repository_key
   ignore_errors: "{{ docker_apt_ignore_key_error }}"
+  when: docker_add_repo | bool
 
 - name: Ensure curl is present (on older systems without SNI).
   package: name=curl state=present
-  when: add_repository_key is failed
+  when: add_repository_key is failed and docker_add_repo | bool
 
 - name: Add Docker apt key (alternative for older systems without SNI).
   shell: >
-    curl -sSL {{ docker_apt_gpg_key }} | sudo apt-key add -
-  args:
-    warn: false
-  when: add_repository_key is failed
+    curl -sSL {{ docker_apt_gpg_key }} | apt-key add -
+  when: add_repository_key is failed and docker_add_repo | bool
 
 - name: Add Docker repository.
   apt_repository:
     repo: "{{ docker_apt_repository }}"
     state: present
+    filename: "{{ docker_apt_filename }}"
     update_cache: true
+  when: docker_add_repo | bool

tasks/setup-RedHat.yml

@@ -1,16 +1,14 @@
 ---
 - name: Ensure old versions of Docker are not installed.
   package:
-    name:
-      - docker
-      - docker-common
-      - docker-engine
+    name: "{{ docker_obsolete_packages }}"
     state: absent
 
 - name: Add Docker GPG key.
   rpm_key:
     key: "{{ docker_yum_gpg_key }}"
     state: present
+  when: docker_add_repo | bool
 
 - name: Add Docker repository.
   get_url:
@@ -19,14 +17,17 @@
     owner: root
     group: root
     mode: 0644
+  when: docker_add_repo | bool
 
-- name: Configure Docker Edge repo.
+- name: Configure Docker Nightly repo.
   ini_file:
     dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
-    section: 'docker-{{ docker_edition }}-edge'
+    section: 'docker-{{ docker_edition }}-nightly'
     option: enabled
-    value: '{{ docker_yum_repo_enable_edge }}'
+    value: '{{ docker_yum_repo_enable_nightly }}'
     mode: 0644
+    no_extra_spaces: true
+  when: docker_add_repo | bool
 
 - name: Configure Docker Test repo.
   ini_file:
@@ -35,18 +36,21 @@
     option: enabled
     value: '{{ docker_yum_repo_enable_test }}'
     mode: 0644
+    no_extra_spaces: true
+  when: docker_add_repo | bool
 
 - name: Configure containerd on RHEL 8.
   block:
+    - name: Ensure runc is not installed.
+      package:
+        name: runc
+        state: absent
+
     - name: Ensure container-selinux is installed.
       package:
         name: container-selinux
         state: present
 
-    - name: Disable container-tools module.
-      command: dnf -y module disable container-tools
-      changed_when: false
-
     - name: Ensure containerd.io is installed.
       package:
         name: containerd.io

vars/Alpine.yml

@@ -0,0 +1,3 @@
+---
+docker_packages: "docker"
+docker_compose_package: docker-cli-compose

vars/Archlinux.yml

@@ -0,0 +1,3 @@
+---
+docker_packages: "docker"
+docker_compose_package: docker-compose

vars/Debian.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Debian/Ubuntu (Debian OS-Family)
+# https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc

vars/RedHat.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Fedora/Rocky (RedHat OS-Family)
+# https://docs.docker.com/engine/install/fedora/#uninstall-old-versions
+# https://docs.docker.com/engine/install/centos/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker-client
+  - docker-client-latest
+  - docker-common
+  - docker-latest
+  - docker-latest-logrotate
+  - docker-logrotate
+  - docker-engine

vars/main.yml

@@ -0,0 +1,2 @@
+---
+# Empty file