Merge pull request #504 from geerlingguy/revert-498-patch-1

Revert "Ensure the Docker daemon options file (`/etc/docker/daemon.json`) is deleted when no longer needed"

.github/stale.yml

@@ -1,57 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
----
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 90
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 30
-
-# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
-onlyLabels: []
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - bug
-  - pinned
-  - security
-  - planned
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Set to true to ignore issues with an assignee (defaults to false)
-exemptAssignees: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 30
-
-pulls:
-  markComment: |-
-    This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
-
-  unmarkComment: >-
-    This pull request is no longer marked for closure.
-
-  closeComment: >-
-    This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
-
-issues:
-  markComment: |-
-    This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
-
-  unmarkComment: >-
-    This issue is no longer marked for closure.
-
-  closeComment: >-
-    This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

.github/workflows/ci.yml

@@ -19,12 +19,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -41,28 +41,26 @@ jobs:
     strategy:
       matrix:
         distro:
-          - rockylinux8
+          - rockylinux9
-          - centos7
+          - ubuntu2404
           - ubuntu2204
-          - ubuntu2004
+          - debian12
-          - ubuntu1804
           - debian11
-          - debian10
+          - fedora40
-          - fedora34
 
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
       - name: Install test dependencies.
-        run: pip3 install ansible molecule[docker] docker
+        run: pip3 install ansible molecule molecule-plugins[docker] docker
 
       - name: Run Molecule tests.
         run: molecule test

.github/workflows/release.yml

@@ -22,12 +22,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+---
+name: Close inactive issues
+'on':
+  schedule:
+    - cron: "55 6 * * 1"  # semi-random time
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 120
+          days-before-close: 60
+          exempt-issue-labels: bug,pinned,security,planned
+          exempt-pr-labels: bug,pinned,security,planned
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          stale-issue-message: |
+            This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-issue-message: |
+            This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          stale-pr-message: |
+            This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-pr-message: |
+            This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.yamllint

@@ -7,5 +7,4 @@ rules:
     level: warning
 
 ignore: |
-  .github/stale.yml
+  .github/workflows/stale.yml
-  .travis.yml

README.md

@@ -1,6 +1,6 @@
 # Ansible Role: Docker
 
-[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI)
+[![CI](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml)
 
 An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
 
@@ -12,76 +12,122 @@ None.
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
-    # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
+```yaml
-    docker_edition: 'ce'
+# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
-    docker_packages:
+docker_edition: 'ce'
+docker_packages:
     - "docker-{{ docker_edition }}"
     - "docker-{{ docker_edition }}-cli"
     - "docker-{{ docker_edition }}-rootless-extras"
-    docker_packages_state: present
+docker_packages_state: present
+```
 
 The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). 
 You can also specify a specific version of Docker to install using the distribution-specific format: 
 Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>` (Note: you have to add this to all packages);
 Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>` (Note: you have to add this to all packages).
 
-You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
+You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
 
-    docker_service_manage: true
+```yaml
-    docker_service_state: started
+docker_obsolete_packages:
-    docker_service_enabled: true
+  - docker
-    docker_restart_handler_state: restarted
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc
+```
+
+`docker_obsolete_packages` for different os-family:
+
+- [`RedHat.yaml`](./vars/RedHat.yml)
+- [`Debian.yaml`](./vars/Debian.yml)
+
+A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed.
+
+```yaml
+docker_service_manage: true
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+```
 
 Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
 
-    docker_install_compose_plugin: false
+```yaml
-    docker_compose_package: docker-compose-plugin
+docker_install_compose_plugin: true
-    docker_compose_package_state: present
+docker_compose_package: docker-compose-plugin
+docker_compose_package_state: present
+```
 
 Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
 
-    docker_install_compose: true
+```yaml
-    docker_compose_version: "1.26.0"
+docker_install_compose: false
-    docker_compose_arch: "{{ ansible_architecture }}"
+docker_compose_version: "v2.32.1"
-    docker_compose_path: /usr/local/bin/docker-compose
+docker_compose_arch: "{{ ansible_architecture }}"
+docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
+docker_compose_path: /usr/local/bin/docker-compose
+```
 
 Docker Compose installation options.
 
-    docker_repo_url: https://download.docker.com/linux
+```yaml
+docker_add_repo: true
+```
+
+Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own.
+
+```yaml
+docker_repo_url: https://download.docker.com/linux
+```
 
 The main Docker repo URL, common between Debian and RHEL systems.
 
-    docker_apt_release_channel: stable
+```yaml
-    docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+docker_apt_release_channel: stable
-    docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
-    docker_apt_ignore_key_error: True
+docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
-    docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_ignore_key_error: True
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_filename: "docker"
+```
 
 (Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
 
 You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
-Usually in combination with changing `docker_apt_repository` as well.
+Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists.
 
-    docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo
+```yaml
-    docker_yum_repo_enable_nightly: '0'
+docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
-    docker_yum_repo_enable_test: '0'
+docker_yum_repo_enable_nightly: '0'
-    docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+docker_yum_repo_enable_test: '0'
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
+```
 
 (Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
 
 You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
 Usually in combination with changing `docker_yum_repository` as well.
 
-    docker_users:
+```yaml
+docker_users:
   - user1
   - user2
+```
 
 A list of system users to be added to the `docker` group (so they can use Docker on the server).
 
-    docker_daemon_options:
+```yaml
-      storage-driver: "devicemapper"
+docker_daemon_options:
+  storage-driver: "overlay2"
   log-opts:
     max-size: "100m"
+```
 
 Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
 

defaults/main.yml

@@ -6,7 +6,18 @@ docker_packages:
   - "docker-{{ docker_edition }}-cli"
   - "docker-{{ docker_edition }}-rootless-extras"
   - "containerd.io"
+  - docker-buildx-plugin
 docker_packages_state: present
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc
 
 # Service options.
 docker_service_manage: true
@@ -15,32 +26,40 @@ docker_service_enabled: true
 docker_restart_handler_state: restarted
 
 # Docker Compose Plugin options.
-docker_install_compose_plugin: false
+docker_install_compose_plugin: true
 docker_compose_package: docker-compose-plugin
 docker_compose_package_state: present
 
 # Docker Compose options.
-docker_install_compose: true
+docker_install_compose: false
-docker_compose_version: "v2.11.1"
+docker_compose_version: "v2.32.1"
 docker_compose_arch: "{{ ansible_architecture }}"
 docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
 docker_compose_path: /usr/local/bin/docker-compose
 
+# Enable repo setup
+docker_add_repo: true
+
 # Docker repo URL.
 docker_repo_url: https://download.docker.com/linux
 
-# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
+# Used only for Debian/Ubuntu/Pop!_OS/Linux Mint. Switch 'stable' to 'nightly' if needed.
 docker_apt_release_channel: stable
-docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
-docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+# and is only necessary until Docker officially supports them.
+docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}"
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
 docker_apt_ignore_key_error: true
-docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
+docker_apt_filename: "docker"
 
 # Used only for RedHat/CentOS/Fedora.
 docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
 docker_yum_repo_enable_nightly: '0'
 docker_yum_repo_enable_test: '0'
-docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
 
 # A list of users who will be added to the docker group.
 docker_users: []

meta/main.yml

@@ -7,12 +7,8 @@ galaxy_info:
   description: Docker for Linux.
   company: "Midwestern Mac, LLC"
   license: "license (BSD, MIT)"
-  min_ansible_version: 2.4
+  min_ansible_version: 2.10
   platforms:
-    - name: EL
-      versions:
-        - 7
-        - 8
     - name: Fedora
       versions:
         - all
@@ -20,11 +16,13 @@ galaxy_info:
       versions:
         - buster
         - bullseye
+        - bookworm
     - name: Ubuntu
       versions:
         - bionic
         - focal
         - jammy
+        - noble
     - name: Alpine
       version:
         - all

molecule/default/converge.yml

@@ -1,7 +1,7 @@
 ---
 - name: Converge
   hosts: all
-  become: true
+  # become: true
 
   pre_tasks:
     - name: Update apt cache.

molecule/default/molecule.yml

@@ -2,14 +2,17 @@
 role_name_check: 1
 dependency:
   name: galaxy
+  options:
+    ignore-errors: true
 driver:
   name: docker
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+    cgroupns_mode: host
     privileged: true
     pre_build_image: true
 provisioner:

molecule/default/verify.yml

@@ -0,0 +1,51 @@
+---
+- name: Verify Docker Role
+  hosts: all
+  tasks:
+    - name: Verify Docker binary is available
+      command: docker version
+      register: docker_version_result
+      changed_when: false
+      failed_when: docker_version_result.rc != 0
+
+    - name: Show Docker version details
+      debug:
+        msg: >
+          Docker Version Output:
+          {{ docker_version_result.stdout_lines | join('\n') }}
+
+    - name: Verify Docker service is running
+      command: systemctl is-active docker
+      register: docker_service_status
+      when: ansible_service_mgr == 'systemd'
+      changed_when: false
+      failed_when: docker_service_status.stdout.strip() != "active"
+
+    - name: Display Docker service status
+      debug:
+        msg: "Docker service is {{ docker_service_status.stdout.strip() }}"
+      when: ansible_service_mgr == 'systemd'
+
+    - name: Pull the 'hello-world' image
+      command: docker pull hello-world
+      register: docker_pull_result
+      changed_when: true
+      failed_when: docker_pull_result.rc != 0
+
+    - name: Show result of pulling the 'hello-world' image
+      debug:
+        msg: >
+          Pulling 'hello-world' completed with output:
+          {{ docker_pull_result.stdout_lines | join('\n') }}
+
+    - name: Run a test container (hello-world)
+      command: docker run --rm hello-world
+      register: docker_run_result
+      changed_when: true
+      failed_when: docker_run_result.rc != 0
+
+    - name: Display test container output
+      debug:
+        msg: >
+          Running 'hello-world' container completed with output:
+          {{ docker_run_result.stdout_lines | join('\n') }}

tasks/docker-compose.yml

@@ -8,7 +8,9 @@
 
 - set_fact:
     docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}"
-  when: docker_compose_vsn.stdout is defined
+  when: >
+    docker_compose_vsn.stdout is defined
+    and (docker_compose_vsn.stdout | length > 0)
 
 - name: Delete existing docker-compose version if it's different.
   file:
@@ -25,5 +27,5 @@
     mode: 0755
   when: >
     (docker_compose_current_version is not defined)
-    or (docker_compose_current_version|length == 0)
+    or (docker_compose_current_version | length == 0)
     or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<'))

tasks/setup-Debian.yml

@@ -1,9 +1,26 @@
 ---
-- name: Ensure old versions of Docker are not installed.
+- name: Ensure apt key is not present in trusted.gpg.d
+  ansible.builtin.file:
+    path: /etc/apt/trusted.gpg.d/docker.asc
+    state: absent
+
+- name: Ensure old apt source list is not present in /etc/apt/sources.list.d
+  ansible.builtin.file:
+    path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ docker_apt_ansible_distribution | lower }}.list"
+    state: absent
+
+- name: Ensure the repo referencing the previous trusted.gpg.d key is not present
+  apt_repository:
+    repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+    state: absent
+    filename: "{{ docker_apt_filename }}"
+    update_cache: true
+  when: docker_add_repo | bool
+
+- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+  name: Ensure old versions of Docker are not installed.
   package:
-    name:
+    name: "{{ docker_obsolete_packages }}"
-      - docker
-      - docker-engine
     state: absent
 
 - name: Ensure dependencies are installed.
@@ -12,41 +29,38 @@
       - apt-transport-https
       - ca-certificates
     state: present
+  when: docker_add_repo | bool
 
-- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems).
+- name: Ensure directory exists for /etc/apt/keyrings
-  apt:
+  file:
-    name: gnupg2
+    path: /etc/apt/keyrings
-    state: present
+    state: directory
-  when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04', '<')
+    mode: "0755"
-
-- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
-  apt:
-    name: gnupg
-    state: present
-  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')
 
 - name: Add Docker apt key.
   ansible.builtin.get_url:
     url: "{{ docker_apt_gpg_key }}"
-    dest: /etc/apt/trusted.gpg.d/docker.asc
+    dest: /etc/apt/keyrings/docker.asc
-    mode: '0644'
+    mode: "0644"
-    force: true
+    force: false
+    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
   register: add_repository_key
   ignore_errors: "{{ docker_apt_ignore_key_error }}"
+  when: docker_add_repo | bool
 
 - name: Ensure curl is present (on older systems without SNI).
   package: name=curl state=present
-  when: add_repository_key is failed
+  when: add_repository_key is failed and docker_add_repo | bool
 
 - name: Add Docker apt key (alternative for older systems without SNI).
   shell: >
     curl -sSL {{ docker_apt_gpg_key }} | apt-key add -
-  args:
+  when: add_repository_key is failed and docker_add_repo | bool
-    warn: false
-  when: add_repository_key is failed
 
 - name: Add Docker repository.
   apt_repository:
     repo: "{{ docker_apt_repository }}"
     state: present
+    filename: "{{ docker_apt_filename }}"
     update_cache: true
+  when: docker_add_repo | bool

tasks/setup-RedHat.yml

@@ -1,16 +1,14 @@
 ---
 - name: Ensure old versions of Docker are not installed.
   package:
-    name:
+    name: "{{ docker_obsolete_packages }}"
-      - docker
-      - docker-common
-      - docker-engine
     state: absent
 
 - name: Add Docker GPG key.
   rpm_key:
     key: "{{ docker_yum_gpg_key }}"
     state: present
+  when: docker_add_repo | bool
 
 - name: Add Docker repository.
   get_url:
@@ -19,6 +17,7 @@
     owner: root
     group: root
     mode: 0644
+  when: docker_add_repo | bool
 
 - name: Configure Docker Nightly repo.
   ini_file:
@@ -28,6 +27,7 @@
     value: '{{ docker_yum_repo_enable_nightly }}'
     mode: 0644
     no_extra_spaces: true
+  when: docker_add_repo | bool
 
 - name: Configure Docker Test repo.
   ini_file:
@@ -37,9 +37,15 @@
     value: '{{ docker_yum_repo_enable_test }}'
     mode: 0644
     no_extra_spaces: true
+  when: docker_add_repo | bool
 
 - name: Configure containerd on RHEL 8.
   block:
+    - name: Ensure runc is not installed.
+      package:
+        name: runc
+        state: absent
+
     - name: Ensure container-selinux is installed.
       package:
         name: container-selinux

vars/Alpine.yml

@@ -1,2 +1,3 @@
 ---
-docker_package: "docker"
+docker_packages: "docker"
+docker_compose_package: docker-cli-compose

vars/Archlinux.yml

@@ -1,2 +1,3 @@
 ---
-docker_package: "docker"
+docker_packages: "docker"
+docker_compose_package: docker-compose

vars/Debian.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Debian/Ubuntu (Debian OS-Family)
+# https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc

vars/RedHat.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Fedora/Rocky (RedHat OS-Family)
+# https://docs.docker.com/engine/install/fedora/#uninstall-old-versions
+# https://docs.docker.com/engine/install/centos/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker-client
+  - docker-client-latest
+  - docker-common
+  - docker-latest
+  - docker-latest-logrotate
+  - docker-logrotate
+  - docker-engine