Merge pull request #504 from geerlingguy/revert-498-patch-1

Revert "Ensure the Docker daemon options file (`/etc/docker/daemon.json`) is deleted when no longer needed"

.github/workflows/ci.yml

@@ -19,12 +19,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -41,23 +41,21 @@ jobs:
     strategy:
       matrix:
         distro:
-          - rockylinux8
+          - rockylinux9
+          - ubuntu2404
           - ubuntu2204
-          - ubuntu2004
-          - ubuntu1804
           - debian12
           - debian11
-          - debian10
+          - fedora40
-          - fedora34
 
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 

.github/workflows/release.yml

@@ -22,12 +22,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 

README.md

@@ -1,6 +1,6 @@
 # Ansible Role: Docker
 
-[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI)
+[![CI](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml)
 
 An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
 
@@ -12,13 +12,15 @@ None.
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
-    # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
+```yaml
-    docker_edition: 'ce'
+# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
-    docker_packages:
+docker_edition: 'ce'
-        - "docker-{{ docker_edition }}"
+docker_packages:
-        - "docker-{{ docker_edition }}-cli"
+    - "docker-{{ docker_edition }}"
-        - "docker-{{ docker_edition }}-rootless-extras"
+    - "docker-{{ docker_edition }}-cli"
-    docker_packages_state: present
+    - "docker-{{ docker_edition }}-rootless-extras"
+docker_packages_state: present
+```
 
 The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). 
 You can also specify a specific version of Docker to install using the distribution-specific format: 
@@ -27,66 +29,105 @@ Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>` (Note: you have to add th
 
 You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
 
-    docker_service_manage: true
+```yaml
-    docker_service_state: started
+docker_obsolete_packages:
-    docker_service_enabled: true
+  - docker
-    docker_restart_handler_state: restarted
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc
+```
+
+`docker_obsolete_packages` for different os-family:
+
+- [`RedHat.yaml`](./vars/RedHat.yml)
+- [`Debian.yaml`](./vars/Debian.yml)
+
+A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed.
+
+```yaml
+docker_service_manage: true
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+```
 
 Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
 
-    docker_install_compose_plugin: false
+```yaml
-    docker_compose_package: docker-compose-plugin
+docker_install_compose_plugin: true
-    docker_compose_package_state: present
+docker_compose_package: docker-compose-plugin
+docker_compose_package_state: present
+```
 
 Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
 
-    docker_install_compose: true
+```yaml
-    docker_compose_version: "1.26.0"
+docker_install_compose: false
-    docker_compose_arch: "{{ ansible_architecture }}"
+docker_compose_version: "v2.32.1"
-    docker_compose_path: /usr/local/bin/docker-compose
+docker_compose_arch: "{{ ansible_architecture }}"
+docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
+docker_compose_path: /usr/local/bin/docker-compose
+```
 
 Docker Compose installation options.
 
-    docker_add_repo: true
+```yaml
+docker_add_repo: true
+```
 
 Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own.
 
-    docker_repo_url: https://download.docker.com/linux
+```yaml
+docker_repo_url: https://download.docker.com/linux
+```
 
 The main Docker repo URL, common between Debian and RHEL systems.
 
-    docker_apt_release_channel: stable
+```yaml
-    docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+docker_apt_release_channel: stable
-    docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
-    docker_apt_ignore_key_error: True
+docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
-    docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_ignore_key_error: True
-    docker_apt_filename: ""
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_filename: "docker"
+```
 
 (Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
 
 You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
-Usually in combination with changing `docker_apt_repository` as well.
+Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists.
 
-    docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo
+```yaml
-    docker_yum_repo_enable_nightly: '0'
+docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
-    docker_yum_repo_enable_test: '0'
+docker_yum_repo_enable_nightly: '0'
-    docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+docker_yum_repo_enable_test: '0'
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
+```
 
 (Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
 
 You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
 Usually in combination with changing `docker_yum_repository` as well.
 
-    docker_users:
+```yaml
-      - user1
+docker_users:
-      - user2
+  - user1
+  - user2
+```
 
 A list of system users to be added to the `docker` group (so they can use Docker on the server).
 
-    docker_daemon_options:
+```yaml
-      storage-driver: "devicemapper"
+docker_daemon_options:
-      log-opts:
+  storage-driver: "overlay2"
-        max-size: "100m"
+  log-opts:
+    max-size: "100m"
+```
 
 Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
 

defaults/main.yml

@@ -6,7 +6,18 @@ docker_packages:
   - "docker-{{ docker_edition }}-cli"
   - "docker-{{ docker_edition }}-rootless-extras"
   - "containerd.io"
+  - docker-buildx-plugin
 docker_packages_state: present
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc
 
 # Service options.
 docker_service_manage: true
@@ -21,7 +32,7 @@ docker_compose_package_state: present
 
 # Docker Compose options.
 docker_install_compose: false
-docker_compose_version: "v2.11.1"
+docker_compose_version: "v2.32.1"
 docker_compose_arch: "{{ ansible_architecture }}"
 docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
 docker_compose_path: /usr/local/bin/docker-compose
@@ -37,10 +48,10 @@ docker_apt_release_channel: stable
 # docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
 # and is only necessary until Docker officially supports them.
 docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}"
-docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}"
-docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
 docker_apt_ignore_key_error: true
-docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
 docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
 docker_apt_filename: "docker"
 
@@ -48,7 +59,7 @@ docker_apt_filename: "docker"
 docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
 docker_yum_repo_enable_nightly: '0'
 docker_yum_repo_enable_test: '0'
-docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
 
 # A list of users who will be added to the docker group.
 docker_users: []

meta/main.yml

@@ -22,6 +22,7 @@ galaxy_info:
         - bionic
         - focal
         - jammy
+        - noble
     - name: Alpine
       version:
         - all

molecule/default/converge.yml

@@ -1,7 +1,7 @@
 ---
 - name: Converge
   hosts: all
-  become: true
+  # become: true
 
   pre_tasks:
     - name: Update apt cache.

molecule/default/molecule.yml

@@ -2,11 +2,13 @@
 role_name_check: 1
 dependency:
   name: galaxy
+  options:
+    ignore-errors: true
 driver:
   name: docker
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw

molecule/default/verify.yml

@@ -0,0 +1,51 @@
+---
+- name: Verify Docker Role
+  hosts: all
+  tasks:
+    - name: Verify Docker binary is available
+      command: docker version
+      register: docker_version_result
+      changed_when: false
+      failed_when: docker_version_result.rc != 0
+
+    - name: Show Docker version details
+      debug:
+        msg: >
+          Docker Version Output:
+          {{ docker_version_result.stdout_lines | join('\n') }}
+
+    - name: Verify Docker service is running
+      command: systemctl is-active docker
+      register: docker_service_status
+      when: ansible_service_mgr == 'systemd'
+      changed_when: false
+      failed_when: docker_service_status.stdout.strip() != "active"
+
+    - name: Display Docker service status
+      debug:
+        msg: "Docker service is {{ docker_service_status.stdout.strip() }}"
+      when: ansible_service_mgr == 'systemd'
+
+    - name: Pull the 'hello-world' image
+      command: docker pull hello-world
+      register: docker_pull_result
+      changed_when: true
+      failed_when: docker_pull_result.rc != 0
+
+    - name: Show result of pulling the 'hello-world' image
+      debug:
+        msg: >
+          Pulling 'hello-world' completed with output:
+          {{ docker_pull_result.stdout_lines | join('\n') }}
+
+    - name: Run a test container (hello-world)
+      command: docker run --rm hello-world
+      register: docker_run_result
+      changed_when: true
+      failed_when: docker_run_result.rc != 0
+
+    - name: Display test container output
+      debug:
+        msg: >
+          Running 'hello-world' container completed with output:
+          {{ docker_run_result.stdout_lines | join('\n') }}

tasks/setup-Debian.yml

@@ -1,9 +1,26 @@
 ---
-- name: Ensure old versions of Docker are not installed.
+- name: Ensure apt key is not present in trusted.gpg.d
+  ansible.builtin.file:
+    path: /etc/apt/trusted.gpg.d/docker.asc
+    state: absent
+
+- name: Ensure old apt source list is not present in /etc/apt/sources.list.d
+  ansible.builtin.file:
+    path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ docker_apt_ansible_distribution | lower }}.list"
+    state: absent
+
+- name: Ensure the repo referencing the previous trusted.gpg.d key is not present
+  apt_repository:
+    repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+    state: absent
+    filename: "{{ docker_apt_filename }}"
+    update_cache: true
+  when: docker_add_repo | bool
+
+- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+  name: Ensure old versions of Docker are not installed.
   package:
-    name:
+    name: "{{ docker_obsolete_packages }}"
-      - docker
-      - docker-engine
     state: absent
 
 - name: Ensure dependencies are installed.
@@ -14,23 +31,17 @@
     state: present
   when: docker_add_repo | bool
 
-- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems).
+- name: Ensure directory exists for /etc/apt/keyrings
-  apt:
+  file:
-    name: gnupg2
+    path: /etc/apt/keyrings
-    state: present
+    state: directory
-  when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04', '<')
+    mode: "0755"
-
-- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
-  apt:
-    name: gnupg
-    state: present
-  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')
 
 - name: Add Docker apt key.
   ansible.builtin.get_url:
     url: "{{ docker_apt_gpg_key }}"
-    dest: /etc/apt/trusted.gpg.d/docker.asc
+    dest: /etc/apt/keyrings/docker.asc
-    mode: '0644'
+    mode: "0644"
     force: false
     checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
   register: add_repository_key

tasks/setup-RedHat.yml

@@ -1,10 +1,7 @@
 ---
 - name: Ensure old versions of Docker are not installed.
   package:
-    name:
+    name: "{{ docker_obsolete_packages }}"
-      - docker
-      - docker-common
-      - docker-engine
     state: absent
 
 - name: Add Docker GPG key.
@@ -44,6 +41,11 @@
 
 - name: Configure containerd on RHEL 8.
   block:
+    - name: Ensure runc is not installed.
+      package:
+        name: runc
+        state: absent
+
     - name: Ensure container-selinux is installed.
       package:
         name: container-selinux

vars/Alpine.yml

@@ -1,2 +1,3 @@
 ---
 docker_packages: "docker"
+docker_compose_package: docker-cli-compose

vars/Archlinux.yml

@@ -1,2 +1,3 @@
 ---
 docker_packages: "docker"
+docker_compose_package: docker-compose

vars/Debian.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Debian/Ubuntu (Debian OS-Family)
+# https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc

vars/RedHat.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Fedora/Rocky (RedHat OS-Family)
+# https://docs.docker.com/engine/install/fedora/#uninstall-old-versions
+# https://docs.docker.com/engine/install/centos/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker-client
+  - docker-client-latest
+  - docker-common
+  - docker-latest
+  - docker-latest-logrotate
+  - docker-logrotate
+  - docker-engine