Merge pull request #511 from sebdanielsson/deb822_repository

Refactor Debian setup to use deb822_repository

README.md

@@ -1,6 +1,6 @@
 # Ansible Role: Docker
 
-[![CI](https://github.com/geerlingguy/ansible-role-docker/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-docker/actions?query=workflow%3ACI)
+[![CI](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml)
 
 An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
 
@@ -34,11 +34,19 @@ docker_obsolete_packages:
   - docker
   - docker.io
   - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
   - podman-docker
   - containerd
   - runc
 ```
 
+`docker_obsolete_packages` for different os-family:
+
+- [`RedHat.yaml`](./vars/RedHat.yml)
+- [`Debian.yaml`](./vars/Debian.yml)
+
 A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed.
 
 ```yaml
@@ -60,7 +68,7 @@ Docker Compose Plugin installation options. These differ from the below in that
 
 ```yaml
 docker_install_compose: false
-docker_compose_version: "2.29.2"
+docker_compose_version: "v2.32.1"
 docker_compose_arch: "{{ ansible_architecture }}"
 docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
 docker_compose_path: /usr/local/bin/docker-compose
@@ -83,7 +91,7 @@ The main Docker repo URL, common between Debian and RHEL systems.
 ```yaml
 docker_apt_release_channel: stable
 docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
-docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }}{{' signed-by=/etc/apt/keyrings/docker.asc' if add_repository_key is not failed}}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
 docker_apt_ignore_key_error: True
 docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
 docker_apt_filename: "docker"
@@ -98,7 +106,7 @@ Usually in combination with changing `docker_apt_repository` as well. `docker_ap
 docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
 docker_yum_repo_enable_nightly: '0'
 docker_yum_repo_enable_test: '0'
-docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
 ```
 
 (Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
@@ -116,7 +124,7 @@ A list of system users to be added to the `docker` group (so they can use Docker
 
 ```yaml
 docker_daemon_options:
-  storage-driver: "devicemapper"
+  storage-driver: "overlay2"
   log-opts:
     max-size: "100m"
 ```

defaults/main.yml

@@ -12,6 +12,9 @@ docker_obsolete_packages:
   - docker
   - docker.io
   - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
   - podman-docker
   - containerd
   - runc
@@ -29,7 +32,7 @@ docker_compose_package_state: present
 
 # Docker Compose options.
 docker_install_compose: false
-docker_compose_version: "v2.29.2"
+docker_compose_version: "v2.32.1"
 docker_compose_arch: "{{ ansible_architecture }}"
 docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
 docker_compose_path: /usr/local/bin/docker-compose
@@ -56,7 +59,7 @@ docker_apt_filename: "docker"
 docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
 docker_yum_repo_enable_nightly: '0'
 docker_yum_repo_enable_test: '0'
-docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+docker_yum_gpg_key: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora', 'centos') }}/gpg"
 
 # A list of users who will be added to the docker group.
 docker_users: []

handlers/main.yml

@@ -1,7 +1,11 @@
 ---
 - name: restart docker
-  service:
+  ansible.builtin.service:
     name: docker
     state: "{{ docker_restart_handler_state }}"
   ignore_errors: "{{ ansible_check_mode }}"
   when: docker_service_manage | bool
+
+- name: apt update
+  ansible.builtin.apt:
+    update_cache: true

molecule/default/converge.yml

@@ -1,7 +1,7 @@
 ---
 - name: Converge
   hosts: all
-  become: true
+  # become: true
 
   pre_tasks:
     - name: Update apt cache.

molecule/default/verify.yml

@@ -0,0 +1,51 @@
+---
+- name: Verify Docker Role
+  hosts: all
+  tasks:
+    - name: Verify Docker binary is available
+      command: docker version
+      register: docker_version_result
+      changed_when: false
+      failed_when: docker_version_result.rc != 0
+
+    - name: Show Docker version details
+      debug:
+        msg: >
+          Docker Version Output:
+          {{ docker_version_result.stdout_lines | join('\n') }}
+
+    - name: Verify Docker service is running
+      command: systemctl is-active docker
+      register: docker_service_status
+      when: ansible_service_mgr == 'systemd'
+      changed_when: false
+      failed_when: docker_service_status.stdout.strip() != "active"
+
+    - name: Display Docker service status
+      debug:
+        msg: "Docker service is {{ docker_service_status.stdout.strip() }}"
+      when: ansible_service_mgr == 'systemd'
+
+    - name: Pull the 'hello-world' image
+      command: docker pull hello-world
+      register: docker_pull_result
+      changed_when: true
+      failed_when: docker_pull_result.rc != 0
+
+    - name: Show result of pulling the 'hello-world' image
+      debug:
+        msg: >
+          Pulling 'hello-world' completed with output:
+          {{ docker_pull_result.stdout_lines | join('\n') }}
+
+    - name: Run a test container (hello-world)
+      command: docker run --rm hello-world
+      register: docker_run_result
+      changed_when: true
+      failed_when: docker_run_result.rc != 0
+
+    - name: Display test container output
+      debug:
+        msg: >
+          Running 'hello-world' container completed with output:
+          {{ docker_run_result.stdout_lines | join('\n') }}

tasks/setup-Debian.yml

@@ -4,58 +4,40 @@
     path: /etc/apt/trusted.gpg.d/docker.asc
     state: absent
 
-- name: Ensure the repo referencing the previous trusted.gpg.d key is not present
+- name: Ensure old apt source list is not present in /etc/apt/sources.list.d
-  apt_repository:
+  ansible.builtin.file:
-    repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+    path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ docker_apt_ansible_distribution | lower }}.list"
     state: absent
-    filename: "{{ docker_apt_filename }}"
-    update_cache: true
-  when: docker_add_repo | bool
 
-- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+# See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
-  name: Ensure old versions of Docker are not installed.
+- name: Ensure old versions of Docker are not installed.
-  package:
+  ansible.builtin.package:
     name: "{{ docker_obsolete_packages }}"
     state: absent
 
+- name: Ensure legacy repo file is not present.
+  ansible.builtin.file:
+    path: "/etc/apt/sources.list.d/docker.list"
+    state: absent
+
 - name: Ensure dependencies are installed.
-  apt:
+  ansible.builtin.apt:
     name:
       - apt-transport-https
       - ca-certificates
+      - python3-debian
     state: present
-  when: docker_add_repo | bool
 
-- name: Ensure directory exists for /etc/apt/keyrings
+- name: Add or remove Docker repository.
-  file:
+  ansible.builtin.deb822_repository:
-    path: /etc/apt/keyrings
+    name: docker
-    state: directory
+    types: deb
-    mode: '0755'
+    uris: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}"
+    suites: "{{ ansible_distribution_release }}"
+    components: "{{ docker_apt_release_channel }}"
+    signed_by: "{{ docker_apt_gpg_key }}"
+    state: "{{ 'present' if docker_add_repo | bool else 'absent' }}"
+  notify: apt update
 
-- name: Add Docker apt key.
+- name: Ensure handlers are notified immediately to update the apt cache.
-  ansible.builtin.get_url:
+  ansible.builtin.meta: flush_handlers
-    url: "{{ docker_apt_gpg_key }}"
-    dest: /etc/apt/keyrings/docker.asc
-    mode: '0644'
-    force: false
-    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
-  register: add_repository_key
-  ignore_errors: "{{ docker_apt_ignore_key_error }}"
-  when: docker_add_repo | bool
-
-- name: Ensure curl is present (on older systems without SNI).
-  package: name=curl state=present
-  when: add_repository_key is failed and docker_add_repo | bool
-
-- name: Add Docker apt key (alternative for older systems without SNI).
-  shell: >
-    curl -sSL {{ docker_apt_gpg_key }} | apt-key add -
-  when: add_repository_key is failed and docker_add_repo | bool
-
-- name: Add Docker repository.
-  apt_repository:
-    repo: "{{ docker_apt_repository }}"
-    state: present
-    filename: "{{ docker_apt_filename }}"
-    update_cache: true
-  when: docker_add_repo | bool

tasks/setup-RedHat.yml

@@ -1,10 +1,7 @@
 ---
 - name: Ensure old versions of Docker are not installed.
   package:
-    name:
+    name: "{{ docker_obsolete_packages }}"
-      - docker
-      - docker-common
-      - docker-engine
     state: absent
 
 - name: Add Docker GPG key.

vars/Alpine.yml

@@ -1,2 +1,3 @@
 ---
 docker_packages: "docker"
+docker_compose_package: docker-cli-compose

vars/Debian.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Debian/Ubuntu (Debian OS-Family)
+# https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - docker-doc
+  - docker-compose
+  - docker-compose-v2
+  - podman-docker
+  - containerd
+  - runc

vars/RedHat.yml

@@ -0,0 +1,14 @@
+---
+# Used only for Fedora/Rocky (RedHat OS-Family)
+# https://docs.docker.com/engine/install/fedora/#uninstall-old-versions
+# https://docs.docker.com/engine/install/centos/#uninstall-old-versions
+
+docker_obsolete_packages:
+  - docker
+  - docker-client
+  - docker-client-latest
+  - docker-common
+  - docker-latest
+  - docker-latest-logrotate
+  - docker-logrotate
+  - docker-engine