senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/ansible/roles/docker/tasks/main.yml
okinrev 327ac36a30 BASE: completing the initial repo state
2025-12-03 22:56:50 +01:00

215 lines
6 KiB
YAML
Raw Blame History

---
# file: roles/docker/tasks/main.yml
- name: "packages prerequisites"
apt:
name:
- ca-certificates
- curl
- software-properties-common
tags: docker
- name: "apt package for pip"
apt:
name:
- python3-pkg-resources
- python3-setuptools
tags: docker
- name: "[ubuntu and Debian 11-] module installation with pip needed for ansible control"
pip:
name:
- docker
- docker-compose
when: ansible_distribution == "Ubuntu" or ( ansible_distribution == "Debian" and ansible_distribution_major_version is version('12', '<'))
tags: docker
- name: "[Debian 12+] apt install python3-docker for ansible control"
apt:
name:
- python3-docker
when:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('12', '>=')
tags: docker
- name: "apt install docker-compose v1 from debian package"
apt:
name:
- docker-compose
tags: docker
- name: "remove legacy key from apt-key"
apt_key:
id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
state: absent
when: ansible_distribution_major_version is version('13', '<') or ansible_distribution != "Debian"
tags: docker
- name: "download modern signature key"
get_url:
url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
dest: "/dev/shm/docker.acs"
changed_when: false
tags: docker
- name: "check if {{ get_env_var.stdout }}/docker.sock exists"
file:
path: "/etc/apt/keyrings"
state: directory
- name: "install modern signature key"
shell:
cmd: "cat /dev/shm/docker.acs | gpg --dearmor -o /etc/apt/keyrings/docker.gpg"
creates: "/etc/apt/keyrings/docker.gpg"
tags: docker
- name: "repository file"
copy:
content: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable\n"
dest: "/etc/apt/sources.list.d/docker.list"
register: repo
tags: docker
- name: "apt pin docker-ce* version"
ansible.builtin.copy:
content: |
Package: docker-ce*
Pin: version 5:{{ docker_pinned }}
# Note: priority of 1001 (greater than 1000) allows for downgrading.
# To make package downgrading impossible, use a value of 999
Pin-Priority: 1001
dest: "/etc/apt/preferences.d/docker"
when: docker_pinned is defined
tags: docker
- name: "apt make sure that docker-ce version is not pinned"
ansible.builtin.file:
path: "/etc/apt/preferences.d/docker"
state: absent
when: docker_pinned is undefined
tags: docker
- name: "refresh apt if repo was modified"
apt:
update_cache: true
when: repo.changed
tags: docker
- name: "apt install docker-ce (not pinned)"
apt:
name: "docker-ce"
when: docker_pinned is undefined
tags: docker
- name: "apt install docker-ce (pinned)"
apt:
name: "docker-ce"
state: latest
install_recommends: true
when: docker_pinned is defined
tags: docker
- name: "docker compose v2 package"
apt:
name: "docker-compose-plugin"
tags: docker
- name: "stat /usr/local/bin/docker-compose"
stat:
path: /usr/local/bin/docker-compose
register: docker_compose_binary
when:
- docker_compose
- docker_compose_version == "latest"
tags: docker
- name: "docker-compose: get the latest download link on github"
uri:
url: https://api.github.com/repos/docker/compose/releases/latest
return_content: true
check_mode: false
register: URL
delegate_to: localhost
become: false
run_once: true
when:
- docker_compose
- docker_compose_version == "latest"
- docker_compose_binary.stat.exists and ( docker_compose_update_now == "true" or global_update_now == "true" ) or not docker_compose_binary.stat.exists
tags: docker
# curl -s https://api.github.com/repos/docker/compose/releases/latest | jq -r '.assets[] | select(.name == "docker-compose-linux-x86_64") | .browser_download_url'
- name: "latest docker compose installation"
get_url:
url: "{{ URL.json | json_query(params) | first }}"
dest: "/usr/local/bin/docker-compose"
force: True
mode: 0755
vars:
params: "assets[?name=='docker-compose-linux-x86_64'].browser_download_url"
when:
- docker_compose
- docker_compose_version == "latest"
- ( docker_compose_update_now == "true" or global_update_now == "true" ) or not docker_compose_binary.stat.exists
tags: docker
- name: "docker compose version {{ docker_compose_version }} installation"
get_url:
url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-x86_64"
dest: "/usr/local/bin/docker-compose"
force: true
mode: 0755
when:
- docker_compose
- docker_compose_version != "latest"
tags: docker
- name: "install dependencies when docker_user is not root"
apt:
name:
- systemd-container
when: docker_user != "root"
tags: docker
- name: "make sure that {{ docker_user }} is a member of docker group"
ansible.builtin.user:
name: "{{ docker_user }}"
groups:
- docker
append: true
when: docker_user != "root"
tags: docker
- name: "setting up docker daemon as non-root"
import_tasks: docker-rootless.yml
when: docker_rootless
tags: docker
- name: "docker login user root to remote registry"
community.docker.docker_login:
registry_url: "{{ item.url }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
loop: "{{ docker_registry_login }}"
when:
- docker_registry_login is defined
- docker_user == "root"
tags: docker
- name: "docker login user {{ docker_user }} to remote registry"
remote_user: root
become: true
become_method: community.general.machinectl
become_user: "{{ docker_user }}"
vars:
ansible_ssh_pipelining: false # https://github.com/ansible/ansible/issues/81254
community.docker.docker_login:
registry_url: "{{ item.url }}"
username: "{{ item.username }}"
password: "{{ item.password }}"
loop: "{{ docker_registry_login }}"
when:
- docker_registry_login is defined
- docker_user != "root"
tags: docker
Reference in a new issue View git blame Copy permalink