From 1dca07177fdbb832e0694843c306b98dd9d86cb7 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 18:59:51 -0800 Subject: [PATCH 01/11] 434 Add GPG keys to keyrings instead of trusted.gpg.d --- defaults/main.yml | 2 +- tasks/setup-Debian.yml | 28 +++++++++++++--------------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8deef246..daad48ff 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,7 +38,7 @@ docker_apt_release_channel: stable # and is only necessary until Docker officially supports them. docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}" docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" -docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.gpg] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 69529bab..32798034 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -27,25 +27,23 @@ state: present when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=') -- name: Add Docker apt key. - ansible.builtin.get_url: - url: "{{ docker_apt_gpg_key }}" - dest: /etc/apt/trusted.gpg.d/docker.asc - mode: '0644' - force: false - checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}" - register: add_repository_key - ignore_errors: "{{ docker_apt_ignore_key_error }}" - when: docker_add_repo | bool +- name: Ensure directory exists for /etc/apt/keyrings + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' -- name: Ensure curl is present (on older systems without SNI). +- name: Ensure curl is present package: name=curl state=present - when: add_repository_key is failed and docker_add_repo | bool -- name: Add Docker apt key (alternative for older systems without SNI). +- name: Add Docker apt key shell: > - curl -sSL {{ docker_apt_gpg_key }} | apt-key add - - when: add_repository_key is failed and docker_add_repo | bool + curl -sSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes + +- name: Change permissions for /etc/apt/keyrings/docker.gpg + file: + path: /etc/apt/keyrings/docker.gpg + mode: 'a+r' - name: Add Docker repository. apt_repository: From 12ad263ef65367d36c795e19b8dcfbf301c8a645 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 20:23:52 -0800 Subject: [PATCH 02/11] 435 Update apt key ansible task --- tasks/setup-Debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 32798034..8bd7e006 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -38,7 +38,7 @@ - name: Add Docker apt key shell: > - curl -sSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes + curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes - name: Change permissions for /etc/apt/keyrings/docker.gpg file: From ae29f9f9c02a2d5fae0e7f58c86077cc6628d761 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 21:14:58 -0800 Subject: [PATCH 03/11] 434 changed_when false for adding docker apt key shell cmd --- tasks/setup-Debian.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 8bd7e006..8c98a681 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -39,6 +39,7 @@ - name: Add Docker apt key shell: > curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes + changed_when: false - name: Change permissions for /etc/apt/keyrings/docker.gpg file: From 6cb849c416970cf9dded79786e4d65f5fa1850cc Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Thu, 16 Nov 2023 21:20:56 -0800 Subject: [PATCH 04/11] 435 ansible-lint --- tasks/setup-Debian.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 8c98a681..7a3cb033 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -36,12 +36,12 @@ - name: Ensure curl is present package: name=curl state=present -- name: Add Docker apt key +- name: Add Docker apt key shell: > curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes changed_when: false -- name: Change permissions for /etc/apt/keyrings/docker.gpg +- name: Change permissions for /etc/apt/keyrings/docker.gpg file: path: /etc/apt/keyrings/docker.gpg mode: 'a+r' From 08ae86e0b5fc3e891e9122b138e6d580e3c2f0f1 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Mon, 18 Dec 2023 11:06:21 -0800 Subject: [PATCH 05/11] 434 update apt key destination --- defaults/main.yml | 2 +- tasks/setup-Debian.yml | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index daad48ff..cdf94f09 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,7 +38,7 @@ docker_apt_release_channel: stable # and is only necessary until Docker officially supports them. docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}" docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" -docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.gpg] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 7a3cb033..2415cb17 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -33,13 +33,16 @@ state: directory mode: '0755' -- name: Ensure curl is present - package: name=curl state=present - -- name: Add Docker apt key - shell: > - curl -fsSL {{ docker_apt_gpg_key }} | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes - changed_when: false +- name: Add Docker apt key. + ansible.builtin.get_url: + url: "{{ docker_apt_gpg_key }}" + dest: /etc/apt/keyrings/docker.asc + mode: '0644' + force: false + checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}" + register: add_repository_key + ignore_errors: "{{ docker_apt_ignore_key_error }}" + when: docker_add_repo | bool - name: Change permissions for /etc/apt/keyrings/docker.gpg file: From d8f92e18746617045dc27f376a8049d6253c8024 Mon Sep 17 00:00:00 2001 From: Omkar Kawade Date: Mon, 18 Dec 2023 12:56:14 -0800 Subject: [PATCH 06/11] 434 remove permissions update, add reverse compatibility --- tasks/setup-Debian.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 2415cb17..04b427d8 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -44,10 +44,14 @@ ignore_errors: "{{ docker_apt_ignore_key_error }}" when: docker_add_repo | bool -- name: Change permissions for /etc/apt/keyrings/docker.gpg - file: - path: /etc/apt/keyrings/docker.gpg - mode: 'a+r' +- name: Ensure curl is present (on older systems without SNI). + package: name=curl state=present + when: add_repository_key is failed and docker_add_repo | bool + +- name: Add Docker apt key (alternative for older systems without SNI). + shell: > + curl -sSL {{ docker_apt_gpg_key }} | apt-key add - + when: add_repository_key is failed and docker_add_repo | bool - name: Add Docker repository. apt_repository: From f741ddba10bff417b0f86c5ed4deefb99c28e20a Mon Sep 17 00:00:00 2001 From: Chris Schindlbeck Date: Thu, 28 Dec 2023 20:08:47 +0100 Subject: [PATCH 07/11] Fix docker compose plugin on archlinux --- vars/Archlinux.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/vars/Archlinux.yml b/vars/Archlinux.yml index b81917a4..f68d962a 100644 --- a/vars/Archlinux.yml +++ b/vars/Archlinux.yml @@ -1,2 +1,3 @@ --- docker_packages: "docker" +docker_compose_package: docker-compose From cff72d08076e205e815043e764475ebb4aa0ac5c Mon Sep 17 00:00:00 2001 From: Luca Gardi Date: Mon, 26 Feb 2024 13:59:44 +0100 Subject: [PATCH 08/11] Update README.md Fix typo in Yum repos definition --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3449e28b..a31968b6 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,7 @@ The main Docker repo URL, common between Debian and RHEL systems. You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror. Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists. - docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo + docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo" docker_yum_repo_enable_nightly: '0' docker_yum_repo_enable_test: '0' docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg" From 5b96593d5cdcac4b53a34dc1df3da7c20c7f06a5 Mon Sep 17 00:00:00 2001 From: Chris Schindlbeck Date: Mon, 27 May 2024 09:26:04 +0200 Subject: [PATCH 09/11] Add Ubuntu 24.04 to CI --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f25e07d0..bb4b3270 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,7 @@ jobs: distro: - rockylinux9 - rockylinux8 + - ubuntu2404 - ubuntu2204 - ubuntu2004 - debian12 From 820f7426fb5483cca89ae9deb06d68e561c685ab Mon Sep 17 00:00:00 2001 From: James Myatt Date: Mon, 27 May 2024 11:09:35 +0100 Subject: [PATCH 10/11] Enable armhf build for old raspberry pis --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index ccc3b1cd..4634b57c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -38,7 +38,7 @@ docker_apt_release_channel: stable # docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible, # and is only necessary until Docker officially supports them. docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}" -docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" +docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}" docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" docker_apt_ignore_key_error: true docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg" From fe69df76fa9d6dc665bd9a4e052978ee7d435830 Mon Sep 17 00:00:00 2001 From: James Myatt Date: Mon, 27 May 2024 11:15:16 +0100 Subject: [PATCH 11/11] Update list of obsolete packages --- tasks/setup-Debian.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 69529bab..582a8c12 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,10 +1,14 @@ --- -- name: Ensure old versions of Docker are not installed. +- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions + name: Ensure old versions of Docker are not installed. package: name: - docker - docker.io - docker-engine + - podman-docker + - containerd + - runc state: absent - name: Ensure dependencies are installed.