1 files changed, 331 insertions, 0 deletions

diff --git a/roles/docker.ubuntu/tasks/main.yml b/roles/docker.ubuntu/tasks/main.yml
new file mode 100644
index 0000000..ca00437
--- /dev/null
+++ b/roles/docker.ubuntu/tasks/main.yml
@@ -0,0 +1,331 @@
+---
+# tasks file for docker.ubuntu
+- name: "Include proper python vars file"
+  include_vars: "{{ python_vars_file }}"
+
+- name: Fail if not a supported release of Ubuntu
+  fail:
+    msg: "{{ ansible_distribution_version }} is not an acceptable version of Ubuntu for this role"
+  when: ansible_lsb.id|lower == "ubuntu" and ansible_distribution_version|version_compare('14.04', '<')
+
+- name: Fail if not a new release of Debian
+  fail:
+    msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role"
+  when: ansible_lsb.id|lower == "debian" and ansible_distribution_version|version_compare('8.5', '<')
+
+- name: Fail if using python3 with Ansible<2.3
+  fail:
+    msg: "Ansible 2.3+ is required to use Python3 interpreter."
+  when: ansible_version.full | version_compare('2.3', '<') and ansible_python_interpreter is defined and 'python3' in ansible_python_interpreter
+
+- name: Update kernel, kernel extras, Xorg pkgs, and related tasks
+  include: kernel_check_and_update.yml
+  when: kernel_update_and_reboot_permitted or install_kernel_extras
+
+- name: Uninstall old versions of Docker
+  apt:
+    name: "{{ item }}"
+    state: absent
+  with_items:
+    - docker
+    - docker-engine
+    - docker.io
+  when: uninstall_previous_docker_versions
+
+- name: Install linux-image-extra-* packages to enable AuFS driver
+  apt:
+    pkg: "{{ item }}"
+    state: present
+    update_cache: yes
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+  with_items:
+    - linux-image-extra-{{ ansible_kernel }}
+    - linux-image-extra-virtual
+  when: docker_aufs_enabled and ansible_distribution_version|version_compare('14.04', '==')
+  register: linux_image_extra_install
+  ignore_errors: yes
+
+- name: Try again to install linux-image-extra if previous attempt failed
+  apt:
+    pkg: "linux-image-extra-{{ ansible_kernel.split('-')[:-1]|join('-') }}*"
+    state: present
+    update_cache: yes
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+  when: linux_image_extra_install|failed
+
+- name: Ensure dirmngr is available
+  apt:
+    pkg: "{{ apt_dirmngr_pkg }}"
+    state: present
+    update_cache: yes
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+
+- name: Add Docker repository key
+  apt_key:
+    id: "{{ apt_key_sig }}"
+    keyserver: "{{ apt_key_url }}"
+    state: present
+  register: add_repository_key
+  ignore_errors: true
+
+- name: Alternative | Add Docker repository key
+  shell: "apt-key adv --fetch-keys {{ apt-key-url }}"
+  when: add_repository_key|failed
+
+- name: HTTPS APT transport for Docker repository
+  apt:
+    name: apt-transport-https
+    state: present
+
+- name: Add Docker repository and update apt cache
+  apt_repository:
+    repo: "{{ apt_repository }}"
+    mode: '644'
+    update_cache: yes
+    state: present
+
+- name: Install (or update) docker package
+  apt:
+    name: "{{ docker_pkg_name }}"
+    state: "{{ 'latest' if update_docker_package else 'present' }}"
+    update_cache: "{{ update_docker_package }}"
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+
+- name: Set systemd playbook var
+  set_fact:
+    is_systemd: false
+  changed_when: false
+  tags: always
+
+- name: Set systemd playbook var
+  set_fact:
+    is_systemd: true
+  when: ( ansible_distribution == "Ubuntu" and ansible_distribution_version|version_compare('15.04', '>=') or ansible_distribution == "Debian" )
+  tags: always
+
+- name: Set docker_http_proxy_defined flag
+  set_fact:
+    docker_http_proxy_defined: "{{ docker_http_proxy is defined and docker_http_proxy is not none and docker_http_proxy != '' }}"
+  tags: proxy
+
+- name: Set docker_https_proxy_defined flag
+  set_fact:
+    docker_https_proxy_defined: "{{ docker_https_proxy is defined and docker_https_proxy is not none and docker_https_proxy != '' }}"
+  tags: proxy
+
+# https://github.com/moby/moby/issues/25471#issuecomment-263101090
+- name: Creates override directory (systemd)
+  file:
+    path: /etc/systemd/system/docker.service.d
+    state: "{{ (daemon_json is not none or docker_http_proxy_defined or docker_https_proxy_defined) | ternary('directory', 'absent') }}"
+    owner: root
+    group: root
+    mode: 0755
+  when:
+    - is_systemd
+  tags: proxy
+
+- name: Set docker daemon override (systemd)
+  copy:
+    content: |
+      [Service]
+      ExecStart=
+      ExecStart=/usr/bin/dockerd
+    dest: /etc/systemd/system/docker.service.d/override.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - Reload systemd
+    - Restart docker
+  when: daemon_json is not none and is_systemd
+
+- name: Set /etc/docker/daemon.json
+  copy:
+    content: "{{ daemon_json | to_nice_json }}"
+    dest: /etc/docker/daemon.json
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - Restart docker
+  when: daemon_json is not none
+
+- name: Fix DNS in docker.io
+  lineinfile:
+    dest: "{{ docker_defaults_file_path }}"
+    regexp: "DOCKER_OPTS="
+    line: 'DOCKER_OPTS="--dns {{ ansible_docker0.ipv4.address }}"'
+  register: dns_fix
+  notify: Restart dockerio
+  when: docker_pkg_name == 'docker.io'
+
+- meta: flush_handlers
+  when: "dns_fix|changed"
+
+- pause:
+    seconds: 1
+  when: "dns_fix|changed"
+
+# We must install pip via apt before we can use the pip module below
+- name: "Install {{ _python_packages | join(', ') }} packages with apt"
+  apt:
+    pkg: "{{ item }}"
+    state: latest
+    update_cache: yes
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+  with_items: "{{ _python_packages }}"
+
+# Display an informative message if the docker-compose version needs to be downgraded
+- name: Docker-compose version downgrade
+  debug:
+    msg: >-
+      Downgrading docker-compose version to {{ _pip_version_docker_compose }} because of docker-compose > 1.10
+      requiring docker python package (instead of the docker-py one) which is incompatible with the docker_container
+      module in Ansible < 2.3
+  when: pip_install_docker_compose and _pip_version_docker_compose != pip_version_docker_compose
+
+# See vars/main.yml for more information on this.
+- name: Clean previous docker-py package if installing docker.
+  pip:
+    name: docker-py
+    state: absent
+    executable: "{{ _pip_executable }}"
+  when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker'
+
+# See vars/main.yml for more information on this.
+- name: Clean previous docker package if installing docker-py.
+  pip:
+    name: docker
+    state: absent
+    executable: "{{ _pip_executable }}"
+  when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker-py'
+
+# Upgrade pip with pip to fix angstwad/docker.ubuntu/pull/35 and docker-py/issues/525
+- name: Install pip, setuptools, docker-py and docker-compose with pip
+  pip:
+    name: "{{ item.name }}"
+    state: "{{ 'latest' if item.version=='latest' else 'present' }}"
+    version: "{{ item.version if item.version!='latest' else omit }}"
+    executable: "{{ _pip_executable }}"
+  with_items:
+    - name: pip
+      version: "{{ pip_version_pip }}"
+      install: "{{ pip_install_pip }}"
+    - name: setuptools
+      version: "{{ pip_version_setuptools }}"
+      install: "{{ pip_install_setuptools }}"
+    - name: "{{ _pip_docker_package_name }}"
+      version: "{{ pip_version_docker }}"
+      install: "{{ _pip_install_docker }}"
+    - name: docker-compose
+      version: "{{ _pip_version_docker_compose }}"
+      install: "{{ pip_install_docker_compose }}"
+  when: item.install|bool
+
+- name: Check if /etc/updatedb.conf exists
+  stat:
+    path: /etc/updatedb.conf
+  register: updatedb_conf_exists
+
+- name: Ensure updatedb does not index /var/lib/docker
+  lineinfile:
+    dest: /etc/updatedb.conf
+    state: present
+    backrefs: yes
+    regexp: '^PRUNEPATHS="(/var/lib/docker )?(.*)"$'
+    line: 'PRUNEPATHS="/var/lib/docker \2"'
+  when: updatedb_conf_exists.stat.exists
+
+- name: Check if /etc/default/ufw exists
+  stat:
+    path: /etc/default/ufw
+  register: ufw_default_exists
+
+- name: Change ufw default forward policy from drop to accept
+  lineinfile:
+    dest: /etc/default/ufw
+    regexp: "^DEFAULT_FORWARD_POLICY="
+    line: "DEFAULT_FORWARD_POLICY=\"ACCEPT\""
+  when: ufw_default_exists.stat.exists
+
+- name: Set docker HTTP_PROXY if docker_http_proxy defined
+  lineinfile:
+    dest: /etc/default/docker
+    regexp: "^export http_proxy="
+    line: "export http_proxy=\"{{docker_http_proxy}}\""
+    state: "{{ docker_http_proxy_defined | ternary('present', 'absent') }}"
+  when:
+    - not is_systemd
+  notify:
+    - Restart docker
+  tags: proxy
+
+- name: Set docker HTTPS_PROXY if docker_https_proxy defined
+  lineinfile:
+    dest: /etc/default/docker
+    regexp: "^export https_proxy="
+    line: "export https_proxy=\"{{docker_https_proxy}}\""
+    state: "{{ docker_https_proxy_defined | ternary('present', 'absent') }}"
+  when:
+    - not is_systemd
+  notify:
+    - Restart docker
+  tags: proxy
+
+- name: Set docker HTTP(S)_PROXY if docker_http(s)_proxy defined (systemd)
+  copy:
+    content: |
+      [Service]
+      Environment="{% if docker_http_proxy_defined %}http_proxy={{ docker_http_proxy }}{% endif %}"
+      Environment="{% if docker_https_proxy_defined %}https_proxy={{ docker_https_proxy }}{% endif %}"
+      Environment="no_proxy={{ docker_no_proxy | default('') }}"
+    dest: /etc/systemd/system/docker.service.d/proxy.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - Reload systemd
+    - Restart docker
+  when:
+    - is_systemd
+    - docker_http_proxy_defined or docker_https_proxy_defined
+  tags: proxy
+
+- name: Remove docker HTTP(S)_PROXY if docker_http(s)_proxy undefined (systemd)
+  file:
+    path: /etc/systemd/system/docker.service.d/proxy.conf
+    state: absent
+  notify:
+    - Reload systemd
+    - Restart docker
+  when:
+    - is_systemd
+    - not docker_http_proxy_defined and not docker_https_proxy_defined
+  tags: proxy
+
+- name: Start docker
+  service:
+    name: docker
+    state: started
+  when: docker_pkg_name.find('lxc-docker') != -1 or docker_pkg_name.find('docker-engine') != -1
+
+- name: Start docker.io
+  service:
+    name: docker.io
+    state: started
+  when: docker_pkg_name == 'docker.io'
+
+  # ATTENTION: this task can potentially create new users!
+- name: Add users to the docker group
+  user:
+    name:   "{{ item }}"
+    groups: docker
+    append: yes
+  with_items: "{{docker_group_members}}"
+  when: docker_group_members is defined
+
+- name: update facts if docker0 is not defined
+  setup:
+    filter: "ansible_docker0"
+  when: ansible_docker0 is not defined