--- # tasks file for docker.ubuntu - name: "Include proper python vars file" include_vars: "{{ python_vars_file }}" - name: Fail if not a supported release of Ubuntu fail: msg: "{{ ansible_distribution_version }} is not an acceptable version of Ubuntu for this role" when: ansible_lsb.id|lower == "ubuntu" and ansible_distribution_version|version_compare('14.04', '<') - name: Fail if not a new release of Debian fail: msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role" when: ansible_lsb.id|lower == "debian" and ansible_distribution_version|version_compare('8.5', '<') - name: Fail if using python3 with Ansible<2.3 fail: msg: "Ansible 2.3+ is required to use Python3 interpreter." when: ansible_version.full | version_compare('2.3', '<') and ansible_python_interpreter is defined and 'python3' in ansible_python_interpreter - name: Update kernel, kernel extras, Xorg pkgs, and related tasks include: kernel_check_and_update.yml when: kernel_update_and_reboot_permitted or install_kernel_extras - name: Uninstall old versions of Docker apt: name: "{{ item }}" state: absent with_items: - docker - docker-engine - docker.io when: uninstall_previous_docker_versions - name: Install linux-image-extra-* packages to enable AuFS driver apt: pkg: "{{ item }}" state: present update_cache: yes cache_valid_time: "{{ docker_apt_cache_valid_time }}" with_items: - linux-image-extra-{{ ansible_kernel }} - linux-image-extra-virtual when: docker_aufs_enabled and ansible_distribution_version|version_compare('14.04', '==') register: linux_image_extra_install ignore_errors: yes - name: Try again to install linux-image-extra if previous attempt failed apt: pkg: "linux-image-extra-{{ ansible_kernel.split('-')[:-1]|join('-') }}*" state: present update_cache: yes cache_valid_time: "{{ docker_apt_cache_valid_time }}" when: linux_image_extra_install|failed - name: Ensure dirmngr is available apt: pkg: "{{ apt_dirmngr_pkg }}" state: present update_cache: yes cache_valid_time: "{{ docker_apt_cache_valid_time }}" - name: Add Docker repository key apt_key: id: "{{ apt_key_sig }}" keyserver: "{{ apt_key_url }}" state: present register: add_repository_key ignore_errors: true - name: Alternative | Add Docker repository key shell: "apt-key adv --fetch-keys {{ apt-key-url }}" when: add_repository_key|failed - name: HTTPS APT transport for Docker repository apt: name: apt-transport-https state: present - name: Add Docker repository and update apt cache apt_repository: repo: "{{ apt_repository }}" mode: '644' update_cache: yes state: present - name: Install (or update) docker package apt: name: "{{ docker_pkg_name }}" state: "{{ 'latest' if update_docker_package else 'present' }}" update_cache: "{{ update_docker_package }}" cache_valid_time: "{{ docker_apt_cache_valid_time }}" - name: Set systemd playbook var set_fact: is_systemd: false changed_when: false tags: always - name: Set systemd playbook var set_fact: is_systemd: true when: ( ansible_distribution == "Ubuntu" and ansible_distribution_version|version_compare('15.04', '>=') or ansible_distribution == "Debian" ) tags: always - name: Set docker_http_proxy_defined flag set_fact: docker_http_proxy_defined: "{{ docker_http_proxy is defined and docker_http_proxy is not none and docker_http_proxy != '' }}" tags: proxy - name: Set docker_https_proxy_defined flag set_fact: docker_https_proxy_defined: "{{ docker_https_proxy is defined and docker_https_proxy is not none and docker_https_proxy != '' }}" tags: proxy # https://github.com/moby/moby/issues/25471#issuecomment-263101090 - name: Creates override directory (systemd) file: path: /etc/systemd/system/docker.service.d state: "{{ (daemon_json is not none or docker_http_proxy_defined or docker_https_proxy_defined) | ternary('directory', 'absent') }}" owner: root group: root mode: 0755 when: - is_systemd tags: proxy - name: Set docker daemon override (systemd) copy: content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd dest: /etc/systemd/system/docker.service.d/override.conf owner: root group: root mode: 0644 notify: - Reload systemd - Restart docker when: daemon_json is not none and is_systemd - name: Set /etc/docker/daemon.json copy: content: "{{ daemon_json | to_nice_json }}" dest: /etc/docker/daemon.json owner: root group: root mode: 0644 notify: - Restart docker when: daemon_json is not none - name: Fix DNS in docker.io lineinfile: dest: "{{ docker_defaults_file_path }}" regexp: "DOCKER_OPTS=" line: 'DOCKER_OPTS="--dns {{ ansible_docker0.ipv4.address }}"' register: dns_fix notify: Restart dockerio when: docker_pkg_name == 'docker.io' - meta: flush_handlers when: "dns_fix|changed" - pause: seconds: 1 when: "dns_fix|changed" # We must install pip via apt before we can use the pip module below - name: "Install {{ _python_packages | join(', ') }} packages with apt" apt: pkg: "{{ item }}" state: latest update_cache: yes cache_valid_time: "{{ docker_apt_cache_valid_time }}" with_items: "{{ _python_packages }}" # Display an informative message if the docker-compose version needs to be downgraded - name: Docker-compose version downgrade debug: msg: >- Downgrading docker-compose version to {{ _pip_version_docker_compose }} because of docker-compose > 1.10 requiring docker python package (instead of the docker-py one) which is incompatible with the docker_container module in Ansible < 2.3 when: pip_install_docker_compose and _pip_version_docker_compose != pip_version_docker_compose # See vars/main.yml for more information on this. - name: Clean previous docker-py package if installing docker. pip: name: docker-py state: absent executable: "{{ _pip_executable }}" when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker' # See vars/main.yml for more information on this. - name: Clean previous docker package if installing docker-py. pip: name: docker state: absent executable: "{{ _pip_executable }}" when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker-py' # Upgrade pip with pip to fix angstwad/docker.ubuntu/pull/35 and docker-py/issues/525 - name: Install pip, setuptools, docker-py and docker-compose with pip pip: name: "{{ item.name }}" state: "{{ 'latest' if item.version=='latest' else 'present' }}" version: "{{ item.version if item.version!='latest' else omit }}" executable: "{{ _pip_executable }}" with_items: - name: pip version: "{{ pip_version_pip }}" install: "{{ pip_install_pip }}" - name: setuptools version: "{{ pip_version_setuptools }}" install: "{{ pip_install_setuptools }}" - name: "{{ _pip_docker_package_name }}" version: "{{ pip_version_docker }}" install: "{{ _pip_install_docker }}" - name: docker-compose version: "{{ _pip_version_docker_compose }}" install: "{{ pip_install_docker_compose }}" when: item.install|bool - name: Check if /etc/updatedb.conf exists stat: path: /etc/updatedb.conf register: updatedb_conf_exists - name: Ensure updatedb does not index /var/lib/docker lineinfile: dest: /etc/updatedb.conf state: present backrefs: yes regexp: '^PRUNEPATHS="(/var/lib/docker )?(.*)"$' line: 'PRUNEPATHS="/var/lib/docker \2"' when: updatedb_conf_exists.stat.exists - name: Check if /etc/default/ufw exists stat: path: /etc/default/ufw register: ufw_default_exists - name: Change ufw default forward policy from drop to accept lineinfile: dest: /etc/default/ufw regexp: "^DEFAULT_FORWARD_POLICY=" line: "DEFAULT_FORWARD_POLICY=\"ACCEPT\"" when: ufw_default_exists.stat.exists - name: Set docker HTTP_PROXY if docker_http_proxy defined lineinfile: dest: /etc/default/docker regexp: "^export http_proxy=" line: "export http_proxy=\"{{docker_http_proxy}}\"" state: "{{ docker_http_proxy_defined | ternary('present', 'absent') }}" when: - not is_systemd notify: - Restart docker tags: proxy - name: Set docker HTTPS_PROXY if docker_https_proxy defined lineinfile: dest: /etc/default/docker regexp: "^export https_proxy=" line: "export https_proxy=\"{{docker_https_proxy}}\"" state: "{{ docker_https_proxy_defined | ternary('present', 'absent') }}" when: - not is_systemd notify: - Restart docker tags: proxy - name: Set docker HTTP(S)_PROXY if docker_http(s)_proxy defined (systemd) copy: content: | [Service] Environment="{% if docker_http_proxy_defined %}http_proxy={{ docker_http_proxy }}{% endif %}" Environment="{% if docker_https_proxy_defined %}https_proxy={{ docker_https_proxy }}{% endif %}" Environment="no_proxy={{ docker_no_proxy | default('') }}" dest: /etc/systemd/system/docker.service.d/proxy.conf owner: root group: root mode: 0644 notify: - Reload systemd - Restart docker when: - is_systemd - docker_http_proxy_defined or docker_https_proxy_defined tags: proxy - name: Remove docker HTTP(S)_PROXY if docker_http(s)_proxy undefined (systemd) file: path: /etc/systemd/system/docker.service.d/proxy.conf state: absent notify: - Reload systemd - Restart docker when: - is_systemd - not docker_http_proxy_defined and not docker_https_proxy_defined tags: proxy - name: Start docker service: name: docker state: started when: docker_pkg_name.find('lxc-docker') != -1 or docker_pkg_name.find('docker-engine') != -1 - name: Start docker.io service: name: docker.io state: started when: docker_pkg_name == 'docker.io' # ATTENTION: this task can potentially create new users! - name: Add users to the docker group user: name: "{{ item }}" groups: docker append: yes with_items: "{{docker_group_members}}" when: docker_group_members is defined - name: update facts if docker0 is not defined setup: filter: "ansible_docker0" when: ansible_docker0 is not defined