1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
|
---
# tasks file for docker.ubuntu
- name: "Include proper python vars file"
include_vars: "{{ python_vars_file }}"
- name: Fail if not a supported release of Ubuntu
fail:
msg: "{{ ansible_distribution_version }} is not an acceptable version of Ubuntu for this role"
when: ansible_lsb.id|lower == "ubuntu" and ansible_distribution_version|version_compare('14.04', '<')
- name: Fail if not a new release of Debian
fail:
msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role"
when: ansible_lsb.id|lower == "debian" and ansible_distribution_version|version_compare('8.5', '<')
- name: Fail if using python3 with Ansible<2.3
fail:
msg: "Ansible 2.3+ is required to use Python3 interpreter."
when: ansible_version.full | version_compare('2.3', '<') and ansible_python_interpreter is defined and 'python3' in ansible_python_interpreter
- name: Update kernel, kernel extras, Xorg pkgs, and related tasks
include: kernel_check_and_update.yml
when: kernel_update_and_reboot_permitted or install_kernel_extras
- name: Uninstall old versions of Docker
apt:
name: "{{ item }}"
state: absent
with_items:
- docker
- docker-engine
- docker.io
when: uninstall_previous_docker_versions
- name: Install linux-image-extra-* packages to enable AuFS driver
apt:
pkg: "{{ item }}"
state: present
update_cache: yes
cache_valid_time: "{{ docker_apt_cache_valid_time }}"
with_items:
- linux-image-extra-{{ ansible_kernel }}
- linux-image-extra-virtual
when: docker_aufs_enabled and ansible_distribution_version|version_compare('14.04', '==')
register: linux_image_extra_install
ignore_errors: yes
- name: Try again to install linux-image-extra if previous attempt failed
apt:
pkg: "linux-image-extra-{{ ansible_kernel.split('-')[:-1]|join('-') }}*"
state: present
update_cache: yes
cache_valid_time: "{{ docker_apt_cache_valid_time }}"
when: linux_image_extra_install|failed
- name: Ensure dirmngr is available
apt:
pkg: "{{ apt_dirmngr_pkg }}"
state: present
update_cache: yes
cache_valid_time: "{{ docker_apt_cache_valid_time }}"
- name: Add Docker repository key
apt_key:
id: "{{ apt_key_sig }}"
keyserver: "{{ apt_key_url }}"
state: present
register: add_repository_key
ignore_errors: true
- name: Alternative | Add Docker repository key
shell: "apt-key adv --fetch-keys {{ apt-key-url }}"
when: add_repository_key|failed
- name: HTTPS APT transport for Docker repository
apt:
name: apt-transport-https
state: present
- name: Add Docker repository and update apt cache
apt_repository:
repo: "{{ apt_repository }}"
mode: '644'
update_cache: yes
state: present
- name: Install (or update) docker package
apt:
name: "{{ docker_pkg_name }}"
state: "{{ 'latest' if update_docker_package else 'present' }}"
update_cache: "{{ update_docker_package }}"
cache_valid_time: "{{ docker_apt_cache_valid_time }}"
- name: Set systemd playbook var
set_fact:
is_systemd: false
changed_when: false
tags: always
- name: Set systemd playbook var
set_fact:
is_systemd: true
when: ( ansible_distribution == "Ubuntu" and ansible_distribution_version|version_compare('15.04', '>=') or ansible_distribution == "Debian" )
tags: always
- name: Set docker_http_proxy_defined flag
set_fact:
docker_http_proxy_defined: "{{ docker_http_proxy is defined and docker_http_proxy is not none and docker_http_proxy != '' }}"
tags: proxy
- name: Set docker_https_proxy_defined flag
set_fact:
docker_https_proxy_defined: "{{ docker_https_proxy is defined and docker_https_proxy is not none and docker_https_proxy != '' }}"
tags: proxy
# https://github.com/moby/moby/issues/25471#issuecomment-263101090
- name: Creates override directory (systemd)
file:
path: /etc/systemd/system/docker.service.d
state: "{{ (daemon_json is not none or docker_http_proxy_defined or docker_https_proxy_defined) | ternary('directory', 'absent') }}"
owner: root
group: root
mode: 0755
when:
- is_systemd
tags: proxy
- name: Set docker daemon override (systemd)
copy:
content: |
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
dest: /etc/systemd/system/docker.service.d/override.conf
owner: root
group: root
mode: 0644
notify:
- Reload systemd
- Restart docker
when: daemon_json is not none and is_systemd
- name: Set /etc/docker/daemon.json
copy:
content: "{{ daemon_json | to_nice_json }}"
dest: /etc/docker/daemon.json
owner: root
group: root
mode: 0644
notify:
- Restart docker
when: daemon_json is not none
- name: Fix DNS in docker.io
lineinfile:
dest: "{{ docker_defaults_file_path }}"
regexp: "DOCKER_OPTS="
line: 'DOCKER_OPTS="--dns {{ ansible_docker0.ipv4.address }}"'
register: dns_fix
notify: Restart dockerio
when: docker_pkg_name == 'docker.io'
- meta: flush_handlers
when: "dns_fix|changed"
- pause:
seconds: 1
when: "dns_fix|changed"
# We must install pip via apt before we can use the pip module below
- name: "Install {{ _python_packages | join(', ') }} packages with apt"
apt:
pkg: "{{ item }}"
state: latest
update_cache: yes
cache_valid_time: "{{ docker_apt_cache_valid_time }}"
with_items: "{{ _python_packages }}"
# Display an informative message if the docker-compose version needs to be downgraded
- name: Docker-compose version downgrade
debug:
msg: >-
Downgrading docker-compose version to {{ _pip_version_docker_compose }} because of docker-compose > 1.10
requiring docker python package (instead of the docker-py one) which is incompatible with the docker_container
module in Ansible < 2.3
when: pip_install_docker_compose and _pip_version_docker_compose != pip_version_docker_compose
# See vars/main.yml for more information on this.
- name: Clean previous docker-py package if installing docker.
pip:
name: docker-py
state: absent
executable: "{{ _pip_executable }}"
when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker'
# See vars/main.yml for more information on this.
- name: Clean previous docker package if installing docker-py.
pip:
name: docker
state: absent
executable: "{{ _pip_executable }}"
when: (_pip_install_docker or pip_install_docker_compose) and _pip_docker_package_name == 'docker-py'
# Upgrade pip with pip to fix angstwad/docker.ubuntu/pull/35 and docker-py/issues/525
- name: Install pip, setuptools, docker-py and docker-compose with pip
pip:
name: "{{ item.name }}"
state: "{{ 'latest' if item.version=='latest' else 'present' }}"
version: "{{ item.version if item.version!='latest' else omit }}"
executable: "{{ _pip_executable }}"
with_items:
- name: pip
version: "{{ pip_version_pip }}"
install: "{{ pip_install_pip }}"
- name: setuptools
version: "{{ pip_version_setuptools }}"
install: "{{ pip_install_setuptools }}"
- name: "{{ _pip_docker_package_name }}"
version: "{{ pip_version_docker }}"
install: "{{ _pip_install_docker }}"
- name: docker-compose
version: "{{ _pip_version_docker_compose }}"
install: "{{ pip_install_docker_compose }}"
when: item.install|bool
- name: Check if /etc/updatedb.conf exists
stat:
path: /etc/updatedb.conf
register: updatedb_conf_exists
- name: Ensure updatedb does not index /var/lib/docker
lineinfile:
dest: /etc/updatedb.conf
state: present
backrefs: yes
regexp: '^PRUNEPATHS="(/var/lib/docker )?(.*)"$'
line: 'PRUNEPATHS="/var/lib/docker \2"'
when: updatedb_conf_exists.stat.exists
- name: Check if /etc/default/ufw exists
stat:
path: /etc/default/ufw
register: ufw_default_exists
- name: Change ufw default forward policy from drop to accept
lineinfile:
dest: /etc/default/ufw
regexp: "^DEFAULT_FORWARD_POLICY="
line: "DEFAULT_FORWARD_POLICY=\"ACCEPT\""
when: ufw_default_exists.stat.exists
- name: Set docker HTTP_PROXY if docker_http_proxy defined
lineinfile:
dest: /etc/default/docker
regexp: "^export http_proxy="
line: "export http_proxy=\"{{docker_http_proxy}}\""
state: "{{ docker_http_proxy_defined | ternary('present', 'absent') }}"
when:
- not is_systemd
notify:
- Restart docker
tags: proxy
- name: Set docker HTTPS_PROXY if docker_https_proxy defined
lineinfile:
dest: /etc/default/docker
regexp: "^export https_proxy="
line: "export https_proxy=\"{{docker_https_proxy}}\""
state: "{{ docker_https_proxy_defined | ternary('present', 'absent') }}"
when:
- not is_systemd
notify:
- Restart docker
tags: proxy
- name: Set docker HTTP(S)_PROXY if docker_http(s)_proxy defined (systemd)
copy:
content: |
[Service]
Environment="{% if docker_http_proxy_defined %}http_proxy={{ docker_http_proxy }}{% endif %}"
Environment="{% if docker_https_proxy_defined %}https_proxy={{ docker_https_proxy }}{% endif %}"
Environment="no_proxy={{ docker_no_proxy | default('') }}"
dest: /etc/systemd/system/docker.service.d/proxy.conf
owner: root
group: root
mode: 0644
notify:
- Reload systemd
- Restart docker
when:
- is_systemd
- docker_http_proxy_defined or docker_https_proxy_defined
tags: proxy
- name: Remove docker HTTP(S)_PROXY if docker_http(s)_proxy undefined (systemd)
file:
path: /etc/systemd/system/docker.service.d/proxy.conf
state: absent
notify:
- Reload systemd
- Restart docker
when:
- is_systemd
- not docker_http_proxy_defined and not docker_https_proxy_defined
tags: proxy
- name: Start docker
service:
name: docker
state: started
when: docker_pkg_name.find('lxc-docker') != -1 or docker_pkg_name.find('docker-engine') != -1
- name: Start docker.io
service:
name: docker.io
state: started
when: docker_pkg_name == 'docker.io'
# ATTENTION: this task can potentially create new users!
- name: Add users to the docker group
user:
name: "{{ item }}"
groups: docker
append: yes
with_items: "{{docker_group_members}}"
when: docker_group_members is defined
- name: update facts if docker0 is not defined
setup:
filter: "ansible_docker0"
when: ansible_docker0 is not defined
|
