2017-03-24 15:38:38 +01:00
# This role installs the docker daemon
---
2024-04-18 15:38:11 +02:00
- name : Fail if docker_conf_use_iptables is defined
ansible.builtin.fail :
msg : "Variable docker_conf_use_iptables is deprecated and not configurable anymore. Please remove it from your variables. Also double-check the daemon.json config for docker"
when :
- docker_conf_use_iptables is defined
tags :
- always
2017-07-24 22:38:08 +02:00
- name : Remove older docker packages
2023-03-19 11:44:53 +01:00
ansible.builtin.apt :
2019-12-31 15:25:10 +01:00
name :
- docker
- docker-engine
- docker.io
2017-07-24 22:38:08 +02:00
state : absent
- name : Install source requirements
2023-03-19 11:44:53 +01:00
ansible.builtin.apt :
2019-12-31 15:25:10 +01:00
name :
- ca-certificates
- gnupg2
2017-03-24 15:38:38 +01:00
state : present
2023-03-18 19:52:55 +01:00
- name : Install apt-transport-https (Debian <10)
2023-03-19 11:44:53 +01:00
ansible.builtin.apt :
2023-03-18 19:52:55 +01:00
name :
- apt-transport-https
state : present
when : ansible_distribution_major_version is version('10', '<')
2023-07-25 10:59:53 +02:00
- name : "Ensure {{ apt_keyring_dir }} directory exists"
2024-04-18 16:10:26 +02:00
ansible.builtin.file :
2023-07-25 10:59:53 +02:00
path : "{{ apt_keyring_dir }}"
state : directory
mode : "755"
owner : root
group : root
2017-07-24 22:38:08 +02:00
- name : Add Docker's official GPG key
2023-03-19 11:44:53 +01:00
ansible.builtin.copy :
2021-05-03 14:23:13 +02:00
src : docker-debian.asc
2022-11-02 23:15:17 +01:00
dest : "{{ apt_keyring_dir }}/docker-debian.asc"
2023-06-28 13:22:59 +02:00
force : true
2021-05-03 14:23:13 +02:00
mode : "0644"
2021-05-26 13:47:34 +02:00
owner : root
group : root
2017-03-24 15:38:38 +01:00
2023-03-18 19:52:55 +01:00
- name : Add Docker repository (Debian <12)
2023-03-19 11:44:53 +01:00
ansible.builtin.apt_repository :
2022-11-27 18:07:30 +01:00
repo : 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
2023-03-19 11:44:53 +01:00
filename : docker
2023-03-18 19:52:55 +01:00
state : present
2024-04-18 16:10:26 +02:00
update_cache : true
2023-03-18 19:52:55 +01:00
when : ansible_distribution_major_version is version('12', '<')
2022-05-10 17:40:27 +02:00
2023-03-18 19:52:55 +01:00
- name : Add Docker repository (Debian >=12)
ansible.builtin.template :
src : docker.sources.j2
dest : /etc/apt/sources.list.d/docker.sources
2024-04-18 16:10:26 +02:00
owner : root
group : root
mode : "0644"
2023-03-18 19:52:55 +01:00
when : ansible_distribution_major_version is version('12', '>=')
2022-12-02 15:17:42 +01:00
2021-09-30 17:05:10 +02:00
- name : Install Docker
2023-03-19 11:44:53 +01:00
ansible.builtin.apt :
2019-12-31 15:25:10 +01:00
name :
- docker-ce
2021-09-30 12:09:11 +02:00
- docker-ce-cli
- containerd.io
2024-04-18 16:10:26 +02:00
update_cache : true
cache_valid_time : 3600
2017-03-24 15:38:38 +01:00
2024-04-18 16:10:26 +02:00
- name : Package python-docker is installed
2023-03-19 11:44:53 +01:00
ansible.builtin.apt :
2021-05-02 01:14:06 +02:00
name : python-docker
state : present
2021-09-30 17:05:10 +02:00
when : ansible_python_version is version('3', '<')
2021-05-02 01:14:06 +02:00
2024-04-18 16:10:26 +02:00
- name : Package python3-docker is installed
2023-03-19 11:44:53 +01:00
ansible.builtin.apt :
2021-05-02 01:14:06 +02:00
name : python3-docker
state : present
2021-09-30 17:05:10 +02:00
when : ansible_python_version is version('3', '>=')
2021-05-02 01:14:06 +02:00
2017-07-24 22:38:08 +02:00
- name : Copy Docker daemon configuration file
2023-03-19 11:44:53 +01:00
ansible.builtin.template :
2017-07-24 22:38:08 +02:00
src : daemon.json.j2
dest : /etc/docker/daemon.json
2024-04-18 16:10:26 +02:00
owner : root
group : root
mode : "0644"
2017-09-29 15:31:52 +02:00
notify : restart docker
2017-03-24 15:38:38 +01:00
- name : Creating Docker tmp directory
2023-03-19 11:44:53 +01:00
ansible.builtin.file :
2017-03-24 15:38:38 +01:00
path : "{{ docker_tmpdir }}"
state : directory
mode : "0644"
owner : root
- name : Creating Docker TLS directory
2023-03-19 11:44:53 +01:00
ansible.builtin.file :
2017-03-24 15:38:38 +01:00
path : "{{ docker_tls_path }}"
state : directory
mode : "0644"
owner : root
2021-05-09 23:06:42 +02:00
when : docker_tls_enabled | bool
2017-03-24 15:38:38 +01:00
- name : Copy shellpki utility to Docker TLS directory
2023-03-19 11:44:53 +01:00
ansible.builtin.template :
2017-03-24 15:38:38 +01:00
src : "{{ item }}.j2"
dest : "{{ docker_tls_path }}/{{ item }}"
mode : "0744"
2021-05-04 14:18:40 +02:00
loop :
2017-03-24 15:38:38 +01:00
- shellpki.sh
- openssl.cnf
2021-05-09 23:06:42 +02:00
when : docker_tls_enabled | bool
2017-07-24 22:38:08 +02:00
- name : Check if certs are already created
2023-03-19 11:44:53 +01:00
ansible.builtin.stat :
2017-07-24 22:38:08 +02:00
path : "{{ docker_tls_path }}/certs"
register : tls_certs_stat
2017-03-24 15:38:38 +01:00
- name : Creating a CA, server key
2023-03-19 11:44:53 +01:00
ansible.builtin.command :
cmd : "{{ docker_tls_path }}/shellpki.sh init"
2021-05-09 23:06:42 +02:00
when :
- docker_tls_enabled | bool
2023-12-04 11:38:09 +01:00
- not (tls_certs_stat.stat.exists and tls_certs_stat.stat.isdir)