diff --git a/defaults/main.yml b/defaults/main.yml index d522cb8..631d36b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,20 +2,19 @@ # https://github.com/docker/roadmap/issues/188 # https://download.docker.com/linux/static/stable/x86_64/{docker,docker-rootless-extras}-24.0.3.tgz docker_add_alias: true -docker_release: "24.0.3" -docker_release_shasum: "f7bcb029ecb061ed3d647a8fe793b9db26c1a0526716525d6632cc79ee805bcb" -docker_release_rootless_shasum: "dce01e1c7df0c791dd3ac42d34ac34e8b3e984341e162458e8c36a5ca8caeef5" -docker_bash_completion_shasum: "cd9c70120bc5f7e6772b6a5350abf63099004c357814abc8a8a3689a7f2e3df0" -docker_compose_bash_completion_shasum: "9926c945b466fad570ad574089d6a90f7d9ba452a2d6a8ba67611a664707f0de" +docker_release: 24.0.3 +docker_release_shasum: f7bcb029ecb061ed3d647a8fe793b9db26c1a0526716525d6632cc79ee805bcb +docker_release_rootless_shasum: dce01e1c7df0c791dd3ac42d34ac34e8b3e984341e162458e8c36a5ca8caeef5 +docker_bash_completion_shasum: cd9c70120bc5f7e6772b6a5350abf63099004c357814abc8a8a3689a7f2e3df0 +docker_compose_bash_completion_shasum: 9926c945b466fad570ad574089d6a90f7d9ba452a2d6a8ba67611a664707f0de docker_rootful: false docker_rootful_enabled: false docker_rootful_opts: > --live-restore --icc=false --default-ulimit nproc=512:1024 --default-ulimit nofile=100:200 -H fd:// -docker_url: "https://download.docker.com/linux/static/stable/x86_64" +docker_url: https://download.docker.com/linux/static/stable/x86_64 docker_user: dockeruser docker_user_bashrc: false docker_allow_privileged_ports: false docker_allow_ping: false docker_compose: false docker_service_restart: true -... diff --git a/handlers/main.yml b/handlers/main.yml index aa9d8d1..e252e1a 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -7,4 +7,3 @@ state: restarted scope: user when: docker_service_restart -... diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 9ccdacc..44100e9 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -3,6 +3,6 @@ hosts: all any_errors_fatal: true tasks: - - name: "Include Ansible role" + - name: Include Ansible role ansible.builtin.include_role: name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 23ce280..4b60a97 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -85,76 +85,76 @@ provisioner: docker_compose: false platforms: - name: bullseye - box: "debian/bullseye64" + box: debian/bullseye64 config_options: vm.boot_timeout: 600 provider_raw_config_args: - - "customize ['modifyvm', :id, '--natdnshostresolver1', 'on']" + - customize ['modifyvm', :id, '--natdnshostresolver1', 'on'] instance_raw_config_args: - - 'vbguest.auto_update = false' + - vbguest.auto_update = false memory: 1024 - name: debiantesting - box: "debian/testing64" + box: debian/testing64 config_options: vm.boot_timeout: 600 provider_raw_config_args: - - "customize ['modifyvm', :id, '--natdnshostresolver1', 'on']" + - customize ['modifyvm', :id, '--natdnshostresolver1', 'on'] instance_raw_config_args: - - 'vbguest.auto_update = false' + - vbguest.auto_update = false memory: 1024 - name: almalinux8 - box: "almalinux/8" + box: almalinux/8 config_options: vm.boot_timeout: 600 provider_raw_config_args: - - "customize ['modifyvm', :id, '--natdnshostresolver1', 'on']" + - customize ['modifyvm', :id, '--natdnshostresolver1', 'on'] instance_raw_config_args: - - 'vbguest.auto_update = false' + - vbguest.auto_update = false memory: 1024 - name: almalinux9 - box: "almalinux/9" + box: almalinux/9 config_options: vm.boot_timeout: 600 provider_raw_config_args: - - "customize ['modifyvm', :id, '--natdnshostresolver1', 'on']" + - customize ['modifyvm', :id, '--natdnshostresolver1', 'on'] instance_raw_config_args: - - 'vbguest.auto_update = false' + - vbguest.auto_update = false memory: 1024 - name: focal - box: "bento/ubuntu-20.04" + box: bento/ubuntu-20.04 config_options: vm.boot_timeout: 600 instance_raw_config_args: - - 'vbguest.installer_options = { allow_kernel_upgrade: true }' + - "vbguest.installer_options = { allow_kernel_upgrade: true }" memory: 1024 - name: focalroot - box: "bento/ubuntu-20.04" + box: bento/ubuntu-20.04 config_options: vm.boot_timeout: 600 instance_raw_config_args: - - 'vbguest.installer_options = { allow_kernel_upgrade: true }' + - "vbguest.installer_options = { allow_kernel_upgrade: true }" memory: 1024 - name: jammy - box: "ubuntu/jammy64" + box: ubuntu/jammy64 config_options: vm.boot_timeout: 600 synced_folder: false provider_raw_config_args: - - "customize ['modifyvm', :id, '--uart1', '0x3F8', '4']" - - "customize ['modifyvm', :id, '--uartmode1', 'file', File::NULL]" + - customize ['modifyvm', :id, '--uart1', '0x3F8', '4'] + - customize ['modifyvm', :id, '--uartmode1', 'file', File::NULL] instance_raw_config_args: - - 'vbguest.installer_options = { allow_kernel_upgrade: true }' + - "vbguest.installer_options = { allow_kernel_upgrade: true }" memory: 1024 - name: lunar - box: "ubuntu/lunar64" + box: ubuntu/lunar64 config_options: vm.boot_timeout: 600 synced_folder: false provider_raw_config_args: - - "customize ['modifyvm', :id, '--uart1', '0x3F8', '4']" - - "customize ['modifyvm', :id, '--uartmode1', 'file', File::NULL]" + - customize ['modifyvm', :id, '--uart1', '0x3F8', '4'] + - customize ['modifyvm', :id, '--uartmode1', 'file', File::NULL] instance_raw_config_args: - - 'vbguest.installer_options = { allow_kernel_upgrade: true }' + - "vbguest.installer_options = { allow_kernel_upgrade: true }" memory: 1024 verifier: name: ansible diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 18a596e..444586d 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -8,7 +8,7 @@ ansible.builtin.include_vars: dir: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/defaults/" extensions: - - 'yml' + - yml - name: Include host vars ansible.builtin.include_vars: @@ -154,18 +154,17 @@ - name: Container verification block environment: - XDG_RUNTIME_DIR: "/run/user/{{ docker_user_info.uid }}" + XDG_RUNTIME_DIR: /run/user/{{ docker_user_info.uid }} PATH: "{{ docker_user_info.home }}/bin:{{ ansible_env.PATH }}" - DOCKER_HOST: "unix:///run/user/{{ docker_user_info.uid }}/docker.sock" + DOCKER_HOST: unix:///run/user/{{ docker_user_info.uid }}/docker.sock block: - name: Reboot host become: true ansible.builtin.reboot: - - name: Wait for the host and reconnect ansible.builtin.wait_for: port: 22 - host: '{{ (ansible_ssh_host | default(ansible_host)) | default(inventory_hostname) }}' + host: "{{ (ansible_ssh_host | default(ansible_host)) | default(inventory_hostname) }}" delay: 10 timeout: 120 @@ -187,7 +186,7 @@ image: konstruktoid/nginx state: started ports: - - "8080:80" + - 8080:80 cap_drop: all capabilities: - chown @@ -258,7 +257,7 @@ state: started restart: true ports: - - "8081:80" + - 8081:80 cap_drop: all capabilities: - chown @@ -294,7 +293,7 @@ state: started restart: true ports: - - "80:80" + - 80:80 cap_drop: all capabilities: - chown @@ -339,4 +338,3 @@ register: published failed_when: "'nginx' not in published.content" when: docker_allow_privileged_ports | bool -... diff --git a/requirements.yml b/requirements.yml index d83048b..51f1743 100644 --- a/requirements.yml +++ b/requirements.yml @@ -3,4 +3,3 @@ collections: - ansible.posix - community.docker - community.general -... diff --git a/tasks/bashrc.yml b/tasks/bashrc.yml index 4a6bf05..c54968c 100644 --- a/tasks/bashrc.yml +++ b/tasks/bashrc.yml @@ -50,17 +50,17 @@ become: true become_user: "{{ docker_user }}" ansible.builtin.get_url: - url: "https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker" + url: https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker dest: "{{ docker_user_info.home }}/.bash_completion.d/" - checksum: "sha256:{{ docker_bash_completion_shasum }}" + checksum: sha256:{{ docker_bash_completion_shasum }} mode: "0644" - name: Install docker-compose bash completion become: true become_user: "{{ docker_user }}" ansible.builtin.get_url: - url: "https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose" + url: https://raw.githubusercontent.com/docker/compose/1.29.2/contrib/completion/bash/docker-compose dest: "{{ docker_user_info.home }}/.bash_completion.d/" - checksum: "sha256:{{ docker_compose_bash_completion_shasum }}" + checksum: sha256:{{ docker_compose_bash_completion_shasum }} mode: "0644" when: docker_compose diff --git a/tasks/docker_install_rootful.yml b/tasks/docker_install_rootful.yml index f514064..c0db0a3 100644 --- a/tasks/docker_install_rootful.yml +++ b/tasks/docker_install_rootful.yml @@ -1,6 +1,6 @@ --- - name: Update facts - ansible.builtin.setup: ~ + ansible.builtin.setup: tags: - fact @@ -13,7 +13,7 @@ - name: Import Docker gpg key become: true ansible.builtin.get_url: - url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" + url: https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg dest: /etc/apt/trusted.gpg.d/docker.asc mode: "0644" force: true @@ -41,13 +41,13 @@ block: - name: Stat docker-ce.repo file ansible.builtin.stat: - path: "/etc/yum.repos.d/docker-ce.repo" + path: /etc/yum.repos.d/docker-ce.repo register: docker_ce_repo - name: Add Docker yum repo become: true ansible.builtin.command: - cmd: "dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo" + cmd: dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo register: add_yum_repo changed_when: add_yum_repo.rc != 0 failed_when: add_yum_repo.rc != 0 @@ -56,10 +56,9 @@ - name: Install Docker become: true ansible.builtin.package: - name: ['docker-ce', 'docker-ce-rootless-extras'] + name: [docker-ce, docker-ce-rootless-extras] state: present tags: - apt - dnf - docker -... diff --git a/tasks/docker_install_rootless.yml b/tasks/docker_install_rootless.yml index 6807c63..1efe2f3 100644 --- a/tasks/docker_install_rootless.yml +++ b/tasks/docker_install_rootless.yml @@ -34,23 +34,23 @@ - docker when: docker_release not in rootless_docker_version.stdout block: - - name: "Download Docker archive {{ docker_release }}" + - name: Download Docker archive {{ docker_release }} become: true become_user: "{{ docker_user }}" ansible.builtin.get_url: url: "{{ docker_url }}/docker-{{ docker_release }}.tgz" dest: "{{ docker_user_info.home }}/docker-{{ docker_release }}.tgz" - checksum: "sha256:{{ docker_release_shasum }}" + checksum: sha256:{{ docker_release_shasum }} owner: "{{ docker_user }}" mode: "0644" - - name: "Download docker-rootless-extras archive {{ docker_release }}" + - name: Download docker-rootless-extras archive {{ docker_release }} become: true become_user: "{{ docker_user }}" ansible.builtin.get_url: url: "{{ docker_url }}/docker-rootless-extras-{{ docker_release }}.tgz" dest: "{{ docker_user_info.home }}/docker-rootless-extras-{{ docker_release }}.tgz" - checksum: "sha256:{{ docker_release_rootless_shasum }}" + checksum: sha256:{{ docker_release_rootless_shasum }} owner: "{{ docker_user }}" mode: "0644" @@ -100,4 +100,3 @@ tags: - docker - systemd -... diff --git a/tasks/docker_service_rootful.yml b/tasks/docker_service_rootful.yml index 96c65c7..d78b4dc 100644 --- a/tasks/docker_service_rootful.yml +++ b/tasks/docker_service_rootful.yml @@ -37,7 +37,7 @@ become: true become_user: "{{ docker_user }}" ansible.builtin.stat: - path: "/run/user/{{ docker_user_info.uid }}/docker.sock" + path: /run/user/{{ docker_user_info.uid }}/docker.sock register: docker_rootless_sock tags: - docker @@ -55,7 +55,7 @@ become_user: "{{ docker_user }}" environment: PATH: "{{ docker_user_info.home }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" - XDG_RUNTIME_DIR: "/run/user/{{ docker_user_info.uid }}" + XDG_RUNTIME_DIR: /run/user/{{ docker_user_info.uid }} ansible.builtin.command: cmd: dockerd-rootless-setuptool.sh install register: install_rootless_docker @@ -75,4 +75,3 @@ tags: - docker - systemd -... diff --git a/tasks/main.yml b/tasks/main.yml index 74ee1f5..14fb487 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,9 +12,9 @@ - name: Rootful Docker block environment: - XDG_RUNTIME_DIR: "/run/user/{{ docker_user_info.uid }}" + XDG_RUNTIME_DIR: /run/user/{{ docker_user_info.uid }} PATH: "{{ docker_user_info.home }}/bin:{{ ansible_env.PATH }}" - DOCKER_HOST: "unix:///run/user/{{ docker_user_info.uid }}/docker.sock" + DOCKER_HOST: unix:///run/user/{{ docker_user_info.uid }}/docker.sock when: docker_rootful and not (ansible_distribution == "Debian" and ansible_distribution_major_version <= '10') block: - name: Install rootful Docker @@ -25,7 +25,7 @@ - name: Debian information ansible.builtin.fail: - msg: "slirp4netns (>= 0.4.0) is required, currently not available in Debian <= 10" + msg: slirp4netns (>= 0.4.0) is required, currently not available in Debian <= 10 when: docker_rootful and (ansible_distribution == "Debian" and ansible_distribution_major_version <= '10') - name: Install and configure rootless docker @@ -71,7 +71,7 @@ ansible.builtin.lineinfile: path: "{{ ansible_env.HOME }}/.bash_aliases" line: "{{ sudo_alias }}" - regexp: '^alias docker=' + regexp: ^alias docker= state: present create: true mode: "0640" @@ -81,7 +81,7 @@ ansible.builtin.lineinfile: path: "{{ ansible_env.HOME }}/.bashrc" line: "{{ sudo_alias }}" - regexp: '^alias docker=' + regexp: ^alias docker= when: user_bashrc.stat.exists and check_aliases.rc != 0 and not docker_rootful - name: Create docker_rootless.sh @@ -94,4 +94,3 @@ - name: Deploy bash completion ansible.builtin.include_tasks: bashrc.yml when: docker_user_bashrc -... diff --git a/tasks/manage_user.yml b/tasks/manage_user.yml index 337e971..23af732 100644 --- a/tasks/manage_user.yml +++ b/tasks/manage_user.yml @@ -21,7 +21,7 @@ - name: Ensure Docker user is lingering ansible.builtin.stat: - path: "/var/lib/systemd/linger/{{ docker_user }}" + path: /var/lib/systemd/linger/{{ docker_user }} register: docker_user_lingering tags: - user @@ -30,7 +30,7 @@ - name: Enable lingering for the Docker user become: true ansible.builtin.command: - cmd: "loginctl enable-linger {{ docker_user }}" + cmd: loginctl enable-linger {{ docker_user }} register: enable_lingering changed_when: enable_lingering.rc != 0 failed_when: enable_lingering.rc != 0 @@ -48,4 +48,3 @@ mode: "0700" tags: - user -... diff --git a/tasks/pre.yml b/tasks/pre.yml index 16c44a9..36127c8 100644 --- a/tasks/pre.yml +++ b/tasks/pre.yml @@ -12,10 +12,22 @@ - name: Install Debian family packages ansible.builtin.apt: - name: ['acl', 'apt-transport-https', 'ca-certificates', 'curl', - 'dbus-user-session', 'gnupg', 'iptables', 'libpam-systemd', - 'lsb-release', 'python3-docker', 'python3-pexpect', 'python3-pip', - 'python3-six', 'slirp4netns', 'uidmap'] + name: + - acl + - apt-transport-https + - ca-certificates + - curl + - dbus-user-session + - gnupg + - iptables + - libpam-systemd + - lsb-release + - python3-docker + - python3-pexpect + - python3-pip + - python3-six + - slirp4netns + - uidmap state: present install_recommends: false tags: @@ -40,7 +52,7 @@ block: - name: Install RedHat family packages ansible.builtin.dnf: - name: ['curl', 'iptables', 'python3-pip'] + name: [curl, iptables, python3-pip] state: present tags: - dnf @@ -48,7 +60,7 @@ - name: Install RedHat family slirp4netns ansible.builtin.dnf: - name: 'slirp4netns' + name: slirp4netns state: present when: ansible_distribution != "Amazon" tags: @@ -57,7 +69,7 @@ - name: Install slirp4netns binary ansible.builtin.get_url: - url: "https://github.com/rootless-containers/slirp4netns/releases/download/v1.2.0/slirp4netns-x86_64" + url: https://github.com/rootless-containers/slirp4netns/releases/download/v1.2.0/slirp4netns-x86_64 dest: /usr/bin/slirp4netns checksum: sha256:11080fdfb2c47b99f2b0c2b72d92cc64400d0eaba11c1ec34f779e17e8844360 owner: root @@ -70,7 +82,7 @@ - name: Python3-rpm installation ansible.builtin.dnf: - name: "python3-rpm" + name: python3-rpm state: present when: ansible_distribution == "RedHat" tags: @@ -80,7 +92,7 @@ - name: Install python3 setuptools ansible.builtin.dnf: - name: "python3-setuptools" + name: python3-setuptools state: present when: ansible_distribution == "AlmaLinux" tags: @@ -116,9 +128,7 @@ sysctl_set: true state: present reload: true - when: ansible_distribution == "Debian" and - (ansible_distribution_version | int != 0 and - ansible_distribution_version is version('11', '<')) + when: ansible_distribution == "Debian" and (ansible_distribution_version | int != 0 and ansible_distribution_version is version('11', '<')) tags: - sysctl @@ -151,8 +161,7 @@ community.general.modprobe: name: overlay state: present - params: 'permit_mounts_in_userns=1' + params: permit_mounts_in_userns=1 when: ansible_distribution == "Debian" tags: - modprobe -... diff --git a/tests/test.yml b/tests/test.yml index e0bcaed..c55dd33 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -6,4 +6,3 @@ - name: Include konstruktoid.docker_rootless ansible.builtin.include_role: name: konstruktoid.docker_rootless -... diff --git a/tox.ini b/tox.ini index 62201c9..b6a359d 100644 --- a/tox.ini +++ b/tox.ini @@ -15,6 +15,7 @@ deps = molecule-plugins[vagrant]@git+https://github.com/ansible-community/molecule-plugins.git https://github.com/ansible/ansible/archive/devel.tar.gz git+https://github.com/docker/docker-py.git + urllib3<2 commands = ansible-galaxy install -r requirements.yml ansible-lint @@ -30,6 +31,7 @@ deps = ansible-lint docker molecule-plugins[vagrant] + urllib3<2 commands = ansible-galaxy install -r requirements.yml ansible-lint