Conversation
| - name: Add Docker Repository | ||
| ansible.builtin.apt_repository: | ||
| repo: deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable | ||
| repo: deb [arch={{ ansible_architecture | replace('x86_64', 'amd64') | replace('aarch64', 'arm64') }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable | ||
| state: present |
There was a problem hiding this comment.
I would add a filename so this custom apt repository lands in the subfolder sources.list.d
https://docs.ansible.com/projects/ansible/latest/collections/ansible/builtin/apt_repository_module.html
You may have to cleanup the old sources list file (manually or with Ansible once).
I suggest docker-ce(.list) (CE stands for Community Edition), same as Docker uses it for other OS:
With this, we have a predictable repo source list name, otherwise it is dependent on the URL.
| - name: Add Docker Repository | |
| ansible.builtin.apt_repository: | |
| repo: deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable | |
| repo: deb [arch={{ ansible_architecture | replace('x86_64', 'amd64') | replace('aarch64', 'arm64') }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable | |
| state: present | |
| - name: Add Docker Repository | |
| ansible.builtin.apt_repository: | |
| repo: deb [arch={{ ansible_architecture | replace('x86_64', 'amd64') | replace('aarch64', 'arm64') }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable | |
| filename: docker-ce | |
| state: present |
| - name: Install required system packages | ||
| ansible.builtin.apt: | ||
| name: '{{ item }}' | ||
| state: latest |
There was a problem hiding this comment.
IDK if this is a good idea for production. Shouldn't it be present below?
There was a problem hiding this comment.
I think the packages that are in the loop below are not critical.
I think it is fine to update them every time this playbook is executed and keeping for example ca-certificates up-to-date is very important.
There was a problem hiding this comment.
Yeah, I’m fine with leaving it like this. I just wanted to point out that using state: latest can have the side effect of automatically upgrading packages, which might sometimes cause unexpected changes. That said, I agree that keeping things like ca-certificates up-to-date is important, so it’s probably fine for this playbook.
There was a problem hiding this comment.
On that note, I checked all files of this repo and I think we should add "live-restore": true to the templates/daemon.json.j2.
We always used this at my old workplace, which led to fewer downtimes when we updated docker-ce.
Then systemctl restart docker no longer causes downtimes for bugfix patches.
There was a problem hiding this comment.
And I would move Adjust Docker logging strategy before Update apt and install docker-ce.
Installing docker-ce does not create the file /etc/docker/daemon.json, so this daemon config should already apply on the first install.
There was a problem hiding this comment.
Nevermind about the last comment, you restart the docker daemon in the next step.
3 participants
When updating a server I get this error:
This configuration should fix it.