From 090a12eb3cefb84733c63ffd1e5dc7e15d35c444 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 24 Mar 2026 16:12:57 +0500 Subject: [PATCH] Update file main.yml --- roles/docker/tasks/main.yml | 128 +++++++++++++----------------------- 1 file changed, 44 insertions(+), 84 deletions(-) diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index 97cffba..e2d9963 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,7 +1,27 @@ --- -# ============================================================================= -# DOCKER ROLE - tasks/main.yml -# ============================================================================= + +# ========== Cleanup conflicting Docker repo configs (LXC safety) ========== +- name: Remove conflicting Docker repository files + file: + path: "{{ item }}" + state: absent + loop: + - /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list + - /etc/apt/sources.list.d/docker-ce.list + - /etc/apt/sources.list.d/docker.list + become: yes + tags: [docker, deploy_docker] + +- name: Remove old Docker GPG keys + file: + path: "{{ item }}" + state: absent + loop: + - /etc/apt/keyrings/docker.gpg + - /usr/share/keyrings/docker-archive-keyring.gpg + - /usr/share/keyrings/docker.gpg + become: yes + tags: [docker, deploy_docker] # ========== Fix runc BEFORE Docker install (LXC safety) ========== - name: Ensure runc at safe version before Docker install (LXC only) @@ -28,18 +48,35 @@ become: yes tags: [docker, deploy_docker] +- name: Create keyrings directory + file: + path: /etc/apt/keyrings + state: directory + mode: '0755' + become: yes + tags: [docker, deploy_docker] + - name: Add Docker GPG key apt_key: url: https://download.docker.com/linux/ubuntu/gpg + keyring: /etc/apt/keyrings/docker.gpg state: present become: yes tags: [docker, deploy_docker] -- name: Add Docker repository +- name: Add Docker repository (without cache update) apt_repository: - repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" + filename: docker state: present + update_cache: no # ← Важно: не обновлять кэш здесь! + become: yes + tags: [docker, deploy_docker] + +- name: Update apt cache after adding Docker repo + apt: update_cache: yes + cache_valid_time: 3600 become: yes tags: [docker, deploy_docker] @@ -50,7 +87,6 @@ - docker-ce-cli - containerd.io state: present - update_cache: yes allow_downgrade: yes allow_change_held_packages: yes become: yes @@ -114,21 +150,15 @@ copy: content: | #!/bin/bash - # Docker metrics script for Node Exporter textfile collector - OUTFILE="/var/lib/node_exporter/textfile_collector/docker_metrics.prom" - - # Get container counts TOTAL_CONTAINERS=$(docker ps -a -q 2>/dev/null | wc -l) RUNNING_CONTAINERS=$(docker ps -q 2>/dev/null | wc -l) EXITED_CONTAINERS=$((TOTAL_CONTAINERS - RUNNING_CONTAINERS)) - - # Write metrics in Prometheus format cat << EOF > $OUTFILE # HELP docker_containers_total Total number of Docker containers # TYPE docker_containers_total gauge docker_containers_total $TOTAL_CONTAINERS - # HELP docker_containers_running Number of running Docker containers + # HELP docker_containers_running Number of running Docker containers # TYPE docker_containers_running gauge docker_containers_running $RUNNING_CONTAINERS # HELP docker_containers_exited Number of exited Docker containers @@ -145,7 +175,6 @@ [Unit] Description=Docker metrics script After=docker.service - [Service] User=root ExecStart=/opt/scripts/docker_metrics.sh @@ -158,11 +187,9 @@ content: | [Unit] Description=Run Docker metrics every 30 seconds - [Timer] OnBootSec=1min OnUnitActiveSec=30s - [Install] WantedBy=timers.target dest: /etc/systemd/system/docker-metrics.timer @@ -194,71 +221,4 @@ - name: Show Docker metrics test result debug: var: metrics_test.stdout - tags: [docker, deploy_docker, monitoring] - -# ========== Optional: Manual runc update for non-LXC hosts ========== -- name: Check current runc version (non-LXC only) - command: runc --version - register: runc_version_check - ignore_errors: yes - changed_when: false - become: yes - when: ansible_virtualization_type not in ['lxc', 'container'] - tags: [docker, runc_update] - -- name: Update runc to v1.2.4 if needed (non-LXC only) - block: - - name: Download runc v1.2.4 - get_url: - url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64 - dest: /tmp/runc.amd64 - mode: '0755' - become: yes - - - name: Stop docker service - systemd: - name: docker - state: stopped - become: yes - - - name: Backup existing runc - command: mv /usr/bin/runc /usr/bin/runc.bak - args: - creates: /usr/bin/runc.bak - become: yes - - - name: Install new runc - copy: - src: /tmp/runc.amd64 - dest: /usr/bin/runc - remote_src: yes - mode: '0755' - become: yes - - - name: Start docker service - systemd: - name: docker - state: started - become: yes - - - name: Clean up temporary runc file - file: - path: /tmp/runc.amd64 - state: absent - become: yes - - - name: Verify new runc version - command: runc --version - register: new_runc_version - become: yes - - - name: Show runc update result - debug: - msg: "runc updated to version: {{ new_runc_version.stdout }}" - become: yes - when: - - ansible_virtualization_type not in ['lxc', 'container'] - - runc_version_check is failed or "'1.2.4' not in runc_version_check.stdout" - - ansible_architecture == "x86_64" - become: yes - tags: [docker, runc_update] \ No newline at end of file + tags: [docker, deploy_docker, monitoring] \ No newline at end of file