Update file main.yml

roles/docker/tasks/main.yml

@@ -1,7 +1,27 @@
 ---
-# =============================================================================
+
-# DOCKER ROLE - tasks/main.yml
+# ========== Cleanup conflicting Docker repo configs (LXC safety) ==========
-# =============================================================================
+- name: Remove conflicting Docker repository files
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list
+    - /etc/apt/sources.list.d/docker-ce.list
+    - /etc/apt/sources.list.d/docker.list
+  become: yes
+  tags: [docker, deploy_docker]
+
+- name: Remove old Docker GPG keys
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/apt/keyrings/docker.gpg
+    - /usr/share/keyrings/docker-archive-keyring.gpg
+    - /usr/share/keyrings/docker.gpg
+  become: yes
+  tags: [docker, deploy_docker]
 
 # ========== Fix runc BEFORE Docker install (LXC safety) ==========
 - name: Ensure runc at safe version before Docker install (LXC only)
@@ -28,18 +48,35 @@
   become: yes
   tags: [docker, deploy_docker]
 
+- name: Create keyrings directory
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+  become: yes
+  tags: [docker, deploy_docker]
+
 - name: Add Docker GPG key
   apt_key:
     url: https://download.docker.com/linux/ubuntu/gpg
+    keyring: /etc/apt/keyrings/docker.gpg
     state: present
   become: yes
   tags: [docker, deploy_docker]
 
-- name: Add Docker repository
+- name: Add Docker repository (without cache update)
   apt_repository:
-    repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+    filename: docker
     state: present
+    update_cache: no  # ← Важно: не обновлять кэш здесь!
+  become: yes
+  tags: [docker, deploy_docker]
+
+- name: Update apt cache after adding Docker repo
+  apt:
     update_cache: yes
+    cache_valid_time: 3600
   become: yes
   tags: [docker, deploy_docker]
 
@@ -50,7 +87,6 @@
       - docker-ce-cli
       - containerd.io
     state: present
-    update_cache: yes
     allow_downgrade: yes
     allow_change_held_packages: yes
   become: yes
@@ -114,16 +150,10 @@
       copy:
         content: |
           #!/bin/bash
-          # Docker metrics script for Node Exporter textfile collector
-          
           OUTFILE="/var/lib/node_exporter/textfile_collector/docker_metrics.prom"
-          
-          # Get container counts
           TOTAL_CONTAINERS=$(docker ps -a -q 2>/dev/null | wc -l)
           RUNNING_CONTAINERS=$(docker ps -q 2>/dev/null | wc -l)
           EXITED_CONTAINERS=$((TOTAL_CONTAINERS - RUNNING_CONTAINERS))
-          
-          # Write metrics in Prometheus format
           cat << EOF > $OUTFILE
           # HELP docker_containers_total Total number of Docker containers
           # TYPE docker_containers_total gauge
@@ -145,7 +175,6 @@
           [Unit]
           Description=Docker metrics script
           After=docker.service
-          
           [Service]
           User=root
           ExecStart=/opt/scripts/docker_metrics.sh
@@ -158,11 +187,9 @@
         content: |
           [Unit]
           Description=Run Docker metrics every 30 seconds
-          
           [Timer]
           OnBootSec=1min
           OnUnitActiveSec=30s
-          
           [Install]
           WantedBy=timers.target
         dest: /etc/systemd/system/docker-metrics.timer
@@ -195,70 +222,3 @@
       debug:
         var: metrics_test.stdout
   tags: [docker, deploy_docker, monitoring]
-
-# ========== Optional: Manual runc update for non-LXC hosts ==========
-- name: Check current runc version (non-LXC only)
-  command: runc --version
-  register: runc_version_check
-  ignore_errors: yes
-  changed_when: false
-  become: yes
-  when: ansible_virtualization_type not in ['lxc', 'container']
-  tags: [docker, runc_update]
-
-- name: Update runc to v1.2.4 if needed (non-LXC only)
-  block:
-    - name: Download runc v1.2.4
-      get_url:
-        url: https://github.com/opencontainers/runc/releases/download/v1.2.4/runc.amd64
-        dest: /tmp/runc.amd64
-        mode: '0755'
-      become: yes
-
-    - name: Stop docker service
-      systemd:
-        name: docker
-        state: stopped
-      become: yes
-
-    - name: Backup existing runc
-      command: mv /usr/bin/runc /usr/bin/runc.bak
-      args:
-        creates: /usr/bin/runc.bak
-      become: yes
-
-    - name: Install new runc
-      copy:
-        src: /tmp/runc.amd64
-        dest: /usr/bin/runc
-        remote_src: yes
-        mode: '0755'
-      become: yes
-
-    - name: Start docker service
-      systemd:
-        name: docker
-        state: started
-      become: yes
-
-    - name: Clean up temporary runc file
-      file:
-        path: /tmp/runc.amd64
-        state: absent
-      become: yes
-
-    - name: Verify new runc version
-      command: runc --version
-      register: new_runc_version
-      become: yes
-
-    - name: Show runc update result
-      debug:
-        msg: "runc updated to version: {{ new_runc_version.stdout }}"
-      become: yes
-  when: 
-    - ansible_virtualization_type not in ['lxc', 'container']
-    - runc_version_check is failed or "'1.2.4' not in runc_version_check.stdout"
-    - ansible_architecture == "x86_64"
-  become: yes
-  tags: [docker, runc_update]