Update 2 files

- /roles/base_setup/tasks/main.yml - /roles/docker/tasks/main.yml
2026-03-24 16:10:32 +05:00 · 2026-03-24 16:10:32 +05:00 · e33df01eec
commit e33df01eec
parent 9d904143c5
2 changed files with 51 additions and 51 deletions
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@ -27,48 +27,6 @@
  become: yes
  tags: [deploy_base]

-# ========== Docker Pinning for LXC ==========
- name: Pin Docker packages for LXC containers
-  block:
-    - name: Hold Docker packages
-      dpkg_selections:
-        name: "{{ item.split('=')[0] }}"
-        selection: hold
-      loop: "{{ docker_pinned_packages }}"
-      become: yes
-
-    - name: Ensure Docker packages at pinned versions
-      apt:
-        name: "{{ item }}"
-        state: present
-        allow_downgrade: yes
-        allow_change_held_packages: yes
-      loop: "{{ docker_pinned_packages }}"
-      become: yes
-      notify: restart docker
-
-    - name: Configure APT to never upgrade Docker components
-      copy:
-        content: |
-          # Never auto-upgrade these packages in LXC containers
-          Package: containerd.io runc docker-ce docker-ce-cli
-          Pin: release *
-          Pin-Priority: -1
-        dest: /etc/apt/preferences.d/docker-pin
-        owner: root
-        mode: '0644'
-      become: yes
-
-    - name: Show Docker pinning status
-      debug:
-        msg: "Docker packages pinned for LXC: {{ docker_pinned_packages }}"
-  when:
-    - lxc_docker_pin_enabled | default(true)
-    - ansible_virtualization_type in ['lxc', 'container']
-    - ansible_distribution == 'Ubuntu'
-    - ansible_distribution_version == '24.04'
-  tags: [deploy_base, docker_pin]
-
 # ========== System Configuration ==========
 - name: Disable IPv6 via sysctl
  sysctl:
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -1,4 +1,20 @@
 ---
+# =============================================================================
+# DOCKER ROLE - tasks/main.yml
+# =============================================================================
+
+# ========== Fix runc BEFORE Docker install (LXC safety) ==========
+- name: Ensure runc at safe version before Docker install (LXC only)
+  apt:
+    name: "runc=1.1.12-0ubuntu3"
+    state: present
+    allow_downgrade: yes
+    allow_change_held_packages: yes
+  become: yes
+  tags: [docker, deploy_docker]
+  when: ansible_virtualization_type in ['lxc', 'container']
+
+# ========== Install Docker ==========
 - name: Install Docker dependencies
  apt:
    name:
@ -9,18 +25,25 @@
      - lsb-release
    state: present
    update_cache: yes
+  become: yes
+  tags: [docker, deploy_docker]

 - name: Add Docker GPG key
  apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
    state: present
+  become: yes
+  tags: [docker, deploy_docker]

 - name: Add Docker repository
  apt_repository:
    repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
    state: present
+    update_cache: yes
+  become: yes
+  tags: [docker, deploy_docker]

- name: Install Docker
+- name: Install Docker packages
  apt:
    name:
      - docker-ce
@ -28,40 +51,56 @@
      - containerd.io
    state: present
    update_cache: yes
+    allow_downgrade: yes
+    allow_change_held_packages: yes
+  become: yes
+  notify: restart docker
+  tags: [docker, deploy_docker]

- name: Install Docker Compose
+- name: Install Docker Compose plugin
  apt:
    name: docker-compose-plugin
    state: present
+  become: yes
+  tags: [docker, deploy_docker]

 - name: Start and enable Docker service
  systemd:
    name: docker
    state: started
    enabled: yes
+    daemon_reload: yes
+  become: yes
+  tags: [docker, deploy_docker]

 - name: Wait for Docker to start
  pause:
    seconds: 5
+  tags: [docker, deploy_docker]

 - name: Verify Docker installation
  command: docker --version
  register: docker_version
  changed_when: false
+  tags: [docker, deploy_docker]

 - name: Show Docker version
  debug:
    msg: "Docker version: {{ docker_version.stdout }}"
+  tags: [docker, deploy_docker]

 - name: Verify Docker Compose installation
  command: docker compose version
  register: docker_compose_version
  changed_when: false
+  tags: [docker, deploy_docker]

 - name: Show Docker Compose version
  debug:
    msg: "Docker Compose version: {{ docker_compose_version.stdout }}"
+  tags: [docker, deploy_docker]

+# ========== Docker Monitoring Setup ==========
 - name: Setup Docker monitoring
  block:
    - name: Create scripts directory
@ -155,16 +194,19 @@
    - name: Show Docker metrics test result
      debug:
        var: metrics_test.stdout
+  tags: [docker, deploy_docker, monitoring]

-# ========== Fix Docker runc version ==========
- name: Check current runc version
+# ========== Optional: Manual runc update for non-LXC hosts ==========
+- name: Check current runc version (non-LXC only)
  command: runc --version
  register: runc_version_check
  ignore_errors: yes
  changed_when: false
  become: yes
+  when: ansible_virtualization_type not in ['lxc', 'container']
+  tags: [docker, runc_update]

- name: Download and update runc to v1.2.4 if needed
+- name: Update runc to v1.2.4 if needed (non-LXC only)
  block:
    - name: Download runc v1.2.4
      get_url:
@ -214,9 +256,9 @@
      debug:
        msg: "runc updated to version: {{ new_runc_version.stdout }}"
      become: yes
-
  when: 
-    - runc_version_check is failed or 
-      "'1.2.4' not in runc_version_check.stdout"
+    - ansible_virtualization_type not in ['lxc', 'container']
+    - runc_version_check is failed or "'1.2.4' not in runc_version_check.stdout"
    - ansible_architecture == "x86_64"
-  become: yes
+  become: yes
+  tags: [docker, runc_update]