From e33df01eec67eaad87a07fe0d2bf5d6e10a1fa51 Mon Sep 17 00:00:00 2001 From: Administrator Date: Tue, 24 Mar 2026 16:10:32 +0500 Subject: [PATCH] Update 2 files - /roles/base_setup/tasks/main.yml - /roles/docker/tasks/main.yml --- roles/base_setup/tasks/main.yml | 42 ----------------------- roles/docker/tasks/main.yml | 60 ++++++++++++++++++++++++++++----- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml index 08b79cf..071263c 100644 --- a/roles/base_setup/tasks/main.yml +++ b/roles/base_setup/tasks/main.yml @@ -27,48 +27,6 @@ become: yes tags: [deploy_base] -# ========== Docker Pinning for LXC ========== -- name: Pin Docker packages for LXC containers - block: - - name: Hold Docker packages - dpkg_selections: - name: "{{ item.split('=')[0] }}" - selection: hold - loop: "{{ docker_pinned_packages }}" - become: yes - - - name: Ensure Docker packages at pinned versions - apt: - name: "{{ item }}" - state: present - allow_downgrade: yes - allow_change_held_packages: yes - loop: "{{ docker_pinned_packages }}" - become: yes - notify: restart docker - - - name: Configure APT to never upgrade Docker components - copy: - content: | - # Never auto-upgrade these packages in LXC containers - Package: containerd.io runc docker-ce docker-ce-cli - Pin: release * - Pin-Priority: -1 - dest: /etc/apt/preferences.d/docker-pin - owner: root - mode: '0644' - become: yes - - - name: Show Docker pinning status - debug: - msg: "Docker packages pinned for LXC: {{ docker_pinned_packages }}" - when: - - lxc_docker_pin_enabled | default(true) - - ansible_virtualization_type in ['lxc', 'container'] - - ansible_distribution == 'Ubuntu' - - ansible_distribution_version == '24.04' - tags: [deploy_base, docker_pin] - # ========== System Configuration ========== - name: Disable IPv6 via sysctl sysctl: diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index b1b7089..97cffba 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -1,4 +1,20 @@ --- +# ============================================================================= +# DOCKER ROLE - tasks/main.yml +# ============================================================================= + +# ========== Fix runc BEFORE Docker install (LXC safety) ========== +- name: Ensure runc at safe version before Docker install (LXC only) + apt: + name: "runc=1.1.12-0ubuntu3" + state: present + allow_downgrade: yes + allow_change_held_packages: yes + become: yes + tags: [docker, deploy_docker] + when: ansible_virtualization_type in ['lxc', 'container'] + +# ========== Install Docker ========== - name: Install Docker dependencies apt: name: @@ -9,18 +25,25 @@ - lsb-release state: present update_cache: yes + become: yes + tags: [docker, deploy_docker] - name: Add Docker GPG key apt_key: url: https://download.docker.com/linux/ubuntu/gpg state: present + become: yes + tags: [docker, deploy_docker] - name: Add Docker repository apt_repository: repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present + update_cache: yes + become: yes + tags: [docker, deploy_docker] -- name: Install Docker +- name: Install Docker packages apt: name: - docker-ce @@ -28,40 +51,56 @@ - containerd.io state: present update_cache: yes + allow_downgrade: yes + allow_change_held_packages: yes + become: yes + notify: restart docker + tags: [docker, deploy_docker] -- name: Install Docker Compose +- name: Install Docker Compose plugin apt: name: docker-compose-plugin state: present + become: yes + tags: [docker, deploy_docker] - name: Start and enable Docker service systemd: name: docker state: started enabled: yes + daemon_reload: yes + become: yes + tags: [docker, deploy_docker] - name: Wait for Docker to start pause: seconds: 5 + tags: [docker, deploy_docker] - name: Verify Docker installation command: docker --version register: docker_version changed_when: false + tags: [docker, deploy_docker] - name: Show Docker version debug: msg: "Docker version: {{ docker_version.stdout }}" + tags: [docker, deploy_docker] - name: Verify Docker Compose installation command: docker compose version register: docker_compose_version changed_when: false + tags: [docker, deploy_docker] - name: Show Docker Compose version debug: msg: "Docker Compose version: {{ docker_compose_version.stdout }}" + tags: [docker, deploy_docker] +# ========== Docker Monitoring Setup ========== - name: Setup Docker monitoring block: - name: Create scripts directory @@ -155,16 +194,19 @@ - name: Show Docker metrics test result debug: var: metrics_test.stdout + tags: [docker, deploy_docker, monitoring] -# ========== Fix Docker runc version ========== -- name: Check current runc version +# ========== Optional: Manual runc update for non-LXC hosts ========== +- name: Check current runc version (non-LXC only) command: runc --version register: runc_version_check ignore_errors: yes changed_when: false become: yes + when: ansible_virtualization_type not in ['lxc', 'container'] + tags: [docker, runc_update] -- name: Download and update runc to v1.2.4 if needed +- name: Update runc to v1.2.4 if needed (non-LXC only) block: - name: Download runc v1.2.4 get_url: @@ -214,9 +256,9 @@ debug: msg: "runc updated to version: {{ new_runc_version.stdout }}" become: yes - when: - - runc_version_check is failed or - "'1.2.4' not in runc_version_check.stdout" + - ansible_virtualization_type not in ['lxc', 'container'] + - runc_version_check is failed or "'1.2.4' not in runc_version_check.stdout" - ansible_architecture == "x86_64" - become: yes \ No newline at end of file + become: yes + tags: [docker, runc_update] \ No newline at end of file