ara | File #114: ...system-config/playbooks/roles/install-docker/tasks/Ubuntu.noble.yaml

Playbook #6

/home/zuul/src/opendev.org/opendev/system-config/playbooks/service-gitea-lb.yaml

Report

Status

CLI

Date

Duration

Controller

User

Versions

Hosts

Plays

Tasks

Results

Files

Records

Date
27 Oct 2025 19:38:19 +0000
Path
/home/zuul/src/opendev.org/opendev/system-config/playbooks/service-gitea-lb.yaml

Argument	Value
version	None
verbosity	1
private_key_file	None
remote_user	None
connection	smart
timeout	10
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/zuul/src/opendev.org/opendev/system-config/inventory/base/gate-hosts.yaml', '/home/zuul/src/opendev.org/opendev/system-config/inventory/service/groups.yaml', '/etc/ansible/hosts/gate-groups.yaml']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	50
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['/home/zuul/src/opendev.org/opendev/system-config/playbooks/service-gitea-lb.yaml']

27 Oct 2025 19:38:19 +0000

00:01:25.72

bridge99.opendev.org

root

Ansible 2.15.13

ara 1.7.3 (client), 1.7.3 (server)

Python 3.10.12

check:False tags:all

File: /home/zuul/src/opendev.org/opendev/system-config/playbooks/roles/install-docker/tasks/Ubuntu.noble.yaml

# We currently only install docker-compose-v2 and podman from the distro
# on Ubuntu Noble. This also pulls in the docker runtime from the distro
# which we're going to not use. This approach may change if the combo
# stops working.

- name: Install docker-compose-v2 and podman and friends
  become: true
  apt:
    name:
      - docker-compose-v2
      # "new" releases of docker-compose-v2 don't depend on this
      # but our playbooks rely on it being there.
      - docker.io
      - podman
      - uidmap
      - slirp4netns
      - fuse-overlayfs
      - containernetworking-plugins
      # This enables container network dns resolution:
      - golang-github-containernetworking-plugin-dnsname
      # TODO do we need these extra tools?
      - buildah
      - skopeo
      # Production nodes have apparmor but CI nodes don't. List it
      # explicitly here to resolve the delta. The old docker upstream
      # install path also installed apparmor.
      - apparmor
    state: present

- name: Disable docker daemon service
  # We want /usr/bin/docker but don't need or want the docker service
  become: true
  service:
    name: docker
    state: stopped
    enabled: false

- name: Disable docker socket service
  # We want /usr/bin/docker but don't need or want the docker socket
  become: true
  service:
    name: docker.socket
    state: stopped
    enabled: false

# We add this config so that if docker starts it doesn't conflict
# with podman. Mostly belts and suspenders here.
- name: Add docker socket override config
  become: true
  copy:
    src: docker.socket.override.conf
    dest: /etc/systemd/system/docker.socket
    owner: root
    group: root
    mode: '0644'

# Configure the podman socket to pretend to be a docker socket
- name: Add podman socket override config
  become: true
  copy:
    src: podman.socket.override.conf
    dest: /etc/systemd/system/podman.socket
    owner: root
    group: root
    mode: '0644'
  register: write_podman_sock_config

- name: Reconfigure the podman services
  # We use the podman service instead
  become: true
  systemd_service:
    name: podman.socket
    daemon_reload: true
    state: restarted
    enabled: true
  when: write_podman_sock_config.changed

# Currently we assume container management will be performed by root.
# For this reason we don't do any special group management. However,
# if this changes this is a good location to update groups and reset
# the ansible ssh connection.

- name: Add docker-compose to docker compose shim
  become: true
  copy:
    src: docker-compose.shim
    dest: /usr/local/bin/docker-compose
    owner: root
    group: root
    mode: '0755'