Merge branch 'geerlingguy:master' into master

Allow change obsolete packages

.github/stale.yml

@@ -1,57 +0,0 @@
-# Configuration for probot-stale - https://github.com/probot/stale
----
-# Number of days of inactivity before an Issue or Pull Request becomes stale
-daysUntilStale: 90
-
-# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
-# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
-daysUntilClose: 30
-
-# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
-onlyLabels: []
-
-# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
-exemptLabels:
-  - bug
-  - pinned
-  - security
-  - planned
-
-# Set to true to ignore issues in a project (defaults to false)
-exemptProjects: false
-
-# Set to true to ignore issues in a milestone (defaults to false)
-exemptMilestones: false
-
-# Set to true to ignore issues with an assignee (defaults to false)
-exemptAssignees: false
-
-# Label to use when marking as stale
-staleLabel: stale
-
-# Limit the number of actions per hour, from 1-30. Default is 30
-limitPerRun: 30
-
-pulls:
-  markComment: |-
-    This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
-
-  unmarkComment: >-
-    This pull request is no longer marked for closure.
-
-  closeComment: >-
-    This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
-
-issues:
-  markComment: |-
-    This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
-
-    Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
-
-  unmarkComment: >-
-    This issue is no longer marked for closure.
-
-  closeComment: >-
-    This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.

.github/workflows/ci.yml

@@ -19,12 +19,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 
@@ -41,22 +41,21 @@ jobs:
     strategy:
       matrix:
         distro:
-          - rockylinux8
+          - rockylinux9
+          - ubuntu2404
           - ubuntu2204
-          - ubuntu2004
-          - ubuntu1804
+          - debian12
           - debian11
-          - debian10
-          - fedora34
+          - fedora40
 
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 

.github/workflows/release.yml

@@ -22,12 +22,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the codebase.
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           path: 'geerlingguy.docker'
 
       - name: Set up Python 3.
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.x'
 

.github/workflows/stale.yml

@@ -0,0 +1,34 @@
+---
+name: Close inactive issues
+'on':
+  schedule:
+    - cron: "55 6 * * 1"  # semi-random time
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v8
+        with:
+          days-before-stale: 120
+          days-before-close: 60
+          exempt-issue-labels: bug,pinned,security,planned
+          exempt-pr-labels: bug,pinned,security,planned
+          stale-issue-label: "stale"
+          stale-pr-label: "stale"
+          stale-issue-message: |
+            This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-issue-message: |
+            This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          stale-pr-message: |
+            This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
+            
+            Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
+          close-pr-message: |
+            This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.yamllint

@@ -7,5 +7,4 @@ rules:
     level: warning
 
 ignore: |
-  .github/stale.yml
-  .travis.yml
+  .github/workflows/stale.yml

README.md

@@ -12,80 +12,113 @@ None.
 
 Available variables are listed below, along with default values (see `defaults/main.yml`):
 
-    # Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
-    docker_edition: 'ce'
-    docker_packages:
-        - "docker-{{ docker_edition }}"
-        - "docker-{{ docker_edition }}-cli"
-        - "docker-{{ docker_edition }}-rootless-extras"
-    docker_packages_state: present
+```yaml
+# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
+docker_edition: 'ce'
+docker_packages:
+    - "docker-{{ docker_edition }}"
+    - "docker-{{ docker_edition }}-cli"
+    - "docker-{{ docker_edition }}-rootless-extras"
+docker_packages_state: present
+```
 
 The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). 
 You can also specify a specific version of Docker to install using the distribution-specific format: 
 Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>` (Note: you have to add this to all packages);
 Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>` (Note: you have to add this to all packages).
 
-You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
+You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
 
-    docker_service_manage: true
-    docker_service_state: started
-    docker_service_enabled: true
-    docker_restart_handler_state: restarted
+```yaml
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - podman-docker
+  - containerd
+  - runc
+```
+
+A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed.
+
+```yaml
+docker_service_manage: true
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+```
 
 Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
 
-    docker_install_compose_plugin: false
-    docker_compose_package: docker-compose-plugin
-    docker_compose_package_state: present
+```yaml
+docker_install_compose_plugin: false
+docker_compose_package: docker-compose-plugin
+docker_compose_package_state: present
+```
 
 Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
 
-    docker_install_compose: true
-    docker_compose_version: "1.26.0"
-    docker_compose_arch: "{{ ansible_architecture }}"
-    docker_compose_path: /usr/local/bin/docker-compose
+```yaml
+docker_install_compose: true
+docker_compose_version: "1.26.0"
+docker_compose_arch: "{{ ansible_architecture }}"
+docker_compose_path: /usr/local/bin/docker-compose
+```
 
 Docker Compose installation options.
 
-    docker_add_repo: true
+```yaml
+docker_add_repo: true
+```
 
 Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own.
 
-    docker_repo_url: https://download.docker.com/linux
+```yaml
+docker_repo_url: https://download.docker.com/linux
+```
 
 The main Docker repo URL, common between Debian and RHEL systems.
 
-    docker_apt_release_channel: stable
-    docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
-    docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
-    docker_apt_ignore_key_error: True
-    docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+```yaml
+docker_apt_release_channel: stable
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_ignore_key_error: True
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_filename: "docker"
+```
 
 (Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
 
 You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
-Usually in combination with changing `docker_apt_repository` as well.
+Usually in combination with changing `docker_apt_repository` as well. `docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists.
 
-    docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"docker_edition }}.repo
-    docker_yum_repo_enable_nightly: '0'
-    docker_yum_repo_enable_test: '0'
-    docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+```yaml
+docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"
+docker_yum_repo_enable_nightly: '0'
+docker_yum_repo_enable_test: '0'
+docker_yum_gpg_key: "{{ docker_repo_url }}/centos/gpg"
+```
 
 (Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
 
 You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
 Usually in combination with changing `docker_yum_repository` as well.
 
-    docker_users:
-      - user1
-      - user2
+```yaml
+docker_users:
+  - user1
+  - user2
+```
 
 A list of system users to be added to the `docker` group (so they can use Docker on the server).
 
-    docker_daemon_options:
-      storage-driver: "devicemapper"
-      log-opts:
-        max-size: "100m"
+```yaml
+docker_daemon_options:
+  storage-driver: "devicemapper"
+  log-opts:
+    max-size: "100m"
+```
 
 Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
 

defaults/main.yml

@@ -6,7 +6,15 @@ docker_packages:
   - "docker-{{ docker_edition }}-cli"
   - "docker-{{ docker_edition }}-rootless-extras"
   - "containerd.io"
+  - docker-buildx-plugin
 docker_packages_state: present
+docker_obsolete_packages:
+  - docker
+  - docker.io
+  - docker-engine
+  - podman-docker
+  - containerd
+  - runc
 
 # Service options.
 docker_service_manage: true
@@ -15,12 +23,12 @@ docker_service_enabled: true
 docker_restart_handler_state: restarted
 
 # Docker Compose Plugin options.
-docker_install_compose_plugin: false
+docker_install_compose_plugin: true
 docker_compose_package: docker-compose-plugin
 docker_compose_package_state: present
 
 # Docker Compose options.
-docker_install_compose: true
+docker_install_compose: false
 docker_compose_version: "v2.11.1"
 docker_compose_arch: "{{ ansible_architecture }}"
 docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
@@ -32,12 +40,17 @@ docker_add_repo: true
 # Docker repo URL.
 docker_repo_url: https://download.docker.com/linux
 
-# Used only for Debian/Ubuntu. Switch 'stable' to 'nightly' if needed.
+# Used only for Debian/Ubuntu/Pop!_OS/Linux Mint. Switch 'stable' to 'nightly' if needed.
 docker_apt_release_channel: stable
-docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
-docker_apt_repository: "deb [arch={{ docker_apt_arch }}] {{ docker_repo_url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
+# and is only necessary until Docker officially supports them.
+docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_distribution in ['Pop!_OS', 'Linux Mint'] else ansible_distribution }}"
+docker_apt_arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'armhf' if ansible_architecture == 'armv7l' else 'amd64' }}"
+docker_apt_repository: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/keyrings/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
 docker_apt_ignore_key_error: true
-docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key_checksum: "sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570"
+docker_apt_filename: "docker"
 
 # Used only for RedHat/CentOS/Fedora.
 docker_yum_repo_url: "{{ docker_repo_url }}/{{ (ansible_distribution == 'Fedora') | ternary('fedora','centos') }}/docker-{{ docker_edition }}.repo"

meta/main.yml

@@ -16,11 +16,13 @@ galaxy_info:
       versions:
         - buster
         - bullseye
+        - bookworm
     - name: Ubuntu
       versions:
         - bionic
         - focal
         - jammy
+        - noble
     - name: Alpine
       version:
         - all

molecule/default/molecule.yml

@@ -2,11 +2,13 @@
 role_name_check: 1
 dependency:
   name: galaxy
+  options:
+    ignore-errors: true
 driver:
   name: docker
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
+    image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
     command: ${MOLECULE_DOCKER_COMMAND:-""}
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw

tasks/setup-Debian.yml

@@ -1,9 +1,8 @@
 ---
-- name: Ensure old versions of Docker are not installed.
+- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
+  name: Ensure old versions of Docker are not installed.
   package:
-    name:
-      - docker
-      - docker-engine
+    name: "{{ docker_obsolete_packages }}"
     state: absent
 
 - name: Ensure dependencies are installed.
@@ -14,24 +13,19 @@
     state: present
   when: docker_add_repo | bool
 
-- name: Ensure additional dependencies are installed (on Ubuntu < 20.04 and any other systems).
-  apt:
-    name: gnupg2
-    state: present
-  when: ansible_distribution != 'Ubuntu' or ansible_distribution_version is version('20.04', '<')
-
-- name: Ensure additional dependencies are installed (on Ubuntu >= 20.04).
-  apt:
-    name: gnupg
-    state: present
-  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')
+- name: Ensure directory exists for /etc/apt/keyrings
+  file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
 
 - name: Add Docker apt key.
   ansible.builtin.get_url:
     url: "{{ docker_apt_gpg_key }}"
-    dest: /etc/apt/trusted.gpg.d/docker.asc
+    dest: /etc/apt/keyrings/docker.asc
     mode: '0644'
-    force: true
+    force: false
+    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
   register: add_repository_key
   ignore_errors: "{{ docker_apt_ignore_key_error }}"
   when: docker_add_repo | bool
@@ -49,5 +43,6 @@
   apt_repository:
     repo: "{{ docker_apt_repository }}"
     state: present
+    filename: "{{ docker_apt_filename }}"
     update_cache: true
   when: docker_add_repo | bool

tasks/setup-RedHat.yml

@@ -46,6 +46,11 @@
 
 - name: Configure containerd on RHEL 8.
   block:
+    - name: Ensure runc is not installed.
+      package:
+        name: runc
+        state: absent
+
     - name: Ensure container-selinux is installed.
       package:
         name: container-selinux

vars/Archlinux.yml

@@ -1,2 +1,3 @@
 ---
 docker_packages: "docker"
+docker_compose_package: docker-compose