From 2a461b84aa1996d1eb0bcf1d8b85157b55e08532 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Mon, 12 Feb 2024 16:24:47 +0000
Subject: [PATCH] Add arg spec verification for all docker_ vars
---
.pre-commit-config.yaml | 4 ++--
defaults/main.yml | 3 ++-
handlers/main.yml | 2 ++
meta/argument_specs.yml | 27 ++++++++++++++++++++++++---
tasks/apt.yml | 8 ++++----
tasks/compose_v1.yml | 8 ++++----
tasks/install.yml | 12 ++++++++----
vars/main.yml | 5 +++++
8 files changed, 51 insertions(+), 18 deletions(-)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4b9a0af..2e5e558 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -11,7 +11,7 @@
repos:
# https://github.com/adrienverge/yamllint/tags
- repo: https://github.com/adrienverge/yamllint.git
- rev: v1.33.0
+ rev: v1.34.0
hooks:
- id: yamllint
name: YAML Lint
@@ -34,7 +34,7 @@ repos:
- README.md
# https://github.com/ansible/ansible-lint/releases
- repo: https://github.com/ansible/ansible-lint.git
- rev: v6.22.2
+ rev: v24.2.0
hooks:
- id: ansible-lint
name: Ansible Lint
diff --git a/defaults/main.yml b/defaults/main.yml
index 33d3886..577a367 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -9,7 +9,7 @@
# You should have received a copy of the GNU General Public License along with the Webarchitects Docker Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
docker: false
-# docker_compose_v1: false
+docker_compose_v1: false
docker_compose_version_v1: "1.29.2"
docker_daemon:
storage-driver: overlay2
@@ -21,4 +21,5 @@ docker_pkg:
- docker-ce-rootless-extras
- docker-compose-plugin
# - docker-scan-plugin
+docker_verify: true
...
diff --git a/handlers/main.yml b/handlers/main.yml
index 94bad47..7f8ee52 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -13,4 +13,6 @@
name: docker
state: restarted
listen: Restart docker
+ tags:
+ - docker
...
diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml
index 2b78e22..c2dd7ba 100644
--- a/meta/argument_specs.yml
+++ b/meta/argument_specs.yml
@@ -21,17 +21,38 @@ argument_specs:
docker_daemon:
type: dict
required: true
- description: Docker daemon configuration, YAML that will converted to JSON and written to `/etc/docker/daemon.json`.
+ description: Docker daemon configuration, YAML that will converted to JSON and written to /etc/docker/daemon.json.
docker_compose_v1:
type: bool
required: false
- description: Set to `false` for Docker Composer version 1 to be removed and set to `true` for `docker-compose` version 1 and `docker-compose-switch` to be installed.
+ description: Set to false for Docker Composer version 1 to be removed and set to true for docker-compose version 1 and docker-compose-switch to be installed.
docker_compose_version_v1:
type: str
required: true
- description: The version number of `docker-compose` version 1 to be installed when `docker_compose_v1` is defined and `true`.
+ description: The version number of docker-compose version 1 to be installed when docker_compose_v1 is defined and true.
+ docker_gpg_checksum:
+ type: str
+ required: true
+ description: The SHA256 checksum of the Docker GPG public key.
+ docker_gpg_fingerprints:
+ type: list
+ elements: str
+ required: true
+ description: A list of the Docker GPG public fingerprints.
+ docker_gpg_url:
+ type: str
+ required: true
+ description: URL for the Docker apt repo GPG public key.
docker_pkg:
type: list
required: true
description: Packages to be installed from the Docker apt repo.
+ docker_repo_pkg:
+ type: list
+ elements: str
+ description: A list of packages available from the Docker repo for apt pinning.
+ docker_verify:
+ type: bool
+ required: true
+ description: Check all variables that start with docker_ against the argument spec.
...
diff --git a/tasks/apt.yml b/tasks/apt.yml
index 5edcf14..6749bea 100644
--- a/tasks/apt.yml
+++ b/tasks/apt.yml
@@ -44,7 +44,7 @@
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
- mode: 0755
+ mode: "0755"
owner: root
group: root
@@ -53,7 +53,7 @@
url: "{{ docker_gpg_url }}"
checksum: "{{ docker_gpg_checksum }}"
dest: /root/docker.asc
- mode: 0644
+ mode: "0644"
owner: root
group: root
register: docker_tmp_asc_file
@@ -123,7 +123,7 @@
ansible.builtin.template:
src: docker.sources.j2
dest: /etc/apt/sources.list.d/docker.sources
- mode: 0644
+ mode: "0644"
owner: root
group: root
register: docker_sources
@@ -132,7 +132,7 @@
ansible.builtin.template:
src: docker.pref.j2
dest: /etc/apt/preferences.d/docker.pref
- mode: 0644
+ mode: "0644"
owner: root
group: root
register: docker_preferences
diff --git a/tasks/compose_v1.yml b/tasks/compose_v1.yml
index ccafdea..3979c52 100644
--- a/tasks/compose_v1.yml
+++ b/tasks/compose_v1.yml
@@ -101,7 +101,7 @@
dest: "{{ docker_compose_v1_download_dir.path }}/docker-compose-{{ ansible_system }}-{{ ansible_architecture }}.sha256"
owner: root
group: root
- mode: 0644
+ mode: "0644"
- name: Docker Compose Version 1 base64 encoded version sha256 checksum slurped
ansible.builtin.slurp:
@@ -123,7 +123,7 @@
force: true
owner: root
group: root
- mode: 0755
+ mode: "0755"
checksum: "{{ docker_compose_v1_sha256 }}"
- name: Check docker-compose version 1
@@ -140,7 +140,7 @@
force: true
owner: root
group: root
- mode: 0644
+ mode: "0644"
when:
- not ansible_check_mode | bool
@@ -175,7 +175,7 @@
force: true
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Check docker-compose alternatives
ansible.builtin.command: update-alternatives --display docker-compose
diff --git a/tasks/install.yml b/tasks/install.yml
index 27b4253..bf5646d 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -42,12 +42,14 @@
autoclean: true
autoremove: true
state: absent
+ notify: Restart docker
- name: Docker packages present
ansible.builtin.apt:
pkg: "{{ docker_pkg }}"
state: present
update_cache: true
+ notify: Restart docker
- name: Directory for Docker config present
ansible.builtin.file:
@@ -55,16 +57,18 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- - name: Docker configuration present
+ - name: Docker daemon configuration present
ansible.builtin.template:
src: templates/daemon.json.j2
dest: /etc/docker/daemon.json
owner: root
group: root
- mode: 0644
- when: ( docker_nameservers is defined ) and ( docker_nameservers != [] )
+ mode: "0644"
+ when:
+ - docker_daemon is defined
+ - docker_daemon | length > 0
notify: Restart docker
- name: Docker started
diff --git a/vars/main.yml b/vars/main.yml
index 672266d..5615637 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -8,6 +8,10 @@
#
# You should have received a copy of the GNU General Public License along with the Webarchitects Docker Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
+# https://docs.ansible.com/ansible/latest/playbook_guide/complex_data_manipulation.html
+dockervarnames: "{{ q('varnames', '^docker_') | sort }}"
+dockerhostvars: "{{ dict(dockervarnames | list | zip(q('vars', *dockervarnames))) }}"
+
# ASCII armored GPG public key URL linked from
# https://docs.docker.com/engine/install/debian/
docker_gpg_url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
@@ -29,6 +33,7 @@ docker_gpg_fingerprints:
# grep Package /var/lib/apt/lists/download.docker.com_*_Packages | sed 's/^Package: //' | uniq | sort | sed 's/^/ - /'
docker_repo_pkg:
- containerd.io
+ - docker-buildx-plugin
- docker-ce
- docker-ce-cli
- docker-ce-rootless-extras
--
GitLab