Add migration task for Debiant apt repositories for Docker referencin…

…g /etc/apt/keyrings/docker.asc key Related to: - #3337 - geerlingguy/ansible-role-docker#436
spantaleev · May 28, 2024 · 3a4e58c · 3a4e58c
1 parent 187e65c
commit 3a4e58c
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 0 deletions.
diff --git a/roles/custom/matrix_playbook_migration/defaults/main.yml b/roles/custom/matrix_playbook_migration/defaults/main.yml
@@ -43,6 +43,16 @@ matrix_playbook_migration_matrix_jitsi_migration_validation_enabled: true
 matrix_playbook_migration_debian_signedby_migration_enabled: true
 matrix_playbook_migration_debian_signedby_migration_repository_path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ ansible_distribution | lower }}.list"
 
+# Controls if the old apt repository for Docker (`signed-by=/etc/apt/trusted.gpg.d/docker.asc`) will be removed,
+# so that the Docker role (7.2.0+) can install a new non-conflicting one (`signed-by=/etc/apt/keyrings/docker.asc`).
+#
+# Without this migration, the role would choke at the "galaxy/docker : Add Docker repository." task when trying to add the repository again:
+# > An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt_pkg.Error: E:Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/trusted.gpg.d/docker.asc != /etc/apt/keyrings/docker.asc, E:The list of sources could not be read.
+#
+# Related to: https://github.com/geerlingguy/ansible-role-docker/pull/436
+matrix_playbook_migration_docker_trusted_gpg_d_migration_enabled: true
+matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path: "/etc/apt/sources.list.d/docker.list"
+
 # Controls if variable transition checks (related to the matrix-nginx-proxy elimination) will run.
 # If you'd like to keep some `matrix_nginx_proxy` and other variables around and not be warned about them, disable this.
 # Note: this is not just about `matrix_nginx_proxy_*` variables, but about various other variables that were removed

diff --git a/...ustom/matrix_playbook_migration/tasks/debian_docker_trusted_gpg_d_migration_migration.yml b/...ustom/matrix_playbook_migration/tasks/debian_docker_trusted_gpg_d_migration_migration.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Check if the Docker apt repository file exists
+  stat:
+    path: "{{ matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+  register: matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path_status
+
+- when: matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path_status.stat.exists | bool
+  block:
+    - name: Read repository file
+      slurp:
+        path: "{{ matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+      register: matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path_content
+
+    - name: Remove Docker apt repository file if old key path found
+      when: "'/etc/apt/trusted.gpg.d/docker.asc' in matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path_content.content | b64decode"
+      ansible.builtin.file:
+        path: "{{ matrix_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+        state: absent
diff --git a/roles/custom/matrix_playbook_migration/tasks/main.yml b/roles/custom/matrix_playbook_migration/tasks/main.yml
@@ -15,6 +15,15 @@
   block:
     - ansible.builtin.include_tasks: "{{ role_path }}/tasks/debian_docker_signedby_migration.yml"
 
+- when: ansible_os_family == 'Debian' and matrix_playbook_docker_installation_enabled | bool and matrix_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool
+  tags:
+    - setup-all
+    - install-all
+    - setup-docker
+    - install-docker
+  block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/debian_docker_trusted_gpg_d_migration_migration.yml"
+
 - tags:
     - setup-all
     - install-all