Added new distros and insecure mode (#173)

* Added 'docker_allow_unauthenticated' and 'docker_disable_gpg_check' setting * Added support for 'Amazon' and 'OracleLinux' distributions
haxorof · Jul 8, 2024 · efb5db5 · efb5db5
1 parent 23e372a
commit efb5db5
Show file tree

Hide file tree

Showing 18 changed files with 66 additions and 2 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -183,3 +183,6 @@ docker_remove_all: false
 # Additional files or directories to be remove if for example non-standard locations
 # was previously configured for data storage etc.
 docker_remove_additional: []
+# It bypasses GPG keys checking for package manager
+docker_allow_unauthenticated: no
+docker_disable_gpg_check: no
diff --git a/tasks/bug-tweaks/lvm-thinpool.yml b/tasks/bug-tweaks/lvm-thinpool.yml
@@ -3,6 +3,8 @@
   ansible.builtin.package:
     name: lvm2
     state: present
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   register: _pkg_result
   until: _pkg_result is succeeded
 

diff --git a/tasks/checks/distribution-checks.yml b/tasks/checks/distribution-checks.yml
@@ -5,6 +5,9 @@
     msg: "Distribution {{ _docker_os_dist }} is not supported by this role!"
   vars:
     _supported_distributions:
+      - Amazon
+      - OracleLinux
+      - CloudLinux
       - AlmaLinux
       - CentOS
       - Debian

diff --git a/tasks/configure-docker.yml b/tasks/configure-docker.yml
@@ -86,6 +86,8 @@
       ansible.builtin.package:
         name: lvm2
         state: present
+        allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+        disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
       register: _pkg_result
       until: _pkg_result is succeeded
 
@@ -95,6 +97,8 @@
       ansible.builtin.package:
         name: thin-provisioning-tools
         state: present
+        allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+        disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
       register: _pkg_result
       until: _pkg_result is succeeded
 

diff --git a/tasks/install-docker.yml b/tasks/install-docker.yml
@@ -28,6 +28,14 @@
     _docker_packages:
       - docker-ce
 
+- name: Ensure some kind of compatibility for no longer officially supported distributions since Docker CE 18.09
+  when:
+    - _docker_packages is not defined
+    - (_docker_os_dist == "Amazon" and _docker_os_dist_major_version | int >= 2023)
+  ansible.builtin.set_fact:
+    _docker_packages:
+      - docker
+
 - name: Do workaround to handle CentOS/RHEL 8 installation issues
   when:
     - _docker_packages is not defined
@@ -45,6 +53,9 @@
   ansible.builtin.package:
     name: "{{ (item is search('docker-ce')) | ternary((item + _docker_version_string | default('')), item) }}"
     state: "{{ _docker_pkg_state | default('present') }}"
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
+
   loop: "{{ _docker_packages | default(docker_packages) }}"
   register: _docker_pkg_result
   retries: 6

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -33,6 +33,12 @@
     _docker_os_dist_file_varity: "RedHat"
   tags: ["install", "configure", "postinstall", "docker_install", "docker_configure", "docker_postinstall"]
 
+- name: Reinterpret distribution facts for Amazon Linux
+  when: _docker_os_dist == "Amazon"
+  ansible.builtin.set_fact:
+    _docker_os_dist_file_varity: "RedHat"
+  tags: ["install", "configure", "postinstall", "docker_install", "docker_configure", "docker_postinstall"]
+
 - name: Reinterpret distribution facts for Debian 10 (Buster) due to bug
   when:
     - _docker_os_dist == "Debian"
@@ -44,14 +50,22 @@
     _docker_os_dist_major_version: 10
   tags: ["install", "configure", "postinstall", "docker_install", "docker_configure", "docker_postinstall"]
 
+- name: Check if /etc/os-release exists
+  stat:
+    path: /etc/os-release
+  register: _os_release
+  tags: ["install", "configure", "postinstall", "docker_install", "docker_configure", "docker_postinstall"]
+
 - name: OS release info
+  when: _os_release.stat.exists
   ansible.builtin.raw: cat /etc/os-release
   check_mode: no
   changed_when: no
   register: _docker_os_release_info
   tags: ["install", "configure", "postinstall", "docker_install", "docker_configure", "docker_postinstall"]
 
 - name: Print OS release information
+  when: _os_release.stat.exists
   ansible.builtin.debug:
     var: _docker_os_release_info
     verbosity: 1
@@ -66,8 +80,7 @@
   tags: ["install", "configure", "postinstall", "docker_install", "docker_configure", "docker_postinstall"]
 
 - name: Reinterpret distribution facts for Raspbian
-  when:
-    - _docker_os_release_info.stdout is search('raspbian')
+  when: _os_release.stat.exists and _docker_os_release_info.stdout is search('raspbian')
   ansible.builtin.set_fact:
     _docker_os_arch: "armhf"
   tags: ["install", "configure", "postinstall", "docker_install", "docker_configure", "docker_postinstall"]

diff --git a/tasks/postinstall.yml b/tasks/postinstall.yml
@@ -90,6 +90,8 @@
   ansible.builtin.package:
     name: "epel-release"
     state: present
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   register: _pkg_result
   until: _pkg_result is succeeded
 
@@ -99,6 +101,8 @@
   ansible.builtin.package:
     name: "{{ item }}"
     state: present
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   loop: "{{ _docker_additional_packages_os }}"
   register: _pkg_result
   until: _pkg_result is succeeded

diff --git a/tasks/remove-docker.yml b/tasks/remove-docker.yml
@@ -15,6 +15,8 @@
   ansible.builtin.package:
     name: "{{ item }}"
     state: absent
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   loop: "{{ docker_packages }}"
   register: _pkg_result
   until: _pkg_result is succeeded
@@ -27,6 +29,7 @@
     name: "{{ item }}"
     state: absent
     purge: yes
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
   loop: "{{ docker_packages }}"
   register: _pkg_result
   until: _pkg_result is succeeded

diff --git a/tasks/remove-pre-docker-ce.yml b/tasks/remove-pre-docker-ce.yml
@@ -40,6 +40,8 @@
   ansible.builtin.package:
     name: "{{ item }}"
     state: absent
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   register: _pkg_result
   until: _pkg_result is succeeded
   loop: "{{ docker_old_packages[_docker_os_dist] | default(docker_old_packages[_docker_os_dist_file_varity]) }}"
diff --git a/tasks/setup-audit.yml b/tasks/setup-audit.yml
@@ -8,6 +8,8 @@
   ansible.builtin.package:
     name: auditd
     state: present
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   register: _pkg_result
   until: _pkg_result is succeeded
 

diff --git a/tasks/setup-repository-Debian.yml b/tasks/setup-repository-Debian.yml
@@ -7,6 +7,7 @@
       become: true
       ansible.builtin.apt:
         update_cache: yes
+        allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
       changed_when: false
       register: _pkg_result
       until: _pkg_result is succeeded
@@ -27,6 +28,8 @@
   ansible.builtin.package:
     name: "{{ item }}"
     state: present
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   loop: "{{ docker_repository_related_packages[_docker_os_dist_file_varity] }}"
   register: _pkg_result
   until: _pkg_result is succeeded

diff --git a/tasks/setup-repository-RedHat.yml b/tasks/setup-repository-RedHat.yml
@@ -16,6 +16,8 @@
   ansible.builtin.package:
     name: "{{ item }}"
     state: present
+    allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+    disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
   loop: "{{ docker_repository_related_packages[_docker_os_dist_file_varity] }}"
   register: _pkg_result
   until: _pkg_result is succeeded

diff --git a/tasks/setup-repository.yml b/tasks/setup-repository.yml
@@ -1,5 +1,6 @@
 ---
 - name: Include setup repository tasks for distribution variety {{ _docker_os_dist_file_varity }}
+  when: (_docker_os_dist == "Amazon" and _docker_os_dist_major_version | int < 2023) or _docker_os_dist != "Amazon"
   ansible.builtin.include_tasks: setup-repository-{{ _docker_os_dist_file_varity }}.yml
 
 - name: Update repository cache

diff --git a/tests/experimental/kata/test_katacontainers.yml b/tests/experimental/kata/test_katacontainers.yml
@@ -15,6 +15,7 @@
         yum:
           name: "{{ item }}"
           update_cache: yes
+          disable_gpg_check: "{{ disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
         loop:
           - kata-runtime
           - kata-proxy

diff --git a/tests/host_upgrade.yml b/tests/host_upgrade.yml
@@ -6,5 +6,7 @@
       package:
         name: "*"
         state: latest
+        allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+        disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
       register: _upgrade_all
       when: ansible_distribution == "RedHat"
diff --git a/tests/manual/test_remove_pre_ce.yml b/tests/manual/test_remove_pre_ce.yml
@@ -18,6 +18,8 @@
         package:
           name: docker-latest
           state: present
+          allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+          disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
         register: _pkg_result
         until: _pkg_result is succeeded
 

diff --git a/tests/prepare.yml b/tests/prepare.yml
@@ -36,6 +36,8 @@
       package:
         name: git
         state: present
+        allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+        disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
       when: docker_bench_security is defined
 
     - name: Ensure Docker Bench Security is cloned

diff --git a/tests/prepare_storage.yml b/tests/prepare_storage.yml
@@ -11,6 +11,8 @@
       package:
         name: "{{ item }}"
         state: present
+        allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+        disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
       become: true
       loop:
         - parted
@@ -19,6 +21,8 @@
       package:
         name: e4fsprogs
         state: present
+        allow_unauthenticated: "{{ docker_allow_unauthenticated if ansible_pkg_mgr == 'apt' else omit }}"
+        disable_gpg_check: "{{ docker_disable_gpg_check if ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] else omit }}"
       become: true
       when: ansible_distribution == "CentOS"