cross-posted from: https://lemmy.ml/post/39297898

Hello, Does anyone have by any chance an ansible playbook to setup docker on a debian trixie?

This is my first experience with Ansible, i thought this would be easy and straightforward. I used existing ones for debian 12 as template and yes, with ai, and taking things from other templates, i am trying to make this work. but for the life of me, i cannot crack this.

i began with the most simple steps:

- name: install Docker
  hosts: all
  become: true
  tasks:
    - name: Install apt-transport-https
      ansible.builtin.apt:
        name:
          - apt-transport-https
          - ca-certificates
          - lsb-release
          - gnupg
        state: latest
        update_cache: true

    - name: Create keyrings directory
      ansible.builtin.file:
        path: /etc/apt/keyrings
        state: directory
        mode: '0755'

    - name: Add Docker GPG key
      ansible.builtin.shell: |
        curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
        chmod a+r /etc/apt/keyrings/docker.gpg
      args:
        creates: /etc/apt/keyrings/docker.gpg

    - name: Add Docker repository
      ansible.builtin.apt_repository:
        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian trixie stable"
        state: present
        filename: docker

    - name: Install Docker
      ansible.builtin.apt:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-buildx-plugin
          - docker-compose-plugin
        state: latest
        update_cache: true

and added some debug stuff that really didnt help that much:

- name: Install Docker Engine and Docker Compose on Debian (Ansible WebUI compatible)
  hosts: all
  become: true
  become_user: root

  vars:
    docker_packages:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-buildx-plugin
      - docker-compose-plugin

  tasks:

    - name: Ensure required packages are installed
      apt:
        name:
          - ca-certificates
          - curl
          - gnupg
        update_cache: yes
        state: present
      delegate_to: "{{ inventory_hostname }}"

    - name: Ensure /etc/apt/keyrings exists
      file:
        path: /etc/apt/keyrings
        state: directory
        mode: '0755'
      delegate_to: "{{ inventory_hostname }}"

    - name: Get system architecture for Docker repo
      ansible.builtin.command: dpkg --print-architecture
      register: dpkg_architecture
      changed_when: false
      delegate_to: "{{ inventory_hostname }}"

    - name: Download Docker GPG key
      ansible.builtin.get_url:
        url: https://download.docker.com/linux/debian/gpg
        dest: /etc/apt/keyrings/docker.asc
        mode: '0644'
      delegate_to: "{{ inventory_hostname }}"

    - name: DEBUG - Check if GPG key exists
      ansible.builtin.stat:
        path: /etc/apt/keyrings/docker.asc
      register: gpg_key_stat
      delegate_to: "{{ inventory_hostname }}"

    - name: DEBUG - Show GPG key status
      ansible.builtin.debug:
        msg: "GPG key exists: {{ gpg_key_stat.stat.exists }}, Size: {{ gpg_key_stat.stat.size | default('N/A') }}"

    - name: DEBUG - List keyrings directory
      ansible.builtin.command: ls -lah /etc/apt/keyrings/
      register: keyrings_list
      delegate_to: "{{ inventory_hostname }}"

    - name: DEBUG - Show keyrings directory contents
      ansible.builtin.debug:
        var: keyrings_list.stdout_lines

    - name: Add Docker APT repository (correct for Debian 13)
      ansible.builtin.apt_repository:
        repo: "deb [arch={{ dpkg_architecture.stdout }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
        filename: docker
        state: present
      delegate_to: "{{ inventory_hostname }}"

    - name: DEBUG - Check if repo file exists
      ansible.builtin.stat:
        path: /etc/apt/sources.list.d/docker.list
      register: repo_file_stat
      delegate_to: "{{ inventory_hostname }}"

    - name: DEBUG - Show repo file status
      ansible.builtin.debug:
        msg: "Repo file exists: {{ repo_file_stat.stat.exists }}"

    - name: DEBUG - Show repo file contents if exists
      ansible.builtin.command: cat /etc/apt/sources.list.d/docker.list
      register: repo_contents
      when: repo_file_stat.stat.exists
      failed_when: false
      delegate_to: "{{ inventory_hostname }}"

    - name: DEBUG - Display repo contents
      ansible.builtin.debug:
        var: repo_contents.stdout_lines
      when: repo_file_stat.stat.exists

    - name: Update apt cache after adding repo
      apt:
        update_cache: yes
      delegate_to: "{{ inventory_hostname }}"

    - name: Install Docker packages
      apt:
        name: "{{ docker_packages }}"
        state: present
      delegate_to: "{{ inventory_hostname }}"

    - name: Enable & start Docker
      service:
        name: docker
        state: started
        enabled: yes
      delegate_to: "{{ inventory_hostname }}"

but everytime it fails at adding the package because its not found. because the repo was not added, my keyrings folder is miserably empty.

the target server has only root. so no user confusion there. yes, i know. bad practice. but its a learning exercise and its a lxc within my home network not internet exposed.

PLAY [Install Docker Engine and Docker Compose on Debian (Ansible WebUI compatible)] ***

TASK [Gathering Facts] *********************************************************
[WARNING]: Host 'anytype.lab' is using the discovered Python interpreter at '/usr/bin/python3.13', but future installation of another Python interpreter could cause a different interpreter to be discovered. See https://docs.ansible.com/ansible-core/2.19/reference_appendices/interpreter_discovery.html for more information.
ok: [anytype.lab]

TASK [Ensure required packages are installed] **********************************
changed: [anytype.lab]

TASK [Ensure /etc/apt/keyrings exists] *****************************************
ok: [anytype.lab]

TASK [Get system architecture for Docker repo] *********************************
skipping: [anytype.lab]

TASK [Download Docker GPG key] *************************************************
changed: [anytype.lab]

TASK [DEBUG - Check if GPG key exists] *****************************************
ok: [anytype.lab]

TASK [DEBUG - Show GPG key status] *********************************************
ok: [anytype.lab] => {
    "msg": "GPG key exists: False, Size: N/A"
}

TASK [DEBUG - List keyrings directory] *****************************************
skipping: [anytype.lab]

TASK [DEBUG - Show keyrings directory contents] ********************************
ok: [anytype.lab] => {
    "keyrings_list.stdout_lines": []
}

TASK [Add Docker APT repository (correct for Debian 13)] ***********************
changed: [anytype.lab]

TASK [DEBUG - Check if repo file exists] ***************************************
ok: [anytype.lab]

TASK [DEBUG - Show repo file status] *******************************************
ok: [anytype.lab] => {
    "msg": "Repo file exists: False"
}

TASK [DEBUG - Show repo file contents if exists] *******************************
skipping: [anytype.lab]

TASK [DEBUG - Display repo contents] *******************************************
skipping: [anytype.lab]

TASK [Update apt cache after adding repo] **************************************
changed: [anytype.lab]

TASK [Install Docker packages] *************************************************
[ERROR]: Task failed: Module failed: No package matching 'docker-ce' is available
Origin: /tmp/ansible-webui/repositories/1_ansibleplaybooksrepo/playbooks/debian13docker.yml:100:7

 98       delegate_to: "{{ inventory_hostname }}"
 99
100     - name: Install Docker packages
          ^ column 7

fatal: [anytype.lab]: FAILED! => {"changed": false, "msg": "No package matching 'docker-ce' is available"}

PLAY RECAP *********************************************************************
anytype.lab                : ok=11   changed=4    unreachable=0    failed=1    skipped=4    rescued=0    ignored=0

I am using https://ansible-webui.oxl.app/ although i doubt it has any effect whatsoever. but then again, i know next to nothing of ansible as of yet. so, for sure: what i am missing is incredibly dumb.

any help will be greatly appreciated.

  • audricd@lemmy.mlOPEnglish
    1·
    2 days ago

    thanks for sharing! and this works for you? as i said on my original post (on selfhosted channel), im new at ansible and i must be doing something stupid.

    this is your yaml very slightly adapted:

    ---
- name: Install Docker Engine and Docker Compose on Debian (Ansible WebUI compatible)
  hosts: all
  become: true
  become_user: root

  vars:
    docker_apks:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-buildx-plugin
      - docker-compose-plugin
    docker_pre_apks:
      - gpg
      - ca-certificates
      - curl
      - gnupg
    docker_arch: amd64

  tasks:

    - name: Install pre setup stuff
      ansible.builtin.apt:
        pkg: "{{ docker_pre_apks }}"
        update_cache: true
        state: present

    - name: Add gpg for docker repo
      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/debian/gpg
        state: present
      when: (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '12')

    - name: Copy up apt list
      ansible.builtin.apt_repository:
        repo: "deb [arch={{ docker_arch }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
        state: present
        filename: docker
      when: (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '12')

    - name: Setup deb822 formatted repositorie
      ansible.builtin.deb822_repository:
        name: php
        types: deb
        uris: https://download.docker.com/linux/debian
        components: stable
        suites: "{{ ansible_distribution_release }}"
        signed_by: https://download.docker.com/linux/debian/gpg
        state: present
        enabled: true
      when: (ansible_distribution == 'Debian' and ansible_distribution_major_version >= '13')

    - name: Install docker
      ansible.builtin.apt:
        pkg: "{{ docker_apks }}"
        force_apt_get: yes
        update_cache: yes
        state: present

    - name: Start docker service
      ansible.builtin.service:
        name: docker
        enabled: yes
        state: started

    this is the output:

    PLAY [Install Docker Engine and Docker Compose on Debian (Ansible WebUI compatible)] ***

TASK [Gathering Facts] *********************************************************
[WARNING]: Host 'anytype.lab' is using the discovered Python interpreter at '/usr/bin/python3.13', but future installation of another Python interpreter could cause a different interpreter to be discovered. See https://docs.ansible.com/ansible-core/2.19/reference_appendices/interpreter_discovery.html for more information.
ok: [anytype.lab]

TASK [Install pre setup stuff] *************************************************
changed: [anytype.lab]

TASK [Add gpg for docker repo] *************************************************
skipping: [anytype.lab]

TASK [Copy up apt list] ********************************************************
skipping: [anytype.lab]

TASK [Setup deb822 formatted repositorie] **************************************
changed: [anytype.lab]

TASK [Install docker] **********************************************************
[ERROR]: Task failed: Module failed: No package matching 'docker-ce' is available
Origin: /tmp/ansible-webui/repositories/1_ansibleplaybooksrepo/playbooks/debian13docker.yml:54:7

52       when: (ansible_distribution == 'Debian' and ansible_distribution_major_version >= '13')
53
54     - name: Install docker
         ^ column 7

fatal: [anytype.lab]: FAILED! => {"changed": false, "msg": "No package matching 'docker-ce' is available"}

PLAY RECAP *********************************************************************
anytype.lab                : ok=3    changed=2    unreachable=0    failed=1    skipped=2    rescued=0    ignored=0

    this is my inventory file:

    root@ansible:/srv/ansible-webui/ansible/repositories/1_ansibleplaybooksrepo/inventory# cat hosts.yml 
all:
  children:
    lxc_containers:
      hosts:
        anytype.lab:
          ansible_host: 192.168.236.142
          ansible_user: root
          ansible_ssh_private_key_file: ~/.ssh/id_ed25519

    my workflow is not completely broken because i managed to get this workbook working:

    - name: install root ca certificate
  hosts: all
  gather_facts: yes

  tasks:

  - name: Copy custom CA certificate
    copy:
      src: ../files/root_ca.crt
      dest: /usr/local/share/ca-certificates/root_ca.crt
      mode: '0644'

  - name: Update CA certificates
    command: update-ca-certificates
    register: ca_update

    its of course a lot simpler… 

    PLAY [install root ca certificate] *********************************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Host 'ferdium.lab' is using the discovered Python interpreter at '/usr/bin/python3.13', but future installation of another Python interpreter could cause a different interpreter to be discovered. See https://docs.ansible.com/ansible-core/2.19/reference_appendices/interpreter_discovery.html for more information.
ok: [ferdium.lab]

TASK [Copy custom CA certificate] **********************************************
changed: [ferdium.lab]

TASK [Update CA certificates] **************************************************
changed: [ferdium.lab]

PLAY RECAP *********************************************************************
ferdium.lab                : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

    it was a brand new host. the first (this above) playbook worked, but then the docker one didnt. so it doesnt seem to be a target host issue. both debian 13 lxc if that matters.

        • Matt The Horwood@lemmy.horwood.cloudEnglish
          2·
          2 days ago

          Oh, thats very odd. Have tested on lxc and runs fine, the only thing I can see that could trip it up is the list of packages.

          docker_pre_apks:
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg2
  - libssl-dev
  - python3-cffi-backend
  - python3-pip
  - libffi-dev
  - python3-setuptools
  - python3-nacl
  - python3-jsondiff

docker_apks:
  - docker-ce
  - docker-ce-cli
  - containerd.io
          • audricd@lemmy.mlOPEnglish
            1·
            21 hours ago

            docker_pre_apks:

            • apt-transport-https
            • ca-certificates
            • curl
            • gnupg2
            • libssl-dev
            • python3-cffi-backend
            • python3-pip
            • libffi-dev
            • python3-setuptools
            • python3-nacl
            • python3-jsondiff

            docker_apks:

            still same result :(

            ---
- name: Install Docker Engine and Docker Compose on Debian (Ansible WebUI compatible)
  hosts: all
  become: true
  become_user: root

  vars:
    docker_pre_apks:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg2
      - libssl-dev
      - python3-cffi-backend
      - python3-pip
      - libffi-dev
      - python3-setuptools
      - python3-nacl
      - python3-jsondiff
    docker_apks:
      - docker-ce
      - docker-ce-cli
      - containerd.io
    docker_arch: amd64

  tasks:

    - name: Install pre setup stuff
      ansible.builtin.apt:
        pkg: "{{ docker_pre_apks }}"
        update_cache: true
        state: present

    - name: Add gpg for docker repo
      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/debian/gpg
        state: present
      when: (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '12')

    - name: Copy up apt list
      ansible.builtin.apt_repository:
        repo: "deb [arch={{ docker_arch }}] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
        state: present
        filename: docker
      when: (ansible_distribution == 'Debian' and ansible_distribution_major_version <= '12')

    - name: Setup deb822 formatted repositorie
      ansible.builtin.deb822_repository:
        name: php
        types: deb
        uris: https://download.docker.com/linux/debian
        components: stable
        suites: "{{ ansible_distribution_release }}"
        signed_by: https://download.docker.com/linux/debian/gpg
        state: present
        enabled: true
      when: (ansible_distribution == 'Debian' and ansible_distribution_major_version >= '13')

    - name: Install docker
      ansible.builtin.apt:
        pkg: "{{ docker_apks }}"
        force_apt_get: yes
        update_cache: yes
        state: present

    - name: Start docker service
      ansible.builtin.service:
        name: docker
        enabled: yes
        state: started

            PLAY [Install Docker Engine and Docker Compose on Debian (Ansible WebUI compatible)] ***

TASK [Gathering Facts] *********************************************************
[WARNING]: Host 'anytype.lab' is using the discovered Python interpreter at '/usr/bin/python3.13', but future installation of another Python interpreter could cause a different interpreter to be discovered. See https://docs.ansible.com/ansible-core/2.19/reference_appendices/interpreter_discovery.html for more information.
ok: [anytype.lab]

TASK [Install pre setup stuff] *************************************************
changed: [anytype.lab]

TASK [Add gpg for docker repo] *************************************************
skipping: [anytype.lab]

TASK [Copy up apt list] ********************************************************
skipping: [anytype.lab]

TASK [Setup deb822 formatted repositorie] **************************************
changed: [anytype.lab]

TASK [Install docker] **********************************************************
[ERROR]: Task failed: Module failed: No package matching 'docker-ce' is available
Origin: /tmp/ansible-webui/repositories/1_ansibleplaybooksrepo/playbooks/debian13docker.yml:59:7

57       when: (ansible_distribution == 'Debian' and ansible_distribution_major_version >= '13')
58
59     - name: Install docker
         ^ column 7

fatal: [anytype.lab]: FAILED! => {"changed": false, "msg": "No package matching 'docker-ce' is available"}

PLAY RECAP *********************************************************************
anytype.lab                : ok=3    changed=2    unreachable=0    failed=1    skipped=2    rescued=0    ignored=0

            i have NO idea what i am doing wrong. this is new to me. but i personally learn better with practical examples rather than reading books and documentation. i thought setting up docker was simple enough to begin… i guess i was wrong.

            • Matt The Horwood@lemmy.horwood.cloudEnglish
              1·
              21 hours ago

              How very odd, as root can you try some things?

              1. Can you cat the apt config? File is /etc/apt/sources.d/php not sure of the file extension, but should have the config to collect docker

              Also if you run apt install docker-ce does it give you any better errors?