Install Docker in RedHat-like systems - Ansible module rpm_key, yum_repository and yum

How to automate the installation of the docker-ce engine in Fedora 35 x86_64 (or amd64) using Ansible Playbook. The procedure is going to take care of the GPG signing key, add a repository into the sources list, and install the latest docker-ce package. Included Demo for RedHat-like workstation (RedHat Enterprise Linux, CentOS, CentOS Stream, Fedora).

January 24, 2022

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

#container #docker #podman #ansible #yum #rpm_key #module #yum_repository #docker-ce #centos #fedora #rhel #redhat

How to Install Docker in RedHat-like systems with Ansible?

I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot.

Ansible install Docker in RedHat-like systems

Add Docker key => ansible.builtin.rpm_key
Add Docker repository => ansible.builtin.yum_repository
Update yum cache and install Docker => ansible.builtin.yum

In order to install Docker on a RedHat-like system we need to perform three different steps. The first step is to download the GPG signature key for the repository. You are going to use the ansible.builtin.rpm_key Ansible module. This encrypted key verifies the genuinity of the packages and the repository and guarantees that the software is the same as Docker releases. The second step is to add the add Docker repository to the distribution. It’s an extra website where yum/DNF, your distribution package manager looks like for software. You are going to use the ansible.builtin.yum_repository Ansible module. The third step is to update the yum cache for the available packages and install Docker using the ansible.builtin.yum Ansible module.

Parameters

rpm_key key string - URL
rpm_key state string - present/absent
yum_repository name string - repository
yum_repository baseurl string - URL
yum_repository gpgcheck boolean gpgkey string - GPG check and key URL
yum name string - name or package specific
yum state string - latest/present/absent
yum update_cache boolean - no/yes

For the ansible.builtin.rpm_key Ansible module I’m going to use two parameters: “key” and “state”. The “key” parameter specifies the URL or the key ID of the repository GPG signature key and the “state” verify that is present in our system after the execution. For the ansible.builtin.yum_repository Ansible module I’m going to use four parameters: “name”, “baseurl”, “gpgcheck” and “gpgkey”. The “name” parameter specifies the repository parameters and the “baseurl” URL of it. The “gpgcheck” parameter enables the GPG verification with the URL specified in “gpgkey” parameter. For the ansible.builtin.yum Ansible module I’m going to use three parameters: “name”, “state”, and “update_cache”. The “name” parameter specifies the package name (Docker in our use-case) and the “state” verify that is present in our system after the execution. Before installing the package the “update_cache” performs an update of the yum cache to ensure that the latest version of the package is going to be downloaded.

demo

Install Docker in RedHat-like systems with Ansible Playbook.

code

---
- name: install Docker
  hosts: all
  become: true
  tasks:
    - name: set mydistribution
      ansible.builtin.set_fact:
        mydistribution: "{{ 'rhel' if (ansible_distribution == 'Red Hat Enterprise Linux') else (ansible_distribution | lower) }}"

    - name: Add signing key
      ansible.builtin.rpm_key:
        key: "https://download.docker.com/linux/{{ mydistribution }}/gpg"
        state: present

    - name: Add repository into repo.d list
      ansible.builtin.yum_repository:
        name: docker
        description: docker repository
        baseurl: "https://download.docker.com/linux/{{ mydistribution }}/$releasever/$basearch/stable"
        enabled: true
        gpgcheck: true
        gpgkey: "https://download.docker.com/linux/{{ mydistribution }}/gpg"

    - name: Install Docker
      ansible.builtin.yum:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
        state: latest
        update_cache: true

    - name: Start Docker
      ansible.builtin.service:
        name: "docker"
        enabled: true
        state: started

execution

ansible-pilot $ ansible-playbook -i virtualmachines/fedora35/inventory install\ Docker/redhat.yml
PLAY [install Docker] *****************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [fedora.example.com]
TASK [set mydistribution] *************************************************************************
ok: [fedora.example.com]
TASK [Add signing key] ****************************************************************************
changed: [fedora.example.com]
TASK [Add repository into repo.d list] ************************************************************
changed: [fedora.example.com]
TASK [Install Docker] *****************************************************************************
changed: [fedora.example.com]
TASK [Start Docker] *******************************************************************************
changed: [fedora.example.com]
PLAY RECAP ****************************************************************************************
fedora.example.com         : ok=6    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

idempotency

ansible-pilot $ ansible-playbook -i virtualmachines/fedora35/inventory install\ Docker/redhat.yml
PLAY [install Docker] *****************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [fedora.example.com]
TASK [set mydistribution] *************************************************************************
ok: [fedora.example.com]
TASK [Add signing key] ****************************************************************************
ok: [fedora.example.com]
TASK [Add repository into repo.d list] ************************************************************
ok: [fedora.example.com]
TASK [Install Docker] *****************************************************************************
ok: [fedora.example.com]
TASK [Start Docker] *******************************************************************************
ok: [fedora.example.com]
PLAY RECAP ****************************************************************************************
fedora.example.com         : ok=6    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

before execution

ansible-pilot $ ssh [email protected]
The authenticity of host 'fedora.example.com (192.168.0.202)' can't be established.
ECDSA key fingerprint is SHA256:0p22EqPJKxL+ytcLbPjHTXu/bjWp2pNkPbfr+EKYxtQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'fedora.example.com,192.168.0.202' (ECDSA) to the list of known hosts.
[devops@fedora ~]$ sudo su
[root@fedora devops]# cat /etc/os-release 
NAME="Fedora Linux"
VERSION="35 (Cloud Edition)"
ID=fedora
VERSION_ID=35
VERSION_CODENAME=""
PLATFORM_ID="platform:f35"
PRETTY_NAME="Fedora Linux 35 (Cloud Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:35"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f35/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=35
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=35
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Cloud Edition"
VARIANT_ID=cloud
[root@fedora devops]# ls -al /etc/yum.repos.d/
total 28
drwxr-xr-x. 1 root root  328 Oct 26 05:41 .
drwxr-xr-x. 1 root root 2638 Jan 24 17:57 ..
-rw-r--r--. 1 root root  728 Oct 11 17:29 fedora-cisco-openh264.repo
-rw-r--r--. 1 root root 1302 Oct 11 17:29 fedora-modular.repo
-rw-r--r--. 1 root root 1239 Oct 11 17:29 fedora.repo
-rw-r--r--. 1 root root 1349 Oct 11 17:29 fedora-updates-modular.repo
-rw-r--r--. 1 root root 1286 Oct 11 17:29 fedora-updates.repo
-rw-r--r--. 1 root root 1391 Oct 11 17:29 fedora-updates-testing-modular.repo
-rw-r--r--. 1 root root 1344 Oct 11 17:29 fedora-updates-testing.repo
[root@fedora devops]# docker --version
bash: docker: command not found
[root@fedora devops]# rpm -qa | grep docker
[root@fedora devops]# yum list installed docker-ce
Error: No matching Packages to list
[root@fedora devops]#

after execution

ansible-pilot $ ssh [email protected]
Last login: Mon Jan 24 18:02:56 2022 from 192.168.0.102
[devops@fedora ~]$ sudo su
[root@fedora devops]# ls -al /etc/yum.repos.d/
total 32
drwxr-xr-x. 1 root root  350 Jan 24 18:00 .
drwxr-xr-x. 1 root root 2670 Jan 24 18:02 ..
-rw-r--r--. 1 root root  204 Jan 24 18:00 docker.repo
-rw-r--r--. 1 root root  728 Oct 11 17:29 fedora-cisco-openh264.repo
-rw-r--r--. 1 root root 1302 Oct 11 17:29 fedora-modular.repo
-rw-r--r--. 1 root root 1239 Oct 11 17:29 fedora.repo
-rw-r--r--. 1 root root 1349 Oct 11 17:29 fedora-updates-modular.repo
-rw-r--r--. 1 root root 1286 Oct 11 17:29 fedora-updates.repo
-rw-r--r--. 1 root root 1391 Oct 11 17:29 fedora-updates-testing-modular.repo
-rw-r--r--. 1 root root 1344 Oct 11 17:29 fedora-updates-testing.repo
[root@fedora devops]# cat /etc/yum.repos.d/docker.repo 
[docker]
async = 1
baseurl = https://download.docker.com/linux/fedora/$releasever/$basearch/stable
enabled = 1
gpgcheck = 1
gpgkey = https://download.docker.com/linux/fedora/gpg
name = docker repository
[root@fedora devops]# rpm -qa | grep docker
docker-scan-plugin-0.12.0-3.fc35.x86_64
docker-ce-cli-20.10.12-3.fc35.x86_64
docker-ce-rootless-extras-20.10.12-3.fc35.x86_64
docker-ce-20.10.12-3.fc35.x86_64
[root@fedora devops]# yum list installed docker-ce
Installed Packages
docker-ce.x86_64                             3:20.10.12-3.fc35                              @docker
[root@fedora devops]# docker --version
Docker version 20.10.12, build e91ed57
[root@fedora devops]# docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete 
Digest: sha256:975f4b14f326b05db86e16de00144f9c12257553bba9484fed41f9b6f2257800
Status: Downloaded newer image for hello-world:latest
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/
For more examples and ideas, visit:
 https://docs.docker.com/get-started/
[root@fedora devops]#