Update docker role

2022-10-27 23:43:08 +02:00 · 2022-10-27 23:43:08 +02:00 · 5a452f5687
commit 5a452f5687
parent 97d923feb1
6 changed files with 31 additions and 102 deletions
--- a/tasks/Debian.yml
+++ b/tasks/Debian.yml
@ -1,14 +1,21 @@
 ---
- name: add docker apt key
-  apt_key:
-    url: https://download.docker.com/linux/ubuntu/gpg
-    state: present
+#- name: Add docker apt key
+#  ansible.builtin.get_url:
+#    url: https://download.docker.com/linux/ubuntu/gpg.asc
+#    dest: /etc/apt/keyrings/docker.gpg
+#  when:
+#    - docker_ver == "docker_ce"
+- name: Add docker apt key
+  ansible.builtin.copy:
+    src: etc/apt/keyrings/docker.gpg
+    dest: /etc/apt/keyrings/docker.gpg
  when:
    - docker_ver == "docker_ce"

- name: add docker repository
+- name: Add docker repository
  apt_repository:
-    repo: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable'
+    repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable'
+    filename: docker-ce
    state: present
    update_cache: yes
  when:
@ -28,6 +35,13 @@
  when:
    - not docker_installed.stat.exists

+- name: Check whether ufw status is active
+  shell: ufw status
+  changed_when: False
+  ignore_errors: True
+  register: ufw_check
+  check_mode: false
+
 - name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated"
  lineinfile:
    dest: /etc/default/ufw
@ -35,6 +49,7 @@
    line: '\1ACCEPT"'
    backrefs: yes
  notify: reload ufw
+  when: "'inactive' not in ufw_check.stdout"
  tags: [docker,firewall]

 # Need Certificat ? Only in local