search

LemmyNet / lemmy-ansible

A docker deploy for ansible
GNU Affero General Public License v3.0
248 stars 92 forks source link

configure jammy++ docker binaries #116

Closed eslerm closed 1 year ago

eslerm commented 1 year ago

lemmy-ansible uses deprecated apt-key and Docker's apt repo is only configured for Ubuntu 20.04 (Focal) binaries.

To reproduce run lemmy-ansible on an Ubuntu 22.04 (Jammy) vm. Login and check apt configuration:

eslerm@sec-jammy-amd64:~$ sudo cat /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list
deb https://download.docker.com/linux/ubuntu focal stable
eslerm@sec-jammy-amd64:~$ sudo apt update
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:3 https://download.docker.com/linux/ubuntu focal InRelease
Hit:4 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
35 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
N: Skipping acquire of configured file 'stable/binary-i386/Packages' as repository 'https://download.docker.com/linux/ubuntu focal InRelease' doesn't support architecture 'i386'

This commit makes apt configuration conditional on release number. The pre-Jammy configurations were left as is. Jammy++ configs adapt to ansible_distribution_release (i.e., jammy, kinetic, lunar, and mantic get the correct binaries) and use the signed-by apt config, which replaces apt-key and is suggested by Docker. I did not dearmor the key as Docker suggested for Ansible convinence. Please verify the checksum. The README.me says that Debian-based vms are supported, but that's was not the case for Docker binaries before or with this commit.

I tested the patch on Focal, Jammy, and Lunar. Focal and Lunar failed after apt config unrelated preexisting issues (https://github.com/LemmyNet/lemmy-ansible/issues/54 in the case of Lunar). This fixes https://github.com/LemmyNet/lemmy-ansible/issues/61 and partially resolves https://github.com/LemmyNet/lemmy-ansible/issues/82

eslerm commented 1 year ago

please squash :)

Nutomic commented 1 year ago

Thanks! This would be so much easier if we just used Docker from Ubuntu repos...

eslerm commented 1 year ago

This would be so much easier if we just used Docker from Ubuntu repos...

After a new Ubuntu Release starts, most packages in the previous release are version locked and only receive security updates except for extraordinary circumstances. That's why Docker suggests using their repos. Using the docker snap could fit the same need though.

With this merge, the Docker repos are now only added when: ansible_distribution == 'Ubuntu'. Please be aware that Debian and other distros need explicit support now (the merge removed implicit support using incorrect configs).