I'm thinking about no longer setting up a virtualenv, pip installing docker / docker compose and switching the docker_login module to a shell script

[nickjj]

Docker Compose v2 is now solid enough to use in production and you can apt install it with docker-compose-plugin.

There's a decent amount of complexity in this role related to setting up a proper Python virtualenv and then also pip installing both docker and docker-compose. The docker package is to be able to use Ansible's docker_* modules and docker-compose is to use the Docker Compose v1 binary.

I'm thinking about removing the virtualenv and all of the pip installed packages then install Docker Compose v2 with the new plugin.

However, there's 2 dilemmas here:

1. This role uses the docker_login module to handle authenticating to a private registry
2. Folks out there might be using other docker_* modules in their own roles after using this role to install Docker

I can get around the first one pretty easily by no longer using docker_login and instead have a shell script which calls the docker binary directly. I can probably also do it in a backwards compatible way without you having to change your inventory configuration but I don't want to make any guarantees, but just glancing at it, I'm about 85% sure I can.

The second one is more tricky. Technically you can apt install python3-docker which will give Ansible access to use the docker_* modules which means the docker_login task could even stick around as is and the problem is solved but the concern is Docker doesn't manage this package. Each distro has its own version of this package and it's quite outdated from what's in pip so you may run to into API compatibility issues.

PyPI has docker version 6.0 at the time of making this comment.

Each distro has a different version of python3-docker that you can apt install:

• Ubuntu 20.04 has version 4.1 (Oct 2019)
• Ubuntu 22.04 has version 5.0 (Oct 2021)
• Debian 10 has version 3.4 (Jun 2018)
• Debian 11 has version 4.1 (Oct 2019)

I think our options are:

1. Leave everything how it is but still use Docker Compose v2 while no longer pip installing docker-compose, this would leave the virtualenv code in place and the pip installation logic to install just the docker package
2. Get rid of everything Python related and use a shell script to login to a registry

For number 2, if you want to use other Ansible `docker_modules outside of this role you can customizedocker__package_dependenciesto addpython3-docker` then deal with any potential API compatibilities from using an older version of that package.*

What do you think?

[nickjj]

I slept on it and I think I arrived at a reasonable solution based on the first option proposed above but with a few differences.

• We can leave things as they are now and pip install both docker and docker-compose
• Introduce a new docker__compose_v2_version: "" role default to control installing Docker Compose v2 (with pin support)

At this point the role will install both v1 and v2 which is fine because they can both co-exist. However if you wanted to prevent v1 from being installed this role already makes that easy. You can set docker__pip_docker_compose_state: "absent" and you're good to go.

These sets of changes are all backwards compatible, you'll always get v2 (because v2 is the future and stable at this point) and can opt-out of v1 if you want. In the future I may change the role to default to docker__pip_docker_compose_state: "absent" once more folks are used to using v2 but this default switch won't be in the next release.

I've already done these changes locally and tested it fully, it works. I'll commit and push them once I do a bit more clean up on this role. There's a few unrelated internal refactors that I'd like to do.

[nickjj]

This has been implemented in https://github.com/nickjj/ansible-docker/commit/ecae9c9f89cd230f209750315cf3a9e606bdf59d and it's available in v2.2.0 of this role.