system-config/playbooks/roles/install-docker/tasks/Ubuntu.noble.yaml

# We currently only install docker-compose-v2 and podman from the distro
# on Ubuntu Noble. This also pulls in the docker runtime from the distro
# which we're going to not use. This approach may change if the combo
# stops working.

- name: Install docker-compose-v2 and podman and friends
  become: true
  apt:
    name:
      - docker-compose-v2
      - podman
      - uidmap
      - slirp4netns
      - fuse-overlayfs
      - containernetworking-plugins
      # This enables container network dns resolution:
      - golang-github-containernetworking-plugin-dnsname
      # TODO do we need these extra tools?
      - buildah
      - skopeo
      # Production nodes have apparmor but CI nodes don't. List it
      # explicitly here to resolve the delta. The old docker upstream
      # install path also installed apparmor.
      - apparmor
    state: present

- name: Disable docker daemon service
  # docker-compose-v2 depends on the docker service. Disable it.
  become: true
  service:
    name: docker
    state: stopped
    enabled: false

- name: Disable docker socket service
  # docker-compose-v2 depends on the docker service. Disable it.
  become: true
  service:
    name: docker.socket
    state: stopped
    enabled: false

# We add this config so that if docker starts it doesn't conflict
# with podman. Mostly belts and suspenders here.
- name: Add docker socket override config
  become: true
  copy:
    src: docker.socket.override.conf
    dest: /etc/systemd/system/docker.socket
    owner: root
    group: root
    mode: '0644'

# Configure the podman socket to pretend to be a docker socket
- name: Add podman socket override config
  become: true
  copy:
    src: podman.socket.override.conf
    dest: /etc/systemd/system/podman.socket
    owner: root
    group: root
    mode: '0644'
  register: write_podman_sock_config

- name: Reconfigure the podman services
  # We use the podman service instead
  become: true
  systemd_service:
    name: podman.socket
    daemon_reload: true
    state: restarted
    enabled: true
  when: write_podman_sock_config.changed

# Currently we assume container management will be performed by root.
# For this reason we don't do any special group management. However,
# if this changes this is a good location to update groups and reset
# the ansible ssh connection.

- name: Add docker-compose to docker compose shim
  become: true
  copy:
    src: docker-compose.shim
    dest: /usr/local/bin/docker-compose
    owner: root
    group: root
    mode: '0755'