Ansible cannot install docker-ce ; local install possible ;

#raspberry
#docker-ce

Hi - desperately seeking help with ansible installing docker-ce on raspberry pi 3b+

uname - a
Linux rpi1b 6.6.28+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.28-1+rpt1 (2024-04-22) aarch64 GNU/Linux

the os is raspberry os 64-bit lite.

In order to install docker-ce on several pis (want to do a cluster/docker swarm) I have written the following playbook:

---
- name: Setup Raspberry Pi nodes
  hosts: rpi1b.local
  become: true
  gather_facts: true

  vars_files:
    - vault.yml

  tasks:
    - name: uninstall docker installations from distributions
      become: true
      apt:
        name:
          - docker
          - docker-engine
          - docker.io
          - containerd
          - runc
          - podman-docker
          - docker-doc
        state: absent
        purge: yes

    - name: Install dependencies for Docker
      apt:
        name:
          - apt-transport-https
          - ca-certificates
          - curl
          - software-properties-common
          - python3-pip
          - virtualenv
          - python3-setuptools
          - gnupg
        state: latest
        update_cache: yes

    - name: Remove existing tmp Docker GPG key if present
      file:
        path: /tmp/docker.gpg
        state: absent
      become: true

    - name: Download Docker's official GPG key
      command: curl -fsSL -o /tmp/docker.gpg https://download.docker.com/linux/raspbian/gpg
      become: true

    - name: Remove existing Docker GPG key if present
      file:
        path: /usr/share/keyrings/docker-archive-keyring.gpg
        state: absent
      become: true

    - name: Add Docker's official GPG key to keyring
      command: gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg /tmp/docker.gpg
      become: true

    - name: Verify Docker GPG key
      shell: apt-key list | grep -i docker
      register: docker_key_check
      ignore_errors: true

    - name: Debug Docker GPG key verification
      debug:
        msg: "{{ docker_key_check.stdout }}"

    - name: Read /etc/os-release
      slurp:
        src: /etc/os-release
      register: os_release_content

    - name: Set fact for OS release content
      set_fact:
        os_release_data: "{{ os_release_content.content | b64decode }}"

    - name: Extract VERSION_CODENAME from /etc/os-release
      set_fact:
        version_codename: "{{ os_release_data.split('\n') | select('match', '^VERSION_CODENAME=') | list | first | regex_replace('^VERSION_CODENAME=', '') }}"

    - name: Debug VERSION_CODENAME
      debug:
        msg: "VERSION_CODENAME is {{ version_codename }}"

    - name: Get system architecture
      command: uname -m
      register: architecture

    - name: Set fact for architecture
      set_fact:
        arch: "{{ (architecture.stdout == 'aarch64') | ternary('arm64', 'armhf') }}"

    - name: Debug system architecture
      debug:
        msg: "System architecture is {{ arch }}"

    - name: Remove existing /etc/apt/sources.list.d if present
      file:
        path: /etc/apt/sources.list.d/download_docker_com_linux_raspbian.list
        state: absent
      become: true

    - name: Add Docker repository
      become: true
      apt_repository:
        repo: deb [arch={{ arch }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/raspbian {{ version_codename }} stable
        state: present
        update_cache: true

    - name: Wait for apt cache to be updated
      pause:
        seconds: 10

    - name: Run 'apt list docker-ce'
      command: apt list docker-ce
      register: docker_ce_list

    - name: Display the output of 'apt list docker-ce'
      debug:
        msg: "{{ docker_ce_list.stdout }}"

    - name: Run 'apt-get install -s docker-ce'
      command: apt-get install -s docker-ce
      register: docker_ce_list_apt_get

    - name: Display the output of 'apt-get install -s docker-ce'
      debug:
        msg: "{{ docker_ce_list_apt_get.stdout }}"

    - name: Install Docker
      become: true
      apt:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-compose
        state: present
        update_cache: true

The package docker-ce cannot be found - the list is empty:

TASK [Display the output of 'apt list docker-ce'] **********************************************************************************************************************************************************************************************************************************************************
ok: [rpi1b.local] => {
    "msg": "Listing..."
}

When I manually change

deb [arch={{ arch }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/raspbian {{ version_codename }} stable 

to

deb [arch=armhf signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/raspbian {{ version_codename }} stable

then the listing is not empty anymore - apt list docker-ce returns a value

TASK [Display the output of 'apt list docker-ce'] **********************************************************************************************************************************************************************************************************************************************************
ok: [rpi1b.local] => {
    "msg": "Listing...\ndocker-ce/bookworm 5:26.1.3-1~raspbian.12~bookworm armhf"
}

But still, the docker-ce is unknown!

TASK [Install Docker] **************************************************************************************************************************************************************************************************************************************************************************************
fatal: [rpi1b.local]: FAILED! => {"changed": false, "msg": "No package matching 'docker-ce' is available"}

When I try to install it in the console on the pi - no problem.

Can you find some hint, why this does not work?
Question one: why is the arm64 arch not working at all - neither by ansible nor by console?
Question two: why is the armhf working in the console and in the task with the list but does not install?

Thanks for some hints!

Andreas.

I’ve a working Docker role that is tested using GitLab CI and Molecule on Debian and Ubuntu LTS, but only x86, not arm64, if that helps at all…

Hi,

2 things:

repo: deb [arch={{ arch }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/raspbian {{ version_codename }} stable

Quote that, so jinja2 vars can get extrapolated.

Try getting the architecture using dpkg --print-architecture instead of uname -m, as suggested here.

1 Like

I install a Bash script in /etc/ansible/facts.d which results in ansible_facts.ansible_local.dpkg.arch containing the output from dpkg --print-architecture for use in apt sources.d files.

1 Like

Thanks for your input so far.
No progress.

sudo lshw | head -6
rpi1b                       
    description: Computer
    product: Raspberry Pi 3 Model B Rev 1.2
    serial: 00000000XXXXX
    width: 64 bits
    capabilities: smp cp15_barrier setend swp tagged_addr_disabled

so 64 is ok…!!! but the corresponding arch does not work…

The playlist looks now like this:

---
- name: Setup Raspberry Pi nodes
  hosts: rpi1b.local
  become: true
  gather_facts: true

  vars_files:
    - vault.yml

  tasks:
    - name: Uninstall Docker installations from distributions
      ansible.builtin.apt:
        name:
          - docker
          - docker-engine
          - docker.io
          - containerd
          - runc
          - podman-docker
          - docker-doc
        state: absent
        purge: true
      become: true

    - name: Install dependencies for Docker
      ansible.builtin.apt:
        name:
          - apt-transport-https
          - ca-certificates
          - curl
          - software-properties-common
          - python3-pip
          - virtualenv
          - python3-setuptools
          - gnupg2
        state: present
        update_cache: true
      become: true

    - name: Remove existing tmp Docker GPG key if present
      ansible.builtin.file:
        path: /tmp/docker.gpg
        state: absent
      become: true

    - name: Download Docker's official GPG key
      get_url:
        url: https://download.docker.com/linux/raspbian/gpg
        dest: /tmp/docker.gpg
      become: true
      changed_when: false

    - name: Remove existing Docker GPG key if present
      ansible.builtin.file:
        path: /usr/share/keyrings/docker-archive-keyring.gpg
        state: absent
      become: true

    - name: Add Docker's official GPG key to keyring
      ansible.builtin.command: gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg /tmp/docker.gpg
      become: true
      changed_when: false

    - name: Verify Docker GPG key
      ansible.builtin.command: apt-key list | grep -i docker
      register: docker_key_check
      ignore_errors: true
      changed_when: false

    - name: Debug Docker GPG key verification
      ansible.builtin.debug:
        msg: "{{ docker_key_check.stdout }}"

    - name: Read /etc/os-release
      ansible.builtin.slurp:
        src: /etc/os-release
      register: os_release_content


    - name: Set fact for OS release content
      ansible.builtin.set_fact:
        os_release_data: "{{ os_release_content.content | b64decode }}"

    - name: Extract VERSION_CODENAME from /etc/os-release
      ansible.builtin.set_fact:
        version_codename: "{{ os_release_data.split('\n') | select('match', '^VERSION_CODENAME=') | list | first | regex_replace('^VERSION_CODENAME=', '') }}"
      vars:
        ansible_become: true
      become: true

    - name: Debug VERSION_CODENAME
      ansible.builtin.debug:
        msg: "VERSION_CODENAME is {{ version_codename }}"

    - name: Get system architecture
      ansible.builtin.command: dpkg --print-architecture
      register: architecture
      changed_when: false

    - name: Set fact for architecture
      ansible.builtin.set_fact:
        arch: "{{ architecture.stdout }}"

    - name: Debug system architecture
      ansible.builtin.debug:
        msg: "System architecture is {{ arch }}"

    - name: Remove existing /etc/apt/sources.list.d if present
      ansible.builtin.file:
        path: /etc/apt/sources.list.d
        state: absent
      become: true

    - name: Add Docker repository
      ansible.builtin.apt_repository:
        repo: "deb [arch={{ arch }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
               https://download.docker.com/linux/raspbian {{ version_codename }} stable"
        state: present
        update_cache: true
      become: true

    - name: Wait for apt cache to be updated
      ansible.builtin.pause:
        seconds: 10


    - name: Run 'apt list docker-ce'
      ansible.builtin.command: apt list docker-ce
      changed_when: false
      register: docker_ce_list

    - name: Display the output of 'apt list docker-ce'
      ansible.builtin.debug:
        msg: "{{ docker_ce_list.stdout }}"

    - name: Install Docker
      ansible.builtin.apt:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-compose
        state: present
        update_cache: true
      become: true
This is the output of the ansible-playbook
> ansible-playbook  test_docker.yml  --ask-vault-password -vv
ansible-playbook [core 2.16.7]
  config file = /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/ansible.cfg
  configured module search path = ['/Users/andreas/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /opt/homebrew/Cellar/ansible/9.6.0/libexec/lib/python3.12/site-packages/ansible
  ansible collection location = /Users/andreas/.ansible/collections:/usr/share/ansible/collections
  executable location = /opt/homebrew/bin/ansible-playbook
  python version = 3.12.3 (main, Apr  9 2024, 08:09:14) [Clang 15.0.0 (clang-1500.3.9.4)] (/opt/homebrew/Cellar/ansible/9.6.0/libexec/bin/python)
  jinja version = 3.1.4
  libyaml = True
Using /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/ansible.cfg as config file
Vault password: 
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: test_docker.yml ************************************************************************************************************************************************************************************************************************************************************************
1 plays in test_docker.yml

PLAY [Setup Raspberry Pi nodes] ******************************************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***************************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:2
ok: [rpi1b.local]

TASK [Uninstall Docker installations from distributions] *****************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:11
ok: [rpi1b.local] => {"changed": false}

TASK [Install dependencies for Docker] ***********************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:25
ok: [rpi1b.local] => {"cache_update_time": 1716748315, "cache_updated": false, "changed": false}

TASK [Remove existing tmp Docker GPG key if present] *********************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:40
changed: [rpi1b.local] => {"changed": true, "path": "/tmp/docker.gpg", "state": "absent"}

TASK [Download Docker's official GPG key] ********************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:46
ok: [rpi1b.local] => {"changed": false, "checksum_dest": null, "checksum_src": "f5b5bd1487cefc0c53c947e11ca202e86b33dbad", "dest": "/tmp/docker.gpg", "elapsed": 0, "gid": 0, "group": "root", "md5sum": "1afae06b34a13c1b3d9cb61a26285a15", "mode": "0644", "msg": "OK (3817 bytes)", "owner": "root", "size": 3817, "src": "/home/andreas/.ansible/tmp/ansible-tmp-1716749366.207291-16219-26026928040524/tmpmpa7dkvq", "state": "file", "status_code": 200, "uid": 0, "url": "https://download.docker.com/linux/raspbian/gpg"}

TASK [Remove existing Docker GPG key if present] *************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:53
changed: [rpi1b.local] => {"changed": true, "path": "/usr/share/keyrings/docker-archive-keyring.gpg", "state": "absent"}

TASK [Add Docker's official GPG key to keyring] **************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:59
ok: [rpi1b.local] => {"changed": false, "cmd": ["gpg", "--dearmor", "-o", "/usr/share/keyrings/docker-archive-keyring.gpg", "/tmp/docker.gpg"], "delta": "0:00:00.018942", "end": "2024-05-26 20:49:30.805302", "msg": "", "rc": 0, "start": "2024-05-26 20:49:30.786360", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}

TASK [Verify Docker GPG key] *********************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:64
ok: [rpi1b.local] => {"changed": false, "cmd": ["apt-key", "list", "|", "grep", "-i", "docker"], "delta": "0:00:00.501643", "end": "2024-05-26 20:49:32.489791", "msg": "", "rc": 0, "start": "2024-05-26 20:49:31.988148", "stderr": "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).", "stderr_lines": ["Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))."], "stdout": "pub   rsa4096 2017-02-22 [SCEA]\n      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88\nuid           [ unknown] Docker Release (CE deb) <docker@docker.com>\nsub   rsa4096 2017-02-22 [S]", "stdout_lines": ["pub   rsa4096 2017-02-22 [SCEA]", "      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88", "uid           [ unknown] Docker Release (CE deb) <docker@docker.com>", "sub   rsa4096 2017-02-22 [S]"]}

TASK [Debug Docker GPG key verification] *********************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:70
ok: [rpi1b.local] => {
    "msg": "pub   rsa4096 2017-02-22 [SCEA]\n      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88\nuid           [ unknown] Docker Release (CE deb) <docker@docker.com>\nsub   rsa4096 2017-02-22 [S]"
}

TASK [Read /etc/os-release] **********************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:74
ok: [rpi1b.local] => {"changed": false, "content": "UFJFVFRZX05BTUU9IkRlYmlhbiBHTlUvTGludXggMTIgKGJvb2t3b3JtKSIKTkFNRT0iRGViaWFuIEdOVS9MaW51eCIKVkVSU0lPTl9JRD0iMTIiClZFUlNJT049IjEyIChib29rd29ybSkiClZFUlNJT05fQ09ERU5BTUU9Ym9va3dvcm0KSUQ9ZGViaWFuCkhPTUVfVVJMPSJodHRwczovL3d3dy5kZWJpYW4ub3JnLyIKU1VQUE9SVF9VUkw9Imh0dHBzOi8vd3d3LmRlYmlhbi5vcmcvc3VwcG9ydCIKQlVHX1JFUE9SVF9VUkw9Imh0dHBzOi8vYnVncy5kZWJpYW4ub3JnLyIK", "encoding": "base64", "source": "/etc/os-release"}

TASK [Set fact for OS release content] ***********************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:80
ok: [rpi1b.local] => {"ansible_facts": {"os_release_data": "PRETTY_NAME=\"Debian GNU/Linux 12 (bookworm)\"\nNAME=\"Debian GNU/Linux\"\nVERSION_ID=\"12\"\nVERSION=\"12 (bookworm)\"\nVERSION_CODENAME=bookworm\nID=debian\nHOME_URL=\"https://www.debian.org/\"\nSUPPORT_URL=\"https://www.debian.org/support\"\nBUG_REPORT_URL=\"https://bugs.debian.org/\"\n"}, "changed": false}

TASK [Extract VERSION_CODENAME from /etc/os-release] *********************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:84
ok: [rpi1b.local] => {"ansible_facts": {"version_codename": "bookworm"}, "changed": false}

TASK [Debug VERSION_CODENAME] ********************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:91
ok: [rpi1b.local] => {
    "msg": "VERSION_CODENAME is bookworm"
}

TASK [Get system architecture] *******************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:95
ok: [rpi1b.local] => {"changed": false, "cmd": ["dpkg", "--print-architecture"], "delta": "0:00:00.013082", "end": "2024-05-26 20:49:35.050320", "msg": "", "rc": 0, "start": "2024-05-26 20:49:35.037238", "stderr": "", "stderr_lines": [], "stdout": "arm64", "stdout_lines": ["arm64"]}

TASK [Set fact for architecture] *****************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:100
ok: [rpi1b.local] => {"ansible_facts": {"arch": "arm64"}, "changed": false}

TASK [Debug system architecture] *****************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:104
ok: [rpi1b.local] => {
    "msg": "System architecture is arm64"
}

TASK [Remove existing /etc/apt/sources.list.d if present] ****************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:108
changed: [rpi1b.local] => {"changed": true, "path": "/etc/apt/sources.list.d", "state": "absent"}

TASK [Add Docker repository] *********************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:114
changed: [rpi1b.local] => {"changed": true, "repo": "deb [arch=arm64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/raspbian bookworm stable", "sources_added": ["/etc/apt/sources.list.d/download_docker_com_linux_raspbian.list"], "sources_removed": [], "state": "present"}

TASK [Wait for apt cache to be updated] **********************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:122
Pausing for 10 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [rpi1b.local] => {"changed": false, "delta": 10, "echo": true, "rc": 0, "start": "2024-05-26 20:49:53.740916", "stderr": "", "stdout": "Paused for 10.0 seconds", "stop": "2024-05-26 20:50:03.744754", "user_input": ""}

TASK [Run 'apt list docker-ce'] ******************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:127
ok: [rpi1b.local] => {"changed": false, "cmd": ["apt", "list", "docker-ce"], "delta": "0:00:01.846197", "end": "2024-05-26 20:50:06.726318", "msg": "", "rc": 0, "start": "2024-05-26 20:50:04.880121", "stderr": "\nWARNING: apt does not have a stable CLI interface. Use with caution in scripts.", "stderr_lines": ["", "WARNING: apt does not have a stable CLI interface. Use with caution in scripts."], "stdout": "Listing...", "stdout_lines": ["Listing..."]}

TASK [Display the output of 'apt list docker-ce'] ************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:132
ok: [rpi1b.local] => {
    "msg": "Listing..."
}

TASK [Install Docker] ****************************************************************************************************************************************************************************************************************************************************************************
task path: /Users/andreas/Library/Mobile Documents/com~apple~CloudDocs/Programming/_it_umgebung_/ansible/test_docker.yml:136
fatal: [rpi1b.local]: FAILED! => {"changed": false, "msg": "No package matching 'docker-ce' is available"}

PLAY RECAP ***************************************************************************************************************************************************************************************************************************************************************************************
rpi1b.local                : ok=21   changed=4    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0  

sorry not working with pi

Notice how there are only binaries for armhf architecture in raspbian repo: Index of linux/raspbian/dists/bookworm/stable/, whereas binaries for your architecture (arm64) are available for debian here.

So either force your arch to match ‘armhf’ and continue to use raspbian repo, or switch to the debian one. This is the one I use on my Raspberry Pi (still on Bullseye though -_-).

1 Like

Thanks! Worked great!
Using now debian

2 Likes