From 4c467bf47401c408b3eca719f18aa5d34013d901 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 16 Sep 2021 14:13:51 +0200
Subject: docker and containerd: apt pinning vs package hold

---
 roles/docker/engine/tasks/main.yml | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

(limited to 'roles/docker/engine/tasks')

diff --git a/roles/docker/engine/tasks/main.yml b/roles/docker/engine/tasks/main.yml
index b6f5bb12..d07d6d63 100644
--- a/roles/docker/engine/tasks/main.yml
+++ b/roles/docker/engine/tasks/main.yml
@@ -26,6 +26,21 @@
   include_role:
     name: "apt-repo/{{ docker_pkg_provider }}"
 
+- name: generate apt pin file for docker package
+  when: docker_pkg_version is defined
+  copy:
+    dest: "/etc/apt/preferences.d/{{ docker_pkg_name }}.pref"
+    content: |
+      Package: {{ docker_pkg_name }}
+      Pin: version {{ docker_pkg_version }}
+      Pin-Priority: 1001
+
+- name: remove apt pin file for docker package
+  when: docker_pkg_version is not defined
+  file:
+    path: "/etc/apt/preferences.d/{{ docker_pkg_name }}.pref"
+    state: absent
+
 - name: install docker
   apt:
     name:
@@ -33,15 +48,15 @@
     - "{{ python_basename }}-docker"
     state: present
     force: yes
-    ## TODO: remove force once the following changes are available
-    ##   https://github.com/ansible/ansible/pull/73629 or https://github.com/ansible/ansible/pull/72562
+    # allow_downgrade: yes
+    ## TODO: replace force with allow_downgrade once the following change is available (ansible >= 5.0)
     ##   https://github.com/ansible/ansible/pull/74852
 
-- name: disable automatic upgrades for docker package
-  when: docker_pkg_version is defined
+  ## TODO: remove this when all machines are migrated to use pin files
+- name: unhold packages (we now use APT pinning)
   dpkg_selections:
     name: "{{ docker_pkg_name }}"
-    selection: hold
+    selection: install
 
 - name: start and enable docker
   service:
-- 
cgit v1.2.3