From f3885aa589975eea0f6ccbd5dd6981df8976e09b Mon Sep 17 00:00:00 2001
From: Etienne Champetier <champetier.etienne@gmail.com>
Date: Thu, 7 Jan 2021 17:16:34 -0500
Subject: [PATCH] docker: stop using apt force

Here the desciption from Ansible docs
Corresponds to the --force-yes to apt-get and implies allow_unauthenticated: yes
This option will disable checking both the packages' signatures and the certificates of the web servers they are downloaded from.
This option *is not* the equivalent of passing the -f flag to apt-get on the command line
**This is a destructive operation with the potential to destroy your system, and it should almost never be used.** Please also see man apt-get for more information.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
---
 roles/container-engine/docker/tasks/main.yml  | 14 +++++++++++++-
 roles/container-engine/docker/vars/debian.yml |  3 ---
 roles/container-engine/docker/vars/ubuntu.yml |  3 ---
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml
index f90e40d0f..04bbd3bd0 100644
--- a/roles/container-engine/docker/tasks/main.yml
+++ b/roles/container-engine/docker/tasks/main.yml
@@ -108,6 +108,17 @@
     - ansible_distribution in ["CentOS","RedHat"] and not is_ostree
     - yum_result.results | length == 0
 
+- name: Remove dpkg hold
+  dpkg_selections:
+    name: "{{ item }}"
+    selection: install
+  when: ansible_pkg_mgr == 'apt'
+  changed_when: false
+  with_items:
+    - containerd
+    - docker-ce
+    - docker-ce-cli
+
 - name: ensure docker packages are installed
   action: "{{ docker_package_info.pkg_mgr }}"
   args:
@@ -142,7 +153,8 @@
   dpkg_selections:
     name: "{{ item }}"
     selection: hold
-  when: ansible_os_family in ["Debian"]
+  when: ansible_pkg_mgr == 'apt'
+  changed_when: false
   with_items:
     - docker-ce
     - docker-ce-cli
diff --git a/roles/container-engine/docker/vars/debian.yml b/roles/container-engine/docker/vars/debian.yml
index 3819570b8..ce4605a8e 100644
--- a/roles/container-engine/docker/vars/debian.yml
+++ b/roles/container-engine/docker/vars/debian.yml
@@ -18,11 +18,8 @@ docker_package_info:
   pkg_mgr: apt
   pkgs:
     - name: "{{ containerd_versioned_pkg[containerd_version | string] }}"
-      force: yes
     - name: "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}"
-      force: yes
     - name: "{{ docker_versioned_pkg[docker_version | string] }}"
-      force: yes
 
 docker_repo_key_info:
   pkg_key: apt_key
diff --git a/roles/container-engine/docker/vars/ubuntu.yml b/roles/container-engine/docker/vars/ubuntu.yml
index 8a4bdb46c..0143695a3 100644
--- a/roles/container-engine/docker/vars/ubuntu.yml
+++ b/roles/container-engine/docker/vars/ubuntu.yml
@@ -18,11 +18,8 @@ docker_package_info:
   pkg_mgr: apt
   pkgs:
     - name: "{{ containerd_versioned_pkg[containerd_version | string] }}"
-      force: yes
     - name: "{{ docker_cli_versioned_pkg[docker_cli_version | string] }}"
-      force: yes
     - name: "{{ docker_versioned_pkg[docker_version | string] }}"
-      force: yes
 
 docker_repo_key_info:
   pkg_key: apt_key
-- 
GitLab