stack_car 0.2.5 → 0.2.7

data/templates/ops/roles/docker.ubuntu/README.md

@@ -0,0 +1,148 @@
+docker_ubuntu
+========
+
+[![Build Status](https://travis-ci.org/angstwad/docker.ubuntu.svg)](https://travis-ci.org/angstwad/docker.ubuntu)
+
+Installs Docker on:
+
+* Ubuntu 12.04+
+* Debian 8.5+
+
+This role differs from other roles in that it specifically follows docker.io installation instructions for each distribution version.
+
+**Example Play**:
+```
+---
+- name: Run docker.ubuntu
+  hosts: docker
+  roles:
+    - angstwad.docker_ubuntu
+```
+
+**Please see [this playbook](https://github.com/angstwad/ansible-docker-rackspace) as a more advanced example of how to utilize this role.**
+
+Applying the role to servers is pretty simple:
+```
+- name: Install Docker on Rax Server
+  hosts: all
+  roles:
+    - angstwad.docker_ubuntu
+```
+
+Overriding the role's default variables is also pretty straightforward:
+```
+- name: Install Docker on Rax Server
+  hosts: all
+  roles:
+    - role: angstwad.docker_ubuntu
+      ssh_port: 2222
+      kernel_pkg_state: present
+```
+
+
+Requirements
+------------
+
+Requires python-pycurl for apt modules.
+
+Role Variables
+--------------
+
+These are the defaults, which can be set to present to prevent a reboot if the latest linux-image-extra, cgroup-lite packages are already installed.
+The following role variables are defined:
+
+```
+---
+# docker-engine is the default package name
+docker_pkg_name: docker-engine
+docker_apt_cache_valid_time: 600
+
+# docker dns path for docker.io package ( changed at ubuntu 14.04 from docker to docker.io )
+docker_defaults_file_path: /etc/default/docker
+
+# Important if running Ubuntu 12.04-13.10 and ssh on a non-standard port
+ssh_port: 22
+# Place to get apt repository key
+apt_key_url: hkp://p80.pool.sks-keyservers.net:80
+# apt repository key signature
+apt_key_sig: 58118E89F3A912897C070ADBF76221572C52609D
+# Name of the apt repository for docker
+apt_repository: deb https://apt.dockerproject.org/repo {{ ansible_lsb.id|lower }}-{{ ansible_lsb.codename|lower }} main
+# The following help expose a docker port or to add additional options when
+# running docker daemon.  The default is to not use any special options.
+#docker_opts: >
+#  -H unix://
+#  -H tcp://0.0.0.0:2375
+#  --log-level=debug
+docker_opts: ""
+# List of users to be added to 'docker' system group (disabled by default)
+# SECURITY WARNING: 
+# Be aware that granted users can easily get full root access on the docker host system!
+docker_group_members: []
+
+# configurable proxies: a reasonable default is to re-use the proxy from ansible_env:
+# docker_http_proxy: "{{ ansible_env.http_proxy|default('') }}"
+# Notes:
+# if docker_http_proxy==""   the role sets HTTP_PROXY="" (useful to 'empty' existing ENV var)
+# if docker_http_proxy is undefined the role will not set/modify any ENV vars
+docker_http_proxy:
+docker_https_proxy:
+
+# Flags for whether to install pip packages
+pip_install_pip: true
+pip_install_setuptools: true
+pip_install_docker_py: true
+pip_install_docker_compose: true
+install_docker_py_on_1604: false
+
+# Versions for the python packages that are installed
+pip_version_pip: latest
+pip_version_setuptools: latest
+pip_version_docker_py: latest
+pip_version_docker_compose: latest
+
+# If this variable is set to true kernel updates and host restarts are permitted.
+# Warning: Use with caution in production environments.
+kernel_update_and_reboot_permitted: no
+
+# Set to 'yes' or 'true' to enable updates (sets 'latest' in apt module)
+update_docker_package: no
+# Change these to 'present' if you're running Ubuntu 12.04-13.10 and are fine with less-than-latest packages
+kernel_pkg_state: latest
+cgroup_lite_pkg_state: latest
+dmsetup_pkg_state: latest
+# Force an install of the kernel extras, in case you're suffering from some issue related to the
+# static binary provided by upstream Docker.  For example, see this GitHub Issue in Docker:
+# https://github.com/docker/docker/issues/12750
+# Warning: Installing kernel extras is potentially interruptive/destructive and will install backported
+# kernel if running 12.04.
+install_kernel_extras: false
+# Install Xorg packages for backported kernels.  This is usually unnecessary except for environments
+# where an X/Unit desktop is actively being used. If you're not using an X/Unity on 12.04, you
+# won't need to enable this.
+install_xorg_pkgs: false
+```
+
+Dependencies
+------------
+
+None.
+
+Testing
+-------
+
+To test the role in a Vagrant environment just run `vagrant up`.  This will
+create three VMs:
+
+* Ubuntu 12.04
+* Ubuntu 14.04
+* Debian Jessie 8.5
+
+and it will provision them by applying this role with Ansible.
+
+Requires `ansible-playbook` to be in the path.
+
+License
+-------
+
+Apache v2.0

data/templates/ops/roles/docker.ubuntu/Vagrantfile

@@ -0,0 +1,63 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby ts=2 sw=2 tw=0 et :
+
+role = File.basename(File.expand_path(File.dirname(__FILE__)))
+
+ENV['ANSIBLE_ROLES_PATH'] = "../"
+
+boxes = [
+  {
+    :name => "ubuntu-1204",
+    :box => "ubuntu/precise64",
+    :ip => '10.0.77.11',
+    :cpu => "33",
+    :ram => "256"
+  },
+  {
+    :name => "ubuntu-1404",
+    :box => "ubuntu/trusty64",
+    :ip => '10.0.77.12',
+    :cpu => "33",
+    :ram => "256"
+  },
+  {
+    :name => "ubuntu-1604",
+    :box => "ubuntu/xenial64",
+    :ip => '10.0.77.13',
+    :cpu => "33",
+    :ram => "512"
+  },
+  {
+    :name => "debian-jessie",
+    :box => "debian/jessie64",
+    :ip => '10.0.77.14',
+    :cpu => "33",
+    :ram => "256"
+  },
+]
+
+Vagrant.configure("2") do |config|
+  boxes.each do |box|
+    config.vm.define box[:name] do |vms|
+      vms.vm.box = box[:box]
+      vms.vm.box_url = box[:url]
+
+      vms.vm.provider "virtualbox" do |v|
+        v.customize ["modifyvm", :id, "--cpuexecutioncap", box[:cpu]]
+        v.customize ["modifyvm", :id, "--memory", box[:ram]]
+      end
+
+      vms.vm.network :private_network, ip: box[:ip]
+
+      # neccessary for ubuntu 16.04 and harmless for the rest
+      vms.vm.provision :shell do |shell|
+        shell.inline = "DEBIAN_FRONTEND=noninteractive apt-get -y install python-simplejson"
+      end
+
+      vms.vm.provision :ansible do |ansible|
+        ansible.playbook = "tests/vagrant.yml"
+        ansible.verbose = "vv"
+      end
+    end
+  end
+end

data/templates/ops/roles/docker.ubuntu/defaults/main.yml

@@ -0,0 +1,70 @@
+---
+# docker-engine is the default package name
+docker_pkg_name: docker-engine
+docker_apt_cache_valid_time: 600
+
+# docker dns path for docker.io package ( changed at ubuntu 14.04 from docker to docker.io )
+docker_defaults_file_path: /etc/default/docker
+
+# Important if running Ubuntu 12.04-13.10 and ssh on a non-standard port
+ssh_port: 22
+# Place to get apt repository key
+apt_key_url: hkp://p80.pool.sks-keyservers.net:80
+# apt repository key signature
+apt_key_sig: 58118E89F3A912897C070ADBF76221572C52609D
+# Name of the apt repository for docker
+apt_repository: deb https://apt.dockerproject.org/repo {{ ansible_lsb.id|lower }}-{{ ansible_lsb.codename|lower }} main
+# The following help expose a docker port or to add additional options when
+# running docker daemon.  The default is to not use any special options.
+#docker_opts: >
+#  -H unix://
+#  -H tcp://0.0.0.0:2375
+#  --log-level=debug
+docker_opts: ""
+# List of users to be added to 'docker' system group (disabled by default)
+# SECURITY WARNING: 
+# Be aware that granted users can easily get full root access on the docker host system!
+docker_group_members: []
+
+# configurable proxies: a reasonable default is to re-use the proxy from ansible_env:
+# docker_http_proxy: "{{ ansible_env.http_proxy|default('') }}"
+# Notes:
+# if docker_http_proxy==""   the role sets HTTP_PROXY="" (useful to 'empty' existing ENV var)
+# if docker_http_proxy is undefined the role will not set/modify any ENV vars
+docker_http_proxy:
+docker_https_proxy:
+
+# Flags for whether to install pip packages
+pip_install_pip: true
+pip_install_setuptools: true
+pip_install_docker_py: true
+pip_install_docker_compose: true
+install_docker_py_on_1604: false
+
+# Versions for the python packages that are installed
+pip_version_pip: latest
+pip_version_setuptools: latest
+pip_version_docker_py: latest
+pip_version_docker_compose: latest
+
+# If this variable is set to true kernel updates and host restarts are permitted.
+# Warning: Use with caution in production environments.
+kernel_update_and_reboot_permitted: no
+
+# Set to 'yes' or 'true' to enable updates (sets 'latest' in apt module)
+update_docker_package: no
+
+# Change these to 'present' if you're running Ubuntu 12.04-13.10 and are fine with less-than-latest packages
+kernel_pkg_state: latest
+cgroup_lite_pkg_state: latest
+dmsetup_pkg_state: latest
+# Force an install of the kernel extras, in case you're suffering from some issue related to the
+# static binary provided by upstream Docker.  For example, see this GitHub Issue in Docker:
+# https://github.com/docker/docker/issues/12750
+# Warning: Installing kernel extras is potentially interruptive/destructive and will install backported
+# kernel if running 12.04.
+install_kernel_extras: false
+# Install Xorg packages for backported kernels.  This is usually unnecessary except for environments
+# where an X/Unit desktop is actively being used. If you're not using an X/Unity on 12.04, you
+# won't need to enable this.
+install_xorg_pkgs: false

data/templates/ops/roles/docker.ubuntu/docker.yml

@@ -0,0 +1,9 @@
+---
+- hosts: all
+  become: yes
+  roles:
+    - { role: ./,
+        docker_opts: "-H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock --dns 8.8.8.8 --dns 8.8.4.4"
+      }
+
+#- include: integration-tests.yml

data/templates/ops/roles/docker.ubuntu/handlers/main.yml

@@ -0,0 +1,13 @@
+---
+# handlers file for docker.ubuntu
+- name: Start Docker
+  service: name=docker state=started
+
+- name: Reload systemd
+  command: systemctl daemon-reload  
+
+- name: Restart docker
+  service: name=docker state=restarted
+
+- name: Restart dockerio
+  service: name=docker.io state=restarted

data/templates/ops/roles/docker.ubuntu/hosts

@@ -0,0 +1,2 @@
+[local]
+localhost

data/templates/ops/roles/docker.ubuntu/meta/main.yml

@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: Paul Durivage
+  description: Docker on Ubuntu greater than 12.04
+  license: Apache v2.0
+  min_ansible_version: 1.2
+  platforms:
+    - name: Debian
+      versions:
+        - jessie
+    - name: Ubuntu
+      versions:
+        - precise
+        - trusty
+        - xenial
+  categories:
+    - development
+    - packaging
+    - system
+dependencies: []
+  # List your role dependencies here, one per line. Only
+  # dependencies available via galaxy should be listed here.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

data/templates/ops/roles/docker.ubuntu/tasks/kernel_check_and_update.yml

@@ -0,0 +1,65 @@
+- name: Install backported trusty kernel onto 12.04
+  apt:
+    pkg: "{{ item }}"
+    state: "{{ kernel_pkg_state }}"
+    update_cache: yes
+    cache_valid_time: 600
+  with_items:
+    - linux-image-generic-lts-trusty
+    - linux-headers-generic-lts-trusty
+  register: kernel_result
+  when: "ansible_distribution_version|version_compare('12.04', '=')"
+
+- name: Install Xorg packages for backported kernels (very optional)
+  apt:
+    pkg: "{{ item }}"
+    state: installed
+    update_cache: yes
+    cache_valid_time: 600
+  with_items:
+    - xserver-xorg-lts-trusty
+    - libgl1-mesa-glx-lts-trusty
+  register: xorg_pkg_result
+  when: "install_xorg_pkgs and (kernel_result|changed or kernel_result|success)"
+
+- name: Install latest kernel for Ubuntu 13.04+
+  apt:
+    pkg: "{{ item }}"
+    state: "{{ kernel_pkg_state }}"
+    update_cache: yes
+    cache_valid_time: 600
+  with_items:
+    - "linux-image-extra-{{ ansible_kernel }}"
+    - linux-image-extra-virtual
+  when: "ansible_distribution_version|version_compare('13.04', '=')
+      or ansible_distribution_version|version_compare('13.10', '=')
+      or install_kernel_extras"
+
+# Fix for https://github.com/dotcloud/docker/issues/4568
+- name: Install cgroup-lite for Ubuntu 13.10
+  apt:
+    pkg: cgroup-lite
+    state: "{{ cgroup_lite_pkg_state }}"
+    update_cache: yes
+    cache_valid_time: 600
+  register: cgroup_lite_result
+  when: "ansible_distribution_version|version_compare('13.10', '=')"
+
+- name: Reboot instance
+  command: /sbin/shutdown -r now
+  register: reboot_result
+  when: "(ansible_distribution_version|version_compare('12.04', '=') and kernel_result|changed)
+      or (ansible_distribution_version|version_compare('13.10', '=') and cgroup_lite_result|changed)
+      or xorg_pkg_result|changed"
+
+- name: Wait for instance to come online (10 minute timeout)
+  become: no
+  local_action:
+    module: wait_for
+    host: "{{ ansible_ssh_host|default(inventory_hostname) }}"
+    port: "{{ ansible_ssh_port|default(ssh_port) }}"
+    delay: 30
+    timeout: 600
+    state: started
+  when: "(ansible_distribution_version|version_compare('12.04', '=') and reboot_result|changed)
+      or (ansible_distribution_version|version_compare('13.10', '=') and cgroup_lite_result|changed)"

data/templates/ops/roles/docker.ubuntu/tasks/main.yml

@@ -0,0 +1,261 @@
+---
+# tasks file for docker.ubuntu
+- name: Fail if not a new release of Ubuntu
+  fail:
+    msg: "{{ ansible_distribution_version }} is not an acceptable version of Ubuntu for this role"
+  when: ansible_lsb.id|lower == "ubuntu" and ( ansible_distribution_version|version_compare('12.04', '<') or ansible_distribution_version|version_compare('12.10', '=') )
+
+- name: Fail if not a new release of Debian
+  fail:
+    msg: "{{ ansible_distribution_version }} is not an acceptable version of Debian for this role"
+  when: ansible_lsb.id|lower == "debian" and ansible_distribution_version|version_compare('8.5', '<')
+
+- name: Update kernel, kernel extras, Xorg pkgs, and related tasks
+  include: kernel_check_and_update.yml
+  when: kernel_update_and_reboot_permitted or install_kernel_extras
+
+# Fix for https://github.com/docker/docker/issues/23347
+- name: Install dmsetup for Ubuntu 16.04
+  apt:
+    pkg: dmsetup
+    state: "{{ dmsetup_pkg_state }}"
+    update_cache: "{{ 'yes' if dmsetup_pkg_state=='latest' else 'no' }}"
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+  register: dmsetup_result
+  when: ansible_distribution_version|version_compare('16.04', '=')
+
+- name: Read uname
+  shell: uname -r
+  register: uname_output
+  changed_when: false
+  always_run: yes
+
+- name: Install linux-image-extra-* packages to enable AuFS driver
+  apt:
+    pkg: "{{ item }}"
+    state: present
+    update_cache: yes
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+  with_items:
+    - linux-image-extra-{{ uname_output.stdout }}
+    - linux-image-extra-virtual
+  when: ansible_distribution_version|version_compare('14.04', '>=')
+
+- name: Run dmsetup for Ubuntu 16.04
+  command: dmsetup mknodes
+  when: dmsetup_result.changed
+
+- name: Add Docker repository key
+  apt_key:
+    id: "{{ apt_key_sig }}"
+    keyserver: "{{ apt_key_url }}"
+    state: present
+  register: add_repository_key
+  ignore_errors: true
+
+- name: Alternative | Add Docker repository key
+  shell: "curl -sSL {{ apt_key_url }} | sudo apt-key add -"
+  when: add_repository_key|failed
+
+- name: HTTPS APT transport for Docker repository
+  apt:
+    name: apt-transport-https
+    state: present
+
+- name: Add Docker repository and update apt cache
+  apt_repository:
+    repo: "{{ apt_repository }}"
+    mode: '644'
+    update_cache: yes
+    state: present
+
+- name: Install (or update) docker package
+  apt:
+    name: "{{ docker_pkg_name }}"
+    state: "{{ 'latest' if update_docker_package else 'present' }}"
+    update_cache: "{{ update_docker_package }}"
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+
+- name: Set systemd playbook var
+  set_fact:
+    is_systemd: false
+  changed_when: false
+
+- name: Set systemd playbook var
+  set_fact:
+    is_systemd: true
+  when: ( ansible_lsb.id|lower == "ubuntu" and ansible_distribution_version|version_compare('15.04', '>=') or ansible_lsb.id|lower == "debian" )
+
+- name: Set docker daemon options
+  copy:
+    content: "DOCKER_OPTS=\"{{ docker_opts.rstrip() }}\""
+    dest: /etc/default/docker
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - Restart docker
+  when: docker_opts != "" and not is_systemd
+
+- name: Create systemd configuration directory for Docker service (systemd)
+  file:
+    dest: /etc/systemd/system/docker.service.d
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  when: docker_opts != "" and is_systemd
+
+- name: Set docker daemon options (systemd)
+  copy:
+    content: |
+      [Service]
+      Environment="DOCKER_OPTS={{ docker_opts.rstrip() }}"
+    dest: /etc/systemd/system/docker.service.d/env.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - Reload systemd
+    - Restart docker
+  when: docker_opts != "" and is_systemd
+
+- name: Ensure docker daemon options used (systemd)
+  template:
+    src: docker.conf
+    dest: /etc/systemd/system/docker.service.d/docker.conf
+  notify:
+    - Reload systemd
+    - Restart docker
+  when: docker_opts != "" and is_systemd
+
+- name: Fix DNS in docker.io
+  lineinfile:
+    dest: "{{ docker_defaults_file_path }}"
+    regexp: "DOCKER_OPTS="
+    line: 'DOCKER_OPTS="--dns {{ ansible_docker0.ipv4.address }}"'
+  register: dns_fix
+  notify: Restart dockerio
+  when: docker_pkg_name == 'docker.io'
+
+- meta: flush_handlers
+  when: "dns_fix|changed"
+
+- pause:
+    seconds: 1
+  when: "dns_fix|changed"
+
+# We must install pip via apt before we can use the pip module below
+- name: Install pip, python-dev package with apt
+  apt:
+    pkg: "{{ item }}"
+    state: latest
+    update_cache: yes
+    cache_valid_time: "{{ docker_apt_cache_valid_time }}"
+  with_items:
+    - python-dev
+    - python-pip
+
+# Display an informative message if the docker-compose version needs to be downgraded
+- name: Docker-compose version downgrade
+  debug:
+    msg: >-
+      Downgrading docker-compose version to {{ _pip_version_docker_compose }} because of docker-compose > 1.10
+      requiring docker python package (instead of the docker-py one) which is incompatible with the docker_container
+      module in Ansible < 2.3
+  when: pip_install_docker_compose and _pip_version_docker_compose != pip_version_docker_compose
+
+# Upgrade pip with pip to fix angstwad/docker.ubuntu/pull/35 and docker-py/issues/525
+- name: Install pip, setuptools, docker-py and docker-compose with pip
+  pip:
+    name: "{{ item.name }}"
+    state: "{{ 'latest' if item.version=='latest' else 'present' }}"
+    version: "{{ item.version if item.version!='latest' else omit }}"
+  with_items:
+    - name: pip
+      version: "{{ pip_version_pip }}"
+      install: "{{ pip_install_pip }}"
+    - name: setuptools
+      version: "{{ pip_version_setuptools }}"
+      install: "{{ pip_install_setuptools }}"
+    - name: docker-py
+      version: "{{ pip_version_docker_py }}"
+      install: "{{ pip_install_docker_py and (install_docker_py_on_1604 or not ansible_distribution_version|version_compare('16.04', '>=')) }}"
+    - name: docker-compose
+      version: "{{ _pip_version_docker_compose }}"
+      install: "{{ pip_install_docker_compose }}"
+  when: item.install|bool
+
+- name: Check if /etc/updatedb.conf exists
+  stat:
+    path: /etc/updatedb.conf
+  register: updatedb_conf_exists
+
+- name: Ensure updatedb does not index /var/lib/docker
+  lineinfile:
+    dest: /etc/updatedb.conf
+    state: present
+    backrefs: yes
+    regexp: '^PRUNEPATHS="(/var/lib/docker )?(.*)"$'
+    line: 'PRUNEPATHS="/var/lib/docker \2"'
+  when: updatedb_conf_exists.stat.exists
+
+- name: Check if /etc/default/ufw exists
+  stat:
+    path: /etc/default/ufw
+  register: ufw_default_exists
+
+- name: Change ufw default forward policy from drop to accept
+  lineinfile:
+    dest: /etc/default/ufw
+    regexp: "^DEFAULT_FORWARD_POLICY="
+    line: "DEFAULT_FORWARD_POLICY=\"ACCEPT\""
+  when: ufw_default_exists.stat.exists
+
+- name: Set docker HTTP_PROXY if docker_http_proxy defined
+  lineinfile:
+    dest: /etc/default/docker
+    regexp: "^export HTTP_PROXY="
+    line: "export HTTP_PROXY=\"{{docker_http_proxy}}\""
+    state: present
+  when: docker_http_proxy is defined and (docker_http_proxy != None)
+  notify:
+    - Restart docker
+  tags: proxy
+
+- name: Set docker HTTPS_PROXY if docker_https_proxy defined
+  lineinfile:
+    dest: /etc/default/docker
+    regexp: "^export HTTPS_PROXY="
+    line: "export HTTPS_PROXY=\"{{docker_https_proxy}}\""
+    state: present
+  when: docker_https_proxy is defined and (docker_https_proxy != None)
+  notify:
+    - Restart docker
+  tags: proxy
+
+- name: Start docker
+  service:
+    name: docker
+    state: started
+  when: docker_pkg_name.find('lxc-docker') != -1 or docker_pkg_name.find('docker-engine') != -1
+
+- name: Start docker.io
+  service:
+    name: docker.io
+    state: started
+  when: docker_pkg_name == 'docker.io'
+
+  # ATTENTION: this task can potentially create new users!
+- name: Add users to the docker group
+  user:
+    name:   "{{ item }}"
+    groups: docker
+    append: yes
+  with_items: "{{docker_group_members}}"
+  when: docker_group_members is defined
+
+- name: update facts if docker0 is not defined
+  setup:
+    filter: "ansible_docker0"
+  when: ansible_docker0 is not defined

data/templates/ops/roles/docker.ubuntu/templates/docker.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS

data/templates/ops/roles/docker.ubuntu/tests/vagrant.yml

@@ -0,0 +1,10 @@
+---
+# test file for docker.ubuntu role on vagrant
+- hosts: all
+  become: yes
+  vars:
+    docker_group_members:
+      - "{{ ansible_ssh_user }}"
+  roles:
+    - role: docker.ubuntu
+      kernel_update_and_reboot_permitted: yes

data/templates/ops/roles/docker.ubuntu/vars/main.yml

@@ -0,0 +1,9 @@
+---
+# Downgrade docker-compose version if ansible version < 2.3 and docker-compose > 1.9.0
+# Because of docker-compose 1.10+ requires docker python package (instead of the docker-py one)
+# which is incompatible with the docker_container module in Ansible < 2.3
+# TODO: update ansible version in the comparison when https://github.com/ansible/ansible/issues/20492 gets fixed.
+_pip_version_docker_compose: >-
+    {{ '1.9.0' if ansible_version.full | version_compare('2.3', '<=')
+        and (pip_version_docker_compose=='latest' or pip_version_docker_compose | version_compare('1.9.0', '>'))
+        else pip_version_docker_compose }}