Upgrade ansible-role-docker (7.1.0 -> 7.2.0) and add migration task for old installations

Related to:

- https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/3337
- https://github.com/geerlingguy/ansible-role-docker/pull/436
- 3a4e58c34d

roles/mash/playbook_migration/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+
+# Controls if the old apt repository for Docker (`signed-by=/etc/apt/trusted.gpg.d/docker.asc`) will be removed,
+# so that the Docker role (7.2.0+) can install a new non-conflicting one (`signed-by=/etc/apt/keyrings/docker.asc`).
+#
+# Without this migration, the role would choke at the "galaxy/docker : Add Docker repository." task when trying to add the repository again:
+# > An exception occurred during task execution. To see the full traceback, use -vvv. The error was: apt_pkg.Error: E:Conflicting values set for option Signed-By regarding source https://download.docker.com/linux/ubuntu/ focal: /etc/apt/trusted.gpg.d/docker.asc != /etc/apt/keyrings/docker.asc, E:The list of sources could not be read.
+#
+# Related to: https://github.com/geerlingguy/ansible-role-docker/pull/436
+mash_playbook_migration_docker_trusted_gpg_d_migration_enabled: true
+mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path: "/etc/apt/sources.list.d/docker.list"

roles/mash/playbook_migration/tasks/debian_docker_trusted_gpg_d_migration_migration.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Check if the Docker apt repository file exists
+  ansible.builtin.stat:
+    path: "{{ mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+  register: mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_status
+
+- when: mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_status.stat.exists | bool
+  block:
+    - name: Read repository file
+      ansible.builtin.slurp:
+        path: "{{ mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+      register: mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_content
+
+    - name: Remove Docker apt repository file if old key path found
+      when: "'/etc/apt/trusted.gpg.d/docker.asc' in mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path_content.content | b64decode"
+      ansible.builtin.file:
+        path: "{{ mash_playbook_migration_docker_trusted_gpg_d_migration_repository_path }}"
+        state: absent

roles/mash/playbook_migration/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- when: ansible_os_family == 'Debian' and mash_playbook_docker_installation_enabled | bool and mash_playbook_migration_docker_trusted_gpg_d_migration_enabled | bool
+  tags:
+    - setup-all
+    - install-all
+    - setup-docker
+    - install-docker
+  block:
+    - ansible.builtin.include_tasks: "{{ role_path }}/tasks/debian_docker_trusted_gpg_d_migration_migration.yml"

templates/requirements.yml

@@ -57,7 +57,7 @@
   name: container_socket_proxy
   activation_prefix: devture_traefik_
 - src: git+https://github.com/geerlingguy/ansible-role-docker
-  version: 7.1.0
+  version: 7.2.0
   name: docker
   activation_prefix: mash_playbook_docker_installation_enabled
 - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-docker-registry.git

templates/setup.yml

@@ -10,8 +10,9 @@
         - install-all
     # /role-specific:playbook_help
 
-    # No role-specific checks here, as it's a local role that is always installed.
+    # No role-specific checks here. Local roles are always installed.
     - role: mash/playbook_base
+    - role: mash/playbook_migration
 
     # role-specific:systemd_docker_base
     # This role has no tasks at all