Another try at a docker install playbook

playbooks/install-standard-docker.yml

@@ -1,62 +1,53 @@
 ---
-- name: Install Docker and standardize ACL on /opt/docker
+- name: Install Docker using official Docker documentation steps
   hosts: docker
   become: true
-  gather_facts: true
 
   vars:
-    docker_acl_path: /opt/docker
+    docker_keyring_path: /etc/apt/keyrings/docker.asc
-    docker_version_pinned: "24.0.7"
+    docker_repo_list_path: /etc/apt/sources.list.d/docker.list
 
   tasks:
-    - name: Ensure acl package is installed (for setfacl)
+    - name: Ensure required packages are installed
       apt:
-        name: acl
+        name:
+          - ca-certificates
+          - curl
         state: present
-        update_cache: true
+        update_cache: yes
 
-    - name: Install Docker via official script (only if not already installed)
+    - name: Ensure keyring directory exists
-      shell: curl -fsSL https://get.docker.com | sh
-      args:
-        creates: /usr/bin/docker
-      environment:
-        VERSION: "{{ docker_version_pinned }}"
-
-    - name: Ensure docker group exists
-      group:
-        name: docker
-        state: present
-
-    - name: Ensure Docker service is enabled and running
-      systemd:
-        name: docker
-        enabled: true
-        state: started
-
-    - name: Ensure Docker base folder exists with correct ownership
       file:
-        path: "{{ docker_acl_path }}"
+        path: /etc/apt/keyrings
         state: directory
-        owner: root
+        mode: "0755"
-        group: docker
-        mode: "0775"
 
-    - name: Check for existing default ACL on Docker folder
+    - name: Download Docker's official GPG key
-      command: getfacl --access --default {{ docker_acl_path }}
+      get_url:
-      register: facl_check
+        url: https://download.docker.com/linux/ubuntu/gpg
-      changed_when: false
+        dest: "{{ docker_keyring_path }}"
-      failed_when: false
+        mode: "0644"
+      register: docker_key_download
 
-    - name: Set default ACL for docker group if not already present
+    - name: Add Docker repository to Apt sources
-      command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
+      copy:
-      when: "'default:group:docker:rwx' not in facl_check.stdout"
+        dest: "{{ docker_repo_list_path }}"
+        content: |
+          deb [arch={{ ansible_architecture }} signed-by={{ docker_keyring_path }}] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable
+      notify: Update apt cache
 
-    - name: Show installed Docker version
+    - name: Install Docker packages
-      command: docker --version
+      apt:
-      register: docker_current_version
+        name:
-      changed_when: false
+          - docker-ce
-      failed_when: false
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+        state: present
+        update_cache: no # already handled by handler
 
-    - name: Print installed Docker version
+  handlers:
-      debug:
+    - name: Update apt cache
-        msg: "{{ docker_current_version.stdout }}"
+      apt:
+        update_cache: yes