purpleraft/semaphore
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update playbooks/install-standard-docker.yml

Browse Source
This commit is contained in:
Ryan Hamilton
2025-07-13 21:56:04 +00:00
parent b8dd6fdd27
commit 23c6f30c67
1 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
playbooks/install-standard-docker.yml
View File

@@ -1,5 +1,5 @@
--- ---
- name: Install Docker using official Docker documentation steps and set up /opt/docker - name: Install Docker using official Docker documentation steps and set up /opt/docker and /srv/docker
hosts: docker hosts: docker
become: true become: true
gather_facts: true gather_facts: true
@@ -8,6 +8,11 @@
docker_keyring_path: /etc/apt/keyrings/docker.asc docker_keyring_path: /etc/apt/keyrings/docker.asc
docker_repo_list_path: /etc/apt/sources.list.d/docker.list docker_repo_list_path: /etc/apt/sources.list.d/docker.list
docker_acl_path: /opt/docker docker_acl_path: /opt/docker
srv_docker_path: /srv/docker
docker_data_user: dockeruser
docker_data_group: dockerdata
docker_data_uid: 2011
docker_data_gid: 2011
tasks: tasks:
# --- Prereqs --- # --- Prereqs ---
@@ -90,6 +95,32 @@
command: setfacl -d -m g:docker:rwx {{ docker_acl_path }} command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
when: "'group:docker:rwx' not in facl_check.stdout" when: "'group:docker:rwx' not in facl_check.stdout"
# --- New: Dedicated Docker Data User/Group and /srv/docker Setup ---
- name: Create docker data group with fixed GID
group:
name: "{{ docker_data_group }}"
gid: "{{ docker_data_gid }}"
state: present
system: yes
- name: Create docker data user with fixed UID and GID
user:
name: "{{ docker_data_user }}"
uid: "{{ docker_data_uid }}"
group: "{{ docker_data_group }}"
shell: /usr/sbin/nologin
create_home: no
system: yes
state: present
- name: Ensure /srv/docker exists with correct ownership
file:
path: "{{ srv_docker_path }}"
state: directory
owner: "{{ docker_data_user }}"
group: "{{ docker_data_group }}"
mode: "0750"
handlers: handlers:
- name: Update apt cache - name: Update apt cache
apt: apt: