Update playbooks/install-standard-docker.yml

2025-07-13 21:56:04 +00:00
parent b8dd6fdd27
commit 23c6f30c67
1 changed files with 32 additions and 1 deletions
--- a/playbooks/install-standard-docker.yml
+++ b/playbooks/install-standard-docker.yml
@@ -1,5 +1,5 @@
 ---
- name: Install Docker using official Docker documentation steps and set up /opt/docker
+- name: Install Docker using official Docker documentation steps and set up /opt/docker and /srv/docker
  hosts: docker
  become: true
  gather_facts: true
@@ -8,6 +8,11 @@
    docker_keyring_path: /etc/apt/keyrings/docker.asc
    docker_repo_list_path: /etc/apt/sources.list.d/docker.list
    docker_acl_path: /opt/docker
+    srv_docker_path: /srv/docker
+    docker_data_user: dockeruser
+    docker_data_group: dockerdata
+    docker_data_uid: 2011
+    docker_data_gid: 2011

  tasks:
    # --- Prereqs ---
@@ -90,6 +95,32 @@
      command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
      when: "'group:docker:rwx' not in facl_check.stdout"

+    # --- New: Dedicated Docker Data User/Group and /srv/docker Setup ---
+    - name: Create docker data group with fixed GID
+      group:
+        name: "{{ docker_data_group }}"
+        gid: "{{ docker_data_gid }}"
+        state: present
+        system: yes
+
+    - name: Create docker data user with fixed UID and GID
+      user:
+        name: "{{ docker_data_user }}"
+        uid: "{{ docker_data_uid }}"
+        group: "{{ docker_data_group }}"
+        shell: /usr/sbin/nologin
+        create_home: no
+        system: yes
+        state: present
+
+    - name: Ensure /srv/docker exists with correct ownership
+      file:
+        path: "{{ srv_docker_path }}"
+        state: directory
+        owner: "{{ docker_data_user }}"
+        group: "{{ docker_data_group }}"
+        mode: "0750"
+
  handlers:
    - name: Update apt cache
      apt: