purpleraft/semaphore
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor Docker installation playbook: enhance setup to include standard docker folder in opt

Browse Source
This commit is contained in:
Ryan Hamilton
2025-07-12 12:38:39 -05:00
parent 9b35e0e811
commit 6a193ce5c6
1 changed files with 42 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
playbooks/install-standard-docker.yml
View File

@@ -1,18 +1,22 @@
--- ---
- name: Install Docker using official Docker documentation steps - name: Install Docker using official Docker documentation steps and set up /opt/docker
hosts: docker hosts: docker
become: true become: true
gather_facts: true
vars: vars:
docker_keyring_path: /etc/apt/keyrings/docker.asc docker_keyring_path: /etc/apt/keyrings/docker.asc
docker_repo_list_path: /etc/apt/sources.list.d/docker.list docker_repo_list_path: /etc/apt/sources.list.d/docker.list
docker_acl_path: /opt/docker
tasks: tasks:
# --- Prereqs ---
- name: Ensure required packages are installed - name: Ensure required packages are installed
apt: apt:
name: name:
- ca-certificates - ca-certificates
- curl - curl
- acl # Required for setfacl
state: present state: present
update_cache: yes update_cache: yes
@@ -44,16 +48,47 @@
- name: Flush handlers to update apt cache before install - name: Flush handlers to update apt cache before install
meta: flush_handlers meta: flush_handlers
# --- Docker Install ---
- name: Install Docker packages - name: Install Docker packages
apt: apt:
name: name:
- docker-ce # Core Docker engine - docker-ce
- docker-ce-cli # CLI tool - docker-ce-cli
- containerd.io # Container runtime - containerd.io
- docker-buildx-plugin # Buildx plugin - docker-buildx-plugin
- docker-compose-plugin # Compose v2 plugin - docker-compose-plugin
state: present state: present
update_cache: no # already handled by handler update_cache: no
- name: Ensure docker group exists
group:
name: docker
state: present
- name: Ensure Docker service is enabled and running
systemd:
name: docker
enabled: true
state: started
# --- ACL & Folder Standardization ---
- name: Ensure Docker base folder exists with correct ownership
file:
path: "{{ docker_acl_path }}"
state: directory
owner: root
group: docker
mode: "0775"
- name: Check for existing default ACL on Docker folder
command: getfacl --access --default {{ docker_acl_path }}
register: facl_check
changed_when: false
failed_when: false
- name: Set default ACL for docker group if not already present
command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
when: "'group:docker:rwx' not in facl_check.stdout"
handlers: handlers:
- name: Update apt cache - name: Update apt cache