Refactor Docker installation playbook: enhance setup to include standard docker folder in opt

2025-07-12 12:38:39 -05:00
parent 9b35e0e811
commit 6a193ce5c6
1 changed files with 42 additions and 7 deletions
--- a/playbooks/install-standard-docker.yml
+++ b/playbooks/install-standard-docker.yml
@@ -1,18 +1,22 @@
 ---
- name: Install Docker using official Docker documentation steps
+- name: Install Docker using official Docker documentation steps and set up /opt/docker
  hosts: docker
  become: true
+  gather_facts: true

  vars:
    docker_keyring_path: /etc/apt/keyrings/docker.asc
    docker_repo_list_path: /etc/apt/sources.list.d/docker.list
+    docker_acl_path: /opt/docker

  tasks:
+    # --- Prereqs ---
    - name: Ensure required packages are installed
      apt:
        name:
          - ca-certificates
          - curl
+          - acl # Required for setfacl
        state: present
        update_cache: yes

@@ -44,16 +48,47 @@
    - name: Flush handlers to update apt cache before install
      meta: flush_handlers

+    # --- Docker Install ---
    - name: Install Docker packages
      apt:
        name:
-          - docker-ce # Core Docker engine
-          - docker-ce-cli # CLI tool
-          - containerd.io # Container runtime
-          - docker-buildx-plugin # Buildx plugin
-          - docker-compose-plugin # Compose v2 plugin
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
        state: present
-        update_cache: no # already handled by handler
+        update_cache: no
+
+    - name: Ensure docker group exists
+      group:
+        name: docker
+        state: present
+
+    - name: Ensure Docker service is enabled and running
+      systemd:
+        name: docker
+        enabled: true
+        state: started
+
+    # --- ACL & Folder Standardization ---
+    - name: Ensure Docker base folder exists with correct ownership
+      file:
+        path: "{{ docker_acl_path }}"
+        state: directory
+        owner: root
+        group: docker
+        mode: "0775"
+
+    - name: Check for existing default ACL on Docker folder
+      command: getfacl --access --default {{ docker_acl_path }}
+      register: facl_check
+      changed_when: false
+      failed_when: false
+
+    - name: Set default ACL for docker group if not already present
+      command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
+      when: "'group:docker:rwx' not in facl_check.stdout"

  handlers:
    - name: Update apt cache