purpleraft/semaphore
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: standardize Docker installation and ACL setup across hosts

Browse Source
This commit is contained in:
Ryan Hamilton
2025-06-29 22:51:57 -05:00
parent 2f49a68596
commit cb732c3bc1
1 changed files with 36 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
playbooks/install-standard-docker.yml
View File

@@ -1,38 +1,50 @@
--- ---
- name: Install Docker, Compose plugin, and set ACL for shared folder - name: Standardize Docker installation and ACL across hosts
hosts: all hosts: all
become: true become: true
gather_facts: true gather_facts: true
vars: vars:
docker_acl_path: "/opt/docker" docker_repo_file: /etc/apt/sources.list.d/docker.list
docker_key_path: /etc/apt/keyrings/docker.gpg
docker_acl_path: /opt/docker
tasks: tasks:
- name: Install prerequisites - name: Check if Docker is already installed
apt: command: docker --version
name: register: docker_installed
- apt-transport-https ignore_errors: true
- ca-certificates changed_when: false
- curl
- gnupg
- lsb-release
- acl
state: present
update_cache: true
- name: Download Docker GPG key - name: Remove legacy docker APT source if present
ansible.builtin.get_url: file:
path: "{{ docker_repo_file }}"
state: absent
when: docker_installed.rc != 0 or "'signed-by=" not in lookup('file', docker_repo_file, errors='ignore')"
- name: Ensure keyring directory exists
file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
- name: Download Docker GPG key to keyring path
get_url:
url: https://download.docker.com/linux/ubuntu/gpg url: https://download.docker.com/linux/ubuntu/gpg
dest: /etc/apt/keyrings/docker.gpg dest: "{{ docker_key_path }}"
mode: "0644" mode: "0644"
- name: Set up Docker apt repository (with signed-by) - name: Add Docker APT repository (signed-by style)
ansible.builtin.apt_repository: apt_repository:
repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable" repo: "deb [arch=amd64 signed-by={{ docker_key_path }}] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable"
filename: docker filename: docker
state: present state: present
- name: Install Docker Engine and Compose plugin - name: Update apt cache
apt:
update_cache: true
- name: Install Docker engine and compose plugin (if missing)
apt: apt:
name: name:
- docker-ce - docker-ce
@@ -40,21 +52,20 @@
- containerd.io - containerd.io
- docker-buildx-plugin - docker-buildx-plugin
- docker-compose-plugin - docker-compose-plugin
state: latest state: present
update_cache: true
- name: Ensure docker group exists - name: Ensure docker group exists
group: group:
name: docker name: docker
state: present state: present
- name: Ensure Docker service is enabled and started - name: Ensure Docker service is enabled and running
systemd: systemd:
name: docker name: docker
enabled: true enabled: true
state: started state: started
- name: Ensure Docker base folder exists - name: Ensure Docker base folder exists with correct ownership
file: file:
path: "{{ docker_acl_path }}" path: "{{ docker_acl_path }}"
state: directory state: directory
@@ -68,6 +79,6 @@
changed_when: false changed_when: false
failed_when: false failed_when: false
- name: Set default ACL for docker group if not already set - name: Set default ACL for docker group if not already present
command: setfacl -d -m g:docker:rwx {{ docker_acl_path }} command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
when: "'group:docker:rwx' not in facl_check.stdout" when: "'group:docker:rwx' not in facl_check.stdout"