refactor: standardize Docker installation and ACL setup across hosts

2025-06-29 22:51:57 -05:00
parent 2f49a68596
commit cb732c3bc1
1 changed files with 36 additions and 25 deletions
--- a/playbooks/install-standard-docker.yml
+++ b/playbooks/install-standard-docker.yml
@@ -1,38 +1,50 @@
 ---
- name: Install Docker, Compose plugin, and set ACL for shared folder
+- name: Standardize Docker installation and ACL across hosts
  hosts: all
  become: true
  gather_facts: true

  vars:
-    docker_acl_path: "/opt/docker"
+    docker_repo_file: /etc/apt/sources.list.d/docker.list
+    docker_key_path: /etc/apt/keyrings/docker.gpg
+    docker_acl_path: /opt/docker

  tasks:
-    - name: Install prerequisites
-      apt:
-        name:
-          - apt-transport-https
-          - ca-certificates
-          - curl
-          - gnupg
-          - lsb-release
-          - acl
-        state: present
-        update_cache: true
+    - name: Check if Docker is already installed
+      command: docker --version
+      register: docker_installed
+      ignore_errors: true
+      changed_when: false

-    - name: Download Docker GPG key
-      ansible.builtin.get_url:
+    - name: Remove legacy docker APT source if present
+      file:
+        path: "{{ docker_repo_file }}"
+        state: absent
+      when: docker_installed.rc != 0 or "'signed-by=" not in lookup('file', docker_repo_file, errors='ignore')"
+
+    - name: Ensure keyring directory exists
+      file:
+        path: /etc/apt/keyrings
+        state: directory
+        mode: "0755"
+
+    - name: Download Docker GPG key to keyring path
+      get_url:
        url: https://download.docker.com/linux/ubuntu/gpg
-        dest: /etc/apt/keyrings/docker.gpg
+        dest: "{{ docker_key_path }}"
        mode: "0644"

-    - name: Set up Docker apt repository (with signed-by)
-      ansible.builtin.apt_repository:
-        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable"
+    - name: Add Docker APT repository (signed-by style)
+      apt_repository:
+        repo: "deb [arch=amd64 signed-by={{ docker_key_path }}] https://download.docker.com/linux/ubuntu {{ ansible_lsb.codename }} stable"
        filename: docker
        state: present

-    - name: Install Docker Engine and Compose plugin
+    - name: Update apt cache
+      apt:
+        update_cache: true
+
+    - name: Install Docker engine and compose plugin (if missing)
      apt:
        name:
          - docker-ce
@@ -40,21 +52,20 @@
          - containerd.io
          - docker-buildx-plugin
          - docker-compose-plugin
-        state: latest
-        update_cache: true
+        state: present

    - name: Ensure docker group exists
      group:
        name: docker
        state: present

-    - name: Ensure Docker service is enabled and started
+    - name: Ensure Docker service is enabled and running
      systemd:
        name: docker
        enabled: true
        state: started

-    - name: Ensure Docker base folder exists
+    - name: Ensure Docker base folder exists with correct ownership
      file:
        path: "{{ docker_acl_path }}"
        state: directory
@@ -68,6 +79,6 @@
      changed_when: false
      failed_when: false

-    - name: Set default ACL for docker group if not already set
+    - name: Set default ACL for docker group if not already present
      command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
      when: "'group:docker:rwx' not in facl_check.stdout"