55 lines
1.4 KiB
YAML
55 lines
1.4 KiB
YAML
---
|
|
- name: Install Docker and standardize ACL on /opt/docker
|
|
hosts: all
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
docker_acl_path: /opt/docker
|
|
|
|
tasks:
|
|
- name: Ensure acl package is installed (for setfacl)
|
|
apt:
|
|
name: acl
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Check if Docker is already installed (by package)
|
|
shell: dpkg -s docker-ce 2>/dev/null
|
|
register: docker_check
|
|
ignore_errors: true
|
|
changed_when: false
|
|
|
|
- name: Install Docker via official script if not present
|
|
shell: curl -fsSL https://get.docker.com | sh
|
|
when: docker_check.rc != 0
|
|
|
|
- name: Ensure docker group exists
|
|
group:
|
|
name: docker
|
|
state: present
|
|
|
|
- name: Ensure Docker service is enabled and running
|
|
systemd:
|
|
name: docker
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Ensure Docker base folder exists with correct ownership
|
|
file:
|
|
path: "{{ docker_acl_path }}"
|
|
state: directory
|
|
owner: root
|
|
group: docker
|
|
mode: "0775"
|
|
|
|
- name: Check for existing default ACL on Docker folder
|
|
command: getfacl --access --default {{ docker_acl_path }}
|
|
register: facl_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Set default ACL for docker group if not already present
|
|
command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
|
|
when: "'group:docker:rwx' not in facl_check.stdout"
|