63 lines
1.7 KiB
YAML
63 lines
1.7 KiB
YAML
---
|
|
- name: Install Docker and standardize ACL on /opt/docker
|
|
hosts: docker
|
|
become: true
|
|
gather_facts: true
|
|
|
|
vars:
|
|
docker_acl_path: /opt/docker
|
|
docker_version_pinned: "24.0.7"
|
|
|
|
tasks:
|
|
- name: Ensure acl package is installed (for setfacl)
|
|
apt:
|
|
name: acl
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Install Docker via official script (only if not already installed)
|
|
shell: curl -fsSL https://get.docker.com | sh
|
|
args:
|
|
creates: /usr/bin/docker
|
|
environment:
|
|
VERSION: "{{ docker_version_pinned }}"
|
|
|
|
- name: Ensure docker group exists
|
|
group:
|
|
name: docker
|
|
state: present
|
|
|
|
- name: Ensure Docker service is enabled and running
|
|
systemd:
|
|
name: docker
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Ensure Docker base folder exists with correct ownership
|
|
file:
|
|
path: "{{ docker_acl_path }}"
|
|
state: directory
|
|
owner: root
|
|
group: docker
|
|
mode: "0775"
|
|
|
|
- name: Check for existing default ACL on Docker folder
|
|
command: getfacl --access --default {{ docker_acl_path }}
|
|
register: facl_check
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Set default ACL for docker group if not already present
|
|
command: setfacl -d -m g:docker:rwx {{ docker_acl_path }}
|
|
when: "'default:group:docker:rwx' not in facl_check.stdout"
|
|
|
|
- name: Show installed Docker version
|
|
command: docker --version
|
|
register: docker_current_version
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Print installed Docker version
|
|
debug:
|
|
msg: "{{ docker_current_version.stdout }}"
|