Fix Docker socket access: add docker GID to PHP container group

The PHP container user needs the docker group to read the socket. Uses DOCKER_GID env var in dev (defaults to 989) and dynamic GID detection via Ansible stat in prod. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 10:53:28 +01:00
parent 8db44017d2
commit 7a370b1e02
3 changed files with 13 additions and 0 deletions
--- a/ansible/deploy.yml
+++ b/ansible/deploy.yml
@@ -12,6 +12,15 @@
      args:
        chdir: /var/www/e-ticket

+    - name: Get Docker socket GID
+      stat:
+        path: /var/run/docker.sock
+      register: docker_sock
+
+    - name: Set docker_gid fact
+      set_fact:
+        docker_gid: "{{ docker_sock.stat.gid }}"
+
  tasks:
    - name: Deploy .env.local
      template:
--- a/ansible/docker-compose-prod.yml.j2
+++ b/ansible/docker-compose-prod.yml.j2
@@ -8,6 +8,8 @@ services:
    deploy:
      replicas: 2
    restart: unless-stopped
+    group_add:
+      - "{{ docker_gid }}"
    volumes:
      - .:/app
      - /var/run/docker.sock:/var/run/docker.sock:ro
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -5,6 +5,8 @@ services:
      dockerfile: Dockerfile
    container_name: e_ticket_php
    restart: unless-stopped
+    group_add:
+      - "${DOCKER_GID:-989}"
    volumes:
      - .:/app
      - /var/run/docker.sock:/var/run/docker.sock:ro