Disable docker iptables support

Fixes: https://bugs.launchpad.net/tripleo/+bug/1845166/ Change-Id: Ib8a28d84d7363f060170c134ea291e84c3231357
2019-10-02 15:22:47 +01:00 · 2019-10-02 15:22:47 +01:00 · 230373ece3
parent bdde9e5a00
commit 230373ece3
3 changed files with 15 additions and 0 deletions
--- a/README.rst
+++ b/README.rst
@ -31,6 +31,9 @@ Role Variables
   * - `container_registry_docker_options`
     - `--log-driver=journald --signature-verification=false --iptables=false --live-restore`
     - Options given to Docker configuration
+   * - `container_registry_docker_disable_iptables`
+     - `false`
+     - Adds --iptables=false to /etc/sysconfig/docker-network config
   * - `container_registry_insecure_registries`
     - `[]`
     - Array of insecure registries
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -5,6 +5,7 @@ container_registry_deploy_docker: true
 container_registry_deploy_docker_distribution: true
 container_registry_deployment_user: centos
 container_registry_docker_options: '--log-driver=journald --signature-verification=false --iptables=false --live-restore'
+container_registry_docker_disable_iptables: false
 container_registry_insecure_registries: []
 container_registry_network_options: ''
 container_registry_host: localhost
--- a/tasks/install-engine.yml
+++ b/tasks/install-engine.yml
@ -5,12 +5,23 @@
    - ansible_distribution_major_version|int < 8
  become: true
  block:
+
    - name: Install Docker
      package:
        name: docker
        state: present
      register: container_registry_docker_install

+    # Workaround for https://bugs.launchpad.net/tripleo/+bug/1845166/
+    - name: Disable docker iptables
+      when: container_registry_docker_disable_iptables
+      ini_file:
+        path: /etc/sysconfig/docker-network
+        section: null
+        option: DOCKER_NETWORK_OPTIONS
+        value: --iptables=false
+        no_extra_spaces: true
+
    - name: Start Docker daemon
      service:
        name: docker