Merge "Disable docker iptables support"

README.rst

@@ -31,6 +31,9 @@ Role Variables
    * - `container_registry_docker_options`
      - `--log-driver=journald --signature-verification=false --iptables=false --live-restore`
      - Options given to Docker configuration
+   * - `container_registry_docker_disable_iptables`
+     - `false`
+     - Adds --iptables=false to /etc/sysconfig/docker-network config
    * - `container_registry_insecure_registries`
      - `[]`
      - Array of insecure registries

defaults/main.yml

@@ -5,6 +5,7 @@ container_registry_deploy_docker: true
 container_registry_deploy_docker_distribution: true
 container_registry_deployment_user: centos
 container_registry_docker_options: '--log-driver=journald --signature-verification=false --iptables=false --live-restore'
+container_registry_docker_disable_iptables: false
 container_registry_insecure_registries: []
 container_registry_network_options: ''
 container_registry_host: localhost

tasks/install-engine.yml

@@ -5,12 +5,23 @@
     - ansible_distribution_major_version|int < 8
   become: true
   block:
+
     - name: Install Docker
       package:
         name: docker
         state: present
       register: container_registry_docker_install
 
+    # Workaround for https://bugs.launchpad.net/tripleo/+bug/1845166/
+    - name: Disable docker iptables
+      when: container_registry_docker_disable_iptables
+      ini_file:
+        path: /etc/sysconfig/docker-network
+        section: null
+        option: DOCKER_NETWORK_OPTIONS
+        value: --iptables=false
+        no_extra_spaces: true
+
     - name: Start Docker daemon
       service:
         name: docker