From 07e05ef00f51b692d9ca1292967dbf36d393f7bf Mon Sep 17 00:00:00 2001
From: Jeff Geerling <geerlingguy@mac.com>
Date: Tue, 1 May 2018 21:18:30 -0500
Subject: [PATCH] Fixes #21: DOCKER iptables chain problem when used with
 geerlingguy.firewall.

---
 README.md         | 6 +++++-
 defaults/main.yml | 3 ++-
 tasks/main.yml    | 9 ++++++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 454f848..65b8a6e 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,11 @@ Available variables are listed below, along with default values (see `defaults/m
 
 The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using a format like `docker-{{ docker_edition }}-<VERSION>`. And you can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively.
 
-    docker_install_compose: true
+    docker_restart_on_package_change: True
+
+Whether to restart the Docker daemon after the Docker package is installed or updated. If this is set to `True`, this role will flush all handlers (run any of the handlers that have been notified by this and any other role up to this point in the play). The default setting helps avoid firewall clashes with Docker rules (e.g. when using custom `iptables` rules or the `geerlingguy.firewall` Ansible role).
+
+    docker_install_compose: True
     docker_compose_version: "1.21.1"
     docker_compose_path: /usr/local/bin/docker-compose
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 4d3d382..88401df 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,9 +3,10 @@
 docker_edition: 'ce'
 docker_package: "docker-{{ docker_edition }}"
 docker_package_state: present
+docker_restart_on_package_change: True
 
 # Docker Compose options.
-docker_install_compose: true
+docker_install_compose: True
 docker_compose_version: "1.21.1"
 docker_compose_path: /usr/local/bin/docker-compose
 
diff --git a/tasks/main.yml b/tasks/main.yml
index d0bc72e..bbbc141 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,7 +6,10 @@
   when: ansible_os_family == 'Debian'
 
 - name: Install Docker.
-  package: name={{ docker_package }} state={{ docker_package_state }}
+  package:
+    name: "{{ docker_package }}"
+    state: "{{ docker_package_state }}"
+  notify: restart docker
 
 - name: Ensure Docker is started and enabled at boot.
   service:
@@ -14,5 +17,9 @@
     state: started
     enabled: yes
 
+- name: Ensure handlers are notified now to avoid firewall conflicts.
+  meta: flush_handlers
+  when: docker_restart_on_package_change
+
 - include_tasks: docker-compose.yml
   when: docker_install_compose