Fixes #21: DOCKER iptables chain problem when used with geerlingguy.firewall.

This commit is contained in:
Jeff Geerling 2018-05-01 21:18:30 -05:00
parent fd8139c402
commit 07e05ef00f
3 changed files with 15 additions and 3 deletions

View File

@ -19,7 +19,11 @@ Available variables are listed below, along with default values (see `defaults/m
The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition). You can also specify a specific version of Docker to install using a format like `docker-{{ docker_edition }}-<VERSION>`. And you can control whether the package is installed, uninstalled, or at the latest version by setting `docker_package_state` to `present`, `absent`, or `latest`, respectively.
docker_install_compose: true
docker_restart_on_package_change: True
Whether to restart the Docker daemon after the Docker package is installed or updated. If this is set to `True`, this role will flush all handlers (run any of the handlers that have been notified by this and any other role up to this point in the play). The default setting helps avoid firewall clashes with Docker rules (e.g. when using custom `iptables` rules or the `geerlingguy.firewall` Ansible role).
docker_install_compose: True
docker_compose_version: "1.21.1"
docker_compose_path: /usr/local/bin/docker-compose

View File

@ -3,9 +3,10 @@
docker_edition: 'ce'
docker_package: "docker-{{ docker_edition }}"
docker_package_state: present
docker_restart_on_package_change: True
# Docker Compose options.
docker_install_compose: true
docker_install_compose: True
docker_compose_version: "1.21.1"
docker_compose_path: /usr/local/bin/docker-compose

View File

@ -6,7 +6,10 @@
when: ansible_os_family == 'Debian'
- name: Install Docker.
package: name={{ docker_package }} state={{ docker_package_state }}
package:
name: "{{ docker_package }}"
state: "{{ docker_package_state }}"
notify: restart docker
- name: Ensure Docker is started and enabled at boot.
service:
@ -14,5 +17,9 @@
state: started
enabled: yes
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers
when: docker_restart_on_package_change
- include_tasks: docker-compose.yml
when: docker_install_compose