forked from evolix/ansible-roles
docker-host: Removed setting docker_conf_use_iptables (iptable usage forced to true
This commit is contained in:
parent
8cd887ee21
commit
a41e78b556
|
@ -40,6 +40,8 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
|
||||
### Removed
|
||||
|
||||
* docker-host: Removed setting docker_conf_use_iptables (iptable usage forced to true)
|
||||
|
||||
### Security
|
||||
|
||||
## [24.03] 2024-03-01
|
||||
|
|
|
@ -3,9 +3,6 @@
|
|||
docker_home: /var/lib/docker
|
||||
docker_tmpdir: "{{ docker_home }}/tmp"
|
||||
|
||||
# Chose to use iptables instead of docker-proxy userland process
|
||||
docker_conf_use_iptables: False
|
||||
|
||||
# Disable the possibility for containers processes to gain new privileges
|
||||
docker_conf_no_newprivileges: False
|
||||
|
||||
|
|
|
@ -1,5 +1,14 @@
|
|||
# This role installs the docker daemon
|
||||
---
|
||||
|
||||
- name: Fail if docker_conf_use_iptables is defined
|
||||
ansible.builtin.fail:
|
||||
msg: "Variable docker_conf_use_iptables is deprecated and not configurable anymore. Please remove it from your variables. Also double-check the daemon.json config for docker"
|
||||
when:
|
||||
- docker_conf_use_iptables is defined
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Remove older docker packages
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
"debug": false
|
||||
,"iptables": true
|
||||
{# Docker data-dir (default to /var/lib/docker) #}
|
||||
,"data-root": "{{ docker_home }}"
|
||||
{# Keep containers running while docker daemon downtime #}
|
||||
|
@ -7,11 +8,6 @@
|
|||
{% if docker_conf_user_namespace %}
|
||||
{# Turn on user namespace remaping #}
|
||||
,"userns-remap": "default"
|
||||
{% endif %}
|
||||
{% if docker_conf_use_iptables %}
|
||||
{# Use iptables instead of docker-proxy #}
|
||||
,"userland-proxy": false
|
||||
,"iptables": true
|
||||
{% endif %}
|
||||
{# Disable the possibility for containers processes to gain new privileges #}
|
||||
,"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }}
|
||||
|
|
Loading…
Reference in a new issue