From a41e78b556f8166deaaba7a228bd0e6609a85685 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 18 Apr 2024 15:38:11 +0200
Subject: [PATCH] docker-host: Removed setting docker_conf_use_iptables
 (iptable usage forced to true

---
 CHANGELOG.md                         | 2 ++
 docker-host/defaults/main.yml        | 3 ---
 docker-host/tasks/main.yml           | 9 +++++++++
 docker-host/templates/daemon.json.j2 | 6 +-----
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 719424ec..dacad144 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,6 +40,8 @@ The **patch** part is incremented if multiple releases happen the same month
 
 ### Removed
 
+* docker-host: Removed setting docker_conf_use_iptables (iptable usage forced to true)
+
 ### Security
 
 ## [24.03] 2024-03-01
diff --git a/docker-host/defaults/main.yml b/docker-host/defaults/main.yml
index bc5dc88f..ac93e596 100644
--- a/docker-host/defaults/main.yml
+++ b/docker-host/defaults/main.yml
@@ -3,9 +3,6 @@
 docker_home: /var/lib/docker
 docker_tmpdir: "{{ docker_home }}/tmp"
 
-# Chose to use iptables instead of docker-proxy userland process
-docker_conf_use_iptables: False
-
 # Disable the possibility for containers processes to gain new privileges
 docker_conf_no_newprivileges: False
 
diff --git a/docker-host/tasks/main.yml b/docker-host/tasks/main.yml
index ec3781e7..d35b7d7d 100644
--- a/docker-host/tasks/main.yml
+++ b/docker-host/tasks/main.yml
@@ -1,5 +1,14 @@
 # This role installs the docker daemon
 ---
+
+- name: Fail if docker_conf_use_iptables is defined
+  ansible.builtin.fail:
+    msg: "Variable docker_conf_use_iptables is deprecated and not configurable anymore. Please remove it from your variables. Also double-check the daemon.json config for docker"
+  when:
+    - docker_conf_use_iptables is defined
+  tags:
+    - always
+
 - name: Remove older docker packages
   ansible.builtin.apt:
     name:
diff --git a/docker-host/templates/daemon.json.j2 b/docker-host/templates/daemon.json.j2
index 92d60f8d..e1f6d6b1 100644
--- a/docker-host/templates/daemon.json.j2
+++ b/docker-host/templates/daemon.json.j2
@@ -1,5 +1,6 @@
 {
   "debug": false
+  ,"iptables": true
   {# Docker data-dir (default to /var/lib/docker) #}
   ,"data-root": "{{ docker_home }}"
   {# Keep containers running while docker daemon downtime #}
@@ -7,11 +8,6 @@
 {% if docker_conf_user_namespace %}
   {# Turn on user namespace remaping #}
   ,"userns-remap": "default"
-{% endif %}
-{% if docker_conf_use_iptables %}
-  {# Use iptables instead of docker-proxy #}
-  ,"userland-proxy": false
-  ,"iptables": true
 {% endif %}
   {# Disable the possibility for containers processes to gain new privileges #}
   ,"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }}