From 0413f93852e38e15d4a96d781400049a3f41a481 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Tue, 10 Jan 2023 15:16:30 -0500 Subject: [PATCH] Fix problems with docker-host daemon.json config Docker is very strict with it's json format and doesnt seem to allow any surprise new lines or extra commas after the last option before the closing }. Since this is a dynamically constructed file, we dont know what the last option will be. By putting the commas at the start of the line and removing all newspace, we remove the problem, at the expense of a less readable jinja template. --- docker-host/templates/daemon.json.j2 | 52 ++++++++++++---------------- 1 file changed, 22 insertions(+), 30 deletions(-) diff --git a/docker-host/templates/daemon.json.j2 b/docker-host/templates/daemon.json.j2 index f144d543..a044234b 100644 --- a/docker-host/templates/daemon.json.j2 +++ b/docker-host/templates/daemon.json.j2 @@ -1,38 +1,30 @@ { - "debug": false, - + "debug": false {# Docker data-dir (default to /var/lib/docker) #} - "data-root": "{{ docker_home }}", - + ,"data-root": "{{ docker_home }}" {# Keep containers running while docker daemon downtime #} - "live-restore": {{ docker_conf_live_restore | to_json }}, - + ,"live-restore": {{ docker_conf_live_restore | to_json }} {# Turn on user namespace remaping #} - "userns-remap": "default", - - {% if docker_conf_use_iptables %} + ,"userns-remap": "default" +{% if docker_conf_use_iptables %} {# Use iptables instead of docker-proxy #} - "userland-proxy": false, - "iptables": true, - {% endif %} - + ,"userland-proxy": false + ,"iptables": true +{% endif %} {# Disable the possibility for containers processes to gain new privileges #} - "no-new-privileges": {{ docker_conf_no_newprivileges | to_json }}, - - {% if docker_conf_disable_default_networking %} + ,"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }} +{% if docker_conf_disable_default_networking %} {# Disable all default network connectivity #} - "bridge": "none", - "icc": false, - {% endif %} - - {% if docker_tls_enabled %} - "tls": true, - "tlscert": "{{ docker_tls_path }}/{{ docker_tls_cert }}", - "tlscacert": "{{ docker_tls_path }}/{{ docker_tls_ca }}", - "tlskey": "{{ docker_tls_path }}/{{ docker_tls_key }}", - {% endif %} - - {% if docker_remote_access_enabled %} - "hosts": ["tcp://{{ docker_daemon_listening_ip }}:{{ docker_daemon_port }}", "fd://"] - {% endif %} + ,"bridge": "none" + ,"icc": false +{% endif %} +{% if docker_tls_enabled %} + ,"tls": true + ,"tlscert": "{{ docker_tls_path }}/{{ docker_tls_cert }}" + ,"tlscacert": "{{ docker_tls_path }}/{{ docker_tls_ca }}" + ,"tlskey": "{{ docker_tls_path }}/{{ docker_tls_key }}" +{% endif %} +{% if docker_remote_access_enabled %} + ,"hosts": ["tcp://{{ docker_daemon_listening_ip }}:{{ docker_daemon_port }}", "fd://"] +{% endif %} }