From 2118bfae8cecb56a6847e9f02628cea12776a306 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gabriel=20P=C3=A9riard-Tremblay?= <gperiard@evolix.ca>
Date: Mon, 24 Jul 2017 16:38:08 -0400
Subject: [PATCH] Update docker-host role

---
 docker-host/tasks/main.yml              | 57 ++++++++++++++++++-------
 docker-host/templates/daemon.json.j2    | 16 +++++++
 docker-host/templates/docker.service.j2 | 27 ------------
 3 files changed, 57 insertions(+), 43 deletions(-)
 create mode 100644 docker-host/templates/daemon.json.j2
 delete mode 100644 docker-host/templates/docker.service.j2

diff --git a/docker-host/tasks/main.yml b/docker-host/tasks/main.yml
index 1bcd7810..9d477066 100644
--- a/docker-host/tasks/main.yml
+++ b/docker-host/tasks/main.yml
@@ -1,44 +1,64 @@
 # This role installs the docker daemon
 ---
-- name: Install apt-transport-https
+- name: Remove older docker packages
   apt:
-    name: apt-transport-https
+    name: '{{ item }}'
+    state: absent
+  with_items:
+    - docker
+    - docker-engine
+    - docker.io
+
+- name: Install source requirements
+  apt:
+    name: '{{ item }}'
     state: present
     update_cache: yes
+  with_items:
+    - apt-transport-https
+    - ca-certificates
+    - gnupg2
 
-- name: Enable Docker repositories
+- name: Add Docker repository
   apt_repository:
-    repo: 'deb https://apt.dockerproject.org/repo debian-{{ ansible_distribution_release }} main'
+    repo: 'deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
     state: present
     update_cache: no
 
-- name: Enable backports repository for docker-py
+- name: Enable backports repository for python-docker (Jessie only)
   apt_repository:
     repo: 'deb http://ftp.debian.org/debian {{ ansible_distribution_release }}-backports main'
     state: present
+  when: ansible_distribution_release == 'jessie'
 
-- name: Install Docker repo keys
+- name: Add Docker's official GPG key
   apt_key:
-    keyserver: pgp.mit.edu
-    id: 58118E89F3A912897C070ADBF76221572C52609D
+    url: "https://download.docker.com/linux/debian/gpg"
+    state: present
 
-- name: Install docker and docker-py
+- name: Install docker and python-docker
   apt:
     name: "{{ item }}"
     state: latest
     update_cache: yes
   with_items:
-    - docker-engine
+    - docker-ce
     - python-docker
 
-- name: Configure docker service
+- name: Copy Docker daemon configuration file
   template:
-    src: docker.service.j2
-    dest: /lib/systemd/system/docker.service
+    src: daemon.json.j2
+    dest: /etc/docker/daemon.json
   notify:
     - reload systemd
     - restart docker
 
+- name: Remove options from docker systemd service
+  lineinfile:
+    path: /lib/systemd/system/docker.service
+    regexp: '^ExecStart='
+    line: 'ExecStart=/usr/bin/dockerd'
+
 - name: Creating Docker tmp directory
   file:
     path: "{{ docker_tmpdir }}"
@@ -52,7 +72,7 @@
     state: directory
     mode: "0644"
     owner: root
-  when: "{{ docker_tls_enabled }}"
+  when: docker_tls_enabled
 
 - name: Copy shellpki utility to Docker TLS directory
   template:
@@ -62,8 +82,13 @@
   with_items:
     - shellpki.sh
     - openssl.cnf
-  when: "{{ docker_tls_enabled }}"
+  when: docker_tls_enabled
+
+- name: Check if certs are already created
+  stat:
+    path: "{{ docker_tls_path }}/certs"
+  register: tls_certs_stat
 
 - name: Creating a CA, server key
   command: "{{ docker_tls_path }}/shellpki.sh init"
-  when: "{{ docker_tls_enabled }}"
+  when: docker_tls_enabled and not tls_certs_stat.stat.isdir is defined
diff --git a/docker-host/templates/daemon.json.j2 b/docker-host/templates/daemon.json.j2
new file mode 100644
index 00000000..ab6cac19
--- /dev/null
+++ b/docker-host/templates/daemon.json.j2
@@ -0,0 +1,16 @@
+{
+  "debug": false
+  {% if docker_tls_enabled %}
+  ,
+  "tls": true,
+  "tlscert": "{{ docker_tls_path }}/{{ docker_tls_cert }}",
+  "tlscacert": "{{ docker_tls_path }}/{{ docker_tls_ca }}",
+  "tlskey": "{{ docker_tls_path }}/{{ docker_tls_key }}"
+  {% endif %}
+  ,
+  {% if docker_remote_access_enabled %}
+  "hosts": ["tcp://{{ docker_daemon_listening_ip }}:{{ docker_daemon_port }}", "fd://"]
+  {% else %}
+  "hosts": ["fd://"]
+  {% endif %}
+}
diff --git a/docker-host/templates/docker.service.j2 b/docker-host/templates/docker.service.j2
deleted file mode 100644
index 02229fd8..00000000
--- a/docker-host/templates/docker.service.j2
+++ /dev/null
@@ -1,27 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description=Docker Application Container Engine
-Documentation=https://docs.docker.com
-After=network.target docker.socket
-Requires=docker.socket
-
-[Service]
-ExecStart=/usr/bin/docker daemon -H fd:// \
-         {% if docker_tls_enabled %}
-         --tlsverify \
-         --tlscacert={{ docker_tls_path }}/{{ docker_tls_ca }} \
-         --tlscert={{ docker_tls_path }}/{{ docker_tls_cert }} \
-         --tlskey={{ docker_tls_path }}/{{ docker_tls_key }}   \
-         {% endif %}
-         {% if docker_remote_access_enabled %}
-         -H tcp://{{ docker_daemon_listening_ip }}:{{ docker_daemon_port }}
-         {% endif %}
-MountFlags=slave
-LimitNOFILE=1048576
-LimitNPROC=1048576
-LimitCORE=infinity
-Environment="TMPDIR={{ docker_tmpdir }}"
-
-[Install]
-WantedBy=multi-user.target