From 6aa7b89b7868528ba47cade1431203e199063c2c Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Tue, 10 May 2022 18:21:59 +0200
Subject: [PATCH] docker : Introduce new default settings + allow to change the
 docker data directory

---
 CHANGELOG.md                         |  1 +
 docker-host/defaults/main.yml        |  4 ++--
 docker-host/templates/daemon.json.j2 | 17 +++++++++++++----
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bd84b198..383965e1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 ### Removed
 
 * docker : Removed Debian Jessie support
+* docker : Introduce new default settings + allow to change the docker data directory 
 
 ### Security
 
diff --git a/docker-host/defaults/main.yml b/docker-host/defaults/main.yml
index 6393a962..913da884 100644
--- a/docker-host/defaults/main.yml
+++ b/docker-host/defaults/main.yml
@@ -1,14 +1,14 @@
 ---
 # If docher_home sets to /home/, the partition should be mounted with exec
 # option.
-docker_home: /srv/docker
+docker_home: /var/lib/docker
 docker_tmpdir: "{{docker_home}}/tmp"
 
 docker_remote_access_enabled: True
 docker_daemon_port: 2376
 docker_daemon_listening_ip: 0.0.0.0
 
-docker_tls_enabled: True
+docker_tls_enabled: False
 docker_tls_path: "{{docker_home}}/tls"
 docker_tls_ca: ca/ca.pem
 docker_tls_ca_key: ca/ca-key.pem
diff --git a/docker-host/templates/daemon.json.j2 b/docker-host/templates/daemon.json.j2
index ab6cac19..ee9be3c8 100644
--- a/docker-host/templates/daemon.json.j2
+++ b/docker-host/templates/daemon.json.j2
@@ -1,13 +1,22 @@
 {
-  "debug": false
+  "debug": false,
+
+  {# Docker data-dir (default to /var/lib/docker) #}
+  "data-root": "{{ docker_home }}",
+
+  {# Keep containers running while docker daemon downtime #}
+  "live-restore": true,
+
+  {# Turn on user namespace remaping #}
+  "userns-remap": "default",
+
   {% if docker_tls_enabled %}
-  ,
   "tls": true,
   "tlscert": "{{ docker_tls_path }}/{{ docker_tls_cert }}",
   "tlscacert": "{{ docker_tls_path }}/{{ docker_tls_ca }}",
-  "tlskey": "{{ docker_tls_path }}/{{ docker_tls_key }}"
+  "tlskey": "{{ docker_tls_path }}/{{ docker_tls_key }}",
   {% endif %}
-  ,
+
   {% if docker_remote_access_enabled %}
   "hosts": ["tcp://{{ docker_daemon_listening_ip }}:{{ docker_daemon_port }}", "fd://"]
   {% else %}