docker-host: Removed setting docker_conf_use_iptables (iptable usage forced to true
This commit is contained in:
parent
8cd887ee21
commit
a41e78b556
|
@ -40,6 +40,8 @@ The **patch** part is incremented if multiple releases happen the same month
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
|
|
||||||
|
* docker-host: Removed setting docker_conf_use_iptables (iptable usage forced to true)
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
## [24.03] 2024-03-01
|
## [24.03] 2024-03-01
|
||||||
|
|
|
@ -3,9 +3,6 @@
|
||||||
docker_home: /var/lib/docker
|
docker_home: /var/lib/docker
|
||||||
docker_tmpdir: "{{ docker_home }}/tmp"
|
docker_tmpdir: "{{ docker_home }}/tmp"
|
||||||
|
|
||||||
# Chose to use iptables instead of docker-proxy userland process
|
|
||||||
docker_conf_use_iptables: False
|
|
||||||
|
|
||||||
# Disable the possibility for containers processes to gain new privileges
|
# Disable the possibility for containers processes to gain new privileges
|
||||||
docker_conf_no_newprivileges: False
|
docker_conf_no_newprivileges: False
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,14 @@
|
||||||
# This role installs the docker daemon
|
# This role installs the docker daemon
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: Fail if docker_conf_use_iptables is defined
|
||||||
|
ansible.builtin.fail:
|
||||||
|
msg: "Variable docker_conf_use_iptables is deprecated and not configurable anymore. Please remove it from your variables. Also double-check the daemon.json config for docker"
|
||||||
|
when:
|
||||||
|
- docker_conf_use_iptables is defined
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
- name: Remove older docker packages
|
- name: Remove older docker packages
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
name:
|
name:
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
"debug": false
|
"debug": false
|
||||||
|
,"iptables": true
|
||||||
{# Docker data-dir (default to /var/lib/docker) #}
|
{# Docker data-dir (default to /var/lib/docker) #}
|
||||||
,"data-root": "{{ docker_home }}"
|
,"data-root": "{{ docker_home }}"
|
||||||
{# Keep containers running while docker daemon downtime #}
|
{# Keep containers running while docker daemon downtime #}
|
||||||
|
@ -7,11 +8,6 @@
|
||||||
{% if docker_conf_user_namespace %}
|
{% if docker_conf_user_namespace %}
|
||||||
{# Turn on user namespace remaping #}
|
{# Turn on user namespace remaping #}
|
||||||
,"userns-remap": "default"
|
,"userns-remap": "default"
|
||||||
{% endif %}
|
|
||||||
{% if docker_conf_use_iptables %}
|
|
||||||
{# Use iptables instead of docker-proxy #}
|
|
||||||
,"userland-proxy": false
|
|
||||||
,"iptables": true
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{# Disable the possibility for containers processes to gain new privileges #}
|
{# Disable the possibility for containers processes to gain new privileges #}
|
||||||
,"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }}
|
,"no-new-privileges": {{ docker_conf_no_newprivileges | to_json }}
|
||||||
|
|
Loading…
Reference in a new issue