Update to 2021-12-01 19:13

roles/docker/tasks/conf.yml

@@ -0,0 +1,67 @@
+---
+
+- name: Deploy docker daemon configuration
+  template: src=daemon.json.j2 dest=/etc/docker/daemon.json mode=600
+  notify: restart docker
+  tags: docker
+
+- name: Create systemd snippet dir
+  file: path=/etc/systemd/system/docker.{{ item }}.d state=directory
+  loop:
+    - service
+    - socket
+  tags: docker
+
+- name: Create systemd service snippet dir
+  file: path=/etc/systemd/system/docker.service.d state=directory
+  tags: docker
+
+- name: Configure Docker to restart on failure
+  copy:
+    content: |
+      [Unit]
+      After=sssd.service
+
+      [Service]
+      Restart=on-failure
+      StartLimitInterval=0
+      RestartSec=30
+    dest: /etc/systemd/system/docker.service.d/99-ansible.conf
+  register: docker_service_unit
+  tags: docker
+
+- name: Override docker socket configuration
+  copy:
+    content: |
+      [Unit]
+      After=sssd.service
+      DefaultDependencies=no
+
+      [Socket]
+      SocketGroup={{ docker_conf.group }}
+    dest: /etc/systemd/system/docker.socket.d/99-ansible.conf
+  when: docker_conf.group is defined
+  register: docker_socket_unit
+  notify: restart docker
+  tags: docker
+
+- name: Remove obsolete conf
+  file: path=/etc/systemd/system/docker.socket.d/group.conf state=absent
+  register: docker_old_unit
+  tags: docker
+
+- name: Disable docker.socket to ensure the socket is pulled by the service
+  systemd: name=docker.socket enabled=False
+  tags: docker
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: docker_socket_unit.changed or docker_service_unit.changed or docker_old_unit.changed
+  tags: docker
+
+- name: Fix the dockremap UID namespace
+  lineinfile: path=/etc/{{ item }} regexp='^dockremap\s.*' line='dockremap:100000:65536'
+  loop:
+    - subuid
+    - subgid
+  tags: docker