From 21fc197ee0d7221c5e9f76adaed7add7d2d153e1 Mon Sep 17 00:00:00 2001
From: Chris Ricker <chricker@cisco.com>
Date: Fri, 29 Apr 2022 11:39:14 -0400
Subject: [PATCH] Ensure containerd service unmasking (#8726)

* Force containerd service unmasking

Force systemd to unmask and start service when adding containerd service

* Eliminate restart and move unmasking step

Switch to start instead of restart
Move unmasking to restart handler

* Add unmasking to similar container runtimes

* Add missing service names
---
 roles/container-engine/containerd/handlers/main.yml  | 1 +
 roles/container-engine/containerd/tasks/main.yml     | 3 ++-
 roles/container-engine/cri-dockerd/handlers/main.yml | 2 ++
 roles/container-engine/docker/handlers/main.yml      | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/container-engine/containerd/handlers/main.yml b/roles/container-engine/containerd/handlers/main.yml
index bd483bc8e..d2f12658f 100644
--- a/roles/container-engine/containerd/handlers/main.yml
+++ b/roles/container-engine/containerd/handlers/main.yml
@@ -11,6 +11,7 @@
     state: restarted
     enabled: yes
     daemon-reload: yes
+    masked: no
 
 - name: Containerd | wait for containerd
   command: "{{ containerd_bin_dir }}/ctr images ls -q"
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index 8facf61aa..746e9c4a4 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -98,7 +98,8 @@
   meta: flush_handlers
 
 - name: containerd | Ensure containerd is started and enabled
-  service:
+  systemd:
     name: containerd
+    daemon_reload: yes
     enabled: yes
     state: started
diff --git a/roles/container-engine/cri-dockerd/handlers/main.yml b/roles/container-engine/cri-dockerd/handlers/main.yml
index 94b760a02..1cc890a79 100644
--- a/roles/container-engine/cri-dockerd/handlers/main.yml
+++ b/roles/container-engine/cri-dockerd/handlers/main.yml
@@ -8,7 +8,9 @@
 
 - name: cri-dockerd | reload systemd
   systemd:
+    name: cri-dockerd
     daemon_reload: true
+    masked: no
 
 - name: cri-dockerd | reload cri-dockerd.socket
   service:
diff --git a/roles/container-engine/docker/handlers/main.yml b/roles/container-engine/docker/handlers/main.yml
index 18502899c..8c26de273 100644
--- a/roles/container-engine/docker/handlers/main.yml
+++ b/roles/container-engine/docker/handlers/main.yml
@@ -9,7 +9,9 @@
 
 - name: Docker | reload systemd
   systemd:
+    name: docker
     daemon_reload: true
+    masked: no
 
 - name: Docker | reload docker.socket
   service:
-- 
GitLab