From 9cf503acb1801dae43c640e864e45d455b0b5766 Mon Sep 17 00:00:00 2001
From: rptaylor <rptaylor@uvic.ca>
Date: Sun, 21 Jul 2019 00:12:53 -0700
Subject: [PATCH] configure docker_options directly with template (#4912)

---
 .../docker/templates/docker-options.conf.j2   | 12 +++++++-
 roles/kubespray-defaults/defaults/main.yaml   | 28 ++++---------------
 2 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/roles/container-engine/docker/templates/docker-options.conf.j2 b/roles/container-engine/docker/templates/docker-options.conf.j2
index 296f5a8a1..3ce40087c 100644
--- a/roles/container-engine/docker/templates/docker-options.conf.j2
+++ b/roles/container-engine/docker/templates/docker-options.conf.j2
@@ -1,5 +1,15 @@
 [Service]
-Environment="DOCKER_OPTS={{ docker_options|default('') }} --iptables={{ docker_iptables_enabled | default('false') }}"
+Environment="DOCKER_OPTS={{ docker_options|default('') }} --iptables={{ docker_iptables_enabled | default('false') }} \
+{% for i in docker_insecure_registries %}--insecure-registry={{ i }} {% endfor %} \
+{% for i in docker_registry_mirrors %}--registry-mirror={{ i }} {% endfor %} \
+{% if docker_version != "latest" and docker_version is version('17.05', '<') %}--graph={% else %}--data-root={% endif %}{{ docker_daemon_graph }} \
+{% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %} \
+{% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %} \
+--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
+--default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd \
+--userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false \
+{% endif %}"
+
 {% if docker_mount_flags is defined and docker_mount_flags != "" %}
 MountFlags={{ docker_mount_flags }}
 {% endif %}
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index f20bdf346..fd42eb3f5 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -220,17 +220,18 @@ docker_iptables_enabled: "false"
 # Rotate container stderr/stdout logs at 50m and keep last 5
 docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
 
-## An obvious use case is allowing insecure-registry access to self hosted registries.
-## Can be ipaddress and domain_name.
-## example define 172.19.16.11 or mirror.registry.io
+## A list of insecure docker registries (IP address or domain name), for example
+## to allow insecure-registry access to self-hosted registries. Empty by default.
 # docker_insecure_registries:
 #   - mirror.registry.io
 #   - 172.19.16.11
+docker_insecure_registries: []
 
-## Add other registry,example China registry mirror.
+## A list of additional registry mirrors, for example China registry mirror. Empty by default.
 # docker_registry_mirrors:
 #   - https://registry.docker-cn.com
 #   - https://mirror.aliyuncs.com
+docker_registry_mirrors: []
 
 ## If non-empty will override default system MounFlags value.
 ## This option takes a mount propagation flag: shared, slave
@@ -240,24 +241,7 @@ docker_log_opts: "--log-opt max-size=50m --log-opt max-file=5"
 # docker_mount_flags:
 
 ## A string of extra options to pass to the docker daemon.
-## This string should be exactly as you wish it to appear.
-docker_options: >-
-  {%- if docker_insecure_registries is defined %}
-  {{ docker_insecure_registries | map('regex_replace', '^(.*)$', '--insecure-registry=\1' ) | list | join(' ') }}
-  {%- endif %}
-  {% if docker_registry_mirrors is defined %}
-  {{ docker_registry_mirrors | map('regex_replace', '^(.*)$', '--registry-mirror=\1' ) | list | join(' ') }}
-  {%- endif %}
-  {%- if docker_version != "latest" and docker_version is version('17.05', '<') %}
-  --graph={{ docker_daemon_graph }} {% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %}
-  {%- else %}
-  --data-root={{ docker_daemon_graph }} {% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %}
-  {%- endif %}
-  {%- if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %}
-  --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current
-  --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd
-  --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false
-  {%- endif -%}
+# docker_options: ""
 
 ## A list of plugins to install using 'docker plugin install --grant-all-permissions'
 ## Empty by default so no plugins will be installed.
-- 
GitLab