From 03c9c091f2fd54b12128ac380a78031aa9b98203 Mon Sep 17 00:00:00 2001
From: Barry Melbourne <9964974+bmelbourne@users.noreply.github.com>
Date: Mon, 31 Aug 2020 12:56:20 +0100
Subject: [PATCH] Docker: Set Cgroup driver by default to systemd (#6563)

* Set Docker Cgroup driver to systemd

* Add docker_cgroup_driver in Docker defaults
---
 inventory/sample/group_vars/all/docker.yml                    | 4 ++++
 roles/container-engine/docker/defaults/main.yml               | 2 ++
 .../container-engine/docker/templates/docker-options.conf.j2  | 4 ++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/inventory/sample/group_vars/all/docker.yml b/inventory/sample/group_vars/all/docker.yml
index f05438967..0cad8df38 100644
--- a/inventory/sample/group_vars/all/docker.yml
+++ b/inventory/sample/group_vars/all/docker.yml
@@ -10,6 +10,10 @@ docker_container_storage_setup: false
 ## Otherwise docker-storage-setup will be executed incorrectly.
 # docker_container_storage_setup_devs: /dev/vdb
 
+## Uncomment this if you want to change the Docker Cgroup driver (native.cgroupdriver)
+## Valid options are systemd or cgroupfs, default is systemd
+# docker_cgroup_driver: systemd
+
 ## Uncomment this if you have more than 3 nameservers, then we'll only use the first 3.
 docker_dns_servers_strict: false
 
diff --git a/roles/container-engine/docker/defaults/main.yml b/roles/container-engine/docker/defaults/main.yml
index ced8777af..f37608889 100644
--- a/roles/container-engine/docker/defaults/main.yml
+++ b/roles/container-engine/docker/defaults/main.yml
@@ -18,6 +18,8 @@ dockerproject_repo_key_info:
 dockerproject_repo_info:
   repos:
 
+docker_cgroup_driver: systemd
+
 docker_dns_servers_strict: true
 
 docker_container_storage_setup: false
diff --git a/roles/container-engine/docker/templates/docker-options.conf.j2 b/roles/container-engine/docker/templates/docker-options.conf.j2
index 3ce40087c..0dc0ef657 100644
--- a/roles/container-engine/docker/templates/docker-options.conf.j2
+++ b/roles/container-engine/docker/templates/docker-options.conf.j2
@@ -1,12 +1,12 @@
 [Service]
 Environment="DOCKER_OPTS={{ docker_options|default('') }} --iptables={{ docker_iptables_enabled | default('false') }} \
+--exec-opt native.cgroupdriver={{ docker_cgroup_driver }} \
 {% for i in docker_insecure_registries %}--insecure-registry={{ i }} {% endfor %} \
 {% for i in docker_registry_mirrors %}--registry-mirror={{ i }} {% endfor %} \
 {% if docker_version != "latest" and docker_version is version('17.05', '<') %}--graph={% else %}--data-root={% endif %}{{ docker_daemon_graph }} \
 {% if ansible_os_family not in ["openSUSE Leap", "openSUSE Tumbleweed", "Suse"] %}{{ docker_log_opts }}{% endif %} \
 {% if ansible_architecture == "aarch64" and ansible_os_family == "RedHat" %} \
---add-runtime docker-runc=/usr/libexec/docker/docker-runc-current \
---default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd \
+--add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc \
 --userland-proxy-path=/usr/libexec/docker/docker-proxy-current --signature-verification=false \
 {% endif %}"