From 5efda3eda900eedf584bd1f5c5d68d7afddc14f7 Mon Sep 17 00:00:00 2001
From: Vijay Katam <vijkatam@cisco.com>
Date: Wed, 9 Aug 2017 15:49:53 -0700
Subject: [PATCH 1/3] Configurable docker yum repos, systemd fix

* Make yum repos used for installing docker rpms configurable
* TasksMax is only supported in systemd version >= 226
* Change to systemd file should restart docker
---
 roles/docker/defaults/main.yml           | 3 +++
 roles/docker/tasks/systemd.yml           | 6 ++++++
 roles/docker/templates/docker.service.j2 | 2 ++
 roles/docker/templates/rh_docker.repo.j2 | 4 ++--
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml
index e262d908a..be1921b85 100644
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -10,3 +10,6 @@ docker_repo_info:
   repos:
 
 docker_dns_servers_strict: yes
+
+docker_rh_repo_base_url: 'https://yum.dockerproject.org/repo/main/centos/7'
+docker_rh_repo_gpgkey: 'https://yum.dockerproject.org/gpg'
diff --git a/roles/docker/tasks/systemd.yml b/roles/docker/tasks/systemd.yml
index 1275de5d7..88b80c6e0 100644
--- a/roles/docker/tasks/systemd.yml
+++ b/roles/docker/tasks/systemd.yml
@@ -10,11 +10,17 @@
     dest: /etc/systemd/system/docker.service.d/http-proxy.conf
   when: http_proxy is defined or https_proxy is defined or no_proxy is defined
 
+- name: get systemd version
+  command: rpm -q --qf '%{V}\n' systemd
+  register: systemd_version
+  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
+
 - name: Write docker.service systemd file
   template:
     src: docker.service.j2
     dest: /etc/systemd/system/docker.service
   register: docker_service_file
+  notify: restart docker
   when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
 
 - name: Write docker.service systemd file for atomic
diff --git a/roles/docker/templates/docker.service.j2 b/roles/docker/templates/docker.service.j2
index 54e4b7c06..c8951fa8e 100644
--- a/roles/docker/templates/docker.service.j2
+++ b/roles/docker/templates/docker.service.j2
@@ -24,7 +24,9 @@ ExecStart={{ docker_bin_dir }}/docker daemon \
           $DOCKER_NETWORK_OPTIONS \
           $DOCKER_DNS_OPTIONS \
           $INSECURE_REGISTRY
+{% if systemd_version.stdout|int >= 226 %}
 TasksMax=infinity
+{% endif %}
 LimitNOFILE=1048576
 LimitNPROC=1048576
 LimitCORE=infinity
diff --git a/roles/docker/templates/rh_docker.repo.j2 b/roles/docker/templates/rh_docker.repo.j2
index e783c0ddf..7cb728625 100644
--- a/roles/docker/templates/rh_docker.repo.j2
+++ b/roles/docker/templates/rh_docker.repo.j2
@@ -1,7 +1,7 @@
 [dockerrepo]
 name=Docker Repository
-baseurl=https://yum.dockerproject.org/repo/main/centos/7
+baseurl={{ docker_rh_repo_base_url }}
 enabled=1
 gpgcheck=1
-gpgkey=https://yum.dockerproject.org/gpg
+gpgkey={{ docker_rh_repo_gpgkey }}
 {% if http_proxy is defined %}proxy={{ http_proxy }}{% endif %}

From 7ad552311325f53b1af6cfc625c16734578abc64 Mon Sep 17 00:00:00 2001
From: Vijay Katam <vijkatam@cisco.com>
Date: Thu, 10 Aug 2017 13:49:14 -0700
Subject: [PATCH 2/3] restrict rpm query to redhat

---
 roles/docker/tasks/systemd.yml           | 2 +-
 roles/docker/templates/docker.service.j2 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/docker/tasks/systemd.yml b/roles/docker/tasks/systemd.yml
index 88b80c6e0..6880d9e27 100644
--- a/roles/docker/tasks/systemd.yml
+++ b/roles/docker/tasks/systemd.yml
@@ -13,7 +13,7 @@
 - name: get systemd version
   command: rpm -q --qf '%{V}\n' systemd
   register: systemd_version
-  when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
+  when: ansible_os_family == "RedHat" and not is_atomic
 
 - name: Write docker.service systemd file
   template:
diff --git a/roles/docker/templates/docker.service.j2 b/roles/docker/templates/docker.service.j2
index c8951fa8e..29a80c107 100644
--- a/roles/docker/templates/docker.service.j2
+++ b/roles/docker/templates/docker.service.j2
@@ -24,7 +24,7 @@ ExecStart={{ docker_bin_dir }}/docker daemon \
           $DOCKER_NETWORK_OPTIONS \
           $DOCKER_DNS_OPTIONS \
           $INSECURE_REGISTRY
-{% if systemd_version.stdout|int >= 226 %}
+{% if ansible_os_family == "RedHat" and systemd_version.stdout|int >= 226 %}
 TasksMax=infinity
 {% endif %}
 LimitNOFILE=1048576

From 55ba81fee56f5e33b597da3b63e4ef5f1ce48165 Mon Sep 17 00:00:00 2001
From: Vijay Katam <vijkatam@cisco.com>
Date: Mon, 14 Aug 2017 12:31:44 -0700
Subject: [PATCH 3/3] Add changed_when: false to rpm query

---
 roles/docker/tasks/systemd.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/docker/tasks/systemd.yml b/roles/docker/tasks/systemd.yml
index 6880d9e27..ec4bbf9ab 100644
--- a/roles/docker/tasks/systemd.yml
+++ b/roles/docker/tasks/systemd.yml
@@ -14,6 +14,7 @@
   command: rpm -q --qf '%{V}\n' systemd
   register: systemd_version
   when: ansible_os_family == "RedHat" and not is_atomic
+  changed_when: false
 
 - name: Write docker.service systemd file
   template: