From 9e86ae3bba82e8b0f7113c518467b229319aea35 Mon Sep 17 00:00:00 2001 From: saibotk Date: Thu, 10 Dec 2020 19:39:13 +0100 Subject: [PATCH] traefik: Only trust network for docker < 20.10 Docker complains about the network being already marked as trusted otherwise. Also an upgrade to docker 20.10 requires manual recreation of the networks and a removal of the docker-proxy network via `firewall-cmd --zone=trusted --remove-interface=docker-proxy`. --- roles/traefik/README.md | 4 ++++ roles/traefik/tasks/main.yml | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/roles/traefik/README.md b/roles/traefik/README.md index 896ba37..e215211 100644 --- a/roles/traefik/README.md +++ b/roles/traefik/README.md @@ -17,6 +17,10 @@ Role Variables **Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!** +### Global variables, that are used: + +- `docker_package`: Defined by the docker role, this is the package name of docker within your package manager. + Dependencies ------------ diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index e374093..882eceb 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -81,6 +81,11 @@ - traefik_ipv6 is defined - traefik_ipv6.enabled +- name: Gather the package facts + package_facts: + manager: auto + +# This step is only needed in docker < 20.10, as docker does this by default now - name: Trust our proxy network ansible.posix.firewalld: zone: trusted @@ -91,6 +96,9 @@ become: true tags: - firewall + when: + - docker_package in ansible_facts.packages + - ansible_facts.packages[docker_package][0].version is version('20.10', '<') - name: Deploy dynamic_conf.yml template: