From 6ca967e27fd008db57c92e4885ff2daad52a7ff5 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Fri, 3 Apr 2020 17:25:24 +0100 Subject: [PATCH] Use Ansible connection reset support in docker role When configuring Docker we need to kill persistent SSH connections to refresh the membership of the docker group for the stack user. Currently we are using a fairly heavy handed method of removing all ControlPersist sockets because the Ansible reset_connection meta module previously did not work [1]. This issue is fixed since Ansible 2.5.6. This change switches to the reset_connection meta module, which now works as expected. [1] https://github.com/ansible/ansible/issues/27520 Change-Id: Id4d951e447720e1d769491c0d34ad83099c030eb --- ansible/roles/docker/tasks/main.yml | 29 ++++------------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 494656e37..91726cea3 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -24,32 +24,11 @@ become: True # After adding the user to the docker group, we need to log out and in again to -# pick up the group membership. We do this by removing the SSH ControlPersist -# connection. +# pick up the group membership. We do this by resetting the SSH connection. -# NOTE: Ideally we'd use a meta task with the reset_connection option but due -# to https://github.com/ansible/ansible/issues/27520 this does not work -# (checked in Ansible 2.3.2.0). Instead, we use the heavy handed method of -# removing all ansible control sockets. Limitation: if this user is running -# another ansible process, we will kill its connections. -- name: Find persistent SSH connection control sockets - local_action: - module: find - file_type: any - path: "~/.ansible/cp/" - patterns: '[a-f0-9]{10}' - use_regex: True - register: cp_sockets - run_once: True - when: - - group_result is changed - -- name: Drop all persistent SSH connections to activate the new group membership - local_action: - module: shell ssh -O stop None -o ControlPath={{ item.path }} - with_items: "{{ cp_sockets.files }}" - run_once: True - when: cp_sockets is not skipped +- name: Reset connection to activate new group membership + meta: reset_connection + when: group_result is changed - name: Ensure Docker daemon is started service: