Use Ansible connection reset support in docker role

When configuring Docker we need to kill persistent SSH connections to
refresh the membership of the docker group for the stack user. Currently
we are using a fairly heavy handed method of removing all ControlPersist
sockets because the Ansible reset_connection meta module previously did
not work [1]. This issue is fixed since Ansible 2.5.6.

This change switches to the reset_connection meta module, which now
works as expected.

[1] https://github.com/ansible/ansible/issues/27520

Change-Id: Id4d951e447720e1d769491c0d34ad83099c030eb
This commit is contained in:
Mark Goddard 2020-04-03 17:25:24 +01:00
parent 7110477bcb
commit 6ca967e27f

View File

@ -24,32 +24,11 @@
become: True become: True
# After adding the user to the docker group, we need to log out and in again to # After adding the user to the docker group, we need to log out and in again to
# pick up the group membership. We do this by removing the SSH ControlPersist # pick up the group membership. We do this by resetting the SSH connection.
# connection.
# NOTE: Ideally we'd use a meta task with the reset_connection option but due - name: Reset connection to activate new group membership
# to https://github.com/ansible/ansible/issues/27520 this does not work meta: reset_connection
# (checked in Ansible 2.3.2.0). Instead, we use the heavy handed method of when: group_result is changed
# removing all ansible control sockets. Limitation: if this user is running
# another ansible process, we will kill its connections.
- name: Find persistent SSH connection control sockets
local_action:
module: find
file_type: any
path: "~/.ansible/cp/"
patterns: '[a-f0-9]{10}'
use_regex: True
register: cp_sockets
run_once: True
when:
- group_result is changed
- name: Drop all persistent SSH connections to activate the new group membership
local_action:
module: shell ssh -O stop None -o ControlPath={{ item.path }}
with_items: "{{ cp_sockets.files }}"
run_once: True
when: cp_sockets is not skipped
- name: Ensure Docker daemon is started - name: Ensure Docker daemon is started
service: service: