From 44947454ae259f75fde4ac51b4e15e414301a2d6 Mon Sep 17 00:00:00 2001
From: Olivier <obierlaire@gmail.com>
Date: Tue, 26 Apr 2022 16:23:37 +0200
Subject: [PATCH 1/4] Fix SLES 12

---
 defaults/main.yml                     |  4 +++
 tasks/base/SLES-12/install_docker.yml |  7 ++++-
 tasks/base/general/make_user.yml      | 43 +++++++++++++++++++++++----
 templates/docker.conf                 |  1 +
 vars/os_SLES_12.yml                   |  4 +--
 5 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index c2a6374..239f047 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -33,3 +33,7 @@ fetch_diagnostics: false
 
 # General settings for docker environment
 docker_bridge_ip: "172.17.42.1/16"
+
+# User and group id
+elastic_uid: 1001
+elastic_gid: 1001
diff --git a/tasks/base/SLES-12/install_docker.yml b/tasks/base/SLES-12/install_docker.yml
index 46345a7..c3e2a58 100755
--- a/tasks/base/SLES-12/install_docker.yml
+++ b/tasks/base/SLES-12/install_docker.yml
@@ -13,6 +13,11 @@
   until: remove_packages is success
 
 - name: Install docker
-  command: "zypper install -y --force-resolution --replacefiles {{ docker_version_map[docker_version]['package'] }}"
+  command: "zypper install -y --force-resolution --replacefiles {{ docker_version_map[docker_version]['package'] }} acl"
   args:
     warn: false
+
+- name: disable nscd (otherwise container will ignore their /etc/hosts)
+  systemd:
+    name: nscd
+    enabled: no
diff --git a/tasks/base/general/make_user.yml b/tasks/base/general/make_user.yml
index dc44faf..cd06047 100755
--- a/tasks/base/general/make_user.yml
+++ b/tasks/base/general/make_user.yml
@@ -11,18 +11,17 @@
 
 - name: Add group elastic
   group:
-    name:  "{{ item }}"
+    name:  elastic
     state: present
-  when: item not in ansible_facts.getent_group
-  with_items:
-      - docker
-      - elastic
+    gid: "{{ elastic_gid }}"
+  when: "'elastic' not in ansible_facts.getent_group"
 
 - name: Add user elastic
   user:
     name: elastic
     group: elastic
     groups: docker
+    uid: "{{ elastic_uid }}"
     append: yes
     state: present
     generate_ssh_key: true
@@ -68,3 +67,37 @@
     dest: /etc/cloud/cloud.cfg.d/00-elastic.cfg
   vars:
     image_user: elastic
+
+# # Workaround for https://github.com/elastic/ansible-elastic-cloud-enterprise/issues/155 
+# - name: Add user 'ece' for SLES (workaround starting ECE 2.13+)
+#   block:
+#     - name: Is there an ece User
+#       getent:
+#         key: "ece"
+#         database: passwd
+#         fail_key: false
+
+#     - name: Add group ece
+#       group:
+#         name:  "ece"
+#         state: present
+#         gid: "199"
+#       when: "'ece' not in ansible_facts.getent_group"
+
+#     - name: Add user ece
+#       user:
+#         name: ece
+#         group: ece
+#         uid: "199"
+#         append: yes
+#         state: present
+#         generate_ssh_key: false
+#       when: getent_passwd["ece"] == none
+
+#     - name: Modify user elastic to be included in ece
+#       user:
+#         name: elastic
+#         groups: ece
+#         append: yes
+
+#   when: ansible_distribution == "SLES"
\ No newline at end of file
diff --git a/templates/docker.conf b/templates/docker.conf
index 3cc3e79..f77e4da 100644
--- a/templates/docker.conf
+++ b/templates/docker.conf
@@ -3,6 +3,7 @@ Description=Docker Service
 After={{ docker_unit_after }}
 
 [Service]
+EnvironmentFile=
 Environment="DOCKER_OPTS=-H unix:///run/docker.sock -g {{ data_dir }}/docker --storage-driver={{ docker_storage_driver }} --bip={{ docker_bridge_ip }} --raw-logs --icc=false"
 ExecStart=
 ExecStart=/usr/bin/dockerd $DOCKER_OPTS
diff --git a/vars/os_SLES_12.yml b/vars/os_SLES_12.yml
index ec1b2c1..3c41ee5 100755
--- a/vars/os_SLES_12.yml
+++ b/vars/os_SLES_12.yml
@@ -1,10 +1,10 @@
 ---
 docker_unit_after: "network.target docker.socket"
-docker_storage_driver: overlay
+docker_storage_driver: overlay2
 bootloader_update_command: update-bootloader
 conntrack_module: ip_conntrack
 
 # Docker version mapping
 docker_version_map:
   "19.03":
-    package: docker-19.03.14_ce
+    package: docker-19.03.15_ce

From 49a55c46a3bed7602aeba91bba60733ff1f8fbc0 Mon Sep 17 00:00:00 2001
From: Olivier <obierlaire@gmail.com>
Date: Mon, 2 May 2022 19:53:43 +0200
Subject: [PATCH 2/4] Add SLES 15

---
 tasks/base/SLES-15/install_docker.yml | 23 +++++++++++++++++
 tasks/base/SLES-15/main.yml           |  3 +++
 tasks/base/general/make_user.yml      | 36 +--------------------------
 vars/os_SLES_15.yml                   | 10 ++++++++
 4 files changed, 37 insertions(+), 35 deletions(-)
 create mode 100755 tasks/base/SLES-15/install_docker.yml
 create mode 100755 tasks/base/SLES-15/main.yml
 create mode 100755 vars/os_SLES_15.yml

diff --git a/tasks/base/SLES-15/install_docker.yml b/tasks/base/SLES-15/install_docker.yml
new file mode 100755
index 0000000..c3e2a58
--- /dev/null
+++ b/tasks/base/SLES-15/install_docker.yml
@@ -0,0 +1,23 @@
+---
+- name: Remove docker and docker-runc
+  zypper:
+    name: "{{ packages }}"
+    state: absent
+  vars:
+    packages:
+    - docker
+    - docker-runc
+  register: remove_packages
+  retries: 10
+  delay: 30
+  until: remove_packages is success
+
+- name: Install docker
+  command: "zypper install -y --force-resolution --replacefiles {{ docker_version_map[docker_version]['package'] }} acl"
+  args:
+    warn: false
+
+- name: disable nscd (otherwise container will ignore their /etc/hosts)
+  systemd:
+    name: nscd
+    enabled: no
diff --git a/tasks/base/SLES-15/main.yml b/tasks/base/SLES-15/main.yml
new file mode 100755
index 0000000..3fdb90a
--- /dev/null
+++ b/tasks/base/SLES-15/main.yml
@@ -0,0 +1,3 @@
+---
+- include_tasks: install_docker.yml
+  tags: [install_docker, destructive]
\ No newline at end of file
diff --git a/tasks/base/general/make_user.yml b/tasks/base/general/make_user.yml
index cd06047..5b765c0 100755
--- a/tasks/base/general/make_user.yml
+++ b/tasks/base/general/make_user.yml
@@ -66,38 +66,4 @@
     src: elastic.cfg.j2
     dest: /etc/cloud/cloud.cfg.d/00-elastic.cfg
   vars:
-    image_user: elastic
-
-# # Workaround for https://github.com/elastic/ansible-elastic-cloud-enterprise/issues/155 
-# - name: Add user 'ece' for SLES (workaround starting ECE 2.13+)
-#   block:
-#     - name: Is there an ece User
-#       getent:
-#         key: "ece"
-#         database: passwd
-#         fail_key: false
-
-#     - name: Add group ece
-#       group:
-#         name:  "ece"
-#         state: present
-#         gid: "199"
-#       when: "'ece' not in ansible_facts.getent_group"
-
-#     - name: Add user ece
-#       user:
-#         name: ece
-#         group: ece
-#         uid: "199"
-#         append: yes
-#         state: present
-#         generate_ssh_key: false
-#       when: getent_passwd["ece"] == none
-
-#     - name: Modify user elastic to be included in ece
-#       user:
-#         name: elastic
-#         groups: ece
-#         append: yes
-
-#   when: ansible_distribution == "SLES"
\ No newline at end of file
+    image_user: elastic
\ No newline at end of file
diff --git a/vars/os_SLES_15.yml b/vars/os_SLES_15.yml
new file mode 100755
index 0000000..4dd78fe
--- /dev/null
+++ b/vars/os_SLES_15.yml
@@ -0,0 +1,10 @@
+---
+docker_unit_after: "network.target docker.socket"
+docker_storage_driver: overlay2
+bootloader_update_command: update-bootloader
+conntrack_module: ip_conntrack
+
+# Docker version mapping
+docker_version_map:
+  "20.10":
+    package: docker-20.10.12_ce

From f71b612995503f49c6b4592242760a6f8ea69f0f Mon Sep 17 00:00:00 2001
From: Olivier <obierlaire@gmail.com>
Date: Wed, 4 May 2022 11:28:51 +0200
Subject: [PATCH 3/4] Remove nscd

---
 tasks/base/SLES-12/install_docker.yml   | 7 ++++---
 tasks/base/SLES-15/install_docker.yml   | 7 ++++---
 tasks/base/general/configure_docker.yml | 1 +
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/tasks/base/SLES-12/install_docker.yml b/tasks/base/SLES-12/install_docker.yml
index c3e2a58..ae25217 100755
--- a/tasks/base/SLES-12/install_docker.yml
+++ b/tasks/base/SLES-12/install_docker.yml
@@ -17,7 +17,8 @@
   args:
     warn: false
 
-- name: disable nscd (otherwise container will ignore their /etc/hosts)
-  systemd:
+# Workaround for https://github.com/elastic/ansible-elastic-cloud-enterprise/issues/155#issuecomment-1117069430
+- name: Uninstall nscd 
+  zypper:
     name: nscd
-    enabled: no
+    state: absent
diff --git a/tasks/base/SLES-15/install_docker.yml b/tasks/base/SLES-15/install_docker.yml
index c3e2a58..ae25217 100755
--- a/tasks/base/SLES-15/install_docker.yml
+++ b/tasks/base/SLES-15/install_docker.yml
@@ -17,7 +17,8 @@
   args:
     warn: false
 
-- name: disable nscd (otherwise container will ignore their /etc/hosts)
-  systemd:
+# Workaround for https://github.com/elastic/ansible-elastic-cloud-enterprise/issues/155#issuecomment-1117069430
+- name: Uninstall nscd 
+  zypper:
     name: nscd
-    enabled: no
+    state: absent
diff --git a/tasks/base/general/configure_docker.yml b/tasks/base/general/configure_docker.yml
index 1ea8a31..940f35b 100755
--- a/tasks/base/general/configure_docker.yml
+++ b/tasks/base/general/configure_docker.yml
@@ -45,6 +45,7 @@
   file:
     path: /var/lib/docker
     state: absent
+    force: yes
 
 - name: Docker daemon is enabled and systemd has read all changes
   systemd:

From f6a1a71a6d01c02bd40650a9aee31c31f1ecbc56 Mon Sep 17 00:00:00 2001
From: Olivier <obierlaire@gmail.com>
Date: Wed, 4 May 2022 14:51:24 +0200
Subject: [PATCH 4/4] fix missing docker group for rhel

---
 tasks/base/general/make_user.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tasks/base/general/make_user.yml b/tasks/base/general/make_user.yml
index 5b765c0..1e35bec 100755
--- a/tasks/base/general/make_user.yml
+++ b/tasks/base/general/make_user.yml
@@ -16,6 +16,12 @@
     gid: "{{ elastic_gid }}"
   when: "'elastic' not in ansible_facts.getent_group"
 
+- name: Add group docker
+  group:
+    name:  docker
+    state: present
+  when: "'docker' not in ansible_facts.getent_group"
+
 - name: Add user elastic
   user:
     name: elastic