From 950feb1e1cb54ca81f0820075acaee96a8a6fb6e Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Date: Mon, 6 Feb 2017 11:00:37 +0800
Subject: [PATCH] Do not check security opt in some case in kolla_docker module

Security opt is disable when using host ipc or host pid or
privileged[0].

[0]
https://github.com/docker/docker/blob/master/daemon/create.go#L161,L164

Change-Id: I83d7c74aaeb5c59981c76464e69d5b5baa00fefb
---
 ansible/library/kolla_docker.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/ansible/library/kolla_docker.py b/ansible/library/kolla_docker.py
index acb96c263b..28c21a37eb 100644
--- a/ansible/library/kolla_docker.py
+++ b/ansible/library/kolla_docker.py
@@ -309,6 +309,13 @@ class DockerWorker(object):
             return True
 
     def compare_security_opt(self, container_info):
+        ipc_mode = self.params.get('ipc_mode')
+        pid_mode = self.params.get('pid_mode')
+        privileged = self.params.get('privileged', False)
+        # NOTE(jeffrey4l) security opt is disabled when using host ipc mode or
+        # host pid mode or privileged. So no need to compare security opts
+        if ipc_mode == 'host' or pid_mode == 'host' or privileged:
+            return False
         new_sec_opt = self.params.get('security_opt', list())
         current_sec_opt = container_info['HostConfig'].get('SecurityOpt',
                                                            list())