From bc1d02d89681b92f379b3e356d7778aa6044f297 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Thu, 8 Oct 2020 17:43:37 +0100
Subject: [PATCH] baremetal: Install iptables for Docker if enabled

If iptables is not installed, e.g. in the CentOS 8 cloud image, and
Docker iptables management is enabled, we get the following errors:

Failed to find iptables: exec: \"iptables\": executable file not found
in $PATH failed to start daemon: Error initializing network controller:
error obtaining controller instance: failed to create NAT chain DOCKER:
Iptables not found

This change installs the iptables package Docker iptables management is
enabled.

Change-Id: I3ba5318debccafb28c3cbce8e4e9813c28b086fc
Closes-Bug: #1899060
---
 ansible/roles/baremetal/defaults/main.yml                   | 2 ++
 .../notes/docker-install-iptables-f24fef8ce2418963.yaml     | 6 ++++++
 2 files changed, 8 insertions(+)
 create mode 100644 releasenotes/notes/docker-install-iptables-f24fef8ce2418963.yaml

diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 7bca48cf22..fb4c4d49c9 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -45,6 +45,7 @@ debian_pkg_install:
  - "{% if virtualenv is not none %}python3-virtualenv{% endif %}"
  - "{% if enable_host_ntp | bool %}ntp{% endif %}"
  - "{% if enable_multipathd|bool %}sg3-utils-udev{% endif %}"
+ - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}"
 
 redhat_pkg_install:
  - "{{ docker_yum_package }}"
@@ -53,6 +54,7 @@ redhat_pkg_install:
  - "{% if virtualenv is not none %}python3-virtualenv{% endif %}"
  - "{% if enable_host_ntp | bool %}ntp{% endif %}"
  - sudo
+ - "{% if not docker_disable_default_iptables_rules | bool %}iptables{% endif %}"
 
 ubuntu_pkg_removals:
  - lxd
diff --git a/releasenotes/notes/docker-install-iptables-f24fef8ce2418963.yaml b/releasenotes/notes/docker-install-iptables-f24fef8ce2418963.yaml
new file mode 100644
index 0000000000..b01939cee6
--- /dev/null
+++ b/releasenotes/notes/docker-install-iptables-f24fef8ce2418963.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where Docker may fail to start if ``iptables`` is not
+    installed. `LP#1899060
+    <https://bugs.launchpad.net/kolla-ansible/+bug/1899060>`__