Fix conntrack for opensuse and docker support (#5880)

.gitlab-ci/packet.yml

@@ -131,7 +131,7 @@ packet_centos8-calico:
 packet_opensuse-canal:
   stage: deploy-part2
   extends: .packet
-  when: manual
+  when: on_success
 
 packet_oracle7-canal:
   stage: deploy-part2

Vagrantfile

@@ -26,8 +26,8 @@ SUPPORTED_OS = {
   "centos8"             => {box: "centos/8",           user: "vagrant"},
   "centos8-bento"       => {box: "bento/centos-8",           user: "vagrant"},
   "fedora"              => {box: "fedora/28-cloud-base",                user: "vagrant"},
-  "opensuse"            => {box: "opensuse/openSUSE-15.0-x86_64",       user: "vagrant"},
-  "opensuse-tumbleweed" => {box: "opensuse/openSUSE-Tumbleweed-x86_64", user: "vagrant"},
+  "opensuse"            => {box: "bento/opensuse-leap-15.1",       user: "vagrant"},
+  "opensuse-tumbleweed" => {box: "opensuse/Tumbleweed.x86_64", user: "vagrant"},
   "oraclelinux"         => {box: "generic/oracle7", user: "vagrant"},
 }
 

roles/bootstrap-os/tasks/bootstrap-opensuse.yml

@@ -28,6 +28,14 @@
   when:
     - http_proxy is defined or https_proxy is defined
 
+# Required for zypper module
+- name: Install python-xml
+  shell: zypper refresh && zypper --non-interactive install python-xml
+  changed_when: false
+  become: true
+  tags:
+    - facts
+
 # Without this package, the get_url module fails when trying to handle https
 - name: Install python-cryptography
   zypper:

roles/bootstrap-os/tasks/main.yml

@@ -56,6 +56,7 @@
 - name: Assign inventory name to unconfigured hostnames (CoreOS, non-Flatcar, Suse and ClearLinux only)
   command: "hostnamectl set-hostname {{ inventory_hostname }}"
   register: hostname_changed
+  become: true
   changed_when: false
   when:
     - override_system_hostname

roles/container-engine/docker/templates/docker.service.j2

@@ -10,8 +10,9 @@ After=network.target docker.socket{{ ' containerd.service' if installed_docker_v
 {{ 'BindsTo=containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') }}
 Wants=docker.socket
 {% elif ansible_os_family == "Suse" %}
-After=network.target{{ ' containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') else '' }}
-{{ 'BindsTo=containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') }}
+After=network.target lvm2-monitor.service SuSEfirewall2.service
+# After=network.target{{ ' containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') else '' }}
+# {{ 'BindsTo=containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') }}
 {% endif %}
 
 [Service]

roles/kubernetes/preinstall/defaults/main.yml

@@ -15,7 +15,7 @@ common_required_pkgs:
   - unzip
   - e2fsprogs
   - xfsprogs
-  - conntrack
+  - ebtables
 
 # Set to true if your network does not support IPv6
 # This maybe necessary for pulling Docker images from

roles/kubernetes/preinstall/vars/centos.yml

@@ -2,5 +2,5 @@
 required_pkgs:
   - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
   - device-mapper-libs
-  - ebtables
   - nss
+  - conntrack

roles/kubernetes/preinstall/vars/debian.yml

@@ -4,4 +4,4 @@ required_pkgs:
   - aufs-tools
   - apt-transport-https
   - software-properties-common
-  - ebtables
+  - conntrack

roles/kubernetes/preinstall/vars/fedora.yml

@@ -2,4 +2,4 @@
 required_pkgs:
   - libselinux-python
   - device-mapper-libs
-  - ebtables
+  - conntrack

roles/kubernetes/preinstall/vars/redhat.yml

@@ -2,5 +2,5 @@
 required_pkgs:
   - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
   - device-mapper-libs
-  - ebtables
   - nss
+  - conntrack

roles/kubernetes/preinstall/vars/suse.yml

@@ -1,4 +1,4 @@
 ---
 required_pkgs:
   - device-mapper
-  - ebtables
+  - conntrack-tools

roles/kubernetes/preinstall/vars/ubuntu.yml

@@ -4,4 +4,4 @@ required_pkgs:
   - aufs-tools
   - apt-transport-https
   - software-properties-common
-  - ebtables
+  - conntrack