From 7eaa7c957a1c043b3b1ef5ff6d0a042ee5cf31ec Mon Sep 17 00:00:00 2001
From: Maxime Guyot <Miouge1@users.noreply.github.com>
Date: Wed, 8 Apr 2020 16:37:44 +0200
Subject: [PATCH] Fix conntrack for opensuse and docker support (#5880)

---
 .gitlab-ci/packet.yml                                     | 2 +-
 Vagrantfile                                               | 4 ++--
 roles/bootstrap-os/tasks/bootstrap-opensuse.yml           | 8 ++++++++
 roles/bootstrap-os/tasks/main.yml                         | 1 +
 roles/container-engine/docker/templates/docker.service.j2 | 5 +++--
 roles/kubernetes/preinstall/defaults/main.yml             | 2 +-
 roles/kubernetes/preinstall/vars/centos.yml               | 2 +-
 roles/kubernetes/preinstall/vars/debian.yml               | 2 +-
 roles/kubernetes/preinstall/vars/fedora.yml               | 2 +-
 roles/kubernetes/preinstall/vars/redhat.yml               | 2 +-
 roles/kubernetes/preinstall/vars/suse.yml                 | 2 +-
 roles/kubernetes/preinstall/vars/ubuntu.yml               | 2 +-
 12 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml
index 290bdc8b9..3f83db566 100644
--- a/.gitlab-ci/packet.yml
+++ b/.gitlab-ci/packet.yml
@@ -131,7 +131,7 @@ packet_centos8-calico:
 packet_opensuse-canal:
   stage: deploy-part2
   extends: .packet
-  when: manual
+  when: on_success
 
 packet_oracle7-canal:
   stage: deploy-part2
diff --git a/Vagrantfile b/Vagrantfile
index c9b95e763..1f0006e56 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -26,8 +26,8 @@ SUPPORTED_OS = {
   "centos8"             => {box: "centos/8",           user: "vagrant"},
   "centos8-bento"       => {box: "bento/centos-8",           user: "vagrant"},
   "fedora"              => {box: "fedora/28-cloud-base",                user: "vagrant"},
-  "opensuse"            => {box: "opensuse/openSUSE-15.0-x86_64",       user: "vagrant"},
-  "opensuse-tumbleweed" => {box: "opensuse/openSUSE-Tumbleweed-x86_64", user: "vagrant"},
+  "opensuse"            => {box: "bento/opensuse-leap-15.1",       user: "vagrant"},
+  "opensuse-tumbleweed" => {box: "opensuse/Tumbleweed.x86_64", user: "vagrant"},
   "oraclelinux"         => {box: "generic/oracle7", user: "vagrant"},
 }
 
diff --git a/roles/bootstrap-os/tasks/bootstrap-opensuse.yml b/roles/bootstrap-os/tasks/bootstrap-opensuse.yml
index 4f2d415d6..902720b41 100644
--- a/roles/bootstrap-os/tasks/bootstrap-opensuse.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-opensuse.yml
@@ -28,6 +28,14 @@
   when:
     - http_proxy is defined or https_proxy is defined
 
+# Required for zypper module
+- name: Install python-xml
+  shell: zypper refresh && zypper --non-interactive install python-xml
+  changed_when: false
+  become: true
+  tags:
+    - facts
+
 # Without this package, the get_url module fails when trying to handle https
 - name: Install python-cryptography
   zypper:
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index 13424fe70..738c2001c 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -56,6 +56,7 @@
 - name: Assign inventory name to unconfigured hostnames (CoreOS, non-Flatcar, Suse and ClearLinux only)
   command: "hostnamectl set-hostname {{ inventory_hostname }}"
   register: hostname_changed
+  become: true
   changed_when: false
   when:
     - override_system_hostname
diff --git a/roles/container-engine/docker/templates/docker.service.j2 b/roles/container-engine/docker/templates/docker.service.j2
index cf1cbcf71..b8ea29552 100644
--- a/roles/container-engine/docker/templates/docker.service.j2
+++ b/roles/container-engine/docker/templates/docker.service.j2
@@ -10,8 +10,9 @@ After=network.target docker.socket{{ ' containerd.service' if installed_docker_v
 {{ 'BindsTo=containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') }}
 Wants=docker.socket
 {% elif ansible_os_family == "Suse" %}
-After=network.target{{ ' containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') else '' }}
-{{ 'BindsTo=containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') }}
+After=network.target lvm2-monitor.service SuSEfirewall2.service
+# After=network.target{{ ' containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') else '' }}
+# {{ 'BindsTo=containerd.service' if installed_docker_version.stdout is version('18.09.1', '>=') }}
 {% endif %}
 
 [Service]
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 0e4c54160..b22c22658 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -15,7 +15,7 @@ common_required_pkgs:
   - unzip
   - e2fsprogs
   - xfsprogs
-  - conntrack
+  - ebtables
 
 # Set to true if your network does not support IPv6
 # This maybe necessary for pulling Docker images from
diff --git a/roles/kubernetes/preinstall/vars/centos.yml b/roles/kubernetes/preinstall/vars/centos.yml
index 2b35e2e16..479f120cb 100644
--- a/roles/kubernetes/preinstall/vars/centos.yml
+++ b/roles/kubernetes/preinstall/vars/centos.yml
@@ -2,5 +2,5 @@
 required_pkgs:
   - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
   - device-mapper-libs
-  - ebtables
   - nss
+  - conntrack
diff --git a/roles/kubernetes/preinstall/vars/debian.yml b/roles/kubernetes/preinstall/vars/debian.yml
index a044e0d49..8eda89b4e 100644
--- a/roles/kubernetes/preinstall/vars/debian.yml
+++ b/roles/kubernetes/preinstall/vars/debian.yml
@@ -4,4 +4,4 @@ required_pkgs:
   - aufs-tools
   - apt-transport-https
   - software-properties-common
-  - ebtables
+  - conntrack
diff --git a/roles/kubernetes/preinstall/vars/fedora.yml b/roles/kubernetes/preinstall/vars/fedora.yml
index bacfb96b5..e1a41555b 100644
--- a/roles/kubernetes/preinstall/vars/fedora.yml
+++ b/roles/kubernetes/preinstall/vars/fedora.yml
@@ -2,4 +2,4 @@
 required_pkgs:
   - libselinux-python
   - device-mapper-libs
-  - ebtables
+  - conntrack
diff --git a/roles/kubernetes/preinstall/vars/redhat.yml b/roles/kubernetes/preinstall/vars/redhat.yml
index 2b35e2e16..479f120cb 100644
--- a/roles/kubernetes/preinstall/vars/redhat.yml
+++ b/roles/kubernetes/preinstall/vars/redhat.yml
@@ -2,5 +2,5 @@
 required_pkgs:
   - "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('libselinux-python','python3-libselinux') }}"
   - device-mapper-libs
-  - ebtables
   - nss
+  - conntrack
diff --git a/roles/kubernetes/preinstall/vars/suse.yml b/roles/kubernetes/preinstall/vars/suse.yml
index 3f4f9aee9..8293cfd48 100644
--- a/roles/kubernetes/preinstall/vars/suse.yml
+++ b/roles/kubernetes/preinstall/vars/suse.yml
@@ -1,4 +1,4 @@
 ---
 required_pkgs:
   - device-mapper
-  - ebtables
+  - conntrack-tools
diff --git a/roles/kubernetes/preinstall/vars/ubuntu.yml b/roles/kubernetes/preinstall/vars/ubuntu.yml
index a044e0d49..8eda89b4e 100644
--- a/roles/kubernetes/preinstall/vars/ubuntu.yml
+++ b/roles/kubernetes/preinstall/vars/ubuntu.yml
@@ -4,4 +4,4 @@ required_pkgs:
   - aufs-tools
   - apt-transport-https
   - software-properties-common
-  - ebtables
+  - conntrack