From 340696553e1097d86d173de8413d7b985be62dec Mon Sep 17 00:00:00 2001
From: Luke Meyer <lmeyer@redhat.com>
Date: Wed, 12 Jul 2017 16:08:27 -0400
Subject: docker: fix docker_selinux_enabled

Document the option so that those who want to run on OverlayFS can find
it. Fix the task so that setting it to False isn't interpreted as true.
---
 inventory/byo/hosts.origin.example    | 5 +++++
 inventory/byo/hosts.ose.example       | 5 +++++
 roles/docker/tasks/package_docker.yml | 2 +-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index 474f2cc84..01adc8148 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -113,6 +113,11 @@ openshift_release=v3.6
 # Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10.
 # docker_version="1.12.1"
 
+# Specify whether to run Docker daemon with SELinux enabled in containers. Default is True.
+# Uncomment below to disable; for example if your kernel does not support the
+# Docker overlay/overlay2 storage drivers with SELinux enabled.
+#openshift_docker_selinux_enabled=False
+
 # Skip upgrading Docker during an OpenShift upgrade, leaves the current Docker version alone.
 # docker_upgrade=False
 
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index cde35499a..bd791429c 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -109,6 +109,11 @@ openshift_release=v3.6
 # Default value: "--log-driver=journald"
 #openshift_docker_options="-l warn --ipv6=false"
 
+# Specify whether to run Docker daemon with SELinux enabled in containers. Default is True.
+# Uncomment below to disable; for example if your kernel does not support the
+# Docker overlay/overlay2 storage drivers with SELinux enabled.
+#openshift_docker_selinux_enabled=False
+
 # Specify exact version of Docker to configure or upgrade to.
 # Downgrades are not supported and will error out. Be careful when upgrading docker from < 1.10 to > 1.10.
 # docker_version="1.12.1"
diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml
index c82d8659a..9859b7b5a 100644
--- a/roles/docker/tasks/package_docker.yml
+++ b/roles/docker/tasks/package_docker.yml
@@ -93,7 +93,7 @@
     dest: /etc/sysconfig/docker
     regexp: '^OPTIONS=.*$'
     line: "OPTIONS='\
-      {% if ansible_selinux.status | default(None) == '''enabled''' and docker_selinux_enabled | default(true) %} --selinux-enabled {% endif %}\
+      {% if ansible_selinux.status | default(None) == 'enabled' and docker_selinux_enabled | default(true) | bool %} --selinux-enabled {% endif %}\
       {% if docker_log_driver is defined  %} --log-driver {{ docker_log_driver }}{% endif %}\
       {% if docker_log_options is defined %} {{ docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\
       {% if docker_options is defined %} {{ docker_options }}{% endif %}\
-- 
cgit v1.2.1