Not possible to specify daemon options before it starts for the first time #508
Description
I am managing my firewall rules with Ansible using nftables and I do not want docker to mess with my handwritten rules. Hence, I set the following daemon options:
docker_daemon_options:
iptables: false
ip6tables: falseWhen I first apply the role with those settings, the docker package is installed in this line. At least for package managers where the docker service is not exclusively socket-activated (e.g. Ubuntu has the service enabled by default), this already causes the daemon to start.
However, daemon options are only applied later in this line. Because the daemon already started at this point, it has already created all the chains that I didn't want.
The change of daemon options triggers a restart of the daemon but docker does not clean up all the chains it has created when stopped.
Hence, I always need to add a pre-task to this role to have the docker daemon configuration file already in place before this role is applied. Is there any downside if one would move the tasks for the docker daemon configuration above the package installation?
I already mentioned this once in #503 (comment) but as @geerlingguy stated, that was maybe an issue with the firewall.