4 files changed, 18 insertions, 9 deletions
diff --git a/roles/docker/tasks/package_docker.yml b/roles/docker/tasks/package_docker.yml
index 10fb5772c..e101730d2 100644
--- a/roles/docker/tasks/package_docker.yml
+++ b/roles/docker/tasks/package_docker.yml
@@ -46,7 +46,7 @@
     template:
       dest: "{{ docker_systemd_dir }}/custom.conf"
       src: custom.conf.j2
-  when: not os_firewall_use_firewalld | default(True) | bool
+  when: not os_firewall_use_firewalld | default(False) | bool
 
 - stat: path=/etc/sysconfig/docker
   register: docker_check
diff --git a/roles/docker/tasks/systemcontainer_docker.yml b/roles/docker/tasks/systemcontainer_docker.yml
index b0d0632b0..a461c479a 100644
--- a/roles/docker/tasks/systemcontainer_docker.yml
+++ b/roles/docker/tasks/systemcontainer_docker.yml
@@ -114,6 +114,15 @@
     dest: "{{ docker_systemd_dir }}/custom.conf"
     src: systemcontainercustom.conf.j2
 
+# Set local versions of facts that must be in json format for daemon.json
+# NOTE: When jinja2.9+ is used the daemon.json file can move to using tojson
+- set_fact:
+    l_docker_insecure_registries: "{{ docker_insecure_registries | default([]) | to_json }}"
+    l_docker_log_options: "{{ docker_log_options | default({}) | to_json }}"
+    l_docker_additional_registries: "{{ docker_additional_registries | default([]) | to_json }}"
+    l_docker_blocked_registries: "{{ docker_blocked_registries | default([]) | to_json }}"
+    l_docker_selinux_enabled: "{{ docker_selinux_enabled | default(true) | to_json }}"
+
 # Configure container-engine using the daemon.json file
 - name: Configure Container Engine
   template:
diff --git a/roles/docker/templates/daemon.json b/roles/docker/templates/daemon.json
index 30a1b30f4..bebdd3cb2 100644
--- a/roles/docker/templates/daemon.json
+++ b/roles/docker/templates/daemon.json
@@ -12,7 +12,7 @@
     "default-gateway": "",
     "default-gateway-v6": "",
     "default-runtime": "oci",
-    "containerd": "/var/run/containerd.sock",
+    "containerd": "/run/containerd.sock",
     "default-ulimits": {},
     "disable-legacy-registry": false,
     "dns": [],
@@ -26,7 +26,7 @@
     "group": "",
     "hosts": [],
     "icc": false,
-    "insecure-registries": {{ docker_insecure_registries|default([]) }},
+    "insecure-registries": {{ l_docker_insecure_registries }},
     "ip": "0.0.0.0",
     "iptables": false,
     "ipv6": false,
@@ -36,9 +36,9 @@
     "live-restore": true,
 {% if docker_log_driver is defined  %}
     "log-driver": "{{ docker_log_driver }}",
-{% endif %}
+{%- endif %}
     "log-level": "",
-    "log-opts": {{ docker_log_options|default({}) }},
+    "log-opts": {{ l_docker_log_options }},
     "max-concurrent-downloads": 3,
     "max-concurrent-uploads": 5,
     "mtu": 0,
@@ -51,7 +51,7 @@
 	    "path": "/usr/libexec/docker/docker-runc-current"
 	}
     },
-    "selinux-enabled": {{ docker_selinux_enabled|default(true) }},
+    "selinux-enabled": {{ l_docker_selinux_enabled | lower }},
     "storage-driver": "",
     "storage-opts": [],
     "tls": true,
@@ -60,7 +60,7 @@
     "tlskey": "",
     "tlsverify": true,
     "userns-remap": "",
-    "add-registry": {{  docker_additional_registries|default([]) }},
-    "blocked-registries": {{ docker_blocked_registries|default([]) }},
+    "add-registry": {{ l_docker_additional_registries }},
+    "block-registry": {{ l_docker_blocked_registries }},
     "userland-proxy-path": "/usr/libexec/docker/docker-proxy-current"
 }
diff --git a/roles/docker/templates/systemcontainercustom.conf.j2 b/roles/docker/templates/systemcontainercustom.conf.j2
index a4fb01d2b..1faad506a 100644
--- a/roles/docker/templates/systemcontainercustom.conf.j2
+++ b/roles/docker/templates/systemcontainercustom.conf.j2
@@ -10,7 +10,7 @@ ENVIRONMENT=HTTPS_PROXY={{ docker_http_proxy }}
 {%- if "no_proxy" in openshift.common %}
 ENVIRONMENT=NO_PROXY={{ docker_no_proxy }}
 {%- endif %}
-{%- if os_firewall_use_firewalld|default(true) %}
+{%- if os_firewall_use_firewalld|default(false) %}
 [Unit]
 Wants=iptables.service
 After=iptables.service