docker --iptables=true rules can block traffic

Bug #1708279 reported by Dan Prince on 2017-08-02
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
High
Martin André

Bug Description

By default docker creates some iptables rules that can cause communications issues with other hosts upon restart.

As we are using --net=host we should be able to safely disable the --iptables setting and avoid the creation of these rules.

Fix proposed to branch: master
Review: https://review.openstack.org/490201

Changed in tripleo:
assignee: nobody → Dan Prince (dan-prince)
status: New → In Progress
Changed in tripleo:
milestone: none → pike-rc1
importance: Undecided → High
Changed in tripleo:
assignee: Dan Prince (dan-prince) → Martin André (mandre)

Reviewed: https://review.openstack.org/490201
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=7d13151a4465a951bbf50e14babe4ff720b3f2a7
Submitter: Jenkins
Branch: master

commit 7d13151a4465a951bbf50e14babe4ff720b3f2a7
Author: Dan Prince <email address hidden>
Date: Wed Aug 2 16:51:47 2017 -0400

    Configure dockerd with --iptables=false

    This change defaults --iptables=false for dockerd to avoid
    having Docker create its own FORWARD iptables rules. These
    rules can interact with normal OS networking rules and disable
    communications between hosts on reboot.

    Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f
    Closes-bug: #1708279

Changed in tripleo:
status: In Progress → Fix Released

This issue was fixed in the openstack/puppet-tripleo 7.3.0 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers