diff options
author | Dan Prince <dprince@redhat.com> | 2017-08-02 16:51:47 -0400 |
---|---|---|
committer | Martin André <m.andre@redhat.com> | 2017-08-03 09:12:09 +0200 |
commit | 7d13151a4465a951bbf50e14babe4ff720b3f2a7 (patch) | |
tree | e8fb9433c87ffc98eedea255c09682f69589077e | |
parent | 85f5cc23d41e0e0939425ffce3083d42d6d4187d (diff) |
Configure dockerd with --iptables=false
This change defaults --iptables=false for dockerd to avoid
having Docker create its own FORWARD iptables rules. These
rules can interact with normal OS networking rules and disable
communications between hosts on reboot.
Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f
Closes-bug: #1708279
-rw-r--r-- | manifests/profile/base/docker.pp | 4 | ||||
-rw-r--r-- | spec/classes/tripleo_profile_base_docker_spec.rb | 2 |
2 files changed, 3 insertions, 3 deletions
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index e042947..95d7098 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -32,7 +32,7 @@ # OPTIONS that are used to startup the docker service. NOTE: # --selinux-enabled is dropped due to recommendations here: # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html -# Defaults to '--log-driver=journald --signature-verification=false' +# Defaults to '--log-driver=journald --signature-verification=false --iptables=false' # # [*configure_storage*] # Boolean. Whether to configure a docker storage backend. Defaults to true. @@ -69,7 +69,7 @@ class tripleo::profile::base::docker ( $insecure_registry_address = undef, $registry_mirror = false, - $docker_options = '--log-driver=journald --signature-verification=false', + $docker_options = '--log-driver=journald --signature-verification=false --iptables=false', $configure_storage = true, $storage_options = '-s overlay2', $step = Integer(hiera('step')), diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb index dc5efa7..c3cf7c9 100644 --- a/spec/classes/tripleo_profile_base_docker_spec.rb +++ b/spec/classes/tripleo_profile_base_docker_spec.rb @@ -28,7 +28,7 @@ describe 'tripleo::profile::base::docker' do it { is_expected.to contain_service('docker') } it { is_expected.to contain_augeas('docker-sysconfig-options').with_changes([ - "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'", + "set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false\"'", ]) } end |