summaryrefslogtreecommitdiffstats
path: root/manifests/profile/base
diff options
context:
space:
mode:
authorDan Prince <dprince@redhat.com>2017-08-02 16:51:47 -0400
committerMartin André <m.andre@redhat.com>2017-08-03 09:12:09 +0200
commit7d13151a4465a951bbf50e14babe4ff720b3f2a7 (patch)
treee8fb9433c87ffc98eedea255c09682f69589077e /manifests/profile/base
parent85f5cc23d41e0e0939425ffce3083d42d6d4187d (diff)
Configure dockerd with --iptables=false
This change defaults --iptables=false for dockerd to avoid having Docker create its own FORWARD iptables rules. These rules can interact with normal OS networking rules and disable communications between hosts on reboot. Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f Closes-bug: #1708279
Diffstat (limited to 'manifests/profile/base')
-rw-r--r--manifests/profile/base/docker.pp4
1 files changed, 2 insertions, 2 deletions
diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp
index e042947..95d7098 100644
--- a/manifests/profile/base/docker.pp
+++ b/manifests/profile/base/docker.pp
@@ -32,7 +32,7 @@
# OPTIONS that are used to startup the docker service. NOTE:
# --selinux-enabled is dropped due to recommendations here:
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html
-# Defaults to '--log-driver=journald --signature-verification=false'
+# Defaults to '--log-driver=journald --signature-verification=false --iptables=false'
#
# [*configure_storage*]
# Boolean. Whether to configure a docker storage backend. Defaults to true.
@@ -69,7 +69,7 @@
class tripleo::profile::base::docker (
$insecure_registry_address = undef,
$registry_mirror = false,
- $docker_options = '--log-driver=journald --signature-verification=false',
+ $docker_options = '--log-driver=journald --signature-verification=false --iptables=false',
$configure_storage = true,
$storage_options = '-s overlay2',
$step = Integer(hiera('step')),