From 7d13151a4465a951bbf50e14babe4ff720b3f2a7 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Wed, 2 Aug 2017 16:51:47 -0400 Subject: Configure dockerd with --iptables=false This change defaults --iptables=false for dockerd to avoid having Docker create its own FORWARD iptables rules. These rules can interact with normal OS networking rules and disable communications between hosts on reboot. Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f Closes-bug: #1708279 --- manifests/profile/base/docker.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/profile/base/docker.pp') diff --git a/manifests/profile/base/docker.pp b/manifests/profile/base/docker.pp index e042947..95d7098 100644 --- a/manifests/profile/base/docker.pp +++ b/manifests/profile/base/docker.pp @@ -32,7 +32,7 @@ # OPTIONS that are used to startup the docker service. NOTE: # --selinux-enabled is dropped due to recommendations here: # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html -# Defaults to '--log-driver=journald --signature-verification=false' +# Defaults to '--log-driver=journald --signature-verification=false --iptables=false' # # [*configure_storage*] # Boolean. Whether to configure a docker storage backend. Defaults to true. @@ -69,7 +69,7 @@ class tripleo::profile::base::docker ( $insecure_registry_address = undef, $registry_mirror = false, - $docker_options = '--log-driver=journald --signature-verification=false', + $docker_options = '--log-driver=journald --signature-verification=false --iptables=false', $configure_storage = true, $storage_options = '-s overlay2', $step = Integer(hiera('step')), -- cgit 1.2.3-korg