From 7d13151a4465a951bbf50e14babe4ff720b3f2a7 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Wed, 2 Aug 2017 16:51:47 -0400
Subject: Configure dockerd with --iptables=false

This change defaults --iptables=false for dockerd to avoid
having Docker create its own FORWARD iptables rules. These
rules can interact with normal OS networking rules and disable
communications between hosts on reboot.

Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f
Closes-bug: #1708279
---
 spec/classes/tripleo_profile_base_docker_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'spec/classes')

diff --git a/spec/classes/tripleo_profile_base_docker_spec.rb b/spec/classes/tripleo_profile_base_docker_spec.rb
index dc5efa7..c3cf7c9 100644
--- a/spec/classes/tripleo_profile_base_docker_spec.rb
+++ b/spec/classes/tripleo_profile_base_docker_spec.rb
@@ -28,7 +28,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_service('docker') }
       it {
           is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
-            "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'",
+            "set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false\"'",
           ])
       }
     end
-- 
cgit 1.2.3-korg