Configure dockerd with --iptables=false

This change defaults --iptables=false for dockerd to avoid
having Docker create its own FORWARD iptables rules. These
rules can interact with normal OS networking rules and disable
communications between hosts on reboot.

Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f
Closes-bug: #1708279

manifests/profile/base/docker.pp

@@ -32,7 +32,7 @@
 #   OPTIONS that are used to startup the docker service.  NOTE:
 #   --selinux-enabled is dropped due to recommendations here:
 #   https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html
-#   Defaults to '--log-driver=journald --signature-verification=false'
+#   Defaults to '--log-driver=journald --signature-verification=false --iptables=false'
 #
 # [*configure_storage*]
 #   Boolean. Whether to configure a docker storage backend. Defaults to true.
@@ -69,7 +69,7 @@
 class tripleo::profile::base::docker (
   $insecure_registry_address = undef,
   $registry_mirror = false,
-  $docker_options = '--log-driver=journald --signature-verification=false',
+  $docker_options = '--log-driver=journald --signature-verification=false --iptables=false',
   $configure_storage = true,
   $storage_options = '-s overlay2',
   $step = Integer(hiera('step')),

spec/classes/tripleo_profile_base_docker_spec.rb

@@ -28,7 +28,7 @@ describe 'tripleo::profile::base::docker' do
       it { is_expected.to contain_service('docker') }
       it {
           is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
-            "set OPTIONS '\"--log-driver=journald --signature-verification=false\"'",
+            "set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false\"'",
           ])
       }
     end