Configure dockerd with --iptables=false
This change defaults --iptables=false for dockerd to avoid having Docker create its own FORWARD iptables rules. These rules can interact with normal OS networking rules and disable communications between hosts on reboot. Change-Id: I875fa14f7d810c7f0aba3b3a1b04b60a19470f0f Closes-bug: #1708279
This commit is contained in:
parent
85f5cc23d4
commit
7d13151a44
|
@ -32,7 +32,7 @@
|
|||
# OPTIONS that are used to startup the docker service. NOTE:
|
||||
# --selinux-enabled is dropped due to recommendations here:
|
||||
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.2_Release_Notes/technology-preview-file_systems.html
|
||||
# Defaults to '--log-driver=journald --signature-verification=false'
|
||||
# Defaults to '--log-driver=journald --signature-verification=false --iptables=false'
|
||||
#
|
||||
# [*configure_storage*]
|
||||
# Boolean. Whether to configure a docker storage backend. Defaults to true.
|
||||
|
@ -69,7 +69,7 @@
|
|||
class tripleo::profile::base::docker (
|
||||
$insecure_registry_address = undef,
|
||||
$registry_mirror = false,
|
||||
$docker_options = '--log-driver=journald --signature-verification=false',
|
||||
$docker_options = '--log-driver=journald --signature-verification=false --iptables=false',
|
||||
$configure_storage = true,
|
||||
$storage_options = '-s overlay2',
|
||||
$step = Integer(hiera('step')),
|
||||
|
|
|
@ -28,7 +28,7 @@ describe 'tripleo::profile::base::docker' do
|
|||
it { is_expected.to contain_service('docker') }
|
||||
it {
|
||||
is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
|
||||
"set OPTIONS '\"--log-driver=journald --signature-verification=false\"'",
|
||||
"set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false\"'",
|
||||
])
|
||||
}
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue