Bug 1011680
Summary: | Docker and IP forwarding | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Lokesh Mandvekar <lsm5> |
Component: | docker-io | Assignee: | Lokesh Mandvekar <lsm5> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 20 | CC: | alexl, ccoleman, jkeck, jpoimboe, lsm5, mattdm, mgoldman, mmcgrath, nick, sgordon |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-29 03:51:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lokesh Mandvekar
2013-09-24 20:07:37 UTC
Just to add that.. IP forwarding is essential any sort of network communication, either to the broader internet or intranet. For the first time when I launched a container I've had no network connectivity outside of the docker's network. Of course I expected it to work out of the box. If we cannot make it system wide by default when installing/running docker on Fedora - it would be good to check the value of net.ipv4.ip_forward and print a warning in docker's log files. This may be a good candidate to add this upstream either case. We could consider making the start script or docker itself 1. check and save the value for net.ipv4.ip_forward 2. set to 1 if it isn't 3. restore on exit (Also, what's the right thing for ipv6?) (In reply to Matthew Miller from comment #3) > (Also, what's the right thing for ipv6?) I believe for ipv6 you want net.ipv6.conf.all.forwarding = 1 So this is what docker.service looks like currently: [Unit] Description=Docker container management daemon [Service] Type=simple ExecStartPre=/usr/sbin/sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 ExecStart=/usr/bin/docker -d Restart=on-failure [Install] WantedBy=multi-user.target As far as restore goes, is undoing possible? Or maybe ExecStartPre could also dump pre-existing values to some file and restore it on ExecStopPost? (In reply to Lokesh Mandvekar from comment #6) > As far as restore goes, is undoing possible? Or maybe ExecStartPre could > also dump pre-existing values to some file and restore it on ExecStopPost? Yeah. But that's kind of ugly. Plus, in testing, I notice that libvirt doesn't do that. And I assume that it hasn't done that for years, and I've never heard anyone complain. So let's just go with the simple approach. |