Bug 1327809

Summary: Docker missing dependency on iptables
Product: [Fedora] Fedora Reporter: Patrick Uiterwijk <puiterwijk>
Component: dockerAssignee: Antonio Murdaca <amurdaca>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: adimania, admiller, amurdaca, dwalsh, ichavero, jcajka, jchaloup, lsm5, marianne, miminar, nalin, vbatts
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: docker-1.10.3-16.gitf476348.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-18 18:41:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Patrick Uiterwijk 2016-04-16 00:55:05 UTC 
Description of problem:
After upgrading to the latest docker package, the daemon fails to start because I do not have iptables installed, and it doesn't pull it in.

Version-Release number of selected component (if applicable):
docker-2:1.10.3-4.gitf8a9a2a.fc25.x86_64
docker-selinux-2:1.10.3-4.gitf8a9a2a.fc25.x86_64
docker-v1.10-migrator-2:1.10.3-4.gitf8a9a2a.fc25.x86_64
iptables-libs-1.6.0-1.fc25.x86_64
iptables-services-1.6.0-1.fc25.x86_64


How reproducible:
Consistent.


Steps to Reproduce:
1. Install the packages defined at https://github.com/puiterwijk/puiterwijk-Atomic/blob/a5dbcd1121f836119f7ba4b20ed303af4247544b/puiterwijk-trees-laptop.json.in with rawhide content of 2016-04-15-13:21

Note especially that at the moment of that compose, the tree did not pull in iptables, and seemingly none of the packages pulled in did.


Actual results:
Apr 16 00:37:32 conex.puiterwijk.org systemd[1]: Starting Docker Application Container Engine...
Apr 16 00:37:33 conex.puiterwijk.org docker[1049]: time="2016-04-16T00:37:33.733876106Z" level=info msg="Graph migration to content-addressability took 0.02 seconds"
Apr 16 00:37:33 conex.puiterwijk.org docker[1049]: time="2016-04-16T00:37:33.816003563Z" level=info msg="Firewalld running: false"
Apr 16 00:37:33 conex.puiterwijk.org docker[1049]: time="2016-04-16T00:37:33.839609904Z" level=fatal msg="Error starting daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain: Iptables not found"
Apr 16 00:37:33 conex.puiterwijk.org systemd[1]: docker.service: Main process exited, code=exited, status=1/FAILURE
Apr 16 00:37:33 conex.puiterwijk.org systemd[1]: Failed to start Docker Application Container Engine.
Apr 16 00:37:33 conex.puiterwijk.org systemd[1]: docker.service: Unit entered failed state.
Apr 16 00:37:33 conex.puiterwijk.org systemd[1]: docker.service: Failed with result 'exit-code'.


Expected results:
Started docker daemon.

Additional info:
Comment 1 Patrick Uiterwijk 2016-04-16 02:06:51 UTC 
Since #1323161, the system no longer pulls in iptables automatically, and docker also does not pull in firewalld automatically.

So docker needs to either depend on firewalld or iptables.
Comment 2 Daniel Walsh 2016-04-18 13:43:39 UTC 
Lokesh lets add a dependency on firewalld.
Comment 3 Daniel Walsh 2016-06-03 18:25:58 UTC 
Antonio could you check if firewalld is being required by docker.
Comment 4 Antonio Murdaca 2016-06-04 15:42:19 UTC 
ack, I've added a Requires: firewalld in the spec
Comment 5 Fedora Update System 2016-06-06 14:45:55 UTC 
docker-1.10.3-16.gitf476348.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-158d16524d
Comment 6 Fedora Update System 2016-06-06 17:56:47 UTC 
docker-1.10.3-16.gitf476348.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-158d16524d
Comment 7 Fedora Update System 2016-06-10 07:41:32 UTC 
docker-1.10.3-31.gitee81b72.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3d93f7570
Comment 8 Fedora Update System 2016-06-11 03:54:14 UTC 
docker-1.10.3-31.gitee81b72.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3d93f7570
Comment 9 Fedora Update System 2016-06-18 18:40:42 UTC 
docker-1.10.3-16.gitf476348.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2016-06-20 21:49:10 UTC 
docker-1.10.3-33.gitee81b72.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-e849d66f7d