The recent changes to the docker.service systemd file won't work if firewalld isn't installed, and starts firewalld if it isn't running. This means a docker user is forced to use a particular firewall solution and can't choose to use alternate options. If this is really what is intended then the docker-io package should require the firewalld package. Otherwise I suggest you remove the Requires=firewalld.service line in the docker.service file or replace it with the weaker Wants=firewalld.service which will still try to start firewalld but doesn't block docker if it fails to start (eg. if it isn't installed).
Michael, can you check if the unit file here works for you? https://bugzilla.redhat.com/show_bug.cgi?id=1033606#c36
(In reply to Lokesh Mandvekar from comment #1) > Michael, can you check if the unit file here works for you? > https://bugzilla.redhat.com/show_bug.cgi?id=1033606#c36 That doesn't work, but the modified version below does work (systemd wants full paths for commands, and adding - at the start of the command tells systemd not to treat failure of that command as a failure of the whole unit). [Unit] Description=Docker container management daemon Wants=firewalld.service After=firewalld.service [Service] Type=simple ExecStartPre=/usr/sbin/sysctl -w net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 ExecStart=/usr/bin/docker -d ExecStartPost=-/usr/bin/firewall-cmd --add-masquerade Restart=on-failure [Install] WantedBy=multi-user.target
docker-io-0.7.0-12.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/docker-io-0.7.0-12.fc20
0.7.0-12 works fine
+1 for "Wants". I was testing things and by accident showed Lokesh the wrong commit in which "Requires" was used.
docker-io-0.7.0-14.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/docker-io-0.7.0-14.fc20
Package docker-io-0.7.0-14.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing docker-io-0.7.0-14.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-22580/docker-io-0.7.0-14.fc20 then log in and leave karma (feedback).
The fix does not appear to be in Fedora 19? # rpm -q --info docker-io | head -2 Name : docker-io Version : 0.7.0 # cat /usr/lib/systemd/system/docker.service [Unit] Description=Docker container management daemon Wants=firewalld.service After=firewalld.service I use shorewall and ran into this issue on F19.
(In reply to Raman Gupta from comment #8) > The fix does not appear to be in Fedora 19? > > # rpm -q --info docker-io | head -2 > Name : docker-io > Version : 0.7.0 > > # cat /usr/lib/systemd/system/docker.service > [Unit] > Description=Docker container management daemon > Wants=firewalld.service > After=firewalld.service > > I use shorewall and ran into this issue on F19. The fix is available in all Fedora (and EPEL) versions. The bug is about having "Requires=firewalld.service", which was changed to "Wants=firewalld.service" which is the expected instruction, and you see this in your service file. What issue do you see? If you have firwalld installed -it will be started. If you use shorewall, uninstall firewalld.
(In reply to Marek Goldmann from comment #9) > (In reply to Raman Gupta from comment #8) > > I use shorewall and ran into this issue on F19. > > The fix is available in all Fedora (and EPEL) versions. The bug is about > having "Requires=firewalld.service", which was changed to > "Wants=firewalld.service" which is the expected instruction, and you see > this in your service file. > > What issue do you see? If you have firwalld installed -it will be started. > If you use shorewall, uninstall firewalld. Thanks, you are exactly right: firewalld was installed but disabled, which was causing the issue. I have now uninstalled it. Thanks.
You should also be able to disable firewalld completely with systemd mask firewalld service -- unfortunately, "disabled" does not actually mean what it seems like it might in systemd.
docker-io-0.7.0-14.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.