Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1354491

Summary: docker 1.10 with ipv6 disabled via ipv6.disable=1 fails to start
Product: OpenShift Container Platform Reporter: Kenjiro Nakayama <knakayam>
Component: ContainersAssignee: Jhon Honce <jhonce>
Status: CLOSED ERRATA QA Contact: DeShuai Ma <dma>
Severity: high Docs Contact:
Priority: medium    
Version: 3.2.0CC: aos-bugs, bbreard, imcleod, jhonce, jlee, jokerman, knakayam, mmccomas, rrajaram, schoudha, stwalter, tdawson
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Docker version < 1.12 required IPv6 Consequence: It was impossible to run the docker daemon on a kernel with IPv6 disabled Fix: The Docker daemon was modified to not require IPv6 Result: It is now possible to run the docker daemon on a kernel with IPv6 disabled.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-18 12:41:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kenjiro Nakayama 2016-07-11 12:28:27 UTC 
Description of problem:
===

- docker 1.10 with ipv6 disabled via ipv6.disable=1 can't start

Version-Release number of selected component (if applicable):
===

  # rpm -qa |grep docker
  docker-common-1.10.3-44.el7.x86_64
  docker-forward-journald-1.10.3-44.el7.x86_64
  docker-1.10.3-44.el7.x86_64
  docker-rhel-push-plugin-1.10.3-44.el7.x86_64
  docker-selinux-1.10.3-44.el7.x86_64

How reproducible:
====

Steps to Reproduce:

1. edit /etc/default/grub

  # vim /etc/default/grub
  GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel_unused-221-23/root vconsole.font=latarcyrheb-sun16 rd.lvm.lv=rhel_unused-221-23/swap crashkernel=auto  vconsole.keymap=us rhgb quiet  ipv6.disable=1"

2. Run grub2-mkconfig

  # grub2-mkconfig -o /boot/grub2/grub.cfg

3. Reboot system and check inet6 has been removed

  # ip a |grep inet6
  #

4. Restart docker

  # systemctl restart docker

  # systemctl is-active docker
  inactive

  Error log
  ---
  Jul 11 20:55:44 knakayam-ose32-smaster systemd[1]: Starting Docker Application Container Engine...
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: Forwarding stdin to journald using Priority Informational and tag docker
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.863571209+09:00" level=warning msg="devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section."
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.897119714+09:00" level=warning msg="devmapper: Base device already exists and has filesystem xfs on it. User specified filesystem  will be ignored."
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.921106225+09:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\""
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.923003866+09:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.939033217+09:00" level=info msg="Firewalld running: true"
  Jul 11 20:55:45 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:45.081397004+09:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
  Jul 11 20:55:45 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:45.213368479+09:00" level=fatal msg="Error starting daemon: Error initializing network controller: Error creating default \"bridge\" network: Failed to setup IP tables, cannot acquire Interface address: Interface docker0 has no IPv4 addresses"

Actual results:

- Docker failed to start

Expected results:

- Docker starts without error

Additional info:

- This issue is same with https://github.com/docker/libnetwork/issues/892
Comment 16 Troy Dawson 2016-11-11 19:43:47 UTC 
This should be ready to test in OCP v3.4.0.25 or newer.
Comment 18 DeShuai Ma 2016-11-14 08:40:19 UTC 
Test on docker-1.12, after disable ipv6, docker restart successfully.
[root@dhcp-140-57 ~]# docker version
Client:
 Version:      1.12.3
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   6b644ec
 Built:        
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.3
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   6b644ec
 Built:        
 OS/Arch:      linux/amd64

[root@dhcp-140-57 tmp]# vim /etc/default/grub
[root@dhcp-140-57 ~]# cat /etc/default/grub |grep GRUB_CMDLINE_LINUX
GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora_dhcp-140-57/root rd.lvm.lv=fedora_dhcp-140-57/swap rhgb quiet ipv6.disable=1"
[root@dhcp-140-57 tmp]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.5.5-300.fc24.x86_64
Found initrd image: /boot/initramfs-4.5.5-300.fc24.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-cb5fb8c550984d6b8b2f24e28acf5d51
Found initrd image: /boot/initramfs-0-rescue-cb5fb8c550984d6b8b2f24e28acf5d51.img
Found Windows 7 (loader) on /dev/sda1
done
[root@dhcp-140-57 tmp]# reboot
Connection to 10.66.141.128 closed by remote host.
Connection to 10.66.141.128 closed.
[root@dhcp-128-7 Desktop]# ssh 10.66.141.128
reverse mapping checking getaddrinfo for dhcp-141-128.nay.redhat.com [10.66.141.128] failed - POSSIBLE BREAK-IN ATTEMPT!
root.141.128's password: 
Last login: Mon Nov 14 16:36:21 2016
[root@dhcp-140-57 ~]# 
[root@dhcp-140-57 ~]# ip a |grep inet6
[root@dhcp-140-57 ~]# systemctl restart docker
[root@dhcp-140-57 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@dhcp-140-57 ~]#
Comment 20 errata-xmlrpc 2017-01-18 12:41:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066