1354491 – docker 1.10 with ipv6 disabled via ipv6.disable=1 fails to start

Bug 1354491 - docker 1.10 with ipv6 disabled via ipv6.disable=1 fails to start

Summary: docker 1.10 with ipv6 disabled via ipv6.disable=1 fails to start

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Containers
Sub Component:
Version:	3.2.0
Hardware:	All
OS:	All
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Jhon Honce
QA Contact:	DeShuai Ma
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-07-11 12:28 UTC by Kenjiro Nakayama
Modified:	2021-08-30 13:47 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Docker version < 1.12 required IPv6 Consequence: It was impossible to run the docker daemon on a kernel with IPv6 disabled Fix: The Docker daemon was modified to not require IPv6 Result: It is now possible to run the docker daemon on a kernel with IPv6 disabled.
Clone Of:
Environment:
Last Closed:	2017-01-18 12:41:24 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2451761	0	None	None	None	2016-07-20 07:09:51 UTC
Red Hat Product Errata	RHBA-2017:0066	0	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.4 RPM Release Advisory	2017-01-18 17:23:26 UTC

Description Kenjiro Nakayama 2016-07-11 12:28:27 UTC

Description of problem:
===

- docker 1.10 with ipv6 disabled via ipv6.disable=1 can't start

Version-Release number of selected component (if applicable):
===

  # rpm -qa |grep docker
  docker-common-1.10.3-44.el7.x86_64
  docker-forward-journald-1.10.3-44.el7.x86_64
  docker-1.10.3-44.el7.x86_64
  docker-rhel-push-plugin-1.10.3-44.el7.x86_64
  docker-selinux-1.10.3-44.el7.x86_64

How reproducible:
====

Steps to Reproduce:

1. edit /etc/default/grub

  # vim /etc/default/grub
  GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel_unused-221-23/root vconsole.font=latarcyrheb-sun16 rd.lvm.lv=rhel_unused-221-23/swap crashkernel=auto  vconsole.keymap=us rhgb quiet  ipv6.disable=1"

2. Run grub2-mkconfig

  # grub2-mkconfig -o /boot/grub2/grub.cfg

3. Reboot system and check inet6 has been removed

  # ip a |grep inet6
  #

4. Restart docker

  # systemctl restart docker

  # systemctl is-active docker
  inactive

  Error log
  ---
  Jul 11 20:55:44 knakayam-ose32-smaster systemd[1]: Starting Docker Application Container Engine...
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: Forwarding stdin to journald using Priority Informational and tag docker
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.863571209+09:00" level=warning msg="devmapper: Usage of loopback devices is strongly discouraged for production use. Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to dm.thinpooldev section."
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.897119714+09:00" level=warning msg="devmapper: Base device already exists and has filesystem xfs on it. User specified filesystem  will be ignored."
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.921106225+09:00" level=info msg="[graphdriver] using prior storage driver \"devicemapper\""
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.923003866+09:00" level=info msg="Graph migration to content-addressability took 0.00 seconds"
  Jul 11 20:55:44 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:44.939033217+09:00" level=info msg="Firewalld running: true"
  Jul 11 20:55:45 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:45.081397004+09:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
  Jul 11 20:55:45 knakayam-ose32-smaster forward-journal[10503]: time="2016-07-11T20:55:45.213368479+09:00" level=fatal msg="Error starting daemon: Error initializing network controller: Error creating default \"bridge\" network: Failed to setup IP tables, cannot acquire Interface address: Interface docker0 has no IPv4 addresses"

Actual results:

- Docker failed to start

Expected results:

- Docker starts without error

Additional info:

- This issue is same with https://github.com/docker/libnetwork/issues/892

Comment 16 Troy Dawson 2016-11-11 19:43:47 UTC

This should be ready to test in OCP v3.4.0.25 or newer.

Comment 18 DeShuai Ma 2016-11-14 08:40:19 UTC

Test on docker-1.12, after disable ipv6, docker restart successfully.
[root@dhcp-140-57 ~]# docker version
Client:
 Version:      1.12.3
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   6b644ec
 Built:        
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.3
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   6b644ec
 Built:        
 OS/Arch:      linux/amd64

[root@dhcp-140-57 tmp]# vim /etc/default/grub
[root@dhcp-140-57 ~]# cat /etc/default/grub |grep GRUB_CMDLINE_LINUX
GRUB_CMDLINE_LINUX="rd.lvm.lv=fedora_dhcp-140-57/root rd.lvm.lv=fedora_dhcp-140-57/swap rhgb quiet ipv6.disable=1"
[root@dhcp-140-57 tmp]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.5.5-300.fc24.x86_64
Found initrd image: /boot/initramfs-4.5.5-300.fc24.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-cb5fb8c550984d6b8b2f24e28acf5d51
Found initrd image: /boot/initramfs-0-rescue-cb5fb8c550984d6b8b2f24e28acf5d51.img
Found Windows 7 (loader) on /dev/sda1
done
[root@dhcp-140-57 tmp]# reboot
Connection to 10.66.141.128 closed by remote host.
Connection to 10.66.141.128 closed.
[root@dhcp-128-7 Desktop]# ssh 10.66.141.128
reverse mapping checking getaddrinfo for dhcp-141-128.nay.redhat.com [10.66.141.128] failed - POSSIBLE BREAK-IN ATTEMPT!
root.141.128's password: 
Last login: Mon Nov 14 16:36:21 2016
[root@dhcp-140-57 ~]# 
[root@dhcp-140-57 ~]# ip a |grep inet6
[root@dhcp-140-57 ~]# systemctl restart docker
[root@dhcp-140-57 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[root@dhcp-140-57 ~]#

Comment 20 errata-xmlrpc 2017-01-18 12:41:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066

Note You need to log in before you can comment on or make changes to this bug.