openstack/kolla-ansible
Code Issues Proposed changes

Disable Docker iptables and bridge networking by default

Browse Source 
In I165199fc98fb98f227f2a20284e1bab03ef65b5b and
Ic745300b27e50132d80d03787fa4abfada2d0173 we provided flags to disable
Docker's control of iptables and bridge networking respectively. The
original behaviour was maintained for backwards compatibility, to allow
the patches to be backported.

This patch changes the default behaviour to disable the manipulation of
iptables and disabling bridge networking.

Related-Bug: #1849275
Related-Bug: #1848249

Change-Id: I4e8206f13a847ff79e06c36d22068597458b6c3d
This commit is contained in:
Mark Goddard 2020-09-14 14:38:16 +01:00
parent 4053a0afdb
commit aec027c435
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/group_vars/all.yml
View File

@ -103,7 +103,7 @@ docker_runtime_directory: ""
docker_client_timeout: 120 docker_client_timeout: 120
# Docker networking options # Docker networking options
docker_disable_default_iptables_rules: "no" docker_disable_default_iptables_rules: "yes"
docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}" docker_disable_default_network: "{{ docker_disable_default_iptables_rules }}"
# Retention settings for Docker logs # Retention settings for Docker logs

9
releasenotes/notes/disable-docker-iptables-bridge-493feb35cba4c405.yaml Normal file
View File

@ -0,0 +1,9 @@
---
upgrade:
- |
Docker iptables manipulation and bridge networking are now disabled by
default. This avoids problems that may be caused by Docker settings the
default policy of the ``FORWARD`` chain in the ``filter`` table to
``DROP``. To revert to the previous behaviour, set
``docker_disable_default_iptables_rules`` to ``no``. This sets the default
of ``docker_disable_default_network``.