Project

General

Profile

Bug #1284

Installing docker-io or openstack breaks DNS and DHCP

Added by cpg over 6 years ago. Updated over 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
01/31/2014
Due date:
% Done:

0%


Description

Installing the docker-io package or some of the OpenStack packages breaks dnsmasq in Amahi 7, thus rendering Amahi servers and the networks that depend on them to their knees.

We don't know why yet, but a good measure would be to put a negative dependency on hda-ctl and hda-platform.

Credit to DarthNerdus for tracking this down!

History

#1 Updated by cpg over 6 years ago

  • Description updated (diff)

#2 Updated by cpg over 6 years ago

  • Subject changed from Installing docker breaks DNS and DHCP to Installing docker-io or openstack breaks DNS and DHCP
  • Description updated (diff)

#3 Updated by Anonymous over 6 years ago

Here's a grep of /var/log/messages for "docker". I believe the issue is related to the automatic network bridging and/or mDNS.

http://paste.fedoraproject.org/73571/39122612/

#4 Updated by cpg over 6 years ago

  • Description updated (diff)

#5 Updated by Anonymous over 6 years ago

I managed to narrow down the point of failure when installing docker-io.

Docker adding an additional network interface called docker0. It purposefully checks for the IP address of the other interfaces and setups up routing that does not conflict. (In my case it went with 172.17.42.1 as opposed to my 10.0.1.x network.) The issue arises in how traffic is routed once this network interface is added.

To be honest, I'm not very confident on the differences between Ubuntu and Fedora distribtions and some of the differing conventions. I do know that during startup (whether at boot or later via systemctl), Docker adds rules to iptables at the same time that it adds the network interface to properly route traffic and not interrupt existing connections. Whether by Fedora convention or Amahi's, iptables is not the primary firewall by default. In order to have my network operate with Docker enable, I performed the following steps.

// It is recommended to do this before installing docker, otherwise it's going to be painful
# systemctl stop firewalld
# systemctl disable firewalld
# yum install -y iptables-services
// This is the last recommend iptables config from https://wiki.amahi.org/index.php/Firewall:_iptables
// I did however remove the last two lines which limits traffic to the specific openings.
// By removing these lines this allow usage of iptables as a traffic controller moreso than a firewall.
# echo amahi_iptables.txt > /etc/sysconfig/iptables   
# systemctl enable iptables-services
# systemctl start iptables-services

At that point this allows you to use iptables as the firewall and docker can add the proper routing and masquerading rules it requires.

#6 Updated by Anonymous over 6 years ago

After looking at my box some more, I realized that firewalld is not enabled by default on Amahi. Still ensuring it is disabled and off is wise.

Also available in: Atom