From 4624ec3c459ace85822a07f7dcfbcf3379b47052 Mon Sep 17 00:00:00 2001 From: Jim Gauld Date: Tue, 22 Nov 2022 15:10:49 -0500 Subject: [PATCH] CentOS: Remove docker network bridge default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This disables the docker network bridge that is created by default when no bridge options are provided by docker.service or daemon.json. Since docker bridge is not used, it can be safely removed. The docker.service file is provided by RPM docker-ce, i.e., rpm -q --whatprovides /usr/lib/systemd/system/docker.service docker-ce-18.09.6-3.el7.x86_64 This file contains the default ExecStart: [Service] ExecStart=/usr/bin/dockerd -H fd:// \ --containerd=/run/containerd/containerd.sock The ExecStart gets overridden by a Drop-In. The previous default setting gets wiped out using "ExecStart=", then the value is redefined with same options and "--bridge=none" appended. Drop-In: /etc/systemd/system/docker.service.d └─docker-stx-override.conf If the network with address 172.17.0.0/16 (or similar network) and it gateway address is 172.17.0.1, this IP address causes conflict with docker0 bridge. This results in packet loss between GW and application pods. Closes-Bug: 1996916 Test Plan: PASS: AIO-SX Fresh install ISO. Verify docker bridge not configured. i.e., 'sudo docker network ls' PASS: Designer in-service patch apply and remove (with this change). Verify docker bridge not configured. i.e., 'sudo docker network ls' Signed-off-by: Jim Gauld Change-Id: Ibd0164002744f1bd56e14fdb53c5b9a935b1fcc4 --- docker-config/files/docker-stx-override.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-config/files/docker-stx-override.conf b/docker-config/files/docker-stx-override.conf index 85a66b1..2b64332 100644 --- a/docker-config/files/docker-stx-override.conf +++ b/docker-config/files/docker-stx-override.conf @@ -1,4 +1,6 @@ [Service] +ExecStart= +ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --bridge=none ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/dockerd.pid;' ExecStopPost=/bin/rm -f /var/run/dockerd.pid