Follow

How to Change the Default Docker Subnet

Applies to

  • Zenoss 5.0

Summary

Docker uses the default 172.17.0.0/16 subnet for container networking. If this subnet is not available for docker in your environment (for example because your network already uses this subnet), you must configure Docker to use a different subnet. You can perform this process across all the hosts in your system, or only on hosts deployed into environments where the 172.17.0.0/16 unavailable. In a multihost deployment, there is no requirement that all hosts use the same subnet for Docker container communications.

Procedure

  1. Stop the Resource Manager services running on the host (for example the entire Resource Manager application if this procedure is being completed on a master server).
  2. Shut down serviced and Docker on the host by typing the following on the host command line:
    $ systemctl stop serviced
    $ systemctl stop docker
  3. Remove the existing MASQUERADE rules from the POSTROUTING chain in iptables:
    iptables -t nat -F POSTROUTING
    
  4. Remove the existing IP address from the Docker bridge device:
    $ ip link set dev docker0 down
    $ ip addr del 172.17.42.1/16 dev docker0
  5. Pick a subnet you won't need to route to/from your collector. The /24 should be appropriate, unless you require more than 255 containers on a given host. The following example uses 192.168.5.0/24:
    $ ip addr add 192.168.5.1/24 dev docker0
    $ ip link set dev docker0 up
    
  6. Verify that the interface has the correct IP set:
    $ ip addr show docker0

    You should see a result similar to the following (the 'state DOWN' is expected at this stage):

    docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 56:84:7a:fe:97:99 brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.1/24 scope global docker0
    valid_lft forever preferred_lft forever
  7. Start Docker:
    $ systemctl start docker 
  8. Verify that the MASQUERADE rule for your new subnet has been added to the POSTROUTING chain:
    $ iptables -t nat -L -n

    As part of the response, you should expect to see the following for your Docker subnet:

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    MASQUERADE all -- 192.168.9.0/24 0.0.0.0/0
    
  9. If you see those expected results, start serviced:
    $ sytemctl start serviced
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Juan Manuel Moreno

    This procedure is temporal until you reboot the server. Docker selects its IP Address again with your algorithm. What would it be the permament procedure?

    Another question,

    Is it possible to change (as a better solution) the variable SERVICED_MASTER_IP (Default: 172.17.42.1) on serviced config file with Physical interface IP Address (i.e eth0) ??

    This variable define the serviced instance, so the ip address example for serviced config file is alwalys Docker IP Address, but if you have two zenoss servers as Master, the 172.17.42.1 is configured on both for Default config docker and this is a conflict when two server are on the same network (without firewalls).

  • Avatar
    Paul Winkeler
    To make this change permanent you need to edit the configuration files that drive docker. Specifically /etc/sysconfig/docker. Add the following options to the DOCKER_OPTIONS variable: --bip=192.168.200.1/24 --default-gateway=192.168.200.1 to move the docker network to 192.168.200/24. But then also make sure to set the SERVICED_MASTER_IP to 192.168.200.1 at the same time!
Powered by Zendesk