-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docker-ce package makes existing KVM guests unusable #949
Comments
It sounds likely that the docker bridge network is conflicting with your kvm net? Docker tries to pick an unused address space. I'm not sure I've seen it pick one that was in use before only error out because it can't find one. What you might want to do is either:
|
Thank you for taking the time to compile these hints. However they do not help in my situation, because the problem happens during the installation of the 'docker-ce' package - long before I have an opportunity to configure the docker daemon options. Today I found a workaround which allows me to install 'docker-ce' without breaking my KVM guests. |
Ah yes... libnetwork messes with that... |
@arkodg WDYT? Can libnetwork just not change |
@cpuguy83 I don't understand how
Step 4 might not be ideal, we might want to reset it the original value that was read Is this what is happening ? @TheCasualObserver |
Because, as I recall, dockerd is started on install. I think actually in the past we used to set the forward policy to accept, and now we set it to drop. |
I think that was changed, related to moby/moby#14041 (in moby/libnetwork#1526) |
@cpuguy83 that change you are referring to is only on master (moby/libnetwork#2450), not in 19.03 :) |
Sorry for bumping up an old issue, but I can confirm that this also happens with Ubuntu 20.04.1 LTS (focal) amd64 host. And the workaround described above still works. |
I have the same issue after starting Docker at system boot in Alpine Linux ( Interestingly, default policy for When booting without Docker installed, iptables rules look like this:
If I start Docker afterwards, it is updated to the following:
However, if Docker was enabled from the start (and before libvirt because it is alphabetically first on Alpine Linux), then I get this and libvirt is broken:
I'm wondering why this happens and whether it works properly with default policy |
Expected behavior
The act of installing the package 'docker-ce' should not interfere with existing KVM-guests and make them unable to access the network on Debian Buster.
Actual behavior
Installing the package 'docker-ce' causes, that KVM guests can no longer access the network.
In some cases a KVM guest can immediately after the installation no longer access the networt. After rebooting any KVM-guest, this KVM guest has no longer access to the network.
After deinstallation of the package 'docker-ce' and rebooting the system, all KVM guests can access the networt again.
Steps to reproduce the behavior
Prerequisite: Debian Buster 64 bit host with KVM-QEMU debian guests
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.)
The host is a physical 64-bit system.
Thank you for having a look at this issue.
The text was updated successfully, but these errors were encountered: