15

After starting docker-ce (18.06.1-ce, build e68fc7a) on Ubuntu Server 16.04, the following is created:

$ ifconfig
docker0   Link encap:Ethernet  HWaddr 02:42:fe:36:81:72
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Unfortunately, my PC is on this network. Meaning that as soon as the docker starts, I lose ssh connectivity to the server.

Attempt 1

Several forums are saying to add the following to /etc/docker/daemon.json:

{
  "bip": "192.168.1.1/24"
}

Attempt 2, using this SO accepted answer

One possible solution that is working is running:

sudo ip addr add dev docker0 192.168.1.1/24
sudo ip addr del dev docker0 172.17.0.1/16

Source: forums.docker.com

Although this is a possible solution, I have to do it after the docker service starts. Something I can't do because I lose connectivity meanwhile.

Attempt 3, following @Light.G answer

After adding the -bip to ExecStart line, trying to start docker gives (journalctl -xe):

-- Unit docker.socket has begun starting up.
Sep 11 11:13:19 PTLISLABHLC01 systemd[1]: Listening on Docker Socket for the API.
-- Subject: Unit docker.socket has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.socket has finished starting up.
--
-- The start-up result is done.
Sep 11 11:13:19 PTLISLABHLC01 systemd[1]: docker.service: Start request repeated too quickly.
Sep 11 11:13:19 PTLISLABHLC01 systemd[1]: Failed to start Docker Application Container Engine.
-- Subject: Unit docker.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit docker.service has failed.
--
-- The result is failed.
Sep 11 11:13:19 PTLISLABHLC01 systemd[1]: docker.socket: Unit entered failed state.
Sep 11 11:13:19 PTLISLABHLC01 polkitd(authority=local)[1062]: Unregistered Authentication Agent for unix-process:15666:32644036 (system bus name :1.56, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

Only error here is that you should use --bip and not -bip. Check the accepted answer!

NBajanca
  • 3,544
  • 3
  • 26
  • 53

3 Answers3

17

No need extra entity:

  • Edit /lib/systemd/system/docker.service before start Docker. Add --bip "192.168.1.1/24" at the end of line ExecStart=/usr/bin/dockerd.
  • systemctl daemon-reload
  • systemctl start docker

Tested on Ubuntu 16.04 with Docker 17.03-ce.

Edit on 2018-09-13:
Since we might still need user-defined bridge networks, there is still a potential issue.

By default bridge is assigned one subnet from the ranges 172.[17-31].0.0/16 or 192.168.[0-240].20/20 which does not overlap with any existing interface. Unlike the default bridge network, user-defined networks supports manual IP address and subnet assignment. If an assignment is not given, then Docker’s default IPAM driver assigns the next subnet available in the private space.

Thougt they say it would not overlap with any existing interfaces on host, you still suffered such an issue. So if you need user-defined bridge networks, you’d better assign specific subnet for them. As I know, there is no parameters for customizing IPAM driver default pool.

NBajanca
  • 3,544
  • 3
  • 26
  • 53
Light.G
  • 5,548
  • 1
  • 14
  • 25
5

My solution was to do it with a service that runs a shell command.

I created docker-network-setup.sh:

sudo ip addr add dev docker0 192.168.1.1/24
sudo ip addr del dev docker0 172.17.0.1/16

chmod u+x docker-network-setup.sh to ensure you can execute it.

And docker-network-setup.service:

[Unit]
Description=Change docker0 default IP
# When systemd stops or restarts the docker.service, the action is propagated to this unit
PartOf=docker.service
# Start this unit after the docker.service start
After=docker.service

[Service]
# The program will exit after running the script
Type=oneshot
# Execute the shell script
ExecStart=/bin/bash /home/user01/docker-network-setup.sh start
# This service shall be considered active after start
RemainAfterExit=yes

[Install]
# This unit should start when docker.service is starting
WantedBy=docker.service

sudo cp docker-network-setup.service /etc/systemd/system and the service is enabled!

Don't forget sudo systemctl daemon-reload if you want to test the service right away.

NBajanca
  • 3,544
  • 3
  • 26
  • 53
3

I struggled with AWS VPC peering connection that didn't work with my Docker containers until I found this thread.

In case you're using an AWS 172.17.x.x subnet, it might conflict with the default Docker subnet (172.17.0.1/16), so nothing will work between those subnets...

One way to fix it will be just moving to a different AWS subnet (which is not always possible due to legacy systems/configurations);

Another way will be to change the default Docker subnet with bip setup in /etc/docker/daemon.json (as described above) - something like:

{
  "bip": "192.168.1.1/24"
}

Best approach will be just to avoid using 172.17.x.x subnet in AWS...

Naor Bar
  • 1,991
  • 20
  • 17