Barak Korren created OVIRT-2340:
-----------------------------------
Summary: Unable to run containers with the '-p' option
Key: OVIRT-2340
URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2340
Project: oVirt - virtualization made easy
Issue Type: Bug
Components: Jenkins Slaves
Reporter: Barak Korren
Assignee: infra
Priority: High
When trying to run containers that expose ports we can get the following error:
{code}
/usr/bin/docker-current: Error response from daemon: driver failed programming
external connectivity on endpoint silly_sammet
(90b600ff5b0e6c2e708e8cd5086b518596dbe7ac4fa2735bec52d3a88e1ae004): (iptables
failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 4444 -j DNAT
--to-destination 172.17.0.2:3333 ! -i docker0: iptables: No chain/target/match
by that name.
(exit status 1)).
{code}
We can reproduce this for example wiht the following command:
{code}
sudo docker run -it --rm -p 4444:3333 centos
{code}
Further information:
# This seems to be happening because the "DOCKER" chain is missing in iptables.
# We've seen this happen constantly on FC28 slaves but not on EL7 slaves
# Restarting the docker service recreates the iptables chain and effectively
resolves the issue
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100089)
_______________________________________________
Infra mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/MZPCD52JCDNPEG63AYFY3JGIM27WF5G6/
