Cannot configure daemon's bip/bridge IP range #218

Closed
yacn opened this Issue Aug 10, 2016 · 13 comments

Comments

Projects
None yet
@yacn

yacn commented Aug 10, 2016

Expected behavior

I should be able to configure the bip setting for the Docker Engine daemon running in xhyve via the Docker For Mac GUI. The default CIDR conflicts with our VPN's network range.

Actual behavior

I cannot configure bip setting because there is no etc/docker/daemon.json to edit or option to change in the GUI.

Information

  • Diagnostic ID: 30EC86B0-7ED8-44CD-B855-57327A022FBD
  • OS X 10.10.5

Steps to reproduce the behavior

I cannot from a blank slate configure the daemon's bip using the latest Docker For Mac stable or beta. To configure bip, I have to follow these steps:

  1. Install Docker For Mac beta build 10258 (latest beta I have on my computer from before the stable/beta channel releases)
  2. Go to config's directory: cd ~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux
  3. Update daemon.json to include bip config: echo '{"storage-driver":"aufs","debug":"true","bip":"10.10.10.1/24"}' > etc/docker/daemon.json
  4. Add and commit changed daemon.json: git add etc/docker/daemon.json && git commit -m "configure bip"
  5. After committing, xhyve is triggered to restart.
  6. Run an alpine container and verify I can ping hosts within our VPN from the container
  7. Quit Docker for Mac
  8. Move Docker.app build 10258 out of Applications
  9. Move the Docker for Mac (latest stable or beta release) into Applications
  10. Start Docker for Mac, run alpine container and verify can still ping a host in the VPN
@yacn

This comment has been minimized.

Show comment
Hide comment
@yacn

yacn Aug 18, 2016

Just an update:

We can also retrieve the files by changing into ~/Library/Containers/com.docker.docker/Data/database and performing git reset --hard. This puts the we need to modify back and allows us to change them as we see fit.

yacn commented Aug 18, 2016

Just an update:

We can also retrieve the files by changing into ~/Library/Containers/com.docker.docker/Data/database and performing git reset --hard. This puts the we need to modify back and allows us to change them as we see fit.

@algesten

This comment has been minimized.

Show comment
Hide comment
@algesten

algesten Nov 27, 2016

Docker 1.12.3. I can't get this to work.

I commit the change, quit and restart docker. Then it just stalls in "Docker is starting".

Docker 1.12.3. I can't get this to work.

I commit the change, quit and restart docker. Then it just stalls in "Docker is starting".

@hector70

This comment has been minimized.

Show comment
Hide comment
@hector70

hector70 Dec 6, 2016

Docker 1.12.3 cannot find where to configure docker IP range (it's actually giving a network which is connected to my intranet causing conflicts).

hector70 commented Dec 6, 2016

Docker 1.12.3 cannot find where to configure docker IP range (it's actually giving a network which is connected to my intranet causing conflicts).

@CerebralMastication

This comment has been minimized.

Show comment
Hide comment
@CerebralMastication

CerebralMastication Dec 12, 2016

I had the same issue as @algesten where docker would not restart after the change. I simplified the addition to daemon.json to simply {"bip":"172.17.0.1/24"} then I did the commit and things seemed to work for me.

I had the same issue as @algesten where docker would not restart after the change. I simplified the addition to daemon.json to simply {"bip":"172.17.0.1/24"} then I did the commit and things seemed to work for me.

@hector70

This comment has been minimized.

Show comment
Hide comment
@hector70

hector70 Dec 12, 2016

@CerebralMastication

This comment has been minimized.

Show comment
Hide comment
@CerebralMastication

CerebralMastication Dec 12, 2016

@hector70 the daemon.json is located in ~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux/etc/docker

but note that the git repo is in ~/Library/Containers/com.docker.docker/Data/database

you'll have to do the git reset --hard as discussed above then add the daemon.json to the repo then commit

CerebralMastication commented Dec 12, 2016

@hector70 the daemon.json is located in ~/Library/Containers/com.docker.docker/Data/database/com.docker.driver.amd64-linux/etc/docker

but note that the git repo is in ~/Library/Containers/com.docker.docker/Data/database

you'll have to do the git reset --hard as discussed above then add the daemon.json to the repo then commit

@dsheets

This comment has been minimized.

Show comment
Hide comment
@dsheets

dsheets Dec 13, 2016

Contributor

Since Beta 31, daemon.json is editable via 🐳 ➡️ Preferences... ➡️ Daemon ➡️ Advanced.

Contributor

dsheets commented Dec 13, 2016

Since Beta 31, daemon.json is editable via 🐳 ➡️ Preferences... ➡️ Daemon ➡️ Advanced.

@algesten

This comment has been minimized.

Show comment
Hide comment
@algesten

algesten Dec 13, 2016

Also it seems docker-compose have hard coded ranges that won't pick up on changed defaults in the docker daemon.js. So whilst single containers launched with docker get the IP change, networks created implicitly with docker-compose won't. Can be sorted in docker-compose.yml:

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
      - subnet:  10.103.0.1/16
        gateway: 10.103.0.1

Also it seems docker-compose have hard coded ranges that won't pick up on changed defaults in the docker daemon.js. So whilst single containers launched with docker get the IP change, networks created implicitly with docker-compose won't. Can be sorted in docker-compose.yml:

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
      - subnet:  10.103.0.1/16
        gateway: 10.103.0.1
@CerebralMastication

This comment has been minimized.

Show comment
Hide comment
@CerebralMastication

CerebralMastication Dec 13, 2016

@dsheets that will be great when that's in stable.

@dsheets that will be great when that's in stable.

@samoht

This comment has been minimized.

Show comment
Hide comment
@samoht

samoht Jan 30, 2017

Contributor

It is now possible to edit daemon.json in the UI on both the stable and the beta channels, so closing.

Contributor

samoht commented Jan 30, 2017

It is now possible to edit daemon.json in the UI on both the stable and the beta channels, so closing.

@samoht samoht closed this Jan 30, 2017

@BretFisher

This comment has been minimized.

Show comment
Hide comment
@BretFisher

BretFisher Feb 2, 2017

TL;DR for those that end up here like I did when having this problem

If you happen to have this problem where you're in a container and can't access your local network resources, and your local network is a 172.17, 172.18, 172.19, etc network, then you'll need to change the network docker is using so it doesn't conflict with your local LAN, VPN, etc.

bridge (docker0) defaults to 172.17.0.0/16

To change that, open up Docker for Mac Preferences and add a different private subnet to the Daemon config that you know won't conflict. I this example I picked a random 192.168 subnet:

screen shot 2017-02-02 at 4 39 34 pm

Note this will only change the bridge network subnet, and not overlay's (used by docker-compose and swarm), or docker_gwbridge. In my experience, they layout like this:

bridge (docker0) : "Subnet": "172.17.0.0/16"
docker_gwbridge : "Subnet": "172.18.0.0/16"
any bridge/overlay networks you create after that: "Subnet": "172.19.0.0/16" and so on.

TL;DR for those that end up here like I did when having this problem

If you happen to have this problem where you're in a container and can't access your local network resources, and your local network is a 172.17, 172.18, 172.19, etc network, then you'll need to change the network docker is using so it doesn't conflict with your local LAN, VPN, etc.

bridge (docker0) defaults to 172.17.0.0/16

To change that, open up Docker for Mac Preferences and add a different private subnet to the Daemon config that you know won't conflict. I this example I picked a random 192.168 subnet:

screen shot 2017-02-02 at 4 39 34 pm

Note this will only change the bridge network subnet, and not overlay's (used by docker-compose and swarm), or docker_gwbridge. In my experience, they layout like this:

bridge (docker0) : "Subnet": "172.17.0.0/16"
docker_gwbridge : "Subnet": "172.18.0.0/16"
any bridge/overlay networks you create after that: "Subnet": "172.19.0.0/16" and so on.

@AKFourSeven

This comment has been minimized.

Show comment
Hide comment
@AKFourSeven

AKFourSeven Jun 21, 2017

I really like this feature but it seems that other options are not working, for instance, I need to pass in these options :

DOCKER_OPTS = "--bip=xx.xx.xx.x/xx --dns xx.xx.x.xx --dns xx.xx.x.xx --dns-search xx.xx.xx"

But when I try to add any of the dns or dns-search options in the json the restart goes idle meaning that the added options are breaking the config.
How then would I go on adding these options ?
Can anyone help at all ?
I am on Docker CE - Version 17.03.1-ce-mac12 (17661) running on macOS Sierra.

EDIT

Nevermind I found the syntax :

{
	"bip":"xx.xx.xx.x/xx",
	"dns-search":[" xx.xx.x.xx"],
	"dns": [" xx.xx.x.xx"," xx.xx.x.xx"]
}

AKFourSeven commented Jun 21, 2017

I really like this feature but it seems that other options are not working, for instance, I need to pass in these options :

DOCKER_OPTS = "--bip=xx.xx.xx.x/xx --dns xx.xx.x.xx --dns xx.xx.x.xx --dns-search xx.xx.xx"

But when I try to add any of the dns or dns-search options in the json the restart goes idle meaning that the added options are breaking the config.
How then would I go on adding these options ?
Can anyone help at all ?
I am on Docker CE - Version 17.03.1-ce-mac12 (17661) running on macOS Sierra.

EDIT

Nevermind I found the syntax :

{
	"bip":"xx.xx.xx.x/xx",
	"dns-search":[" xx.xx.x.xx"],
	"dns": [" xx.xx.x.xx"," xx.xx.x.xx"]
}
@willthames

This comment has been minimized.

Show comment
Hide comment
@willthames

willthames May 4, 2018

I had a few problems with the bip setup - it's not obvious that bip is both an IP address and a subnet mask at the same time. If you set it to a subnet mask, Docker won't start and you'll have to reset to factory defaults.

Good:

{
  "bip": "10.10.0.1/16"
}

Bad:

{ 
  "bip": "10.10.0.0/16"
}

I had a few problems with the bip setup - it's not obvious that bip is both an IP address and a subnet mask at the same time. If you set it to a subnet mask, Docker won't start and you'll have to reset to factory defaults.

Good:

{
  "bip": "10.10.0.1/16"
}

Bad:

{ 
  "bip": "10.10.0.0/16"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment