Here is my Docker release :

[root@docker ~]# docker --version
Docker version 1.8.2-el7.centos, build a01dc02/1.8.2

Docker default bridge

As soon as Docker server is started, a new network interface appears with I.P. address :

[root@docker ~]# ip addr show dev docker0
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 02:42:5b:98:45:7e brd ff:ff:ff:ff:ff:ff
    inet scope global docker0
       valid_lft forever preferred_lft forever

Install “bridge-utils” package to see details :

[root@docker ~]# yum -y install bridge-utils

To display bridge information :

[root@docker ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.02425b98457e       no

Set your own persistant bridge

Create a new bridge

Unfortunately, this I.P. @ is already used by an other Docker server or doesn’t fit with your needs, so you want to change it.

Do do that, stop Docker service :

[root@docker ~]# systemctl stop docker

Stop the bridge :

[root@docker ~]# ip link set dev docker0 down

Delete it :

[root@docker ~]# brctl delbr docker0

Remove “postrouting” chain for “nat” table:

[root@docker ~]# iptables -t nat -F POSTROUTING

Create a new one (my new bridge “new_docker0”) :

  • Edit interface configuration file :
[root@docker ~]# cat /etc/sysconfig/network-scripts/ifcfg-new_docker0
  • Restart “network” service :
[root@docker ~]# systemctl restart network
  • Check your interface :
[root@docker ~]# ip addr show dev new_docker0
3: new_docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 8e:80:29:9f:90:85 brd ff:ff:ff:ff:ff:ff
    inet brd scope global new_docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::8c80:29ff:fe9f:9085/64 scope link
       valid_lft forever preferred_lft forever

Start Docker using this new interface

Edit “/etc/sysconfig/docker” configuration file :

[root@docker ~]# grep OPTIONS /etc/sysconfig/docker
OPTIONS='--selinux-enabled --bridge=new_docker0'

Start Docker :

[root@docker ~]# systemctl start docker

Docker is now using the right bridge :

[root@docker ~]# systemctl status -l docker | head -7
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2016-01-24 12:12:20 CET; 13min ago
 Main PID: 3202 (docker)
   CGroup: /system.slice/docker.service
           └─3202 /usr/bin/docker daemon --selinux-enabled --bridge=new_docker0 --storage-driver devicemapper --storage-opt dm.fs=xfs --storage-opt dm.thinpooldev=/dev/mapper/docker_vg-docker--pool --storage-opt dm.use_deferred_removal=true

IP tables :

[root@docker ~]# iptables -t nat -L -n | grep MASQUERADE

Create a container

Pull “CentOS” image” :

[root@docker ~]# docker pull centos
Using default tag: latest
Trying to pull repository ... latest: Pulling from library/centos
47d44cb6f252: Pull complete
838c1c5c4f83: Pull complete
5764f0a31317: Pull complete
60e65a8e4030: Pull complete
library/centos:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:8072bc7c66c3d5b633c3fddfc2bf12d5b4c2623f7004d9eed6aae70e0e99fbd7
Status: Downloaded newer image for

Create a container :

[root@docker ~]# docker run -tdi --restart=always --name CentOS centos bash

This container is up & running :

[root@docker ~]# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS              PORTS               NAMES
1dbc4c784aab        centos              "bash"              About a minute ago   Up About a minute                       CentOS

Install “net-tools” package within the container to see I.P. addresses :

[root@docker ~]# docker exec -ti CentOS bash
[root@1dbc4c784aab /]# yum -y install net-tools
  net-tools.x86_64 0:2.0-0.17.20131004git.el7

[root@1dbc4c784aab /]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet netmask broadcast
        inet6 fe80::42:acff:fe11:2 prefixlen 64 scopeid 0x20<link>
        ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
        RX packets 5602 bytes 8241341 (7.8 MiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 3383 bytes 234738 (229.2 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@1dbc4c784aab /]# exit



PDF24    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *