Change the IP range used by Docker
This page indicates how to change the IP ranges used by Docker.
By default, docker will use these two ranges:
172.17.0.0/16
: for thebridge
network (also calleddocker0
)172.18.0.0/16
: for thedocker_gwbridge
network
If the procedure is followed during the installation of Cyberwatch, only steps 3 and 4 are necessary.
Stop the instance:
sudo cyberwatch stop
Disconnect and remove network
docker_gwbridge
docker network disconnect -f docker_gwbridge gateway_ingress-sbox
docker network rm docker_gwbridge
Edit file
/etc/docker/daemon.json
:{ "bip": "10.0.1.1/24", "default-address-pools": [ { "base": "10.0.2.0/18", "size": 24 } ] }
The field
bip
(Bridge IP) defines the IP range that network interfacedocker0
can use. The example reserves IP range10.0.1.1/24
to the interface. Beware, the range must end with.1
, otherwise docker won’t start.The field
default-address-pools
defines the IP range of network interfacedocker_gwbridge
. The example reserves IP range10.0.2.0/24
.Restart docker:
sudo systemctl restart docker
Start Cyberwatch:
sudo cyberwatch start
Check that the IPs changed:
docker network inspect bridge | grep Subnet docker network inspect docker_gwbridge | grep Subnet
Troubleshooting
Potential problem detected on CentOS.
With the suggested configuration, docker may no longer be able to restart successfully on the Cyberwatch server. The command:
systemctl restart docker
may then fail, indicating that it was impossible to create the network docker_gwbridge
.
You can then use the following commands as a workaround:
ip link add name docker0 type bridge
ip addr add dev docker0 10.10.0.1/16
This is a onetime fix and must be applied each time you restart docker.
The problem can be fixed permanently by modifying the configuration file like this:
cat > /etc/docker/daemon.json <<EOL
{
"bip": "10.0.1.1/24",
"default-address-pools": [
{ "base": "10.0.64.0/18", "size": 24 }
]
}
EOL
thus giving docker a larger IP range.
Sources: