IP Conflict with docker0/bridge for Appliance Based NetIQ Applications

Document ID:7023491
Creation Date:01-Nov-2018
Modified Date:02-Mar-2020
- Micro Focus Products:
  Advanced Authentication
  Self Service Password Reset

Environment

Advanced Authentication 5.x Appliance
Advanced Authentication 6.x Appliance

Self Service Password Reset Appliance

SSPR 4.x

Other applications that use the Net IQ Common Appliance Framework

Situation

How to change the default IP address for docker0/br-xxxxxx on a standard/default install of an AAF or SSPR Appliance

By default, the appliance uses 172.17.0.1 and 172.18.0.1 as the docker0 and br-xxxxxx network ip addresses.

Certain networks may already have these IP ranges configured for other services.

For example, the default ifconfig output may include:

docker0   Link encap:Ethernet HWaddr *:*:*:*:*:*
          inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
          UP BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:66359 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77517 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3569440 (3.5 MB) TX bytes:203222893 (203.2 MB)

Resolution

Modify or customize the docker0 bridge to use another IP range, as follows.

1.Edit the existing daemon.json (default location at /etc/docker/daemon.json on Linux) file and add the following at the TOP of the file:

"bip": "172.26.0.1/16"

For example, the resulting daemon.json may look like this:

{
"bip": "172.26.0.1/16",
"log-level": "warn",
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "5"
}

}

2. Restart the docker daemon using one of following options:

sudo systemctl restart docker (on systemd based Linux operating systems)

OR

rcdocker restart

After restating docker it may be necessary to kill the SSPR application and restart it through system services in vaconfig.

For details see the docker documentation at https://success.docker.com/article/how-do-i-configure-the-default-bridge-docker0-network-for-docker-engine-to-a-different-subnet.

IMPORTANT NOTE: After making the documented changes daemon.json will be “owned” by the docker rpm. This means that new versions of the docker rpm may overwrite this file, and updates/upgrades could remove the changes. Be aware that daemon.json may need to be edited again after an update or upgrade.

Cause

IP range docker is trying to use is already in use.

Additional Information

Another option is given in this article in the Docker documentation:

https://docs.docker.com/v17.09/engine/userguide/networking/default_network/custom-docker0/, namely:

Create or modify the docker daemon.json file (/etc/docker/daemon.json) and configure as needed:
{
"bip": "192.168.1.5/24",
"fixed-cidr": "192.168.1.5/25",
"fixed-cidr-v6": "2001:db8::/64",
"mtu": 1500,
"default-gateway": "10.20.1.1",
"default-gateway-v6": "2001:db8:abcd::89",
"dns": ["10.20.1.2","10.20.1.3"]
}
Note: These same options are available as flags to dockerd. For more details, please refer to the link above.
Restart Docker after making these changes:
rcdocker restart