Changing the IP range for docker0

Lately, I’ve been tinkering a lot with docker. Mostly, I’ve been doing it for work at The Linux Foundation. But I do have a desire to have docker instances on my local box for distros which I do not run.

While doing some testing for work on my personal laptop, I noticed that the network which docker uses for it’s bridge, aptly named docker0, was in the same network as one of our VPNs.

# ip a s docker0
7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
 link/ether fe:54:00:18:1a:fd brd ff:ff:ff:ff:ff:ff
 inet 172.17.41.1/16 brd 10.100.72.255 scope global docker0
 ..snip..

# ip a s tun0
139: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1412 ...
    link/none 
    inet 172.17.123.32/24 brd 172.17.224.255 scope global tun0
       valid_lft forever preferred_lft forever

As you can tell, the docker0 network bridge covers all of the tun0 network. Any time I would attempt to ssh into one of the systems inside the VPN, it would time out. I was left wondering why for a few moments.

Luckily, it’s very easy to fix this problem. All that is needed is a defined bridge for docker0 and to restart the docker service. Here’s what to do:

First, stop docker:

# service docker stop
Redirecting to /bin/systemctl stop  docker.service

Next, create the network bridge file. You can choose any IP range you like. On Fedora 19, it looks like this:

# cat /etc/sysconfig/network-scripts/ifcfg-docker0 
DEVICE="docker0"
TYPE="Bridge"
ONBOOT="yes"
NM_CONTROLLED="no"
BOOTPROTO="static"
IPADDR=10.100.72.254
NETMASK=255.255.255.0

Restart your network services.  NOTE: service network restart may be needed.

# service NetworkManager restart
Redirecting to /bin/systemctl restart  NetworkManager.service

The docker0 bridge should now be in a range outside the VPN.

# ip a s docker0
7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 ...
    link/ether fe:54:00:18:1a:fd brd ff:ff:ff:ff:ff:ff
    inet 10.100.72.254/24 brd 10.100.72.255 scope global docker0

Starting new containers with docker should get IP addesses in the above range:

# service docker start
Redirecting to /bin/systemctl start  docker.service

# docker run -i -t herlo/fedora:20 /bin/bash
bash-4.2# ip a s eth0
141: eth0: <BROADCAST,UP,LOWER_UP> mtu 1412 ...
    link/ether fa:5f:e3:8d:61:f2 brd ff:ff:ff:ff:ff:ff
    inet 10.100.72.2/24 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::f85f:e3ff:fe8d:61f2/64 scope link 
       valid_lft forever preferred_lft forever

SUCCESS!

Cheers,

herlo

Posted in docker, Fedora, Networking | Tagged , , , | Leave a comment

Fedora Ambassadors Update: February 2013

Welcome New Ambassadors

We are happy to welcome our new sponsored Fedora Ambassador in February:

Mon Mar 11 02:53:08 2013 | Accounts: 624 | Inactive: 81 (12.98%)

Cheers,

herlo

Posted in Ambassadors, Fedora, Tech | Tagged , , , , , | Leave a comment

Fedora Ambassadors Update: January 2013

Welcome New Ambassadors

We are happy to welcome our new sponsored Fedora Ambassador in January:

Fedora Ambassador Statistics

Thu Feb 7 12:29:06 2013 | Accounts: 619 | Inactive: 81 | % inactive: 13.09

Cheers,

herlo

Yes, the announcement is behind this month. Moving into a new home will do that to you!
Posted in Ambassadors, Fedora, Tech | Tagged , , , , , | Leave a comment

FUDCon Lawrence: Day 1 Session Videos and More

While you might have seen the barrage of posts from Fedora’s FUDCon Lawrence this weekend, you might not know that many sessions were streamed for your joy and enrichment.

Here’s a list with links to the videos (all of them are on youtube):

Enjoy,

herlo

Posted in Fedora, FUDCon, Tech | Tagged , , , , , , , | Leave a comment

Fedora Ambassadors Update: December 2012

Welcome New Ambassadors

We are happy to welcome our new sponsored Fedora Ambassador in December:

Fedora Ambassador Statistics

Cheers,

herlo

Posted in Ambassadors, Fedora, Tech | Tagged , , , , , | Leave a comment

FUDCon Lawrence Hackfest: GPG SmartCard Configuration

As I’ve been working at my new job at the Linux Foundation, we have been implementing quite a bit of two-factor authentication. In fact, back in November, Fedora implemented two-factor authentication for sudo at the Security FAD. I was there and helped setup the clients and did some testing.

While I was there, I had another agenda item, creating a HOWTO for enabling a GPG SmartCard for use with SSH. Of course, the SmartCard can be used for both encryption and signing as well.

After finishing that HOWTO, I was talking about it with a few people within Fedora, and there seemed to be quite a bit of interest. It turns out there was quite a bit of interest, so I’ve decided to do a hackfest on Saturday at FUDCon to help move people over to GPG SmartCards. This is also going to be quite nice in that there will be a GPG key signing event after this hackfest.

Come Prepared – Equipment Required

It’s important you come prepared! If you have ever had interest in this sort of thing, there’s time to get equipment for the hackfest. Here’s what you need:

Both pieces are required. Order ASAP, it takes about 10 days to ship. Consider even shipping to the FUDCon hotel if you are concerned or late. I know Petra will work hard to deliver them as fast as possible.

Doing a Little Prep Work

If you get your Token and SmartCard before FUDCon Lawrence and have a few spare minutes, feel free to read through my HOWTO. If you get through it, come to the hackfest and help others who might not have had time.

Cheers,

herlo

Posted in Fedora, FUDCon, Tech | Tagged , , , , , , , | Leave a comment

Well, that didn’t work: GoOSe Linux 6.0 Beta Release Candidate 5 (RC5) Now Available!

The hope was to make a Golden GoOSe available for Christmas, but it didn’t work. Oh well, here’s another release candidate!

GoOSe Linux 6.0 Beta Release Candidate 5 (RC5) is now available for testing. Visit http://get.gooseproject.org/ to obtain the download.

Once you arrive at the above link, the downloads are under /releases/6.0/Beta-RC5/GoOSe/<arch>/.

The GoOSe Project is always interested in feedback around its project. Please feel free to drop us a line about this release.

Comments/Questions:

Issues with GoOSe 6.0

If you find yourself having trouble installing, using or managing GoOSe Linux, please let us know. The best way is to file issues at our main project site on github, but we’re happy to have the information in any of the ways listed above.

Testing can be done by anyone. Please feel free to check our new testing wiki page for information on what tests need to be run and which have already passed. If you have interest in helping us test, thank you, thank you, thank you for the help!

GoOSe Beta-RC5 will be available for 1 week from today. At such time the GoOSe team will decide whether it will be the first Golden GoOSe release. This will be based upon feedback provided, so please do tell us what you think!

Cheers,

herlo

Posted in Fedora, GoOSe, Tech | Tagged , , , , , , , , | Leave a comment

GoOSe Linux 6.0 Beta Release Candidate 4 (RC4) Now Available!

GoOSe Linux 6.0 Beta Release Candidate 4 (RC4) is now available for testing. Visit http://get.gooseproject.org/ to obtain the download.

Once you arrive at the above link, the downloads are under /releases/6.0/Beta-RC4/GoOSe/<arch>/.

The GoOSe Project is always interested in feedback around its project. Please feel free to drop us a line about this release.

Comments/Questions:

Issues with GoOSe 6.0

If you find yourself having trouble installing, using or managing GoOSe Linux, please let us know. The best way is to file issues at our main project site on github, but we’re happy to have the information in any of the ways listed above.

GoOSe Beta-RC4 will be available for 2 weeks from today. At such time the GoOSe team will decide whether it will be the first Golden GoOSe release. This will be based upon feedback provided, so please do tell us what you think!

Cheers,

herlo

Posted in Fedora, GoOSe, News, Releases, Tech | Tagged , , , , , , , , | Leave a comment

Fedora Ambassadors Update: November 2012

Welcome New Ambassadors

We are happy to welcome our new sponsored Fedora Ambassadors in November:

Fedora Ambassador Statistics

Sun Dec 2 10:19:18 2012 | Approved: 616 | Inactive: 82 | % inactive: 13.31

Cheers,

Herlo

Posted in Ambassadors, Fedora, Tech | Tagged , , , , , | Leave a comment

Fedora Security FAD: The Results

Well, I think it was quite successful. Probably the most successful Fedora Activity Day I’ve attended. Many things were accomplished toward the goal of two-factor authentication within Fedora Infrastructure:

  • Installed and configured totpcgi authentication on the staging environment. This performs the verification from the clients. There will be several servers doing authentication to prevent a single point of failure.
  • Installed and configured pam_url on each staging client with the intent of connecting to the authentication servers.
  • Enabled yubikey as an alternate second factor.
  • Reviewed RPMs for pam_url and totpcgi (and a few others to help along the way)
  • Setup the totpcgi provisioning web page for google authenticator
  • Fixed fun bugs in pam_url
  • Wrote documentation on how to setup authentication.

A few things were accomplished that were not part of the goals, but good stuff nonetheless:

While I didn’t participate in all of the above activities, I was definitely involved in many of them. It turns out, everyone there was fairly involved at the FAD. It was fun to watch everyone come together to solve this issue. Everyone seemed to have a good sense of satisfaction accomplishing the goals.

Cheers,

herlo

Posted in FAD, Fedora, Tech | Tagged , , , , , , , , , , , | Leave a comment