0 0 Share PDF

How do I change the docker gwbridge address?

Article ID: KB000299

Issue

The docker_gwbridge interface provides default gateway functionality for all containers and tasks which are using a multi-host swarm overlay network. It is created on each Docker host when they are joined to a swarm cluster.

If the IP address of the interface docker_gwbridge conflicts with an address on your network, it can be changed on a host-by-host basis.

Prerequisites

  • Docker swarm mode cluster
  • Docker daemon version CS 1.12, CS 1.13, EE 17.03, EE 17.06, EE 18.03
  • Universal Control Plane 1.1, 2.0, 2.1, 2.2, 3.0

Resolution

Warning: Modifying an existing member of a cluster involves removing the node from the cluster.

To alter the subnet of this interface, stop any classic containers attached to overlay networks, leave the swarm, remove the network, re-add it with the desired address, and restart classic containers as follows (must be done on a host-by-host basis):"

  1. Obtain the swarm join token for the role of the node in question (manager or worker). This can be performed with the following command via an administrator UCP client certificate bundle or a shell on a manager node, or via the UCP UI in the Add Node screen:

    docker swarm join-token worker
    

    or:

    docker swarm join-token manager
    

    Remaining commands are performed on a node-by-node basis.

  2. Save a list of any overlay-attached classic containers. This will be used to stop and start these containers before and after network reconfiguration.

    gwbridge_containers=$(docker network inspect docker_gwbridge --format '{{range $k, $v := .Containers}}{{$k}}{{printf "\n"}}{{end}}' |xargs -I{} docker container ls -f is-
    task=false -f id={} --format {{.Names}})
    echo ${gwbridge_containers}
    
  3. Stop any classic containers using docker_gwbridge:

    docker stop ${gwbridge_containers}
    
  4. Leave the swarm. This will stop swarm tasks and disable swarm multi-host overlay networking on the node. Swarm tasks will be rescheduled to other nodes if constraints and resource limits allow:

    docker swarm leave
    
  5. Remove the docker_gwbridge network:

    docker network rm docker_gwbridge
    
  6. Recreate the docker_gwbridge network using the desired network prefix, setting the desired values:

    docker network create  \
    --subnet 172.20.0.0/20 \
    --gateway 172.20.0.1 \
    -o com.docker.network.bridge.enable_icc=false \
    -o com.docker.network.bridge.name=docker_gwbridge \
    docker_gwbridge
    
  7. (Optional) Confirm the settings on docker_gwbridge:

    docker network inspect docker_gwbridge --format '{{range $k, $v := index .IPAM.Config 0}}{{.| printf "%s: %s " $k}}{{end}}'
    
  8. Re-join the swarm using the swarm join token from step 1.

    docker swarm join --token SWMTKN-1-269ekl8fmpi7e71unksib1525xncpi15kccdukv4jz2wr9ovjd-4bhimfkzmo67jvzf15l8f8cza 192.168.121.246:2377
    
  9. Restart any overlay-attached classic containers:

    docker start ${gwbridge_containers}
    
  10. (Optional) Leaving and rejoining the swarm leaves an unused node entry with the same hostname in the swarm membership. Remove the unused entry with docker node rm via an administrator UCP client certificate bundle or in the UCP UI in the Nodes screen.