Unable to run containers with the '-p' option --------------------------------------------- Key: OVIRT-2340 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2340 Project: oVirt - virtualization made easy Issue Type: Bug Components: Jenkins Slaves Reporter: Barak Korren Assignee: infra Priority: High When trying to run containers that expose ports we can get the following error: {code} /usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint silly_sammet (90b600ff5b0e6c2e708e8cd5086b518596dbe7ac4fa2735bec52d3a88e1ae004): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 4444 -j DNAT --to-destination 172.17.0.2:3333 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1)). {code} We can reproduce this for example wiht the following command: {code} sudo docker run -it --rm -p 4444:3333 centos {code} Further information: # This seems to be happening because the "DOCKER" chain is missing in iptables. # We've seen this happen constantly on FC28 slaves but not on EL7 slaves # Restarting the docker service recreates the iptables chain and effectively resolves the issue