Page MenuHomeDevCentral

Allow containers to connect to host
ClosedPublic

Authored by dereckson on Oct 9 2018, 16:06.

Details

Summary

Provide firewalld rich rules to allow the container → host connection.

Fixes T1463.

Test Plan

check if devcentral can connect to aphlict

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

dereckson requested review of this revision.Oct 9 2018, 16:06
dereckson created this revision.
dereckson updated this revision to Diff 4714.Oct 9 2018, 16:07

OS family is RedHat, not CentOS

dereckson accepted this revision.Oct 9 2018, 16:09
Salt master
$ salt equatower state.apply roles/paas-docker/docker/firewall
equatower:
----------
          ID: /etc/firewalld/zones/public.xml
    Function: file.managed
      Result: True
     Comment: File /etc/firewalld/zones/public.xml updated
     Started: 16:07:39.382235
    Duration: 192.337 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -6,8 +6,20 @@
                     <service name="dhcpv6-client"/>
                     <service name="http"/>
                     <service name="https"/>
                  +
                     <rule family="ipv4">
                  -    <source address="172.16.0.0/12" />
                  +    <source address="172.18.2.0/24" />
                       <accept />
                     </rule>
                  +
                  +  <rule family="ipv4">
                  +    <source address="172.18.1.0/24" />
                  +    <accept />
                  +  </rule>
                  +
                  +  <rule family="ipv4">
                  +    <source address="172.17.0.0/16" />
                  +    <accept />
                  +  </rule>
                  +
                   </zone>

Summary for equatower
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 192.337 ms
This revision is now accepted and ready to land.Oct 9 2018, 16:09
Equatower
$ systemctl restart firewalld
$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-10-09 16:10:06 UTC; 3s ago
This revision was automatically updated to reflect the committed changes.