Page MenuHomeDevCentral

Allow containers to connect to host
ClosedPublic

Authored by dereckson on Oct 9 2018, 16:06.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 3, 16:08
Unknown Object (File)
Sun, Nov 3, 16:07
Unknown Object (File)
Sun, Nov 3, 01:35
Unknown Object (File)
Sun, Oct 20, 14:47
Unknown Object (File)
Sun, Oct 20, 10:27
Unknown Object (File)
Fri, Oct 18, 08:32
Unknown Object (File)
Fri, Oct 18, 07:23
Unknown Object (File)
Mon, Oct 14, 21:09
Subscribers
None

Details

Summary

Provide firewalld rich rules to allow the container → host connection.

Fixes T1463.

Test Plan

check if devcentral can connect to aphlict

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.

OS family is RedHat, not CentOS

Salt master
$ salt equatower state.apply roles/paas-docker/docker/firewall
equatower:
----------
          ID: /etc/firewalld/zones/public.xml
    Function: file.managed
      Result: True
     Comment: File /etc/firewalld/zones/public.xml updated
     Started: 16:07:39.382235
    Duration: 192.337 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -6,8 +6,20 @@
                     <service name="dhcpv6-client"/>
                     <service name="http"/>
                     <service name="https"/>
                  +
                     <rule family="ipv4">
                  -    <source address="172.16.0.0/12" />
                  +    <source address="172.18.2.0/24" />
                       <accept />
                     </rule>
                  +
                  +  <rule family="ipv4">
                  +    <source address="172.18.1.0/24" />
                  +    <accept />
                  +  </rule>
                  +
                  +  <rule family="ipv4">
                  +    <source address="172.17.0.0/16" />
                  +    <accept />
                  +  </rule>
                  +
                   </zone>

Summary for equatower
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 192.337 ms
This revision is now accepted and ready to land.Oct 9 2018, 16:09
Equatower
$ systemctl restart firewalld
$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-10-09 16:10:06 UTC; 3s ago
This revision was automatically updated to reflect the committed changes.