Page MenuHomeDevCentral

Allow containers to connect to host
ClosedPublic

Authored by dereckson on Oct 9 2018, 16:06.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Nov 3, 16:08
Unknown Object (File)
Sun, Nov 3, 16:07
Unknown Object (File)
Sun, Nov 3, 01:35
Unknown Object (File)
Sun, Oct 20, 14:47
Unknown Object (File)
Sun, Oct 20, 10:27
Unknown Object (File)
Fri, Oct 18, 08:32
Unknown Object (File)
Fri, Oct 18, 07:23
Unknown Object (File)
Mon, Oct 14, 21:09
Subscribers
None

Details

Summary

Provide firewalld rich rules to allow the container → host connection.

Fixes T1463.

Test Plan

check if devcentral can connect to aphlict

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
allow-containers-to-connect-to-host (branched from master)
Build Status
Buildable 2880
Build 3128: arc lint + arc unit

Event Timeline

dereckson created this revision.

OS family is RedHat, not CentOS

Salt master
$ salt equatower state.apply roles/paas-docker/docker/firewall
equatower:
----------
          ID: /etc/firewalld/zones/public.xml
    Function: file.managed
      Result: True
     Comment: File /etc/firewalld/zones/public.xml updated
     Started: 16:07:39.382235
    Duration: 192.337 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -6,8 +6,20 @@
                     <service name="dhcpv6-client"/>
                     <service name="http"/>
                     <service name="https"/>
                  +
                     <rule family="ipv4">
                  -    <source address="172.16.0.0/12" />
                  +    <source address="172.18.2.0/24" />
                       <accept />
                     </rule>
                  +
                  +  <rule family="ipv4">
                  +    <source address="172.18.1.0/24" />
                  +    <accept />
                  +  </rule>
                  +
                  +  <rule family="ipv4">
                  +    <source address="172.17.0.0/16" />
                  +    <accept />
                  +  </rule>
                  +
                   </zone>

Summary for equatower
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 192.337 ms
This revision is now accepted and ready to land.Oct 9 2018, 16:09
Equatower
$ systemctl restart firewalld
$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-10-09 16:10:06 UTC; 3s ago
This revision was automatically updated to reflect the committed changes.