Page MenuHomePhabricator
Paste P10501

docker and ferm
ActivePublic
Actions

Authored by JHedden on Feb 24 2020, 6:08 PM.
Tags
None
Referenced Files
F31629528: raw.txt
Feb 24 2020, 6:08 PM
Subscribers
None
From: https://gerrit.wikimedia.org/r/c/operations/puppet/+/555528/1/modules/profile/manifests/ceph/k8s/node.pp#b78
```
# Configure ferm to preserve the docker iptable chains
ferm::conf { 'docker-preserve':
ensure => present,
prio => 20,
source => 'puppet:///modules/profile/ceph/docker-preserve',
}
```
From: https://gerrit.wikimedia.org/r/c/operations/puppet/+/555528/1/modules/profile/files/ceph/docker-preserve
```
domain (ip ip6) {
table filter {
chain (DOCKER DOCKER-USER DOCKER-INGRESS DOCKER-ISOLATION-STAGE-1 DOCKER-ISOLATION-STAGE-2 FORWARD) @preserve;
}
table nat {
chain (DOCKER DOCKER-INGRESS PREROUTING OUTPUT POSTROUTING) @preserve;
}
}
```
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL