stackhpc/a-universe-from-nothing

No external network access from kolla container builds

Closed this issue · 1 comments

oneswig commented

The Seed VM Docker daemon is configured with iptables disabled. This appears to be an unintended effect of this commit:

af360c2

Various options:

  • Set the variable docker_disable_default_iptables_rules to be true using inventory variables, in etc/kayobe/kolla/inventory/group_vars - this may only apply to overcloud
  • Configure host network namespace for container builds with config of this form:
kolla_build_extra_config: |
  [DEFAULT]
  network_mode = host
markgoddard commented

We could try this one as a way to disable bridge networking: https://review.opendev.org/#/c/689870