commit b793518f65ae932f3974ff85b797f505b5ef1c2a
Author: Robert Church <email address hidden>
Date: Wed Apr 29 12:49:04 2020 -0400
Ensure containerd binds to the loopback interface
Set the stream_server_address to bind to the loopback interface with a
value of "127.0.0.1" for IPv4 and "::1" for IPv6.
Without setting the stream_server_address in config.toml, containerd was
binding to the OAM interface. Under most situations this resulted in
containerd binding to the OAM fixed host address. But in an IPv6
configuration there were occasions where after controller-0 unlock, the
OAM floating IP would be used. When this happened, swacting away from
controller-0 would move the OAM floating IP to controller-1 and break
access to containers residing on controller-0.
This will explicitly update the containerd configuration to use the IP
address of the loopback interface based on the system's network
configuration.
This also removes any security concerns with containerd binding to the
OAM interface.
Change-Id: I0f914d738e94b525cf217712675d3b4575817d1d
Depends-On: https://review.opendev.org/#/c/725394/
Closes-Bug: #1875891
Signed-off-by: Robert Church <email address hidden>
Reviewed: https:/ /review. opendev. org/724384 /git.openstack. org/cgit/ starlingx/ stx-puppet/ commit/ ?id=b793518f65a e932f3974ff85b7 97f505b5ef1c2a
Committed: https:/
Submitter: Zuul
Branch: master
commit b793518f65ae932 f3974ff85b797f5 05b5ef1c2a
Author: Robert Church <email address hidden>
Date: Wed Apr 29 12:49:04 2020 -0400
Ensure containerd binds to the loopback interface
Set the stream_ server_ address to bind to the loopback interface with a
value of "127.0.0.1" for IPv4 and "::1" for IPv6.
Without setting the stream_ server_ address in config.toml, containerd was
binding to the OAM interface. Under most situations this resulted in
containerd binding to the OAM fixed host address. But in an IPv6
configuration there were occasions where after controller-0 unlock, the
OAM floating IP would be used. When this happened, swacting away from
controller-0 would move the OAM floating IP to controller-1 and break
access to containers residing on controller-0.
This will explicitly update the containerd configuration to use the IP
address of the loopback interface based on the system's network
configuration.
This also removes any security concerns with containerd binding to the
OAM interface.
Change-Id: I0f914d738e94b5 25cf217712675d3 b4575817d1d /review. opendev. org/#/c/ 725394/
Depends-On: https:/
Closes-Bug: #1875891
Signed-off-by: Robert Church <email address hidden>