StarlingX

  1. Bug #1875891
  2. Comment #7

Comment 7 for bug 1875891

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/724384
Committed: https://git.openstack.org/cgit/starlingx/stx-puppet/commit/?id=b793518f65ae932f3974ff85b797f505b5ef1c2a
Submitter: Zuul
Branch: master

commit b793518f65ae932f3974ff85b797f505b5ef1c2a
Author: Robert Church <email address hidden>
Date: Wed Apr 29 12:49:04 2020 -0400

    Ensure containerd binds to the loopback interface

    Set the stream_server_address to bind to the loopback interface with a
    value of "127.0.0.1" for IPv4 and "::1" for IPv6.

    Without setting the stream_server_address in config.toml, containerd was
    binding to the OAM interface. Under most situations this resulted in
    containerd binding to the OAM fixed host address. But in an IPv6
    configuration there were occasions where after controller-0 unlock, the
    OAM floating IP would be used. When this happened, swacting away from
    controller-0 would move the OAM floating IP to controller-1 and break
    access to containers residing on controller-0.

    This will explicitly update the containerd configuration to use the IP
    address of the loopback interface based on the system's network
    configuration.

    This also removes any security concerns with containerd binding to the
    OAM interface.

    Change-Id: I0f914d738e94b525cf217712675d3b4575817d1d
    Depends-On: https://review.opendev.org/#/c/725394/
    Closes-Bug: #1875891
    Signed-off-by: Robert Church <email address hidden>