Mount system modules when calling system iptables
In order to allow the system iptables to actually run from within a container, we might need specific, per-kernel modules in order to avoid mismatches. Currently, the only container having the system iptables mounted is the haproxy_firewall thingy. Change-Id: Idabc2da14413d953c8fe9effdd240dc250e7c64d Related: https://bugzilla.redhat.com/show_bug.cgi?id=1665598
This commit is contained in:
parent
e8fd828d3b
commit
1bebfdcbdd
|
@ -227,6 +227,10 @@ outputs:
|
|||
- /usr/libexec/iptables:/usr/libexec/iptables:ro
|
||||
- /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
|
||||
- /var/lib/haproxy:/var/lib/haproxy:rw,z
|
||||
# Needed in order to call system iptables in order to ensure
|
||||
# we have kernel compatible modules
|
||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=1665598
|
||||
- /lib/modules:/lib/modules:ro
|
||||
environment:
|
||||
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
||||
haproxy:
|
||||
|
|
|
@ -280,6 +280,10 @@ outputs:
|
|||
- /usr/libexec/iptables:/usr/libexec/iptables:ro
|
||||
- /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
|
||||
- /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
|
||||
# Needed in order to call system iptables in order to ensure
|
||||
# we have kernel compatible modules
|
||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=1665598
|
||||
- /lib/modules:/lib/modules:ro
|
||||
environment:
|
||||
# NOTE: this should force this container to re-run on each
|
||||
# update (scale-out, etc.)
|
||||
|
|
Loading…
Reference in New Issue