ginomcevoy
commented
2 years ago FYI, this fix has been known and patched on our side for some time now, I forgot to push it to Bluebanquise until now :)
Closed ginomcevoy closed 2 years ago
ginomcevoy
commented
2 years ago FYI, this fix has been known and patched on our side for some time now, I forgot to push it to Bluebanquise until now :)
ginomcevoy
commented
2 years ago Forgot to update CHANGELOG.md, so I added one more commit.
ginomcevoy
commented
2 years ago Hello @neilmunday , I see "All checks have passed", could you please point me to the workflow checks that failed?
ginomcevoy
commented
2 years ago OK I found "Unchanged files with check annotations" with some FQCN and yaml warnings, in the "singularity" and "podman" roles. Do you want me to take care of these in this PR?
strus38
commented
2 years ago You may let those all... I will fix them separately in all my roles.
Le lun. 9 mai 2022 à 12:59, Giacomo Mc Evoy @.***> a écrit :
OK I found "Unchanged files with check annotations" with some FQCN and yaml warnings, in the "singularity" and "podman" roles. Do you want me to take care of these in this PR?
— Reply to this email directly, view it on GitHub https://github.com/bluebanquise/community/pull/65#issuecomment-1120952036, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABM6DUZWHRTHYCZZABEBENLVJDVY5ANCNFSM5VIWYPZA . You are receiving this because your review was requested.Message ID: @.***>
neilmunday
commented
2 years ago OK I found "Unchanged files with check annotations" with some FQCN and yaml warnings, in the "singularity" and "podman" roles. Do you want me to take care of these in this PR?
Apologies, I didn't realise the checks were for other files not modified by this PR.
Previous PR #38 mentioned an issue with podman containers and firewall, that results in a "Connection refused" error. While the explanation in the PR is correct (containers lose connectivity after a firewall reload), there is another situation that the error happens: after pacemaker begins to manage the systemd service for the first time in a High Availability scenario. We have reproduced this issue consistently with VMs, but it only happened the first time the service is started by pacemaker on each node.
This PR implements a fix proposed in the previous PR, to use the slirp4netns user-mode networking for the systemd service of the private registry provided by the podman role. This solution is used for unprivileged containers by default, but it can also be used for privileged containers. We have not found any downsides of using slirp4netns in this and other privileged container services.
Edit: clarify that the fix is for the registry service