matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

[Multi-Asic] Fix for multi-asic where we should allow docker local (#5364)

Browse Source 
communication on docker eth0 ip . Without this TCP Connection to Redis
does not happen in namespace.

Signed-off-by: Abhishek Dosi <abdosi@abdosi-ubuntu-vm0.nwp1qucpfg5ejooejenqshkj3e.cx.internal.cloudapp.net>

Co-authored-by: Abhishek Dosi <abdosi@abdosi-ubuntu-vm0.nwp1qucpfg5ejooejenqshkj3e.cx.internal.cloudapp.net>
This commit is contained in:
abdosi 2020-09-16 11:32:35 -07:00 committed by GitHub
parent 642479f75d
commit d12e9cbbc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/image_config/caclmgrd/caclmgrd
View File

@ -182,6 +182,10 @@ class ControlPlaneAclManager(daemon_base.DaemonBase):
allow_internal_docker_ip_cmds = []
if namespace:
# For namespace docker allow local communication on docker management ip for all proto
allow_internal_docker_ip_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -A INPUT -s {} -d {} -j ACCEPT".format
(self.namespace_docker_mgmt_ip[namespace], self.namespace_docker_mgmt_ip[namespace]))
# For namespace docker allow all tcp/udp traffic from host docker bridge to its eth0 management ip
allow_internal_docker_ip_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "iptables -A INPUT -p tcp -s {} -d {} -j ACCEPT".format
(self.namespace_mgmt_ip, self.namespace_docker_mgmt_ip[namespace]))