Skip to content

add iptables option to the daemon #309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sherry-ummen wants to merge 3 commits into
base: master
Choose a base branch
from
Open

add iptables option to the daemon #309

sherry-ummen wants to merge 3 commits into from

Conversation

@sherry-ummen
Copy link

@sherry-ummen sherry-ummen commented Nov 25, 2020
edited
Loading

PR is coming from this discussion here : https://discourse.drone.io/t/docker-parallel-build-failing-anyone/8406/6

Adding iptables option as discussed

ashwilliams1
ashwilliams1 reviewed Nov 25, 2020
View reviewed changes
cmd/drone-docker/main.go Outdated
Usage: "docker daemon executes in debug mode",
EnvVar: "PLUGIN_DEBUG,DOCKER_LAUNCH_DEBUG",
},
cli.BoolFlag{
Copy link

@ashwilliams1 ashwilliams1 Nov 25, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change to IPTablesOff since they are on by default, and we want to keep this default value

Copy link
Author

@sherry-ummen sherry-ummen Nov 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

ashwilliams1
ashwilliams1 reviewed Nov 25, 2020
View reviewed changes
cmd/drone-docker/main.go Outdated
Disabled: c.Bool("daemon.off"),
IPv6: c.Bool("daemon.ipv6"),
Debug: c.Bool("daemon.debug"),
IPTables: c.Bool("daemon.iptables"),
Copy link

@ashwilliams1 ashwilliams1 Nov 25, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rename to IPTablesOff since they are on by default

Copy link
Author

@sherry-ummen sherry-ummen Nov 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

ashwilliams1
ashwilliams1 reviewed Nov 25, 2020
View reviewed changes
cmd/drone-docker/main.go Outdated
cli.BoolFlag{
Name: "daemon.iptables",
Usage: "docker daemon enable addition of iptables rules",
EnvVar: "PLUGIN_IPTABLES",
Copy link

@ashwilliams1 ashwilliams1 Nov 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change to PLUGIN_IPTABLES_OFF

Copy link
Author

@sherry-ummen sherry-ummen Nov 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

ashwilliams1
ashwilliams1 reviewed Nov 25, 2020
View reviewed changes
docker.go Outdated
if daemon.Experimental {
args = append(args, "--experimental")
}
if daemon.IPTables {
Copy link

@ashwilliams1 ashwilliams1 Nov 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

need to verify the flag, but if iptables_off: true then we should disable iptables, which would otherwise be enabled by default

if daemon.IPTablesOff {
  args = append(args, "--iptables=false")
}

Copy link
Author

@sherry-ummen sherry-ummen Nov 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@sherry-ummen
Copy link
Author

sherry-ummen commented Dec 2, 2020

builds are failing not due to these changes . but due to the rate limit issue. if someone could still review and approve this

@tboerger
Copy link

tboerger commented Dec 19, 2020

Why the name like iptables off? The flag could be true by default and the flag only gets appended if it's not true.

@TR-SLimey TR-SLimey mentioned this pull request Feb 6, 2021
Closed
bradrydzewski
bradrydzewski reviewed Mar 3, 2021
View reviewed changes
cmd/drone-docker/main.go
Usage: "docker daemon executes in debug mode",
EnvVar: "PLUGIN_DEBUG,DOCKER_LAUNCH_DEBUG",
},
cli.BoolTFlag{
Copy link
Member

@bradrydzewski bradrydzewski Mar 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be Bool instead of BoolT. The BoolT parameter defaults to true if unset, however, in this case I think we want to disable to false and only disable IP tables if the user explicitly sets this value to true

bradrydzewski
bradrydzewski reviewed Mar 3, 2021
View reviewed changes
cmd/drone-docker/main.go
},
cli.BoolTFlag{
Name: "daemon.iptables",
Usage: "docker daemon enable addition of iptables rules",
Copy link
Member

@bradrydzewski bradrydzewski Mar 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also consider changing the description to make it clear that this flag disables iptable rules, instead of enabling

@tphoney
Copy link

tphoney commented Jul 6, 2021

Have you had a look at implementing @bradrydzewski 's suggested changes and rebasing of master.

@andriihrachov
Copy link

andriihrachov commented Jul 6, 2021

Any updates on this? highly needed

@doyard doyard mentioned this pull request Sep 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bradrydzewski bradrydzewski bradrydzewski left review comments

+1 more reviewer

@ashwilliams1 ashwilliams1 ashwilliams1 left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@sherry-ummen @tboerger @tphoney @andriihrachov @bradrydzewski @ashwilliams1