Use bridge network for db container

- Changed the network mode of database container to "bridge" and exposed the service ports. - Use socket file to connect with the database. - Upgrade the backup container image for postgressql. Change-Id: Id5b119f8a474befc3a2cd6e061bbffc4ae5f7bb6
author: Lingxian Kong <anlin.kong@gmail.com> 2021-06-18 11:30:03 +1200
committer: Lingxian Kong <anlin.kong@gmail.com> 2021-06-22 19:10:14 +1200
commit: b050996b9f6df738a0f68ac36a5b5f17f8bb2bc2 (patch)
tree: 13a5124d6ea4b9d13e892601034bc5ac004284dc /releasenotes
parent: 6d2ab68a8aa0406ee6320e778b8e290827c9e730 (diff)
download: trove-b050996b9f6df738a0f68ac36a5b5f17f8bb2bc2.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/releasenotes/notes/xena-container-bridge-network.yaml b/releasenotes/notes/xena-container-bridge-network.yaml
new file mode 100644
index 00000000..b70d370e
--- /dev/null
+++ b/releasenotes/notes/xena-container-bridge-network.yaml
@@ -0,0 +1,14 @@
+---
+security:
+  - |
+    Changed the network mode of database container to "bridge" and exposed the
+    service ports. Cloud operator could adjust the iptables to restrict network
+    access from the database container to the outside. An example::
+
+      iptables -t filter -I DOCKER-USER 1 -d [restricted-network-range] -i docker0 ! -o docker0 -j REJECT
+
+upgrade:
+  - The default value of the trove guest agent config option
+    ``[postgresql] backup_docker_image`` is changed to
+    ``openstacktrove/db-backup-postgresql:1.1.1``. There is nothing to do if
+    the option is not configured explicitly.
author	Lingxian Kong <anlin.kong@gmail.com>	2021-06-18 11:30:03 +1200
committer	Lingxian Kong <anlin.kong@gmail.com>	2021-06-22 19:10:14 +1200
commit	b050996b9f6df738a0f68ac36a5b5f17f8bb2bc2 (patch)
tree	13a5124d6ea4b9d13e892601034bc5ac004284dc /releasenotes
parent	6d2ab68a8aa0406ee6320e778b8e290827c9e730 (diff)
download	trove-b050996b9f6df738a0f68ac36a5b5f17f8bb2bc2.tar.gz