diff options
author | Lingxian Kong <anlin.kong@gmail.com> | 2021-06-18 11:30:03 +1200 |
---|---|---|
committer | Lingxian Kong <anlin.kong@gmail.com> | 2021-06-22 19:10:14 +1200 |
commit | b050996b9f6df738a0f68ac36a5b5f17f8bb2bc2 (patch) | |
tree | 13a5124d6ea4b9d13e892601034bc5ac004284dc /releasenotes | |
parent | 6d2ab68a8aa0406ee6320e778b8e290827c9e730 (diff) | |
download | trove-b050996b9f6df738a0f68ac36a5b5f17f8bb2bc2.tar.gz |
Use bridge network for db container
- Changed the network mode of database container to "bridge" and exposed
the service ports.
- Use socket file to connect with the database.
- Upgrade the backup container image for postgressql.
Change-Id: Id5b119f8a474befc3a2cd6e061bbffc4ae5f7bb6
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/xena-container-bridge-network.yaml | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/releasenotes/notes/xena-container-bridge-network.yaml b/releasenotes/notes/xena-container-bridge-network.yaml new file mode 100644 index 00000000..b70d370e --- /dev/null +++ b/releasenotes/notes/xena-container-bridge-network.yaml @@ -0,0 +1,14 @@ +--- +security: + - | + Changed the network mode of database container to "bridge" and exposed the + service ports. Cloud operator could adjust the iptables to restrict network + access from the database container to the outside. An example:: + + iptables -t filter -I DOCKER-USER 1 -d [restricted-network-range] -i docker0 ! -o docker0 -j REJECT + +upgrade: + - The default value of the trove guest agent config option + ``[postgresql] backup_docker_image`` is changed to + ``openstacktrove/db-backup-postgresql:1.1.1``. There is nothing to do if + the option is not configured explicitly. |