Tag Archives: #CentOS

More changes at simulakrum.org

Simulakrum moved from OpenBSD’s OpenLDAP 2.3 to a fancy CentOS’ 389 DirectoryServer. Let me know if your account is not working.

Password manager is upgraded to a recent snapshot of 1.8, and there is no more a possibility of self-served adding to the LDAP.

Owncloud moved from ownCloud 8 on Fedora 22 to Owncloud 9 on CentOS 7. Let me know if there are things missing.

Enjoy

Docker behind firewalld

Running Docker containers behind a firewalld can be a routing nightmare. I had to use CentOS 7 docker images on a customised CentOS 7 host, and the situation turned into an incompatibility fest pretty soon after I figured out the followng:

  • CentOS host came with no firewall, and systemctl listed dbus-org.fedoraproject.FirewallD1.service,
  • Dockerised CentOS containers have no systemd,
  • Docker’s internal routing isn’t exactly the shiniest piece of documentation on Docker,
  • IPTables-services and firewalld shouldn’t work simultaneously, and usage of IPTables-services is strongly discouraged on new hats, in favour of new the interface – firewalld,
  • Docker’s daemon uses own interface to write to Netfilter, that can be clearly visible by an “iptables -L” inspection,
  • Docker (apparently) creates random RFC1918 addresses for new containers,
  • Docker assigns two IPs for each container regardless of the third IP you might call for on the command line during “docker run…”.

Fun, eh?

After a trillion of attempts, here is the most sane and simple solution I have come by for now: Continue reading