-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set tcp_be_liberal as part of Minuteman initialization #18
Conversation
We don't own these settings globally / don't own sysctl settings. For AWS / CloudFormation clusters we can / should set these (in a way that is persistent across reboots and the like). The service cannot set them however. |
Why can't we take them over? I don't think that people will actually set this setting based on the documentation, and they'll see issues when they're hairpinning traffic between Docker containers. Given that DC/OS runs on edge systems, and you're typically not using conntrack for any kind of security / hole-punch limiting, it seems like a fairly reasonable, conservative option. The kernel gets confused because it has an earlier conntrack entry for this traffic since it creates one before it gets from the Docker container to the forwarding table. If you think that we should avoid touching this, can you create a PR to set this in the AWS / Cloudformation images, and I'll do the PR so it gets into ACS? |
It sounds like this should be replaced with:
|
+1 |
Thanks for this patch - this solved a number of vexing connection issues from the MySQL driver. |
This also solved my problem with Kibana, it was unable to connect to Elasticsearch. |
[PAAS-242] Fix artifact path
[PAAS-242] Adding deploy stage Fix artifact path (dcos#18) [PAAS-242] Fix artifact path Fix s3upload call (dcos#19) [PAAS-242] Fix s3upload call Add -x to s3upload script for tracing (dcos#20) [PAAS-242] Add -x to s3upload script for tracing Fix s3upload credentials name (dcos#21) [PAAS-242] Fix s3upload credentials name Fix try_fetch methods to use all storage providers defined in yaml (dcos#22) [PAAS-204] Fix try_fetch methods to use all storage providers defined in yaml [PAAS-242] Change version and naming convention (dcos#23) * Change version and naming convention * Add code quality step * Add permissions to code quality script * Fix separator in Makefile Add permissions for public download from s3 (dcos#24)
Bump. from Dcos4windows to comply with dcos master PR
Update master branch from dcos/master
No description provided.