DebCI: avoid LXC connectivity issues with Docker

canonical · Nov 13, 2024 · a99154b · a99154b
1 parent 57795b4
commit a99154b
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.github/workflows/debci.yml b/.github/workflows/debci.yml
@@ -31,14 +31,20 @@ jobs:
         run: |
           sudo add-apt-repository -y -n -s ppa:slyon/netplan-ci
           sudo apt update
+          sudo apt purge docker.io  # FIXME: how is docker enabled on GitHub actions?
+          sudo dpkg -l | grep docker
           sudo apt install debci lxc lxc-templates debian-archive-keyring autopkgtest ubuntu-dev-tools devscripts linux-modules-extra-$(uname -r) #openvswitch-switch
       # See: https://discourse.ubuntu.com/t/containers-lxc/11526 (Apparmor section)
       #      (LP: #1950787, LP: #1998943)
       - name: Preparing autopkgtest-build-lxc
         run: |
           # Fix Docker blocking LXC networking:
           # https://discuss.linuxcontainers.org/t/9953/4
-          sudo iptables -I DOCKER-USER  -j ACCEPT
+          # https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
+          sudo iptables  -I DOCKER-USER  -j ACCEPT
+          # sudo ip6tables -I DOCKER-USER  -j ACCEPT
+          sudo iptables  -I DOCKER-USER  -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+          # sudo ip6tables -I DOCKER-USER  -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
           sudo apparmor_parser -R /etc/apparmor.d/usr.bin.lxc-start
           sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disable/
           echo "lxc.apparmor.profile = unconfined" | sudo tee -a /etc/lxc/default.conf