[ARVADOS] updated: 2.1.0-793-g5aa4fc745
git at public.arvados.org
Mon May 17 16:17:29 UTC 2021
Summary of changes:
doc/install/container-shell-access.html.textile.liquid | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
via 5aa4fc745af335240a3782146dc0f6fcd93346ba (commit)
from 6fa1fbd935fd665494ea87716aef901144d14479 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
Author: Ward Vandewege <ward at curii.com>
Date: Mon May 17 12:17:07 2021 -0400
17668: one more tweak to the firewall rule description for this feature.
Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward at curii.com>
diff --git a/doc/install/container-shell-access.html.textile.liquid b/doc/install/container-shell-access.html.textile.liquid
index e011a1c4d..e60382ca3 100644
@@ -37,7 +37,7 @@ The relevant configuration section is
-To enable the feature a firewall change may also be required. Traffic from the machine that runs @arvados-controller@ to the compute nodes in the port range above 1024 must be allowed.
+To enable the feature a firewall change may also be required. This feature requires the opening of tcp connections from @arvados-controller@ to the range specified in the @net.ipv4.ip_local_port_range@ sysctl on compute nodes. If that range is unknown or hard to determine, it will be sufficient to allow tcp connections from @arvados-controller@ to port 1024-65535 on compute nodes, while allowing traffic that is part of existing tcp connections.
After changing the configuration, @arvados-controller@ must be restarted for the change to take effect. When enabling, shell access will be enabled for any running containers. When disabling, access is removed immediately for any running containers, as well as any containers started subsequently. Restarting @arvados-controller@ will kill any active connections.
More information about the arvados-commits