From fd9dcd065afea6daafccebe32819c2a247d4efd7 Mon Sep 17 00:00:00 2001 From: Johannes Zellner Date: Tue, 5 Jan 2016 21:11:41 +0100 Subject: [PATCH] Bring back the sleep 10 to wait for docker's iptable rules See comment in code for further details --- images/initializeBaseUbuntuImage.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/images/initializeBaseUbuntuImage.sh b/images/initializeBaseUbuntuImage.sh index 9ac41d456..9be9a8ba1 100755 --- a/images/initializeBaseUbuntuImage.sh +++ b/images/initializeBaseUbuntuImage.sh @@ -127,11 +127,14 @@ mkfs.btrfs -L UserHome "${USER_DATA_FILE}" echo "${USER_DATA_FILE} ${USER_DATA_DIR} btrfs loop,nosuid 0 0" >> /etc/fstab mkdir -p "${USER_DATA_DIR}" && mount "${USER_DATA_FILE}" -# give docker sometime to start up and create iptables rules systemctl daemon-reload systemctl enable docker systemctl start docker +# give docker sometime to start up and create iptables rules +# those rules come in after docker has started, and we want to wait for them to be sure iptables-save has all of them +sleep 10 + # Disable forwarding to metadata route from containers iptables -I FORWARD -d 169.254.169.254 -j DROP