ci: fix lxd vs docker connectivity issue

Running LXD and Docker on the same host has known connectivity issues. This caused CI failures when transitioning the GitHub action runner images from ubuntu-20.04 to ubuntu-latest. The LXD documentation has a few recommended workarounds[1] and this one is the only one that worked well with GitHub CI. [1] https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
canonical · Feb 20, 2025 · 1099e66 · 1099e66
1 parent a3e9764
commit 1099e66
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/scripts/test-in-lxd.sh b/scripts/test-in-lxd.sh
@@ -21,6 +21,20 @@ TESTER=subiquity-${IMAGE##*:}
 
 lxd init --auto
 
+# If the runner image uses docker, then work around a known connectivity issue
+# when using lxd and docker at the same time.
+# https://discuss.linuxcontainers.org/t/containers-do-not-have-outgoing-internet-access/10844/7
+# https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
+if [ "active" == "$(systemctl is-active docker)" ]
+then
+    iptables  -I DOCKER-USER -i lxdbr0 -j ACCEPT
+    iptables  -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+    # GitHub doesn't use IPV6 (yet?)
+    # ip6tables -I DOCKER-USER -i lxdbr0 -j ACCEPT
+    # ip6tables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+fi
+
+
 if [ -z "$(lxc list -f csv -c n ^${TESTER}\$)" ]
 then
     # using security.nesting=true for LP: #2046486