From 59d17bf3f4b8e350248af53b7f75d4899dcbf0cf Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 27 Jul 2025 12:49:24 -0500 Subject: [PATCH] r/v-l: Use the host network I don't know what the deal is, but restarting the _victoria-logs_ container makes it lose inbound network connectivity. It appears that the firewall rules that forward the ports to the container's namespace seem to get lost, but I can't figure out why. To fix it, I have to flush the netfilter rules (`nft flush ruleset`) and then restart _firewalld_ and _victoria-logs_ to recreate them. This is rather cumbersome, and since Victoria Logs runs on a dedicated VM, there's really not much advantage to isolating the container's network. --- roles/victoria-logs/templates/victoria-logs.container.j2 | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/victoria-logs/templates/victoria-logs.container.j2 b/roles/victoria-logs/templates/victoria-logs.container.j2 index c280c0e..1d79c0c 100644 --- a/roles/victoria-logs/templates/victoria-logs.container.j2 +++ b/roles/victoria-logs/templates/victoria-logs.container.j2 @@ -16,10 +16,7 @@ NoNewPrivileges=yes ReadOnly=yes ReadOnlyTmpfs=yes AddCapability=CAP_NET_BIND_SERVICE -PublishPort=9428:9428 -{% for portspec in victoria_logs_publish_ports %} -PublishPort={{ portspec }} -{% endfor %} +Network=host HealthCmd=/usr/bin/wget -q -O /dev/null 127.0.0.1:9428/health HealthInterval=1m HealthOnFailure=stop