change machine-config-server port

Change machine-config-server port from 49500 -> 22623 to avoid conflict with local port and node port ranges. Closes machine-config-operator issue: #166
openshift · Feb 5, 2019 · 5ac7ef3 · 5ac7ef3
1 parent da6d45b
commit 5ac7ef3
Show file tree

Hide file tree

Showing 8 changed files with 15 additions and 15 deletions.
diff --git a/data/data/aws/vpc/master-elb.tf b/data/data/aws/vpc/master-elb.tf
@@ -67,7 +67,7 @@ resource "aws_lb_target_group" "api_external" {
 resource "aws_lb_target_group" "services" {
   name     = "${var.cluster_name}-services"
   protocol = "TCP"
-  port     = 49500
+  port     = 22623
   vpc_id   = "${local.vpc_id}"
 
   target_type = "ip"
@@ -78,7 +78,7 @@ resource "aws_lb_target_group" "services" {
     healthy_threshold   = 3
     unhealthy_threshold = 3
     interval            = 10
-    port                = 49500
+    port                = 22623
     protocol            = "HTTPS"
     path                = "/healthz"
   }
@@ -98,7 +98,7 @@ resource "aws_lb_listener" "api_internal_api" {
 resource "aws_lb_listener" "api_internal_services" {
   load_balancer_arn = "${aws_lb.api_internal.arn}"
   protocol          = "TCP"
-  port              = "49500"
+  port              = "22623"
 
   default_action {
     target_group_arn = "${aws_lb_target_group.services.arn}"

diff --git a/data/data/aws/vpc/sg-elb.tf b/data/data/aws/vpc/sg-elb.tf
@@ -32,8 +32,8 @@ resource "aws_security_group_rule" "mcs_ingress" {
 
   protocol    = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
-  from_port   = 49500
-  to_port     = 49500
+  from_port   = 22623
+  to_port     = 22623
 }
 
 resource "aws_security_group" "console" {

diff --git a/data/data/aws/vpc/sg-master.tf b/data/data/aws/vpc/sg-master.tf
@@ -12,8 +12,8 @@ resource "aws_security_group_rule" "master_mcs" {
 
   protocol    = "tcp"
   cidr_blocks = ["0.0.0.0/0"]
-  from_port   = 49500
-  to_port     = 49500
+  from_port   = 22623
+  to_port     = 22623
 }
 
 resource "aws_security_group_rule" "master_egress" {

diff --git a/data/data/openstack/topology/sg-lb.tf b/data/data/openstack/topology/sg-lb.tf
@@ -7,8 +7,8 @@ resource "openstack_networking_secgroup_rule_v2" "api_mcs" {
   direction         = "ingress"
   ethertype         = "IPv4"
   protocol          = "tcp"
-  port_range_min    = 49500
-  port_range_max    = 49500
+  port_range_min    = 22623
+  port_range_max    = 22623
   remote_ip_prefix  = "0.0.0.0/0"
   security_group_id = "${openstack_networking_secgroup_v2.api.id}"
 }

diff --git a/data/data/openstack/topology/sg-master.tf b/data/data/openstack/topology/sg-master.tf
@@ -7,8 +7,8 @@ resource "openstack_networking_secgroup_rule_v2" "master_mcs" {
   direction         = "ingress"
   ethertype         = "IPv4"
   protocol          = "tcp"
-  port_range_min    = 49500
-  port_range_max    = 49500
+  port_range_min    = 22623
+  port_range_max    = 22623
   remote_ip_prefix  = "${var.cidr_block}"
   security_group_id = "${openstack_networking_secgroup_v2.master.id}"
 }

diff --git a/docs/user/customization.md b/docs/user/customization.md
@@ -39,7 +39,7 @@ An example `worker.ign` is shown below. It has been modified to increase the HTT
     "version": "2.2.0",
     "config": {
       "append": [{
-        "source": "https://test-cluster-api.example.com:49500/config/worker"
+        "source": "https://test-cluster-api.example.com:22623/config/worker"
       }]
     },
     "security": {

diff --git a/docs/user/openstack/README.md b/docs/user/openstack/README.md
@@ -140,7 +140,7 @@ intended for initial cluster deployment and not highly available, to an
 external load balancer.
 
 The load balancer must serve ports 6443, 443, and 80 to any users of
-the system.  Port 49500 is for serving ignition startup configurations
+the system.  Port 22623 is for serving ignition startup configurations
 to the OpenShift nodes and should not be reachable outside of the cluster.
 
 The first step is to add floating IPs to all the master nodes:
@@ -211,7 +211,7 @@ Another useful thing to check is that the ignition configurations are
 only available from within the deployment. The following command should
 only succeed from a node in the OpenShift cluster:
 
-* `curl https://<loadbalancer ip>:49500/config/master --insecure`
+* `curl https://<loadbalancer ip>:22623/config/master --insecure`
 
 Now that the DNS and load balancer has been moved, we can take down the existing
 api VM:

diff --git a/pkg/asset/ignition/machine/node.go b/pkg/asset/ignition/machine/node.go
@@ -21,7 +21,7 @@ func pointerIgnitionConfig(installConfig *types.InstallConfig, rootCA []byte, ro
 					Source: func() *url.URL {
 						return &url.URL{
 							Scheme: "https",
-							Host:   fmt.Sprintf("%s-api.%s:49500", installConfig.ObjectMeta.Name, installConfig.BaseDomain),
+							Host:   fmt.Sprintf("%s-api.%s:22623", installConfig.ObjectMeta.Name, installConfig.BaseDomain),
 							Path:   fmt.Sprintf("/config/%s", role),
 						}
 					}().String(),