-
Notifications
You must be signed in to change notification settings - Fork 413
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
machine-config-server should not listen in the local port range #166
Comments
/cc @crawford |
@squeed Do you have a specific range that we should use? Does OpenShift define a particular range that we can use for internal services? If not, should we define one? |
To clarify, this port is required to serve Ignition configs, and Ignition runs in the initramfs before a node has joined the cluster and can use cluster networking, etc. That said, is there any reason we couldn't just pick a free port dynamically on startup? |
All of the machines in the cluster would have to know what port number they should connect to. If it were dynamically when the MCS started, how would new machines know where to connect? |
Service discovery through |
You just need to change the port. It cannot be in the local port range. Just pick a new number < 32768 |
|
Was glancing at this just for my own edification, it seems like when we change this we need to make a co-ordinated change to the installer: |
For folks blindly searching issues, the current behavior results in logs like:
leading to e2e errors like
Out of band, @crawford said:
|
That can indeed happen, but that's not what happened here. When I filed this bug, there was a clear port conflict with an outgoing connection from the apiserver process to etcd. No amount of waiting would fix the issue The port needs to be moved, or this random failure will continue to happen. |
This issue seems to have come up again seeing in MCS logs in payload promo gate:
From the other logs:
|
Happy to make the changes here and in installer, if someone can let me know what was settled on for the port? |
There wasn't disagreement on 32623. Unless someone had a reason to avoid the port it's a fair change. |
The default node port range is 30000-32767 for kubernetes nodeport services Not sure if that will cause any problems? @squeed |
Hmm yeah, staying outside the default range makes sense to me given that client apps could hardcode a |
|
any objections to 22623? /assign |
Seems like none 😸 |
22623 is fine. |
Transition machine-config-server ports from 49500/49501 -> 22623/22624 to avoid conflict with local port and node port ranges. Listeners added for legacy ports until installer transitions to using the new ports. Closes: openshift#166
The machine-config-operator seems to listen on port 49500 (with
hostNetwork: true
). This is in the defaultip_local_port_range
, which means it can collide with active tcp sessions:It should serve on a port lower than 32768.
For example, I managed to collide with a persistent connection from the apiserver to etcd:
The text was updated successfully, but these errors were encountered: