Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bind socat to 127.0.0.1 when using it on OS X #11139

Merged
merged 1 commit into from
Sep 29, 2016
Merged

Bind socat to 127.0.0.1 when using it on OS X #11139

merged 1 commit into from
Sep 29, 2016

Conversation

csrwng
Copy link
Contributor

@csrwng csrwng commented Sep 28, 2016

On OS X using Docker for Mac, it is not possible to access the Docker VM directly via host IP (this is not the case with Windows). The workaround we use in cluster up is to start a socat bridge that will listen on the Mac's local interface and forward traffic to the origin container.

Until now, the socat process has been bound to all interfaces on the Mac. This exposes the OpenShift master endpoint to the external world. It's not the case when using docker-machine because the vm's IP is only accessible to the Mac. This change makes it so the socat process on the Mac will only bind to 127.0.0.1.

The router ip is still based on the default IP of the Mac and routes for applications running on OpenShift on the Mac will still be visible to the outside world.

@csrwng
Copy link
Contributor Author

csrwng commented Sep 28, 2016

@smarterclayton ptal

@csrwng
Copy link
Contributor Author

csrwng commented Sep 28, 2016

also @bparees

@bparees
Copy link
Contributor

bparees commented Sep 28, 2016

lgtm [merge]

@bparees bparees self-assigned this Sep 28, 2016
@openshift-bot
Copy link
Contributor

[Test]ing while waiting on the merge queue

smarterclayton
smarterclayton reviewed Sep 28, 2016
View reviewed changes
pkg/bootstrap/docker/openshift/helper_unix.go
@@ -63,7 +63,7 @@ func (h *Helper) startSocatTunnel() error {
if err != nil {
glog.V(1).Infof("error: cannot kill socat: %v", err)
}
cmd := exec.Command("socat", "TCP-L:8443,reuseaddr,fork,backlog=20", "SYSTEM:\"docker exec -i origin socat - TCP\\:localhost\\:8443,nodelay\"")
cmd := exec.Command("socat", "TCP-L:8443,reuseaddr,fork,backlog=20,bind=127.0.0.1", "SYSTEM:\"docker exec -i origin socat - TCP\\:localhost\\:8443,nodelay\"")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this code path only used in Docker for Mac? If I am on Mac, but pointing to a remote host, will this get called?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it won't get called

@smarterclayton
Copy link
Contributor

Thanks

On Wed, Sep 28, 2016 at 12:21 PM, Cesar Wong [email protected]
wrote:

@csrwng commented on this pull request.

In pkg/bootstrap/docker/openshift/helper_unix.go
#11139:

@@ -63,7 +63,7 @@ func (h *Helper) startSocatTunnel() error {
if err != nil {
glog.V(1).Infof("error: cannot kill socat: %v", err)
}

  • cmd := exec.Command("socat", "TCP-L:8443,reuseaddr,fork,backlog=20", "SYSTEM:"docker exec -i origin socat - TCP:localhost:8443,nodelay"")
  • cmd := exec.Command("socat", "TCP-L:8443,reuseaddr,fork,backlog=20,bind=127.0.0.1", "SYSTEM:"docker exec -i origin socat - TCP:localhost:8443,nodelay"")

it won't get called


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#11139, or mute the thread
https://github.com/notifications/unsubscribe-auth/ABG_p3N5ph7tiCOAWrcQgp8UTzuiBDfpks5qupP0gaJpZM4KI-6y
.

@csrwng
Copy link
Contributor Author

csrwng commented Sep 28, 2016

Flake #11015
[test]

@csrwng
Copy link
Contributor Author

csrwng commented Sep 28, 2016

Flake #11015
[test]

@csrwng
Copy link
Contributor Author

csrwng commented Sep 29, 2016

#11016
[test]
[merge]

@openshift-bot
Copy link
Contributor

Evaluated for origin merge up to 44ef3ad

@openshift-bot
Copy link
Contributor

Evaluated for origin test up to 44ef3ad

@openshift-bot
Copy link
Contributor

openshift-bot commented Sep 29, 2016
edited
Loading

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/9475/) (Image: devenv-rhel7_5101)

@openshift-bot
Copy link
Contributor

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/9475/)

@openshift-bot openshift-bot merged commit 3be1bf4 into openshift:master Sep 29, 2016
@csrwng csrwng mentioned this pull request Sep 29, 2016
Closed
@csrwng csrwng deleted the clusterup_localsocat branch December 21, 2016 20:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smarterclayton smarterclayton smarterclayton left review comments

Assignees

@bparees bparees

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@csrwng @bparees @openshift-bot @smarterclayton