search

crc-org / crc

CRC is a tool to help you run containers. It manages a local OpenShift 4.x cluster, Microshift or a Podman VM optimized for testing and development purposes
https://crc.dev
Apache License 2.0
1.25k stars 236 forks source link

doc: haproxy setup does not work with usermode networking #2664

Open cfergeau opened 3 years ago

cfergeau commented 3 years ago

Steps to reproduce:

The last step fails because haproxy and crc fight to use the same ports:

teuf@ramen:~/crc/crc (installer-wip)$ sudo systemctl start haproxy
Job for haproxy.service failed because the control process exited with error code.
See "systemctl status haproxy.service" and "journalctl -xe" for details.
teuf@ramen:~/crc/crc (installer-wip)$ sudo systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
   Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2021-08-20 11:56:16 CEST; 2s ago
  Process: 302532 ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $OPTIONS (code=exited, status=1/FAILURE)
  Process: 302529 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 302532 (code=exited, status=1/FAILURE)

Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: Starting HAProxy Load Balancer...
Aug 20 11:56:16 ramen.dolet.fergeau.eu haproxy[302532]: [ALERT] 231/115616 (302532) : Starting proxy apps: cannot bind socket [0.0.0.0:80]
Aug 20 11:56:16 ramen.dolet.fergeau.eu haproxy[302532]: [ALERT] 231/115616 (302532) : Starting proxy apps_ssl: cannot bind socket [0.0.0.0:443]
Aug 20 11:56:16 ramen.dolet.fergeau.eu haproxy[302532]: [ALERT] 231/115616 (302532) : Starting proxy api: cannot bind socket [0.0.0.0:6443]
Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: haproxy.service: Main process exited, code=exited, status=1/FAILURE
Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: haproxy.service: Failed with result 'exit-code'.
Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: Failed to start HAProxy Load Balancer.

Not quite sure what to do about this short of switching back to system networking.

cfergeau commented 3 years ago

An alternative is to have crc bind to 0.0.0.0 instead of 127.0.0.1 for its VM ports which removes the need for the haproxy instance.

praveenkumar commented 3 years ago

If we bind it to 0.0.0.0 that means we are going to block these port for any other service to any other interface, as of now we are only binding it to lo interface so a user still able to run other service on same port on different interface right?

cfergeau commented 3 years ago

I see binding to 127.0.0.1 as some kind of isolation feature, keep the VM private to the local machine. I don't know if there was more to this design choice.

cfergeau commented 3 years ago

An alternative is to have crc bind to 0.0.0.0 instead of 127.0.0.1 for its VM ports which removes the need for the haproxy instance.

Actually, the daemon is already binding to 0.0.0.0, see https://github.com/code-ready/crc/issues/2667

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.