Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the inspector endpoint to port 5049 when using the reverse proxy #277

Merged
merged 2 commits into from
Jul 5, 2021
Merged

Update the inspector endpoint to port 5049 when using the reverse proxy #277

merged 2 commits into from
Jul 5, 2021

Conversation

namnx228
Copy link
Member

@namnx228 namnx228 commented Jun 15, 2021
edited
Loading

When using httpd as the reverse proxy for ironic inspector, the httpd server will listen at 5050, and forward the traffic to port 5049. For that reason, we need to set the ironic inspector endpoint to this port. Otherwise, the traffic between ironic inspector and other components are not encrypted.
Also, this PR solves a problem with non-proxy case. Currently, if TLS is enabled, but we don't use the reverse proxy, it can cause problem. This PR solves that.

@metal3-io-bot metal3-io-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jun 15, 2021
@namnx228
Copy link
Member Author

/assign @dtantsur
/cc @elfosardo
/cc @kashifest
/cc @smoshiur1237
/test-integration
/test-centos-integration

@smoshiur1237
Copy link
Member

/test-centos-integration

@kashifest
Copy link
Member

Would this require change in dev-env and bmo as well??

Note that, in each of the repo there are multiple places where you need to change it if you need to

@smoshiur1237
Copy link
Member

smoshiur1237 commented Jun 15, 2021
edited
Loading

Would this require change in dev-env and bmo as well??

Note that, in each of the repo there are multiple places where you need to change it if you need to

I think we don't need, as reverse proxy(5050) will communicate with ironic-inspector(5049), in that case when metal3 or bmo call ironic-inspector the communication goes via reverse proxy(5050).

@namnx228
Copy link
Member Author

Would this require change in dev-env and bmo as well??
Note that, in each of the repo there are multiple places where you need to change it if you need to

I think we don't need, as reverse proxy(5050) will communicate with ironic-inspector(5049), in that case when metal3 or bmo call ironic-inspector the communication goes via reverse proxy(5050).

@kashifest Moshiur is right, we don't need to change anywhere else.

@elfosardo
Copy link
Member

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Jun 16, 2021
@dtantsur
Copy link
Member

Will this work if reverse proxy is not used?

@namnx228
Copy link
Member Author

Will this work if reverse proxy is not used?

Good question. Now it doesn't work if the reverse proxy is not used. I will update the PR to make it work.

@namnx228
Copy link
Member Author

Will this work if reverse proxy is not used?

Good question. Now it doesn't work if the reverse proxy is not used. I will update the PR to make it work.

@dtantsur I plan to open another PR to make it works with the reverse proxy soon since there is a couple of things needed to be done there. This PR is more like a bug fix because now the ironic-inspector and the reverse proxy are trying to open the same port 5050, so occasionally ironic-inspector crashes and the CI test fails. How do you think?

@metal3-io-bot metal3-io-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jun 17, 2021
@dtantsur
Copy link
Member

I mean, you're pretty much breaking the non-proxied case, no? We cannot fix bugs by introducing more bugs.

Maybe we're ready to drop the non-proxied case - then we should do it explicitly.

@namnx228
Copy link
Member Author

/test-integration
/test-centos-integration

@metal3-io-bot metal3-io-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 21, 2021
@namnx228 namnx228 changed the title Update the inspector endpoint to port 5049 when using the reverse proxy WIP: Update the inspector endpoint to port 5049 when using the reverse proxy Jun 21, 2021
@metal3-io-bot metal3-io-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 21, 2021
@namnx228 namnx228 changed the title WIP: Update the inspector endpoint to port 5049 when using the reverse proxy Update the inspector endpoint to port 5049 when using the reverse proxy Jun 21, 2021
@metal3-io-bot metal3-io-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 21, 2021
@namnx228
Copy link
Member Author

/test-integration
/test-centos-integration

@namnx228
Copy link
Member Author

I mean, you're pretty much breaking the non-proxied case, no? We cannot fix bugs by introducing more bugs.

Maybe we're ready to drop the non-proxied case - then we should do it explicitly.

I think we should support the non-proxy case since someone may not want to use it. I have pushed another commit to this PR to solve the problem with non-proxy case. Since there are two different problems solved by this PR, I guess we should have two commits. I will update the description of the Pr. Please take a look again. Thanks.

@namnx228 namnx228 mentioned this pull request Jun 21, 2021
Closed
@dtantsur
Copy link
Member

/approve

@metal3-io-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dtantsur

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 30, 2021
@elfosardo
Copy link
Member

/lgtm

@metal3-io-bot metal3-io-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 5, 2021
@metal3-io-bot metal3-io-bot merged commit 865944b into metal3-io:master Jul 5, 2021
elfosardo pushed a commit to elfosardo/ironic-image that referenced this pull request May 31, 2022
@openshift-merge-robot
Merge pull request metal3-io#277 from rhjanders/etag-backport-4.9
8a0cb17 
Bug 2088319: Backport weak eTag handling fix to OpenShift 4.9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elfosardo elfosardo Awaiting requested review from elfosardo

@kashifest kashifest Awaiting requested review from kashifest

@smoshiur1237 smoshiur1237 Awaiting requested review from smoshiur1237

Assignees

@dtantsur dtantsur

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@namnx228 @smoshiur1237 @kashifest @elfosardo @dtantsur @metal3-io-bot