Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

restrict network ports #272

Merged
merged 4 commits into from
Aug 10, 2022
Merged

Conversation

puckpuck
Copy link
Contributor

@puckpuck puckpuck commented Aug 9, 2022

Fixes #257, #268

Changes

Adds a default docker compose network
Removes host port bindings for all ports that don't require end-user access (service-service)

This may require you to add the --force-recreate to docker compose the first time running this after this change (or delete the demo images from your local system).

docker compose up --force-recreate
  • Appropriate CHANGELOG.md updated for non-trivial changes

@puckpuck puckpuck requested a review from a team August 9, 2022 03:19
@mviitane
Copy link
Member

mviitane commented Aug 9, 2022

I verified for #268, and this part seems to be fixed.

However, when opening the frontend, the page is not loading correctly. I can see:

Uh, oh!
Something has failed. Below are some details for debugging.
HTTP Status: 500 Internal Server Error

could not retrieve currencies
main.(*frontendServer).homeHandler
	/usr/src/app/handlers.go:64
main.instrumentHandler.func1
	/usr/src/app/middleware.go:122
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2047
go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux.traceware.ServeHTTP
	/go/pkg/mod/go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux@v0.29.0/mux.go:145
github.com/gorilla/mux.(*Router).ServeHTTP
	/go/pkg/mod/github.com/gorilla/mux@v1.8.0/mux.go:210
main.(*logHandler).ServeHTTP
	/usr/src/app/middleware.go:96
main.ensureSessionID.func1
	/usr/src/app/middleware.go:150
net/http.HandlerFunc.ServeHTTP
	/usr/local/go/src/net/http/server.go:2047
net/http.serverHandler.ServeHTTP
	/usr/local/go/src/net/http/server.go:2879
net/http.(*conn).serve
	/usr/local/go/src/net/http/server.go:1930
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:1581```

@puckpuck
Copy link
Contributor Author

puckpuck commented Aug 9, 2022

@mviitane did you use the --force-recreate option with docker compose?

@mviitane
Copy link
Member

mviitane commented Aug 9, 2022

@mviitane did you use the --force-recreate option with docker compose?

Yes, I did. It didn't seem to help.

@puckpuck
Copy link
Contributor Author

puckpuck commented Aug 9, 2022

@mviitane, I wonder if the currency service was recreated and attached to the network properly. A couple of things to try and diagnose.

  1. When you do docker compose ps is the currency service running?
  2. If you do a docker network inspect opentelemetry-demo do you see the currency service in the response as attached to the network?

@mviitane
Copy link
Member

mviitane commented Aug 9, 2022

  1. When you do docker compose ps is the currency service running?

No, it seems to be stopped.

$ docker compose ps
NAME                      COMMAND                  SERVICE                 STATUS              PORTS
ad-service                "./build/install/hip…"   adservice               running             0.0.0.0:49283->9555/tcp, :::49283->9555/tcp
cart-service              "./cartservice"          cartservice             running             0.0.0.0:49280->7070/tcp, :::49280->7070/tcp
checkout-service          "./checkoutservice"      checkoutservice         running             0.0.0.0:49287->5050/tcp, :::49287->5050/tcp
currency-service          "/bin/sh -c 'currenc…"   currencyservice         exited (0)          
email-service             "bundle exec ruby em…"   emailservice            running             0.0.0.0:49284->6060/tcp, :::49284->6060/tcp
feature-flag-service      "/app/bin/server"        featureflagservice      running             0.0.0.0:50052->50052-50053/tcp, :::50052->50052-50053/tcp
frontend                  "./frontend"             frontend                running             0.0.0.0:8080->8080/tcp, :::8080->8080/tcp
grafana                   "/run.sh"                grafana                 running             0.0.0.0:3000->3000/tcp, :::3000->3000/tcp
jaeger                    "/go/bin/all-in-one-…"   jaeger                  running             0.0.0.0:49272->14250/tcp, 0.0.0.0:16686->16686/tcp, :::49272->14250/tcp, :::16686->16686/tcp
load-generator            "/bin/sh -c 'locust …"   loadgenerator           running             
otel-col                  "/otelcol-contrib --…"   otelcol                 running             0.0.0.0:49278->4317-4318/tcp, 0.0.0.0:49276->8888/tcp, 0.0.0.0:49275->9464/tcp, :::49278->4317-4318/tcp, :::49276->8888/tcp, :::49275->9464/tcp
payment-service           "node --require ./tr…"   paymentservice          running             0.0.0.0:49285->50051/tcp, :::49285->50051/tcp
postgres                  "docker-entrypoint.s…"   ffs_postgres            running             5432/tcp
product-catalog-service   "./productcatalogser…"   productcatalogservice   running             0.0.0.0:49279->3550/tcp, :::49279->3550/tcp
prometheus                "/bin/prometheus --w…"   prometheus              running             0.0.0.0:9090->9090/tcp, :::9090->9090/tcp
recommendation-service    "opentelemetry-instr…"   recommendationservice   running             0.0.0.0:49286->9001/tcp, :::49286->9001/tcp
redis-cart                "docker-entrypoint.s…"   redis-cart              running             0.0.0.0:49273->6379/tcp, :::49273->6379/tcp
shipping-service          "/shippingservice"       shippingservice         running             0.0.0.0:49281->50050/tcp, :::49281->50050/tcp
  1. If you do a docker network inspect opentelemetry-demo do you see the currency service in the response as attached to the network?

No, the currency service is not visible. The other services are visible.

$ docker network inspect opentelemetry-demo | grep -i currency
$ 

@puckpuck
Copy link
Contributor Author

@mviitane Can you get the logs from the currency service about why it didn't start, and try restarting the service itself?

  • Doing a docker logs currency-service will give you an indication as to why it didn't startup
  • You can restart the container with docker compose restart currencyservice

@mviitane
Copy link
Member

@puckpuck Seems weird, but now it started working. For me, it looks like the rebase done in your hide-ports branch fixed it. Hard to say exactly what caused the problem.

Anyway, we are good to go now.

This was the currency-service log from the failing case:

mviitane@main:~/projects/opentelemetry-demo$ docker logs currency-service
Usage: currencyservice <port> <otlp_endpoint> <resourceAttr>Usage: currencyservice <port> <otlp_endpoint> <resourceAttr>mviitane@main:~/projects/opentelemetry-demo$ 

Copy link
Member

@mviitane mviitane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Verified for #268.

@cartersocha cartersocha merged commit 55d9919 into open-telemetry:main Aug 10, 2022
@puckpuck puckpuck deleted the hide-ports branch August 10, 2022 12:59
jmichalak9 pushed a commit to jmichalak9/opentelemetry-demo that referenced this pull request Mar 22, 2024
* restrict network ports

* restrict network ports
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Port bindings for webstore services
3 participants