Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add host preflights for all needed ports #1205

Merged
merged 7 commits into from
Sep 25, 2024
Merged

feat: add host preflights for all needed ports #1205

merged 7 commits into from
Sep 25, 2024

Conversation

ricardomaraschini
Copy link
Member

What this PR does / why we need it:

Checks if all needed ports are available on the server prior to start the installation.

@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 19, 2024
edited
Loading

This PR has been released (on staging) and is available for download with a embedded-cluster-smoke-test-staging-app license ID.

Online Installer:

curl "https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci/appver-dev-9808356" -H "Authorization: $EC_SMOKE_TEST_LICENSE_ID" -o embedded-cluster-smoke-test-staging-app-ci.tgz

Airgap Installer (may take a few minutes before the airgap bundle is built):

curl "https://staging.replicated.app/embedded/embedded-cluster-smoke-test-staging-app/ci-airgap/appver-dev-9808356?airgap=true" -H "Authorization: $EC_SMOKE_TEST_LICENSE_ID" -o embedded-cluster-smoke-test-staging-app-ci.tgz

Happy debugging!

ajp-io
ajp-io reviewed Sep 20, 2024
View reviewed changes
pkg/preflights/host-preflight.yaml Outdated
outcomes:
- fail:
when: "connection-refused"
message: Port 30000/TCP is required, but the connection was refused. This may indicate that the connection is being redirected to somewhere else on your network (perhaps a proxy configuration).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to better understand this one to comment on the wording, but this can be fine for now.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For context: this means that we have been able to start listening on a given port (the port is available) but when we tried to connect to it we failed. This is an IMHO unlikely scenario.

We have discussed this personally and we came to the conclusion that this could be caused by an erroneous proxy configuration but I am not sure this is even possible as we are testing at TCP level, not HTTP. Some iptables rules may cause this though (redirecting traffic somewhere else) but again, unlikely.

pkg/preflights/host-preflight.yaml Outdated
message: Port 30000/TCP is required, but the connection was refused. This may indicate that the connection is being redirected to somewhere else on your network (perhaps a proxy configuration).
- fail:
when: "address-in-use"
message: Port 30000/TCP is required, but another process is already listening on it. Relocate the conflicting process to continue.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we merge Ethan's port relocation changes, we can update this:

Suggested change
message: Port 30000/TCP is required, but another process is already listening on it. Relocate the conflicting process to continue.
message: Port 30000/TCP is required, but another process is already listening on it. To proceed, relocate the conflicting process or specify an available port using --admin-console-port.

pkg/preflights/host-preflight.yaml Outdated
message: Port 50000/TCP is required, but the connection was refused. This may indicate that the connection is being redirected to somewhere else on your network (perhaps a proxy configuration).
- fail:
when: "address-in-use"
message: Port 50000/TCP is required, but another process is already listening on it. Relocate the conflicting process to continue.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we merge Ethan's port relocation changes, we can update this:

Suggested change
message: Port 50000/TCP is required, but another process is already listening on it. Relocate the conflicting process to continue.
message: Port 50000/TCP is required, but another process is already listening on it. To proceed, relocate the conflicting process or specify an available port using --local-artifact-mirror-port.

@ricardomaraschini
feat: add host preflights for all needed ports
507b1dd 
checks if all needed ports are available on the server prior to start
the installation.
@ricardomaraschini
chore: add e2e test for port failures
7d54e53 
make sure preflights are failing if some ports are in use.
@ricardomaraschini ricardomaraschini force-pushed the ricardomaraschini/sc-112082/determine-all-the-ports-that-are-needed-for branch from dda5421 to 4d04007 Compare September 24, 2024 15:43
@ricardomaraschini
feat: auto reboot node on reset
5de9c25 
now we reboot the node after finishing the reset command.
@ricardomaraschini ricardomaraschini force-pushed the ricardomaraschini/sc-112082/determine-all-the-ports-that-are-needed-for branch from 6339d1c to 5de9c25 Compare September 24, 2024 15:57
chris-sanders
chris-sanders reviewed Sep 24, 2024
View reviewed changes
pkg/preflights/host-preflight.yaml
Comment on lines +442 to +444
- fail:
when: "connection-refused"
message: Connection to 2379/TCP was refused. This may indicate that the connection is being redirected to somewhere else on your network (perhaps a proxy configuration).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels really ambiguous. I can't think of a good reason to hit this other than a proxy. Should we just say the connection was refused, ensure your NO_PROXY includes this machines IP address?

Or even that, we're doing ourself now right? Can we even hit this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we do that ourselves now. Maybe a more generic message like "ensure this port is available" would suffice if it's very unlikely this even occurs.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After looking at this again I don't think even an invalid NO_PROXY configuration would cause this to happen. The collector operates at the TCP level. Are we OK with the "Please ensure this port is available" message ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I can make a change

@ricardomaraschini ricardomaraschini mentioned this pull request Sep 25, 2024
Merged
@ricardomaraschini ricardomaraschini merged commit 9150c74 into main Sep 25, 2024
56 checks passed
@ricardomaraschini ricardomaraschini deleted the ricardomaraschini/sc-112082/determine-all-the-ports-that-are-needed-for branch September 25, 2024 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajp-io ajp-io ajp-io left review comments

@chris-sanders chris-sanders chris-sanders left review comments

@emosbaugh emosbaugh emosbaugh left review comments

@laverya laverya laverya approved these changes

Assignees
No one assigned
Labels
type::feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ricardomaraschini @emosbaugh @chris-sanders @laverya @ajp-io