From 7a0ebec54185ef41ac504001232bec968179cfa7 Mon Sep 17 00:00:00 2001 From: Kegan Dougal Date: Wed, 16 Feb 2022 11:29:05 +0000 Subject: [PATCH] Bind HS containers to 127.0.0.1 Otherwise on some machines they can bind to both IPv4 and IPv6 addresses which could cause port confusion. Rather than binding to 0.0.0.0 which we don't need, just bind to 127.0.0.1. --- internal/docker/builder.go | 6 ++++++ internal/docker/deployer.go | 39 ++++++++++++++++++++++++++++--------- 2 files changed, 36 insertions(+), 9 deletions(-) diff --git a/internal/docker/builder.go b/internal/docker/builder.go index 9ca221a4..4f4218c6 100644 --- a/internal/docker/builder.go +++ b/internal/docker/builder.go @@ -440,6 +440,9 @@ func endpoints(p nat.PortMap, csPort, ssPort int) (baseURL, fedBaseURL string, e if !ok { return "", "", fmt.Errorf("port %s not exposed - exposed ports: %v", csapiPort, p) } + if len(csapiPortInfo) == 0 { + return "", "", fmt.Errorf("port %s exposed with not mapped port: %+v", csapiPort, p) + } baseURL = fmt.Sprintf("http://"+HostnameRunningDocker+":%s", csapiPortInfo[0].HostPort) ssapiPort := fmt.Sprintf("%d/tcp", ssPort) @@ -447,6 +450,9 @@ func endpoints(p nat.PortMap, csPort, ssPort int) (baseURL, fedBaseURL string, e if !ok { return "", "", fmt.Errorf("port %s not exposed - exposed ports: %v", ssapiPort, p) } + if len(ssapiPortInfo) == 0 { + return "", "", fmt.Errorf("port %s exposed with not mapped port: %+v", ssapiPort, p) + } fedBaseURL = fmt.Sprintf("https://"+HostnameRunningDocker+":%s", ssapiPortInfo[0].HostPort) return } diff --git a/internal/docker/deployer.go b/internal/docker/deployer.go index 12c72131..e392945b 100644 --- a/internal/docker/deployer.go +++ b/internal/docker/deployer.go @@ -27,6 +27,7 @@ import ( "time" "github.com/docker/docker/client" + "github.com/docker/go-connections/nat" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" @@ -208,8 +209,20 @@ func deployImage( }, }, &container.HostConfig{ PublishAllPorts: true, - ExtraHosts: extraHosts, - Mounts: mounts, + PortBindings: nat.PortMap{ + nat.Port("8008/tcp"): []nat.PortBinding{ + { + HostIP: "127.0.0.1", + }, + }, + nat.Port("8448/tcp"): []nat.PortBinding{ + { + HostIP: "127.0.0.1", + }, + }, + }, + ExtraHosts: extraHosts, + Mounts: mounts, }, &network.NetworkingConfig{ EndpointsConfig: map[string]*network.EndpointSettings{ contextStr: { @@ -263,12 +276,24 @@ func deployImage( if cfg.DebugLoggingEnabled { log.Printf("%s: Started container %s", contextStr, containerID) } + + // We need to hammer the inspect endpoint until the ports show up, they don't appear immediately. var inspect types.ContainerJSON - inspect, err = docker.ContainerInspect(ctx, containerID) + var baseURL, fedBaseURL string + inspectStartTime := time.Now() + for time.Since(inspectStartTime) < time.Second { + inspect, err = docker.ContainerInspect(ctx, containerID) + if err != nil { + return nil, err + } + baseURL, fedBaseURL, err = endpoints(inspect.NetworkSettings.Ports, 8008, 8448) + if err == nil { + break + } + } if err != nil { - return nil, err + return nil, fmt.Errorf("%s : image %s : %w", contextStr, imageID, err) } - for vol := range inspect.Config.Volumes { log.Printf( "WARNING: %s has a named VOLUME %s - volumes can lead to unpredictable behaviour due to "+ @@ -280,10 +305,6 @@ func deployImage( } log.Printf("%s port bindings: %+v", containerName, inspect.NetworkSettings.Ports) - baseURL, fedBaseURL, err := endpoints(inspect.NetworkSettings.Ports, 8008, 8448) - if err != nil { - return nil, fmt.Errorf("%s : image %s : %w", contextStr, imageID, err) - } var lastErr error // Inspect health status of container to check it is up