crc-org
doc: haproxy setup does not work with usermode networking
Steps to reproduce:
- Start a crc cluster using usermode networking
- Create a haproxy.cfg file as described on https://crc.dev/crc/#setting-up-remote-server_gsg (
crc ipis 127.0.0.1) - Run
systemctl start haproxy
The last step fails because haproxy and crc fight to use the same ports:
teuf@ramen:~/crc/crc (installer-wip)$ sudo systemctl start haproxy
Job for haproxy.service failed because the control process exited with error code.
See "systemctl status haproxy.service" and "journalctl -xe" for details.
teuf@ramen:~/crc/crc (installer-wip)$ sudo systemctl status haproxy
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-08-20 11:56:16 CEST; 2s ago
Process: 302532 ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $OPTIONS (code=exited, status=1/FAILURE)
Process: 302529 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 302532 (code=exited, status=1/FAILURE)
Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: Starting HAProxy Load Balancer...
Aug 20 11:56:16 ramen.dolet.fergeau.eu haproxy[302532]: [ALERT] 231/115616 (302532) : Starting proxy apps: cannot bind socket [0.0.0.0:80]
Aug 20 11:56:16 ramen.dolet.fergeau.eu haproxy[302532]: [ALERT] 231/115616 (302532) : Starting proxy apps_ssl: cannot bind socket [0.0.0.0:443]
Aug 20 11:56:16 ramen.dolet.fergeau.eu haproxy[302532]: [ALERT] 231/115616 (302532) : Starting proxy api: cannot bind socket [0.0.0.0:6443]
Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: haproxy.service: Main process exited, code=exited, status=1/FAILURE
Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: haproxy.service: Failed with result 'exit-code'.
Aug 20 11:56:16 ramen.dolet.fergeau.eu systemd[1]: Failed to start HAProxy Load Balancer.
Not quite sure what to do about this short of switching back to system networking.
An alternative is to have crc bind to 0.0.0.0 instead of 127.0.0.1 for its VM ports which removes the need for the haproxy instance.
If we bind it to 0.0.0.0 that means we are going to block these port for any other service to any other interface, as of now we are only binding it to lo interface so a user still able to run other service on same port on different interface right?
I see binding to 127.0.0.1 as some kind of isolation feature, keep the VM private to the local machine. I don't know if there was more to this design choice.
An alternative is to have
crcbind to0.0.0.0instead of127.0.0.1for its VM ports which removes the need for the haproxy instance.
Actually, the daemon is already binding to 0.0.0.0, see https://github.com/code-ready/crc/issues/2667
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.