Allow custom ports for services and checks when using driver address_mode

[schmichael]

Fixes #3380

Adds address_mode to checks (but no auto) and allows services and checks
to set literal port numbers when using address_mode=driver.

This allows SDNs, overlays, etc to advertise internal and host addresses
as well as do checks against either.

task_runner.go changes

Fixes a bug found when using fewer mocks in TaskRunner tests: changing only an interpolated variable used in a service or a check wouldn't actually update the service or check.

[schmichael]

Some test binaries for the brave:

old
linux_amd64.zip
windows_amd64.zip

2017-02-06 4:10pm Pacific
linux_amd64.zip

[schmichael]

I ran into a double close panic on the mock driver when testing, so I guarded all of these closes. Not sure why we had never hit it before...

[schmichael]

mock_driver now supports DriverNetwork! I should have added this when I added DriverNetwork originally...

[schmichael]

Removing this use of *mockConsulServiceClient is what exposed the task runner bug.

There's still a few tests that use that mock as they inspect the order of Consul operations which the mock makes very easy.

[schmichael]

Below is the core address resolution logic for both services and checks.

[dadgar]

Remove

[dadgar]

I would add a full example for this and link it to this

[schmichael]

Added a full section at the bottom of that page with a link

[preetapan]

This is hard to read, and I am not sure if the logic is correct. If addressmode is not driver, and the strconv succeeds (if portlabel is an integer), then should it be allowed or should that throw an error? if not, why even do the parsing?

[thetooth]

I have setup a test nomad job but am not getting working health checks:
agent: socket connection failed ':0': dial tcp :0: getsockopt: connection refused

      service {
        name = "poc-server"
        address_mode = "driver"
        port = "6379"
        check {
          type     = "tcp"
          interval = "10s"
          timeout  = "2s"
        }
      }

[preetapan]

Supported in Docker

[preetapan]

I would make each valid option sub items or a table with option/behavior as headings, and 1/2 lines explaining them. I would also start with the default option auto.

[preetapan]

Should this have a check for port > 0 - If some job file misconfiguration leads to someone specifying 0 as the port label, we should not try to use it and fail fast..

[preetapan]

Had some questions and small suggestions to the documentation.

[schmichael]

@thetooth Thanks for testing! Fixed in f4e341e

Since checks inherit the service's port (a numeric port in this case) but do not inherit the address_mode - the numeric port 6379 was being looked as a port label due to the check's default host address mode. I didn't have validation to catch this error and the empty value (0) was being used for the port!

I can see that it's a bit confusing to have port inherited by check but not address_mode, but I think the behavior matches many people's configuration (Consul is running on the host so service checks should be against the host address). Let me know if there's anything other than this validation that could help prevent such errors!

Here's another build:

linux_amd64.zip

[thetooth]

@schmichael Some usability issues:

The following configuration does not work as expected. Since I am not using a port map I tried a deploy without a port label in resources,

      service {
        name = "poc-server"
        address_mode = "driver"
        port = "6379"
        check {
          type     = "tcp"
          interval = "10s"
          timeout  = "2s"
        }
      }
      resources {
        cpu    = 512 # MHz 
        memory = 512 # MB 
        network {
          mbits = 10
        }
      }

The error for this was unable to get address for check "service: \"poc-server\" check": invalid port "6379": port label not found, so then I defined a port label:

          port "redis" {
            static = 6379
          }

Which cased unable to get address for service "poc-server": invalid port "redis": strconv.Atoi: parsing "redis": invalid syntax, finally I changed the port label to the port itself:

          port "6379" {
            static = 6379
          }

This worked and I have working service checks to the docker network(weave mesh) however as I hinted at in my earlier comment, since the port label is used docker has been instructed to publish those ports to localhost: 127.0.0.1:6379->6379/tcp, 127.0.0.1:6379->6379/udp. It would be very useful from a security perspective to not have services exposed to local sessions as an artifact of using health checks.

[preetapan]

Did you see the other comment I had about making each of the modes sub list headers for clarity?

[preetapan]

Change to <=0

[preetapan]

Two small comments, LGTM otherwise

[schmichael]

@thetooth Thanks for testing. The check is inheriting port=6379 from the service but not the service's address mode. This is by design as we want to maintain the old behavior of check.address_mode=host by default.

However, the error you're receiving is entirely unhelpful! The fix is to specify address_mode = "driver" on the check or expose a port via a resource & port map on the host for the check to use. I'll try to update the validation to reflect this.

[schmichael]

Not sure why TestConfig_Listener is failing on Travis, but it passes for me locally. Merging this 😬

--- FAIL: TestConfig_Listener (0.02s)
	config_test.go:524: err: listen tcp 127.0.0.1:24000: bind: address already in use

[github-actions]

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.