Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pre Checks that the port required for MetalK8s deployment or expansion are not in use #3092

Closed
thomasdanan opened this issue Feb 8, 2021 · 4 comments · Fixed by #3163
Closed

Pre Checks that the port required for MetalK8s deployment or expansion are not in use #3092

thomasdanan opened this issue Feb 8, 2021 · 4 comments · Fixed by #3163
Assignees
@TeddyAndrieux
Labels
complexity:medium Something that requires one or few days to fix priority:high High priority issues, should be worked on ASAP (after urgent issues), not postponed severity:medium Medium impact (usability) on live deployments topic:deployment Bugs in or enhancements to deployment stages topic:operations Operations-related issues
Milestone
MetalK8s 2.8.0

Comments

@thomasdanan
Copy link
Contributor

thomasdanan commented Feb 8, 2021
edited by TeddyAndrieux
Loading

Component:

'install', 'expansion'

Why this is needed:

When deploying MetalK8s or expanding the cluster, we are assuming that all MetalK8s services will be able to listen on a pre-defined port number. Since we are not in control of how the OS is deployed and configured, some services mail fail to start because the port is already in use.

What should be done:

When installing the bootstrap node or when adding a new node to the cluster we should first check the following ports are not already used.

Bootstrap node ports:

<control plane>:4505: Salt-master publisher
<control plane>:4506: Salt-master request server
<control plane>:4507: Salt API
<control plane>:8080: repository/registry
<control plane>:8443: nginx ingress control plane

Master nodes ports:

<ALL>:6443: apiserver
127.0.0.1:7080: apiserver proxy health check
127.0.0.1:7443: apiserver proxy
<control plane>:10257: kube-controller-manager secure port
<control plane>:10259: kube-scheduler secure port

Etcd nodes ports:

<control plane> AND 127.0.0.1:2379: etcd client traffic
<control plane>:2380: etcd peer traffic
<control plane> AND 127.0.0.1:2381: etcd metrics

All nodes:

127.0.0.1:9099: calico node rediness probe
<ALL>:9100: Node exporter
127.0.0.1:10248: kubelet health check
<ALL>:10249: kube-proxy metrics
<control plane>:10250: kubelet
<ALL>:10256: kube-proxy health check

This list should be exhaustive. As part of this ticket, a simple test should be implemented to make sure this list of port is exhaustive (basically checking all listening ports on a MetalK8s node)

This should be in line with the list of ports we need to document: #264

Implementation proposal (strongly recommended):

Test plan:
@thomasdanan thomasdanan added topic:operations Operations-related issues topic:deployment Bugs in or enhancements to deployment stages priority:high High priority issues, should be worked on ASAP (after urgent issues), not postponed severity:medium Medium impact (usability) on live deployments labels Feb 8, 2021
@NicolasT
Copy link
Contributor

We should check for them to be available, but does it make sense to document sockets bound to localhost only?

@TeddyAndrieux
Copy link
Collaborator

TeddyAndrieux commented Feb 10, 2021
edited
Loading

We should check for them to be available, but does it make sense to document sockets bound to localhost only?

To me, we want the full list of ports used so that users can make sure prior to installation that all these ports are free

@TeddyAndrieux
Copy link
Collaborator

TeddyAndrieux commented Feb 10, 2021
edited
Loading

But maybe we'll want something else in the documentation (probably some sort of graph) to represent various communications between nodes for firewalls configurations

@NicolasT
Copy link
Contributor

We should check for them to be available, but does it make sense to document sockets bound to localhost only?

To me, we want the full list of ports used so that users can make sure prior to installation that all these ports are free

Agree, never mind my previous comment then 😄

@TeddyAndrieux TeddyAndrieux self-assigned this Feb 15, 2021
@TeddyAndrieux TeddyAndrieux added the complexity:medium Something that requires one or few days to fix label Feb 15, 2021
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
salt: Add a module function to list listening process
d6dbc06 
Add a simple salt function that use `psutil` to list all listening
processes on every ports

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
3e08808 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
5c73e60 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
e4c8abe 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
7e745a3 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
salt: Add a module function to list listening process
dec0fa3 
Add a simple salt function that use `psutil` to list all listening
processes on every ports

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
3f5ce52 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
d5748ed 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
85f84a7 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 2, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
8f6aa56 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
@TeddyAndrieux TeddyAndrieux mentioned this issue Mar 2, 2021
Merged
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to list listening process
2cf4cd5 
Add a simple salt function that use `psutil` to list all listening
processes on every ports

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
f03a291 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
d890222 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
50acb92 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
bbac6fb 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
4f0d6e9 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
13aa553 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
175c98a 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
6f01cf3 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
6e91fae 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
82627ea 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
712b7f7 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
0cd6a54 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
0f45857 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
00e53a4 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
2bd2b4a 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
2a1518c 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to list listening process
0207966 
Add a simple salt function that use `psutil` to list all listening
processes on every ports

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
51e9681 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
94dd073 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
776e7dd 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to list listening process
659f320 
Add a simple salt function that use `psutil` to list all listening
processes on every ports

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
5d3e372 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
79e7c2b 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
18c0271 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
96d972f 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
e14e198 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 3, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
0c8027d 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 4, 2021
@TeddyAndrieux
salt: Add a module function to list listening process
3782e6d 
Add a simple salt function that use `psutil` to list all listening
processes on every ports

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 4, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
982c490 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 4, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
7967a0b 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 4, 2021
@TeddyAndrieux
salt: Add all listening ports as part of listening process check
35450c8 
Check for all MetalK8s listening processes in `metalk8s_checks.ports`
function

Fixes: #3092
TeddyAndrieux added a commit that referenced this issue Mar 9, 2021
@TeddyAndrieux
salt: Add a module function to list listening process
4ed109a 
Add a simple salt function that use `psutil` to list all listening
processes on every ports

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 9, 2021
@TeddyAndrieux
salt: Add a module function to check available Ports
fabd759 
Add a module that use `metalk8s_network.get_listening_processes` to
check listening connection on the local node and check that running
process match what is expected by MetalK8s

Sees: #3092
TeddyAndrieux added a commit that referenced this issue Mar 9, 2021
@TeddyAndrieux
tests: Add a check for exhaustive list of listening processes
99f1ed3 
Add a check in CI to make sure the listening processes list we check in
MetalK8s is exhaustif with everything running on the platform.

NOTE: This check is supposed to run on specific environment that only
have a small list of listening processes other than MetalK8s ones

Sees: #3092
@TeddyAndrieux TeddyAndrieux linked a pull request Mar 9, 2021 that will close this issue
Exhaustive check for listening processes #3163
Merged
@TeddyAndrieux TeddyAndrieux added this to the MetalK8s 2.8.0 milestone Mar 9, 2021
@bert-e bert-e closed this as completed in fc97119 Mar 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TeddyAndrieux TeddyAndrieux

Labels
complexity:medium Something that requires one or few days to fix priority:high High priority issues, should be worked on ASAP (after urgent issues), not postponed severity:medium Medium impact (usability) on live deployments topic:deployment Bugs in or enhancements to deployment stages topic:operations Operations-related issues
Projects
None yet
Milestone
MetalK8s 2.8.0
Development

Successfully merging a pull request may close this issue.

Exhaustive check for listening processes scality/metalk8s
3 participants
@NicolasT @thomasdanan @TeddyAndrieux