Add an ENV to control ipv6 behavior in the router #15229
Conversation
knobunc
requested review from
imcsk8,
rajatchopra,
smarterclayton and
JacobTanenbaum
|
I am working on adding tests that can inspect the headers. [done] I also need to create a docs PR. I'm not sure about the name of the environment variable. Would it be better to have a variable named "ROUTER_IP_VERSION" and have it take "v4" (the default), "v6", "v4v6"? @openshift/networking PTAL |
|
ROUTER_IP_MODE? Is this a bool or a multiway setting?
On Jul 16, 2017, at 9:24 AM, Ben Bennett <notifications@github.com> wrote:
I am working on adding tests that can inspect the headers. I also need to
create a docs PR.
I'm not sure about the name of the environment variable. Would it be better
to have a variable named "ROUTER_IP_VERSION" and have it take "v4" (the
default), "v6", "v4v6"?
@openshift/networking <https://github.com/orgs/openshift/teams/networking>
PTAL
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#15229 (comment)>,
or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p4rKGl3LDQdFKVxtigVdbGci3FJCks5sOg8YgaJpZM4OZS4K>
.
|
|
[test] |
|
@smarterclayton Right now it is a bool. With the current flag, we always bind IPv4, but allow control of whether to do v4 and v6. When I was putting the PR together I wondered if the semantics of the multi-way are a little more understandable. I'm not sure about ROUTER_IP_MODE... I'll think about it a little, but at the moment it doesn't scream "look here for IPv6 support". |
|
ROUTER_IP_V4_V6_MODE
…On Mon, Jul 17, 2017 at 7:30 AM, Ben Bennett ***@***.***> wrote:
@smarterclayton <https://github.com/smarterclayton> Right now it is a
bool. With the current flag, we always bind IPv4, but allow control of
whether to do v4 and v6. When I was putting the PR together I wondered if
the semantics of the multi-way are a little more understandable.
I'm not sure about ROUTER_IP_MODE... I'll think about it a little, but at
the moment it doesn't scream "look here for IPv6 support".
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#15229 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p4dO-a7fcdxRJj7DjDlpJYnFwQE9ks5sO0XXgaJpZM4OZS4K>
.
|
| {{- else }} | ||
| bind :{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} | ||
| {{- end }} | ||
| {{- if matchPattern "true|TRUE" (env "ROUTER_USE_PROXY_PROTOCOL" "") }} accept-proxy{{ end }} |
There was a problem hiding this comment.
is this indentation intended?
it does not seem to be part of a block
| @@ -199,7 +204,9 @@ frontend public | |||
| # determined by the next backend in the chain which may be an app backend (passthrough termination) or a backend | |||
| # that terminates encryption in this router (edge) | |||
| frontend public_ssl | |||
| bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v4v6 {{ if matchPattern "true|TRUE" (env "ROUTER_USE_PROXY_PROTOCOL" "") }} accept-proxy{{ end }} | |||
| bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} | |||
| {{- if matchPattern "true|TRUE" (env "ROUTER_ALLOW_IPV6" "")}} v4v6 {{ end }} | |||
There was a problem hiding this comment.
This approach is different than the one used for the port 80 in which the if sentence add the whole bind statement and in here it only adds the "v4v6" option to it.
It might be better to keep them consistent
There was a problem hiding this comment.
Whoops! Thanks. I had them both this way before and then realized there was a problem (we needed to lose the :: as well). Then forgot to change both places.
knobunc
force-pushed
the
bug/bz1471255-ipv6-env
branch
3 times, most recently
from
bbc9de8
to
522aa47
Compare
This patch adds an environent variable called ROUTER_IP_V4_V6_MODE which must be set to "v4" (the default), "v6", or "v4v6" to control whether the router to binds to IPv4, IPv6, or both. Note that when set to 'v6' or 'v4v6', the X-Forwarded-For and Forwarded http headers will be in IPv6 form (even when the connection was an IPv4 one, if set to 'v4v6'). Fixes bug 1471255 (https://bugzilla.redhat.com/show_bug.cgi?id=1471255)
knobunc
force-pushed
the
bug/bz1471255-ipv6-env
branch
from
522aa47
to
7821bd5
Compare
|
Added test cases @openshift/networking PTAL |
|
[testextended][extended: networking] |
|
Evaluated for origin testextended up to 7821bd5 |
|
ben, feel free to merge on clean test. |
This patch adds an environent variable called ROUTER_IP_V4_V6_MODE which must be set to "v4" (the default), "v6", or "v4v6" to control whether the router to binds to IPv4, IPv6, or both. Note that when set to 'v6' or 'v4v6', the X-Forwarded-For and Forwarded http headers will be in IPv6 form (even when the connection was an IPv4 one, if set to 'v4v6'). Back-port of openshift#15229 Fixes bug 1472976 (https://bugzilla.redhat.com/show_bug.cgi?id=1472976)
|
[test] last flaked on #15024 |
|
continuous-integration/openshift-jenkins/testextended SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin_extended/882/) (Base Commit: 3bb18b6) (PR Branch Commit: 7821bd5) (Extended Tests: networking) |
|
[test] last flaked on #15337 |
|
[merge] This has passed each test cleanly... just not on the same run. i.e. each run has flaked in different places. |
|
Evaluated for origin merge up to 7821bd5 |
|
[test] flaked on #15351 |
|
Evaluated for origin test up to 7821bd5 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/3354/) (Base Commit: d784563) (PR Branch Commit: 7821bd5) |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin/1330/) (Base Commit: fb4423b) (PR Branch Commit: 7821bd5) (Image: devenv-rhel7_6469) |
This patch adds an environent variable called ROUTER_IP_V4_V6_MODE
which must be set to "v4" (the default), "v6", or "v4v6" to control
whether the router to binds to IPv4, IPv6, or both.
Note that when set to 'v6' or 'v4v6', the X-Forwarded-For and
Forwarded http headers will be in IPv6 form (even when the connection
was an IPv4 one, if set to 'v4v6').
Fixes bug 1471255 (https://bugzilla.redhat.com/show_bug.cgi?id=1471255)