-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add an ENV to control ipv6 behavior in the router #15229
Add an ENV to control ipv6 behavior in the router #15229
Conversation
I am working on adding tests that can inspect the headers. [done] I also need to create a docs PR. I'm not sure about the name of the environment variable. Would it be better to have a variable named "ROUTER_IP_VERSION" and have it take "v4" (the default), "v6", "v4v6"? @openshift/networking PTAL |
ROUTER_IP_MODE? Is this a bool or a multiway setting?
On Jul 16, 2017, at 9:24 AM, Ben Bennett <notifications@github.com> wrote:
I am working on adding tests that can inspect the headers. I also need to
create a docs PR.
I'm not sure about the name of the environment variable. Would it be better
to have a variable named "ROUTER_IP_VERSION" and have it take "v4" (the
default), "v6", "v4v6"?
@openshift/networking <https://github.com/orgs/openshift/teams/networking>
PTAL
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub
<#15229 (comment)>,
or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p4rKGl3LDQdFKVxtigVdbGci3FJCks5sOg8YgaJpZM4OZS4K>
.
|
[test] |
@smarterclayton Right now it is a bool. With the current flag, we always bind IPv4, but allow control of whether to do v4 and v6. When I was putting the PR together I wondered if the semantics of the multi-way are a little more understandable. I'm not sure about ROUTER_IP_MODE... I'll think about it a little, but at the moment it doesn't scream "look here for IPv6 support". |
ROUTER_IP_V4_V6_MODE
…On Mon, Jul 17, 2017 at 7:30 AM, Ben Bennett ***@***.***> wrote:
@smarterclayton <https://github.com/smarterclayton> Right now it is a
bool. With the current flag, we always bind IPv4, but allow control of
whether to do v4 and v6. When I was putting the PR together I wondered if
the semantics of the multi-way are a little more understandable.
I'm not sure about ROUTER_IP_MODE... I'll think about it a little, but at
the moment it doesn't scream "look here for IPv6 support".
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#15229 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p4dO-a7fcdxRJj7DjDlpJYnFwQE9ks5sO0XXgaJpZM4OZS4K>
.
|
{{- else }} | ||
bind :{{env "ROUTER_SERVICE_HTTP_PORT" "80"}} | ||
{{- end }} | ||
{{- if matchPattern "true|TRUE" (env "ROUTER_USE_PROXY_PROTOCOL" "") }} accept-proxy{{ end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this indentation intended?
it does not seem to be part of a block
@@ -199,7 +204,9 @@ frontend public | |||
# determined by the next backend in the chain which may be an app backend (passthrough termination) or a backend | |||
# that terminates encryption in this router (edge) | |||
frontend public_ssl | |||
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} v4v6 {{ if matchPattern "true|TRUE" (env "ROUTER_USE_PROXY_PROTOCOL" "") }} accept-proxy{{ end }} | |||
bind :::{{env "ROUTER_SERVICE_HTTPS_PORT" "443"}} | |||
{{- if matchPattern "true|TRUE" (env "ROUTER_ALLOW_IPV6" "")}} v4v6 {{ end }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This approach is different than the one used for the port 80 in which the if sentence add the whole bind statement and in here it only adds the "v4v6" option to it.
It might be better to keep them consistent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whoops! Thanks. I had them both this way before and then realized there was a problem (we needed to lose the :: as well). Then forgot to change both places.
bbc9de8
to
522aa47
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to ROUTER_IP_V4_V6_MODE
Rest looks fine.
This patch adds an environent variable called ROUTER_IP_V4_V6_MODE which must be set to "v4" (the default), "v6", or "v4v6" to control whether the router to binds to IPv4, IPv6, or both. Note that when set to 'v6' or 'v4v6', the X-Forwarded-For and Forwarded http headers will be in IPv6 form (even when the connection was an IPv4 one, if set to 'v4v6'). Fixes bug 1471255 (https://bugzilla.redhat.com/show_bug.cgi?id=1471255)
522aa47
to
7821bd5
Compare
Added test cases @openshift/networking PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to ROUTER_IP_V4_V6_MODE
Are you thinking of a command line option?
LGTM
[testextended][extended: networking] |
Evaluated for origin testextended up to 7821bd5 |
ben, feel free to merge on clean test. |
This patch adds an environent variable called ROUTER_IP_V4_V6_MODE which must be set to "v4" (the default), "v6", or "v4v6" to control whether the router to binds to IPv4, IPv6, or both. Note that when set to 'v6' or 'v4v6', the X-Forwarded-For and Forwarded http headers will be in IPv6 form (even when the connection was an IPv4 one, if set to 'v4v6'). Back-port of openshift#15229 Fixes bug 1472976 (https://bugzilla.redhat.com/show_bug.cgi?id=1472976)
[test] last flaked on #15024 |
continuous-integration/openshift-jenkins/testextended SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin_extended/882/) (Base Commit: 3bb18b6) (PR Branch Commit: 7821bd5) (Extended Tests: networking) |
[test] last flaked on #15337 |
[merge] This has passed each test cleanly... just not on the same run. i.e. each run has flaked in different places. |
Evaluated for origin merge up to 7821bd5 |
[test] flaked on #15351 |
Evaluated for origin test up to 7821bd5 |
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_request_origin/3354/) (Base Commit: d784563) (PR Branch Commit: 7821bd5) |
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/merge_pull_request_origin/1330/) (Base Commit: fb4423b) (PR Branch Commit: 7821bd5) (Image: devenv-rhel7_6469) |
This patch adds an environent variable called ROUTER_IP_V4_V6_MODE
which must be set to "v4" (the default), "v6", or "v4v6" to control
whether the router to binds to IPv4, IPv6, or both.
Note that when set to 'v6' or 'v4v6', the X-Forwarded-For and
Forwarded http headers will be in IPv6 form (even when the connection
was an IPv4 one, if set to 'v4v6').
Fixes bug 1471255 (https://bugzilla.redhat.com/show_bug.cgi?id=1471255)