You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue was first seen due to failed Puppet runs on a system with strict firewalling, as it uses this library. In bind_random_port, port = random(1024..65535) assumes that the ephemeral port range is 1024..65535. This is almost never the case. e.g. on a modern Linux Redhat-like system, the default range is (32768..60999) but of course can be modified by changing /proc/sys/net/ipv4/ip_local_port_range. This is not limited to being a firewall issue - modern services may bind to ports above 1024, which is especially problematic during eg a puppet run, where this random port selection may be holding open the required port during service configuration. Solution - instead of randomly choosing ports, port = 0 is defined as specifying an unused ephemeral port on at least Linux, FreeBSD, SunOS and Windows - udpsock.bind(bind_host, 0) is sufficient. There should be absolutely no need in the first place to specify a random port, or to keep trying ports until an unused one is discovered, which also does not scale particularly well on systems with heavy network usage.
The text was updated successfully, but these errors were encountered:
This issue was first seen due to failed Puppet runs on a system with strict firewalling, as it uses this library. In
bind_random_port,port = random(1024..65535)assumes that the ephemeral port range is1024..65535. This is almost never the case. e.g. on a modern Linux Redhat-like system, the default range is(32768..60999)but of course can be modified by changing/proc/sys/net/ipv4/ip_local_port_range. This is not limited to being a firewall issue - modern services may bind to ports above 1024, which is especially problematic during eg a puppet run, where this random port selection may be holding open the required port during service configuration. Solution - instead of randomly choosing ports,port = 0is defined as specifying an unused ephemeral port on at least Linux, FreeBSD, SunOS and Windows -udpsock.bind(bind_host, 0)is sufficient. There should be absolutely no need in the first place to specify a random port, or to keep trying ports until an unused one is discovered, which also does not scale particularly well on systems with heavy network usage.The text was updated successfully, but these errors were encountered: