Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tarantool binds to 0.0.0.0 despite advertise_uri settings #1890

Closed
donatengit opened this issue Aug 23, 2022 · 1 comment · Fixed by #1901
Closed

Tarantool binds to 0.0.0.0 despite advertise_uri settings #1890

donatengit opened this issue Aug 23, 2022 · 1 comment · Fixed by #1901
Assignees
@panticonur

Comments

@donatengit
Copy link

Hi Guys,

Thanks for your work. We have a problem with our cartridge/tarantool setup: tarantool binds both tcp/udp to 0.0.0.0 despite advertise_uri setting in local/instances.lua (ip address changed):

  advertise_uri: 10.31.200.1:3301
  http_port: 8081
  http_host: 10.31.200.1

I've checked opened ports

>> sudo netstat -tulnp | grep 3301
tcp        0      0 0.0.0.0:3301            0.0.0.0:*               LISTEN      1926351/tarantool i

and nc -v some.public.domain 3301 from outer internet

Connection to some.public.domain port 3301 [tcp/*] succeeded!
Tarantool 2.11.0 (Binary) ....

Other than adopting this patch partially, we tried hardcoding bind IP address right in .rocks/share/tarantool/cartridge/confapplier.lua i.e.:
local ok, err = remote_control.bind('10.31.200.1', vars.binary_port)

and got no luck. Even though it logs specified port
no-vshard.master | 2022-08-16 16:26:35.651 [1236913] main/109/remote_control/10.31.200.1:3301 I> started

NB with a specific IP address hardcode in membership.lua for udp it binds properly.

No need to say, I believe, that there is a potential risk to expose all tarantool data to the outer world if for any reason firewall is misconfigured or disabled at some moment. And thus why wouldn't anyone want to have additional protection by forcing db to bind to local interfaces. Any advise?

Versions:

cartridge --version
Tarantool Cartridge CLI
Version: 2.12.1
OS/Arch: linux/amd64
Git commit: af99c20

tarantool --version
Tarantool Enterprise 2.11.0-entrypoint-1-g16694464a-r489-nogc64
Target: Linux-x86_64-RelWithDebInfo
@filonenko-mikhail
Copy link
Contributor

reproduced

panticonur pushed a commit that referenced this issue Sep 7, 2022
issue #1890 Tarantool binds to 0.0.0.0 despite advertise_uri settings
c02b29c
@panticonur panticonur mentioned this issue Sep 7, 2022
Merged
2 tasks
panticonur pushed a commit that referenced this issue Sep 7, 2022
issue #1890 Tarantool binds to 0.0.0.0 despite advertise_uri settings
6076897
DifferentialOrange added a commit to tarantool/grafana-dashboard that referenced this issue Mar 3, 2023
@DifferentialOrange
example-cluster: drop down cluster version
a363194 
After cartridge 2.7.7, you don't bind to 0.0.0.0 by default anymore [1].
In consequence, other containers and host fails to connect with IProto.
Explicit `0.0.0.0` and `127.0.0.1` don't help to fix the issue.

1. tarantool/cartridge#1890
DifferentialOrange added a commit to tarantool/grafana-dashboard that referenced this issue Mar 3, 2023
@DifferentialOrange
example-cluster: drop down cluster version
dd8db84 
After cartridge 2.7.7, you don't bind to 0.0.0.0 by default anymore [1].
In consequence, other containers and host fails to connect with IProto.
Explicit `0.0.0.0` and `127.0.0.1` don't help to fix the issue.

1. tarantool/cartridge#1890
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@panticonur panticonur

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

issue #1890 Tarantool binds to 0.0.0.0 despite advertise_uri settings tarantool/cartridge
3 participants
@filonenko-mikhail @panticonur @donatengit