Vsock: Add alternate http/https port in case 80/443 in use

[praveenkumar]

This patch try to solve user issue where port 80 or 443 already in
use and crc start fails by having alternate port 8080 and 8443.

Note: Now user have to add those ports to application routes to access
it. Like https://myapp.apps-crc.testing:8443 or http://myapp.apps-crc.testing:8080

$ ./crc start
[...]
WARN Port 80 is already in use. Going to use 8080

$ curl --unix-socket ~/.crc/crc-http.sock http:/unix/network/services/forwarder/all | jq .
[
  {
    "local": "127.0.0.1:2222",
    "remote": "192.168.127.2:22",
    "protocol": "tcp"
  },
  {
    "local": "127.0.0.1:6443",
    "remote": "192.168.127.2:6443",
    "protocol": "tcp"
  },
  {
    "local": ":443",
    "remote": "192.168.127.2:443",
    "protocol": "tcp"
  },
  {
    "local": ":8080",
    "remote": "192.168.127.2:80",
    "protocol": "tcp"
  }
]

Fixes: Issue #3331

[cfergeau]

Using port %s instead might sound nicer.

[cfergeau]

Is this the very last warning which is printed? Or is this going to be lost in the middle of the startup logs of crc?

[gbraad]

Going to use does not sound conclusive. Assigned %s instead, as use followed by using sounds repetitive.

[praveenkumar]

Is this the very last warning which is printed? Or is this going to be lost in the middle of the startup logs of crc?

@cfergeau It is not the last warning, this is something part of info messages (Since it is warning so should've the WARN and different color)

[cfergeau]

Note: Now user have to add those ports to application routes to access
it. Like https://myapp.apps-crc.testing:8443 or http://myapp.apps-crc.testing:8080

This should be more than a note in the commit log, but part of the warning which is displayed to the user. This also needs to be mentioned in documentation.

[cfergeau]

This could use fmt.Sprintf for consistency with the code before it

[cfergeau]

Fwiw, listening on port 80/443 is a privileged operation on some OS, I don't know if isPortInUse could fail because of this.

[praveenkumar]

Fwiw, listening on port 80/443 is a privileged operation on some OS, I don't know if isPortInUse could fail because of this.

@cfergeau I checked with linux/mac running a python simple http server on port 80 and this is identified by this function.

[cfergeau]

Is this the very last warning which is printed? Or is this going to be lost in the middle of the startup logs of crc?

[cfergeau]

I'd have a preference for not putting http/https together to avoid code duplication.

exposeRequest = append(exposeRequest, requestWithAlternatePort(httpPort, alternateHTTPPort)
exposeRequest = append(exposeRequest, requestWithAlternatePort(httpsPort, alternateHTTPSPort)

[gbraad]

Alternate is not the right wording as that means that either can be assigned consecutively.

[cfergeau]

fallback would work.

[gbraad]

WARN Port 80 is already in use. Going to use 8080

WARN Port 80 is already in use. Assigned 8080 as alternative.

[gbraad]

most common use of alternate is 'every other'. better use alternative

[gbraad]

Wording

[praveenkumar]

Note: Now user have to add those ports to application routes to access
it. Like https://myapp.apps-crc.testing:8443 or http://myapp.apps-crc.testing:8080

This should be more than a note in the commit log, but part of the warning which is displayed to the user. This also needs to be mentioned in documentation.

@cfergeau Now this warning propagated to start. Let me know if we want this change in separate commit (like now) or you want to squash the last 2 commits.

[anjannath]

when a fallback port is chosen for HTTPS then the crc console command won't be giving the correct URL for the console, it'd be nice if crc console knew which port to use

something we can document or need to solve in a follow up pr

[gbraad]

knew which port to use

would need to be stored as part of the machine config as state :-/

[anjannath]

knew which port to use

would need to be stored as part of the machine config as state :-/

we can also get this information from the daemon, listing the exposed ports

[praveenkumar]

knew which port to use

would need to be stored as part of the machine config as state :-/

we can also get this information from the daemon, listing the exposed ports

yes I was going to use this solution but #3331 (comment) need discussion so putting that to hold.

/hold

[praveenkumar]

/unhold

[cfergeau]

Ports to access OpenShift routes?

[cfergeau]

:%d should work?

[cfergeau]

I don't really see the point of carrying this warning string all the way from pkg/crc/machine/vsock.go so that it can be displayed in cmd/crc/cmd/start.go. We could just check if ingress-http-port/ingress-https-port are set to their default values, and print the warning if not?

[praveenkumar]

We could just check if ingress-http-port/ingress-https-port are set to their default values, and print the warning if not?

@cfergeau where you want to check it, in cmd/start.go ? If I do that I can't have it at the end as what we discussed previously so current implementation seemed clean to me.

[cfergeau]

The current implementation prints the message in cmd/start.go and manages to print it at the end, so I don't understand your objection?

[praveenkumar]

The current implementation prints the message in cmd/start.go and manages to print it at the end, so I don't understand your objection?

@cfergeau current implementation works because we carry this warning from pkg/crc/machine/vsock.go or you are saying we just should should check that in pkg/crc/machine/start.go and return from there?

[cfergeau]

If done in pkg/crc/machine/start.go, I'd prefer to see expose it as fallbackHTTPPortInUse bool; fallbackHTTPSPortInUse bool;, and convert this to a warning in cmd/start.go. It's probably fine to not even do that, and check the config in cmd/start.go? Or does it have downsides?

[cfergeau]

... will break OpenShift HTTP routes. In order to access OpenShift applications through HTTP URLs, the %d port must be manually specified, such as http://myapp.apps-crc.testing:%d

[cfergeau]

We need the same warning as in the HTTP case, plus something for the web console. After this change, the OpenShift console will be non-functional because of OpenShift limitations (dunno if it's possible to insert the URL of the web console in this message?)

[praveenkumar]

We need the same warning as in the HTTP case, plus something for the web console. After this change, the OpenShift console will be non-functional because of OpenShift limitations

Sure, that we can do.

dunno if it's possible to insert the URL of the web console in this message?

Not at this moment because web console url is created from bundle metadata side.

[cfergeau]

Consent to use? "Alternative HTTP port to use for OpenShift ingress/routes in case port 80 is already in use on the host" ? But this could be too long.

[praveenkumar]

Yeah I can put it, too long shouldn't be issue if it make more clear message to user.

[cfergeau]

to acces it. like %s .. -> to access it, such as %s://myapp.apps-crc.testing:%s

[cfergeau]

The config warning uses slightly different terminology:

Changes to configuration property '%s' will break OpenShift HTTPS routes.\n"+
		"In order to access OpenShift applications through HTTPS URLs "+
		"the %d port must be manually specified, such as https://myapp.apps-crc.testing:%d\n"

" OpenShift HTTPS routes" and "OpenShift applications through HTTPS URLs" is used rather than "the application route"

Maybe Port %d is used for OpenShift HTTP routes instead of the default. You have to add this port to HTTP URLs when accessing OpenShift application, such as ... ?

[cfergeau]

The in case port xx is already in use on the host is no longer accurate, the defined port will always be used.

[cfergeau]

Do we get any benefits from having FallbackPortWarning in startResult rather than calling portFallbackWarning() here?

[praveenkumar]

If it is not part of result then you will not get it as part of crc start -ojson, in case some other app want to make use of this warning to show then it can be used.

$ crc start -o json
[...]
   "developerCredentials": {
      "username": "developer",
      "password": "developer"
    }
  },
  "fallbackPortWarning": "\nNote: Port 8080 is Assigned.\nYou have to add this port to the application route to access\nit, such as http://myapp.apps-crc.testing:8080\n"
}

[cfergeau]

If we want to expose this in json, this would look more useful than an arbitrary string:

[...]
   "developerCredentials": {
      "username": "developer",
      "password": "developer"
    }
  },
  "alternativeIngressPorts": {
      "http": "8080",
  }
}

[praveenkumar]

What we want to expose is debatable, warning can be useful if the app just need to popup or even show in the terminal. Also this is the same warning what crc start cmd shows. If we just put alternativeIngressPorts then user of it need to put own interpretation/warning around it.

[cfergeau]

In my opinion, a preformatted string is almost never the right thing to have in an API, be it a json struct, a function return value, ... As soon as you need something different from the hardcoded string, you have to add awkward parsing code to get back the original data, and rebuild what you need from it.
One way forward is to not add anything to the json output for now, and to add 'something' when we have clear requirements for it.

[praveenkumar]

@cfergeau Ack, I remove the warn string from json output now.

[cfergeau]

Why is the method called 'Warning' but the string is Note:? :)

[praveenkumar]

@cfergeau I put the Warning instead Note.

[openshift-ci]

@praveenkumar: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-crc	04ce01c	link	true	/test e2e-crc

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[cfergeau]

Warning that the console will be non-functional would be useful here as well. Especially as one message just before the warning is

The server is accessible via web console at:
  {{ .ClusterConfig.WebConsoleURL }}

A follow-up would be to remove this message when the https is overridden.

[gbraad]

Address as a follow-up: #3350

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cfergeau

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [cfergeau]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment