Add property machine.docker.local_node_host.external

[l0rd]

What does this PR do?

Introduce a new property, machine.docker.local_node_host.external (along with the environment variable CHE_DOCKER_MACHINE_HOST_EXTERNAL), that allow to configure the external URL browsers need to use to connect with containers that are not directly pingable. This happens for example with Docker for Mac.

machine.docker.local_node_host.external=localhost

When this property is set the browser will use it to connect to the containers. Note that the wsmaster won't use that value to connect to the containers.

If this property is not set Che behaves as before.

This PR introduce a change to the API: Server class has a couple of new attributes: internalUrl and internalAddress. On the other there no particular change is needed client side and all clients will benefit of this change.

"servers": {
      "4401/tcp": {
                "url": "http://localhost:32906/wsagent/ext", 
                "internalUrl": "http://192.168.65.2:32906/wsagent/ext", 
                "address": "localhost:32906",
                "internalAddress": "192.168.65.2:32906",
                "path": "/wsagent/ext",
                "protocol": "http",
                "ref": "wsagent"
     }
}

This PR takes into account some feedbacks from PR #2004:

• There are no changes on client side
• Works on configurations where the wsagent and docker containers are on different hosts

I will not close PR #2004. I want to continue the work to integrate Traefik in the che-launcher there. But traefik/traefik#444 should be fixed first.

What issues does this PR fix or reference?

#1644

Previous behavior

Running Che on Docker for Mac required some networking hacking

New behavior

Remove the need for the networking hack when running Che on Docker for Mac and make running Che as simple as docker run -v /var/run/docker.sock:/var/run/docker.sock codenvy/che-launcher start on all platforms.

PR type

• Minor change = no change to existing features or docs
• Major change = changes existing features or docs

Minor change checklist

• New API required?
• API updated
• Tests updated
• Tests passed

[codenvy-ci]

Can one of the admins verify this patch?

[TylerJewell]

Nice work! Excited to have this get into master. I reviewed the changes for the che-launcher and they all look good.

[TylerJewell]

@garagatyi - this resolves a big inconvenience that users have with Docker for Mac. This eliminates a painful setup of the loopback alias on Macs. Your +1 here will be helpful.

[garagatyi]

In my opinion changing API for that workaround is not a good way to go. It will add pain sooner or later.
I've just figured out that we can try to play with IPTables in Che container.
For example we can try to redirect traffic inside of Che container from 32000-xxxxx to IP of xhyve machine. And let expose machines ports as localhost. In that case browser will be able to connect to machines on localhost and Che-server will use localhost also. But IPTables rules in che-server container will forward all traffic to another IP.
As I understand we can do that even after start of che-server, so we will be able to do that in che launcher and not change base che-server which works fine in all cases except che in container on mac.
Here is an example that I googled:
iptables -t nat -A OUTPUT -i lo -p tcp --dport 32000:65000 -j DNAT --to <IP OF XHYVE>:32000-65000
But I didn't try it and have no experience with IPTables, so not sure that I found correct (and complete) set of rules for out case.

[l0rd]

@garagatyi can you please be more specific? Where do you want to run this iptable command: OSX, xyve VM, che-server container, agent container? What do you mean when you say "let expose machines ports as localhost"?

[garagatyi]

Add iptables rules in che-server container.

Configure che-server in such a way that localhost is host in servers provided by Che API.
I think we just should not set CHE_DOCKER_MACHINE_HOST variable to achieve that.

So all traffic from che-server container to localhost with ports 32000-xxxxx will go through IPTables redirection to IP of xhyve where ports of all containers are available.

[l0rd]

Ok thanks for clarifying @garagatyi. I understand now. It's a smart solution :-) I will test that tomorrow.

[l0rd]

Bingo! I've struggled to apply the IP tables rules but I've finally found the following command that work if executed inside che-sever container!

apk update
apk install iptables
sysctl -w net.ipv4.conf.eth0.route_localnet=1
iptables -t nat -A OUTPUT -p tcp -d localhost -o lo --dport 32000:65000 -j DNAT --to ${XHYVE_VM_IP}:32000-65000
iptables -t nat -A POSTROUTING -o eth0 -m addrtype --src-type LOCAL --dst-type UNICAST -j MASQUERADE

[l0rd]

I've created a new PR to address the Docker for Mac problem: eclipse-che/che-dockerfiles#12

@garagatyi I will let you choose which one of these 2 PR is more suitable but let me explain why I believe we should keep this one and close eclipse-che/che-dockerfiles#12. Apart some concerns with the iptables solution I also think that changing the Server class, adding an internal url attribute, is not just a patch to solve the Docker for Mac issue but a solution for a recurring problem.

In the current model there is only one address to reach the wsagent server. That same address is used by the browser and the wsmaster. In the diagram I've called this address "Post Office". Depending on the platform the "Post Office" can be docker0, the IP of the docker host or just localhost. However in most scenarios wsmaster and wsagent are close and there is a shorter path to reach the wsagent (the red path in the diagram). Most important this red path avoid some scary mountains that can be tricky to cross (firewalls, routers, IPtables etc...). That's the case with Docker for Mac but that's also the case with Ubuntu (#2030) or Kubernetes or Openshift etc...This PR is to add the address of this red path to the attributes of the Server class.

[TylerJewell]

I tend to agree with Mario that having the internal sokution is more optimal for the longer term. And that we can continue to layer in the iptables solution where necessary.

Great graphic :)

[l0rd]

I've updated the PR. I've added a new ServerProperties class where I moved servers path, internalUrl and internalAddress fields. That's the new Server API:

"servers": {
    "4401/tcp": {
        "ref": "wsagent",
        "protocol": "http",
        "address": "localhost:32929",
        "url": "http://localhost:32929/wsagent/ext",
        "port": "32929",
        "properties": {
            "internalUrl": "http://192.168.65.2:32929/wsagent/ext",
            "internalAddress": "192.168.65.2:32929",
            "path": "/wsagent/ext"
        }
    }
}

@garagatyi please review

[benoitf]

I like it also
I would say that timeframe for updating json format as we're in process for 5.x release and still in milestone,is the right time. After it would be too late

[TylerJewell]

I am ok with this approach. I want to target this for M2 - solving this problem simplifies a lot of scenarios for us with Mac.

[garagatyi]

Looks like all fields in that object are nullable.

[garagatyi]

Line break by entering 'enter' key doesn't work in javadocs. Please add dot and <p/> or <br/>

[garagatyi]

Line break by entering 'enter' key doesn't work in javadocs. Please add dot and <p/> or <br/>

[garagatyi]

Line break by entering 'enter' key doesn't work in javadocs. Please add <p/> or <br/>

[garagatyi]

Not named assisted injection doesn't work when several arguments have the same class

[garagatyi]

Also please check what will happen if someone provide null value as one of these parameters. I believe nullable annotation should be declared somewhere.

[l0rd]

I've changed to named assisted injection and checked if containerExternalHostname is null and set it to containerHost in that case.

[garagatyi]

I'm not sure should this port contain 8080 or 8080/tcp.

[garagatyi]

And it is external port. Please explain that in javadocs.

[l0rd]

It's 8080, the protocol is not there:

"port": "32929"

[garagatyi]

Please add equals/hashcode/toString methods

[l0rd]

Done

[garagatyi]

Please add equals/hashcode/toString methods

[l0rd]

Done

[garagatyi]

Argument doesn't have to be DTO object. Please rename parameter to not confuse developers.

[l0rd]

Done

[garagatyi]

Curly brackets are used when link is inlined into description. When it is used as a separate tag it has the same syntax as @author

[l0rd]

Done

[garagatyi]

Also please check what will happen if someone provide null value as one of these parameters. I believe nullable annotation should be declared somewhere.

[garagatyi]

Overall solution is good. Code requires some cleanups and fixes.

[garagatyi]

Please ensure that null value won't be treated as string "null"

[l0rd]

After fixup externalHostname, internalHostname and externalPorts can never be null.

[garagatyi]

I believe that new policy of environment variables vs property usage in Che is that environment variable has priority over property.

[l0rd]

Fixed. Env variables are now evaluated first.

[garagatyi]

Please add tests for all new use cases, e.g. internal/external addresses are configired with properties, env variables, both null, both not-null, some is null other not.

[l0rd]

Added a couple of tests

[garagatyi]

Please add trailing new line at the end of file

[garagatyi]

Please add trailing new line at the end of file

[l0rd]

Fixed

[garagatyi]

Wildcard imports are forbidden in Che

[garagatyi]

Wildcard imports are forbidden in Che

[l0rd]

Sorry for forgetting that. I've fixed it.

[garagatyi]

It would be better to avoid casting here as it prevents class cast exception. Please rewrite first constructor instead.

[l0rd]

Fixed

[garagatyi]

Please do not use wildcard imports

[garagatyi]

Please do not use wildcard imports

[l0rd]

Fixed

[garagatyi]

Please add equals/hashcode/toString methods

[garagatyi]

This class still needs equals/hashcode/toString methods

[l0rd]

Class https://github.com/eclipse/che/blob/master/plugins/plugin-machine/che-plugin-machine-ext-client/src/main/java/org/eclipse/che/ide/extension/machine/client/perspective/widgets/machine/appliance/server/Server.java had no equals method. Should I add equals/hashcode/toString to existing classes too?

[garagatyi]

At least add it in classes added by you.

[l0rd]

I've added for both.

[garagatyi]

Now this method returns both host and port of the server. Are you going to change the behavior in this PR?

[l0rd]

No I'm not:

"address": "localhost:32929"

Is that ok?

[garagatyi]

Looks like I'm not fully understand new server object. I'll take a look again tomorrow and ask you if something is not clear.

[l0rd]

@garagatyi I've commited the fixes you have suggested:

• Javadoc improved
• Removed port field in Server class
• Annotated all fields in ServerProperties as nullable
• Overwritten methods equals, hashcode and toString for classes DevMachineServer and DevMachineServerProperties
• Fixed unnamed assisted injections
• Added some unit tests
• Restored the license header (I'll submit a distinct PR for that)
• Environment variables have now higher priority then properties

[garagatyi]

This class still needs equals/hashcode/toString methods

[garagatyi]

Please add trailing new line at the end of file

[garagatyi]

Wildcard imports are forbidden in Che

[garagatyi]

Please do not use wildcard imports

[garagatyi]

For me it looks like this argument is always null. Did I miss something?

[l0rd]

Feel free to add more details to your questions if that was not what you meant. I think you are wondering how Server.url is ever set if this parameter is always null. It should be set using property machine.docker.local_node_host.external but it looks as it's always null.

Property machine.docker.local_node_host.external is injected in LocalDockerModule objects that are binded to DockerInstanceRuntimeInfo in LocalDockerModule.

Therefore method DockerInstance.getRuntime() is not used by the API to get the machine runtime. That explains why Server.url is correctly returned by the API.

[garagatyi]

Let me explain how I understand what is happening with these changes. Please correct me if I'm mistaken.
DockerInstance always pass null as external host. DockerInstanceRuntimeInfo doesn't change that. LocalDockerInstanceRuntimeInfo uses assisted injection, so this null is passed here too.
So I don't see how another than null value can be accepted by DockerInstanceRuntimeInfo.

[l0rd]

As discussed on Slack I've cleaned-up LocalDockerInstanceRuntimeInfo class and made it easier to read.

[l0rd]

I think you mean "regular space". If I add a regular space and I try to generate the Javadoc I have the following result:

If I use   instead the sentence is not broken:

[garagatyi]

OK, interesting

[benoitf]

still need to remove wildcard import

[l0rd]

I think I alrady fixed that: https://github.com/l0rd/che/blob/a35ccae37ab7fdecf958beb02acbf0e8177c8a3b/wsmaster/che-core-api-workspace/src/test/java/org/eclipse/che/api/workspace/server/WorkspaceServiceTest.java

You were probably looking at the outdated version?

[benoitf]

yep it was pending request (I forgot to validate it)

[garagatyi]

Let me explain how I understand what is happening with these changes. Please correct me if I'm mistaken.
DockerInstance always pass null as external host. DockerInstanceRuntimeInfo doesn't change that. LocalDockerInstanceRuntimeInfo uses assisted injection, so this null is passed here too.
So I don't see how another than null value can be accepted by DockerInstanceRuntimeInfo.

[garagatyi]

@musienko-maxim Please do a QA cycle for this PR

[garagatyi]

ci-build

[codenvy-ci]

Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/452/

[garagatyi]

QA team has approved this PR. We will merge it when M3 is released