change machine-config-server port

[kikisdeliveryservice]

Change machine-config-server port from 49500 -> 22623
to avoid conflict with local port and node port ranges.

Closes machine-config-operator issue: 166
Requires: openshift/machine-config-operator#368

[kikisdeliveryservice]

cc: @abhinavdahiya

[cgwalters]

One thing I hadn't considered too is that if we want to change this port in the future, it will also need changes in firewalling (AWS: security groups). Do we have those under cluster management today?

If we're going to pull the trigger on this port we should probably be really sure that 22623 is what we want and can stick with.

[cgwalters]

Code changes seem good to me offhand.

[wking]

The OpenStack folks seem to have a few 49500 references in their HAProxy watcher:

$ git grep 49500 origin/pr/1180 -- data
origin/pr/1180:data/data/openstack/lb/main.tf:    source = "data:,listen%20${var.cluster_name}-api-80%0D%0A%20%20%20%20bind%200.0.0.0%3A80%0D%0A%20%20%20%20mode%20tcp%0D%0A%20%20%20%20stats%20enable%0D%0A%20%20%20%20stats%20uri%20%2Fhaproxy%3Fstatus%0D%0A%20%20%20%20balance%20roundrobin%0D%0A%20%20%20%20server%20${var.cluster_name}-bootstrap%20${var.cluster_name}-bootstrap.${var.cluster_domain}%3A80%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-0%20${var.cluster_name}-master-0.${var.cluster_domain}%3A80%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-1%20${var.cluster_name}-master-1.${var.cluster_domain}%3A80%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-2%20${var.cluster_name}-master-2.${var.cluster_domain}%3A80%20check%0D%0A%0D%0Alisten%20${var.cluster_name}-api-6443%0D%0A%20%20%20%20bind%200.0.0.0%3A6443%0D%0A%20%20%20%20mode%20tcp%0D%0A%20%20%20%20stats%20enable%0D%0A%20%20%20%20stats%20uri%20%2Fhaproxy%3Fstatus%0D%0A%20%20%20%20balance%20roundrobin%0D%0A%20%20%20%20server%20${var.cluster_name}-bootstrap%20${var.cluster_name}-bootstrap.${var.cluster_domain}%3A6443%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-0%20${var.cluster_name}-master-0.${var.cluster_domain}%3A6443%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-1%20${var.cluster_name}-master-1.${var.cluster_domain}%3A6443%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-2%20${var.cluster_name}-master-2.${var.cluster_domain}%3A6443%20check%0D%0A%0D%0Alisten%20${var.cluster_name}-api-443%0D%0A%20%20%20%20bind%200.0.0.0%3A443%0D%0A%20%20%20%20mode%20tcp%0D%0A%20%20%20%20stats%20enable%0D%0A%20%20%20%20stats%20uri%20%2Fhaproxy%3Fstatus%0D%0A%20%20%20%20balance%20roundrobin%0D%0A%20%20%20%20server%20${var.cluster_name}-bootstrap%20${var.cluster_name}-bootstrap.${var.cluster_domain}%3A443%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-0%20${var.cluster_name}-master-0.${var.cluster_domain}%3A443%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-1%20${var.cluster_name}-master-1.${var.cluster_domain}%3A443%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-2%20${var.cluster_name}-master-2.${var.cluster_domain}%3A443%20check%0D%0A%0D%0Alisten%20${var.cluster_name}-api-49500%0D%0A%20%20%20%20bind%200.0.0.0%3A49500%0D%0A%20%20%20%20mode%20tcp%0D%0A%20%20%20%20stats%20enable%0D%0A%20%20%20%20stats%20uri%20%2Fhaproxy%3Fstatus%0D%0A%20%20%20%20balance%20roundrobin%0D%0A%20%20%20%20server%20${var.cluster_name}-bootstrap%20${var.cluster_name}-bootstrap.${var.cluster_domain}%3A49500%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-0%20${var.cluster_name}-master-0.${var.cluster_domain}%3A49500%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-1%20${var.cluster_name}-master-1.${var.cluster_domain}%3A49500%20check%0D%0A%20%20%20%20server%20${var.cluster_name}-master-2%20${var.cluster_name}-master-2.${var.cluster_domain}%3A49500%20check"

I have no idea how they maintain that (CC @flaper87 ;), but a raw sed would probably be good enough for this PR.

One thing I hadn't considered too is that if we want to change this port in the future, it will also need changes in firewalling (AWS: security groups). Do we have those under cluster management today?

I'm not aware of any cluster management for security groups. You're wondering about how this would work if someone wanted to upgrade their cluster to an OpenShift release that used a different port?

[kikisdeliveryservice]

@wking I wasn't sure how that was generated either, so I left it in hopes someone would tell me 😄

[wking]

@wking I wasn't sure how that was generated either, so I left it in hopes someone would tell me 😄

Doesn't seem to be generated (at least, #1185 bumped it and the new version contains strings that do not show up elsewhere in that diff). I expect you can just:

$ sed -i s/49500/22623/g data/data/openstack/lb/main.tf

[cgwalters]

You're wondering about how this would work if someone wanted to upgrade their cluster to an OpenShift release that used a different port?

Right.

[openshift-ci-robot]

@kikisdeliveryservice: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/prow/e2e-openstack	30d91f2	link	/test e2e-openstack
ci/prow/e2e-libvirt	30d91f2	link	/test e2e-libvirt
ci/prow/launch-aws	30d91f2	link	/test launch-aws

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[abhinavdahiya]

@kikisdeliveryservice
openshift/machine-config-operator#368 was merged
Also this needs a rebase..

[ashcrow]

Needs rebase.

[kikisdeliveryservice]

@abhinavdahiya question, the file that keeps needing a rebase (3 time so far) is data/data/openstack/lb/main.tf and the bit that changes looks kind of like something auto-generated? I'm now wondering more if I shouldn't update that one to replace the 49500->22523?

If you can confirm changing that is ok, I'll rebase and repush.

[abhinavdahiya]

@abhinavdahiya question, the file that keeps needing a rebase (3 time so far) is data/data/openstack/lb/main.tf and the bit that changes looks kind of like something auto-generated? I'm now wondering more if I shouldn't update that one to replace the 49500->22523?

If you can confirm changing that is ok, I'll rebase and repush.

@flaper87 / @russellb can you help @kikisdeliveryservice here regarding data/data/openstack/lb/main.tf

[staebler]

@abhinavdahiya question, the file that keeps needing a rebase (3 time so far) is data/data/openstack/lb/main.tf and the bit that changes looks kind of like something auto-generated? I'm now wondering more if I shouldn't update that one to replace the 49500->22523?

If you can confirm changing that is ok, I'll rebase and repush.

I am fairly certain that it is not auto-generated. Unfortunately, it is a script crammed into a single URL-encoded line that is going to have conflicts whenever anyone makes any change to it.

[kikisdeliveryservice]

thanks @staebler , I'll go ahead and rebase then.

[ashcrow]

@kikisdeliveryservice is this ready for a final review?

[kikisdeliveryservice]

@ashcrow yep. removed the WIP :)

[ashcrow]

This looks good to me!

[ashcrow]

/cc @wking @crawford

[abhinavdahiya]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhinavdahiya, ashcrow, kikisdeliveryservice

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [abhinavdahiya]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment