Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest install.py script (25.01.0) drops local opensearch access #564

Open
lelandmills opened this issue Jan 23, 2025 · 1 comment
Open

Latest install.py script (25.01.0) drops local opensearch access #564

lelandmills opened this issue Jan 23, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@lelandmills
Copy link

Describe the bug
As part of the recent syslog changes (#354), changes were made to install.py that drop opensearch access which previously defaulted to available for localhost (docker-compose.yaml would have 127.0.0.1:9200:9200 for nginx-proxy service. Not sure if this was intentional or not, but it only survives now if you want to expose to external network.

To Reproduce
Steps to reproduce the behavior:

  1. install picking defaults, and 9200 is not accessible:
    $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 37f1e3e17fdd apcon/malcolm/nginx-proxy:25.01.0 "/sbin/tini -- /usr/…" About an hour ago Up 14 minutes (healthy) 0.0.0.0:443->443/tcp malcolm-nginx-proxy-1

Expected behavior
Expect that previous accessibility would be available:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0a355e3577de apcon/malcolm/nginx-proxy:24.12.0 "/sbin/tini -- /usr/…" 28 hours ago Up 28 hours (healthy) 0.0.0.0:443->443/tcp, 127.0.0.1:9200->9200/tcp malcolm-nginx-proxy-1

**Screenshots and/or Logs **
If applicable, attach screenshots or container logs (e.g., the relevant bits of ./scripts/logs) to help explain your problem.

Malcolm Version:

  • Version 25.01.1

How are you running Malcolm?

Additional context
I suggest basically reverting this part of commit https://github.com/cisagov/Malcolm/commit/02cf852b9ebe9d29f1570485ddc06ffcd39050bc as following:

                            data['services']['nginx-proxy']['ports'] = [
                                f"{'0.0.0.0:443' if nginxSSL else '127.0.0.1:80'}:443/tcp",
                            ]
                            if opensearchPrimaryMode == DatabaseMode.OpenSearchLocal:
                                data['services']['nginx-proxy']['ports'].append(
                                    f"{'0.0.0.0' if opensearchOpen else '127.0.0.1'}:{'9200' if nginxSSL else '9201'}:9200/tcp"
                               )

instead of:

                            data['services']['nginx-proxy']['ports'] = [
                                f"{'0.0.0.0:443' if nginxSSL else '127.0.0.1:80'}:443/tcp",
                            ]
                             if (opensearchPrimaryMode == DatabaseMode.OpenSearchLocal) and opensearchOpen:
                                data['services']['nginx-proxy']['ports'].append(
                                    f"0.0.0.0:{'9200' if nginxSSL else '9201'}:9200/tcp"
                                )
@lelandmills lelandmills added the bug Something isn't working label Jan 23, 2025
@mmguero mmguero added this to Malcolm Jan 23, 2025
@mmguero
Copy link
Collaborator

mmguero commented Jan 23, 2025

Locking that down was an intentional change, but maybe we should make it an option during configuration. Thanks for letting us know this affected a use case. Of course, as I'm sure you know, in the meantime while we consider it you may add 127.0.0.1:9200:9200 into the ports section for opensearch service in your docker-compose.yml to restore the previous behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
Malcolm
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmguero @lelandmills