(config) Clean up service configuration for IP addresses

Adds new ways to configure the bind and external IP addresses for a service. Notably, if the environment variable WMSA_IN_DOCKER is present, the system will grab the HOSTNAME variable and announce that as the external address in the service registry. The default bind address is also changed to be 0.0.0.0 only if WMSA_IN_DOCKER is present, otherwise 127.0.0.1; as this is a more secure default.
2025-02-23 13:09:00 +00:00 · 2024-02-20 14:21:09 +01:00 · 2024-02-20 14:21:09 +01:00 · 30bdb4b4e9
commit 30bdb4b4e9
parent 2ee492fb74
2 changed files with 44 additions and 8 deletions
--- a/code/common/service/src/main/java/nu/marginalia/service/module/ServiceConfigurationModule.java
+++ b/code/common/service/src/main/java/nu/marginalia/service/module/ServiceConfigurationModule.java
@ -9,12 +9,15 @@ import nu.marginalia.service.id.ServiceId;
 import org.apache.curator.framework.CuratorFramework;
 import org.apache.curator.framework.CuratorFrameworkFactory;
 import org.apache.curator.retry.ExponentialBackoffRetry;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 import java.util.Objects;
 import java.util.UUID;

 public class ServiceConfigurationModule extends AbstractModule {
    private final ServiceId id;
+    private static final Logger logger = LoggerFactory.getLogger(ServiceConfigurationModule.class);

    public ServiceConfigurationModule(ServiceId id) {
        this.id = id;
@ -26,11 +29,13 @@ public class ServiceConfigurationModule extends AbstractModule {
        var configObject = new ServiceConfiguration(id,
                node,
                getBindAddress(),
-                getHost(),
+                getExternalHost(),
                getPrometheusPort(),
                UUID.randomUUID()
        );

+        logger.info("Service configuration: {}", configObject);
+
        bind(Integer.class).annotatedWith(Names.named("wmsa-system-node")).toInstance(node);
        bind(ServiceConfiguration.class).toInstance(configObject);

@ -63,18 +68,46 @@ public class ServiceConfigurationModule extends AbstractModule {
        return Integer.parseInt(nodeEnv);
    }

-    private String getHost() {
-        int node = getNode();
-        final String defaultValue;
+    /** Get the external host for the service. This is announced via the service registry,
+     * and should be an IP address or hostname that resolves to this machine */
+    private String getExternalHost() {
+        // Check for an environment variable override
+        String configuredValue;
+        if (null != (configuredValue = System.getenv("SERVICE_HOST"))) {
+            return configuredValue;
+        }

-        if (node > 0) defaultValue = STR."\{id.serviceName}-\{node}";
-        else defaultValue = id.serviceName;
+        // Check for a system property override
+        if (null != (configuredValue = System.getProperty("service.host"))) {
+            return configuredValue;
+        }

-        return System.getProperty("service.host", defaultValue);
+        // If we're in docker, we'll use the hostname
+        if (isDocker()) {
+            return System.getenv("HOSTNAME");
+        }
+
+        // If we've not been told about a host, and we're not in docker, we'll fall back to localhost
+        // and hope the operator's remembered to enable random port assignment via zookeeper
+        return "127.0.0.1";
    }

+    /** Get the bind address for the service. This is the address that the service will listen on.
+     */
    private String getBindAddress() {
-        return System.getProperty("service.bind-address", "0.0.0.0");
+        String configuredValue = System.getProperty("service.bind-address");
+        if (configuredValue != null) {
+            return configuredValue;
+        }
+
+        // If we're in docker, we'll bind to all interfaces
+        if (isDocker())
+            return "0.0.0.0";
+        else  // If we're not in docker, we'll default to binding to localhost to avoid exposing services
+            return "127.0.0.1";
    }

+    boolean isDocker() {
+        return System.getenv("WMSA_IN_DOCKER") != null;
+    }
 }
--- a/docker-service.gradle
+++ b/docker-service.gradle
@ -18,6 +18,9 @@ RUN apt-get update && apt-get install -y curl
 ADD ${application.applicationName}.tar /
 RUN mkdir /wmsa

+# This will make the service grab the hostname from the HOSTNAME variable
+ENV WMSA_IN_DOCKER true
+
 ENTRYPOINT WMSA_HOME=/wmsa /${application.applicationName}/bin/${application.applicationName} \${arg0} \${arg1}
 """
    }