Flexible BroadcastAddress

lunne · April 6, 2021, 1:44pm

We run Temporal in Swarm and to be able to do this we need a more flexible way of setting broadcastAddress.

Right now we solve the problem by a minor change in entrypoint.sh

if [ "$TEMPORAL_BROADCAST_ADDRESS_FILTER" != "" ]; then 
    for IP in $HOST_IP; do 
        if [[ "$IP" =~ ^$TEMPORAL_BROADCAST_ADDRESS_FILTER ]]; then
            export TEMPORAL_BROADCAST_ADDRESS="$IP"
        fi
    done  
fi

With this we can make the service bind to the network range we specified for the overlay temporal-network in swarm.

We can start with these env-variables:

BIND_ON_IP=0.0.0.0
TEMPORAL_BROADCAST_ADDRESS_FILTER=10.6.0.

This could be better solved in the code allowing to select between interfaces, CIDR etc.

If this functionality is something you want we could do a pull request .

Thanks
Mathias

derek · April 7, 2021, 6:22pm

Thanks for reaching out with this proposal. We’d love to merge something that tackles this issue. I’d like to think through a couple scenarios and make sure we’re solving the general problem for users outside of swarm as well. So my questions are:

what if cidrs are not known upfront?
is there any issue with an actual cidr instead of a prefix filter?
are there other attributes we might want to use instead of ip/cidr
is there any danger of breaking existing use cases?

Thoughts?

lunne · April 7, 2021, 7:33pm

what if cidrs are not known upfront?

If the CIDR is not known binding to a interface might be good.

is there any issue with an actual cidr instead of a prefix filter?

I think a CIDR is preferred over a prefix filter. In our case we selected a regexp filter because it was simpler to implement in bash without any external dependencies.

are there other attributes we might want to use instead of ip/cidr

We might want to select by: Interfaces, Private addresses, Public Addresses, Interfaces that is UP.

is there any danger of breaking existing use cases?

Let’s say we bind to an interface A with IP 10.0.6.23 and we then by misstake select to broadcast on CIDR 10.0.8.0/24 which is interface B. We then have a situation where we broadcast a IP that does not serve the given port.

So to solve this and cover most of the use cases we could make use of Hashicorp’s pretty cool package:
https://pkg.go.dev/github.com/hashicorp/go-sockaddr/template?utm_source=godoc

In our case it would mean:

BROADCAST_ADDRESS: '{{ GetPrivateInterfaces | include "network" "10.0.6.0/24" | attr "address" }}

This could be implemented on all bind-addresses in Temporal but a nice start would be on the broadcast address.

derek · April 7, 2021, 9:39pm

that sounds really cool and very flexible - so would you envision having a configuration/env variable that would be the template string for what you want with a default that represents current behavior?

if so, i think we’d love a PR to add this feature

lunne · April 8, 2021, 6:10am

yes, something like that!

Do you think it’s necessary to have some logic to guard against users trying to broadcast on interface/addresses that is not bound ?