New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can I connect to minishift from another pc/laptop ? #1287

Open
jherreraBE opened this Issue Aug 19, 2017 · 34 comments

Comments

Projects
None yet
@jherreraBE

jherreraBE commented Aug 19, 2017

I have installed with success, buy Installed on my centos server and not on my local desktop pc. so I can't reach my minishift from my desktop.

[jonay@ThunderMaster ~]$ cat  /etc/centos-release
CentOS Linux release 7.3.1611 (Core) 
[jonay@ThunderMaster ~]$ minishift start
OpenShift server started.

The server is accessible via web console at:
    https://192.168.42.135:8443

is there a posibility to or a workaround to have access to minishift outside the localhost ?

@gbraad

This comment has been minimized.

Member

gbraad commented Aug 20, 2017

You would have to setup your host to do a port forward.

TL;dr

$ firewall-cmd --add-masquerade --permanent
$ firewall-cmd --permanent --add-forward-port=port=8443:proto=tcp:toport=8443:toaddr=192.168.42.135
$ firewall-cmd --reload

Note: you have to do this for more ports... especially like the ports you open for your app. This is not a situation we describe ATM, as our focus is on local developers. This might change...

If however, you found the answer, consider sharing this information with the community and add an entry to the documentation.

@jherreraBE

This comment has been minimized.

jherreraBE commented Aug 20, 2017

@jherreraBE

This comment has been minimized.

jherreraBE commented Aug 20, 2017

I didn't read the full comment .. sorry, and forgot one step. but even with that step .. I can't reach it.

[jonay@ThunderMaster ~]$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: em1
  sources: 
  services: dhcpv6-client dns ssh
  ports: 
  protocols: 
  masquerade: yes
  forward-ports: port=8443:proto=tcp:toport=8443:toaddr=192.168.42.135
  sourceports: 
  icmp-blocks: 
  rich rules: 

@hferentschik hferentschik changed the title from can I connect to minishift from another pc/laptop ? to Can I connect to minishift from another pc/laptop ? Aug 20, 2017

@gbraad

This comment has been minimized.

Member

gbraad commented Aug 21, 2017

The firewall configuration is dependent on your network setup and defined zones. It might also be you have reject rules defined on the bridges. I can not suggest a solution without more information

@stale

This comment has been minimized.

stale bot commented Oct 20, 2017

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the status/stale label Oct 20, 2017

@gbraad

This comment has been minimized.

Member

gbraad commented Oct 20, 2017

I tried something like the following in recent days, however an issue with probably the self-signed cert on the end of traefik as it responds with an Internal Server Error:

$ docker run -it --rm centos:7 ping `minishift ip`
PING 192.168.42.215 (192.168.42.215) 56(84) bytes of data.
64 bytes from 192.168.42.215: icmp_seq=1 ttl=63 time=0.274 ms
64 bytes from 192.168.42.215: icmp_seq=2 ttl=63 time=0.196 ms
64 bytes from 192.168.42.215: icmp_seq=3 ttl=63 time=0.184 ms
64 bytes from 192.168.42.215: icmp_seq=4 ttl=63 time=0.188 ms
^C
--- 192.168.42.215 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3087ms
rtt min/avg/max/mdev = 0.184/0.210/0.274/0.039 ms
$ minishift start --public-hostname localhost --routing-suffix 10.0.21.42.nip.io          
-- Checking if KVM driver is installed ... 
   Driver is available at /usr/local/bin/docker-machine-driver-kvm ... 
   Checking driver binary is executable ... OK
-- Checking if Libvirt is installed ... OK
-- Checking if Libvirt default network is present and active ... OK
-- Starting local OpenShift cluster using 'kvm' hypervisor ...
-- Starting Minishift VM .............. OK
-- Checking for IP address ... OK
-- Checking if external host is reachable from the Minishift VM ... 
   Pinging 8.8.8.8 ... OK
-- Checking HTTP connectivity from the VM ... 
   Retrieving http://minishift.io/index.html ... OK
-- Checking if persistent storage volume is mounted ... OK
-- Checking available disk space ... 29% used OK
-- OpenShift cluster will be configured with ...
   Version: v3.6.0
-- Checking `oc` support for startup flags ... 
   host-data-dir ... OK
   host-pv-dir ... OK
   host-volumes-dir ... OK
   public-hostname ... OK
   routing-suffix ... OK
   host-config-dir ... OK
Starting OpenShift using openshift/origin:v3.6.0 ...
OpenShift server started.

The server is accessible via web console at:
    https://localhost:8443

$ vi tr.toml                                                                    
$ minishift ip
192.168.42.215
$ cat tr.toml 
defaultEntryPoints = ["http"]
[entryPoints]
  [entryPoints.http]
  address = ":80"

[file]

[backends]
  [backends.backend1]
    [backends.backend1.servers.server1]
       url = "https://192.168.42.215:8443"

[frontends]
  [frontends.frontend1]
      backend = "backend1"
      passHostHeader = true
      [frontends.frontend1.routes.example]
          rule = "Host:10.0.21.42.nip.io"
$ docker run -d \    
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v $PWD/tr.toml:/traefik.toml \
  -p 8088:80 \
  --name traefik \
  traefik:alpine --docker

Note: I guess Traefik is picky about the self-signed certificate. Will have to retry using nginx for instance.

@frizop

This comment has been minimized.

frizop commented Nov 3, 2017

             KVM VM
+--------------------------------+
|--------------+                 |
||             |                 |
||  Minishift  | 8443            |
||             |                 |
|--------------+                 |
|--------------+    +------------+
||             |    |           ||
|| nginx proxy | 80 | IPTables  || http://${VM}:80/
||             |    |           ||
|--------------+    +------------|
+--------------------------------+

I am attempting to build the above configuration, where I open http://${VM}:80/ from another machine on my network but I'm running into the following issue, after I redirect from http://${VM}:80/console to whatever page, I assume some sort of authentication, I get directed back to the wrong minishift internal IP.

The config I'm using for nginix is very simple,

user  nginx;
worker_processes  1;
error_log  /var/opt/rh/rh-nginx18/log/nginx/error.log;
pid        /var/opt/rh/rh-nginx18/run/nginx/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/opt/rh/rh-nginx18/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/opt/rh/rh-nginx18/log/nginx/access.log  main;
    sendfile        on;
    keepalive_timeout  65;
    include /etc/opt/rh/rh-nginx18/nginx/conf.d/*.conf;
    server {
        listen       80;
        server_name  foo.rhel.local;
        location / {
            proxy_pass https://192.168.42.140:8443;
        }
        error_page  404              /404.html;
        location = /40x.html {
            root   /opt/rh/rh-nginx18/root/usr/share/nginx/html;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /opt/rh/rh-nginx18/root/usr/share/nginx/html;
        }
    }
}

Most of this is boiler plate settings from the default install. The location field is really the only important setting here. I use a proxy_pass to forward to the HTTPS address that is returned when I do a minishift ip from the VM.

The address I'm re-directed to is, https://192.168.42.140:8443/oauth/authorize?client_id=openshift-web-console&response_type=code&state=<removed>&redirect_uri=https%3A%2F%2F192.168.42.140%3A8443%2Fconsole%2Foauth

# minishift ip
192.168.42.140

Connecting to the service from the VM works as expected:

# eval $(minishift oc-env)
# oc status
In project My Project (myproject) on server https://192.168.42.140:8443

You have no services, deployment configs, or build configs.
Run 'oc new-app' to create an application.

The KVM networks should all be standard:

  <network>
  <name>docker-machines</name>
  <uuid>1644b186-cffc-4e3f-8ef4-9cdc760a9621</uuid>
  <bridge name='virbr1' stp='on' delay='0'/>
  <mac address='52:54:00:5c:e8:2c'/>
  <ip address='192.168.42.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.42.2' end='192.168.42.254'/>
    </dhcp>
  </ip>
  </network>

The console starts to show up like this:
image

Eventually though it forwards off to the https://192.168.42.140:8443/oauth url listed above and fails.

@gbraad

This comment has been minimized.

Member

gbraad commented Nov 5, 2017

Haven't been able to spend a lot of time on this, but I can only recommend so far to run

$ oc cluster up  # --use-existing-config --public-hostname 10.0.21.42 --routing-suffix 10.0.21.42.nip.io

directly on the host, as the port 8443 in that case will be reachable from outside (as long as you configure the firewall correctly). As you can see in the command, you can force the reuse of the previous configuration and if needed the IP address (hostname) to use for access.

we will investigate what is needed towards an alternative, but this is at the moment, not our focus.

@gbraad gbraad added this to the v1.10.0 milestone Nov 22, 2017

@praveenkumar

This comment has been minimized.

Contributor

praveenkumar commented Nov 23, 2017

@jherreraBE @frizop Can you try following steps and then let us know if that works for you. I am going to use ssh tunneling using #1351 (comment) reference.

==== On your CentOS box ====
$ minishift start --public-hostname localhost --routing-suffix 127.0.0.1.nip.io 
[...]
Image pull complete
OpenShift server started.

The server is accessible via web console at:
    https://localhost:8443

You are logged in as:
    User:     developer
    Password: <any value>

To login as administrator:
    oc login -u system:admin

$ ./minishift ip
192.168.10.240

==== On your laptop ====
$ ssh -L 8443:192.168.10.240:8443 username@centos_server_host/ip => this will enable to run https://localhost:8443 on your laptop
$ sudo ssh -L 80:192.168.10.240:80 root@centos_server_host/ip => this will enable you to access application route.
@gbraad

This comment has been minimized.

Member

gbraad commented Nov 23, 2017

ssh forwarding is not ideal, as it feels restrictive... I assume people want a more public option. Else, using -D8080 and setting the browser proxy would have similar results.

@praveenkumar

This comment has been minimized.

Contributor

praveenkumar commented Nov 23, 2017

So I tried with nginx to make sure if something can be done, now problem with public-hostname which can't be set along with IP except 127.0.0.1 for us because in NAT our host public IP not accessible in the VM and you get the following error.

Attemp-1 Try to add host IP as public hostname

$ ./minishift start --public-hostname 10.65.193.19 --routing-suffix 10.65.193.19.nip.io
[...]

   Waiting for API server to start listening
FAIL
   Error: timed out waiting for OpenShift container "origin" 
   WARNING: 10.65.193.19:8443 may be blocked by firewall rules
   Details:
     No log available from "origin" container

Attempt-2 Run minishift as it is and run nginx to access.

$ cat /etc/nginx/nginx.conf
 38     server {
 40     location / {
 41         proxy_set_header Host $host;
 42         proxy_set_header X-Real-IP $remote_addr;
 43         proxy_pass https://<minishift_IP>:8443/;
 44         proxy_set_header Connection "";
 45         proxy_read_timeout 180s;
 46       }
 47    }

$ systemctl start nginx

== Try to access it from a different laptop on same network.
- Type http://<host_ip>      => redirects to https://<MINISHIFT_VM_IP> /auth and fails

Attempt-3 Try to run minishift with localhost as public hostname and hostip as route-suffix

$ ./minishift start --public-hostname localhost --routing-suffix 10.65.193.19.nip.io
[..]
OpenShift server started.

The server is accessible via web console at:
    https://localhost:8443

You are logged in as:
    User:     developer
    Password: <any value>

To login as administrator:
    oc login -u system:admin

$ cat /etc/nginx/nginx.conf
 38     server {
 40     location / {
 41         proxy_set_header Host $host;
 42         proxy_set_header X-Real-IP $remote_addr;
 43         proxy_pass https://<minishift_IP>:8443/;
 44         proxy_set_header Connection "";
 45         proxy_read_timeout 180s;
 46       }
 47    }

== Try to access it from a different laptop on same network.
- Type http://<host_ip>      => redirects to https://localhost/auth and fails

@gbraad I am kind of out of idea now, any suggestions?

@gbraad gbraad added the help wanted label Nov 24, 2017

@LalatenduMohanty LalatenduMohanty modified the milestones: v1.10.0, v1.11.0 Nov 27, 2017

@LalatenduMohanty LalatenduMohanty modified the milestones: v1.10.0, v1.11.0, v1.12.0 Dec 11, 2017

@LalatenduMohanty LalatenduMohanty added this to the v1.15.0 milestone Jan 25, 2018

@LalatenduMohanty LalatenduMohanty modified the milestones: v1.15.0, v1.17.0 Mar 6, 2018

@Ursula

This comment has been minimized.

Ursula commented Mar 15, 2018

I have been struggling for a week now to deploy to a minishift instance started with --public-hostname localhost --routing-suffix 127.0.0.1.nip.io. I need to be able to access this from a remote desktop. I followed the suggestions to use ssh tunneling and that works to access the console. However I cannot get the deploy to work using fabric8 or manually. The error I am getting when trying to run oc start-build is this:

Failed to pull image "openshift/origin-docker-builder:v3.7.1": rpc error: code = 2 desc = Error while pulling image: Get https://index.docker.io/v1/repositories/openshift/origin-docker-builder/images: x509: certificate is valid for *.127.0.0.1.nip.io, 127.0.0.1.nip.io, not index.docker.io

Can someone please provide any suggestions?

@LalatenduMohanty LalatenduMohanty modified the milestones: v1.17.0, v1.19.0 Apr 19, 2018

@praveenkumar

This comment has been minimized.

Contributor

praveenkumar commented Apr 19, 2018

@Ursula Can you try to deploy any other demo app instead of fabric8 and see if you get same error? as per error it says cert is not valid for index.docker.io which I think default available. you can even check that in docker info.

<minishift_vm> $ docker info
[...]
Debug Mode (server): false
Registry: https://index.docker.io/v1/
[...]
@gbraad

This comment has been minimized.

Member

gbraad commented Apr 19, 2018

From the error it feels like index.docker.io is seen as a local IP address. This is wrong

Can you do minishift ssh -- ping index.docker.io and tell us the result?

@Dimpison

This comment has been minimized.

Dimpison commented May 14, 2018

@gbraad , is there a working method for exposing the minishift to extended network? Because, I try to reproduce all descried methods below and they are not working for me. (Host OS - Windows 10, driver - VirtualBox)

@LalatenduMohanty LalatenduMohanty removed this from the v1.19.0 milestone May 31, 2018

@finp

This comment has been minimized.

finp commented Jun 26, 2018

any update on this issue?

@camilamacedo86

This comment has been minimized.

camilamacedo86 commented Jul 12, 2018

The priority here should not be minimal since it doesn't allow the user to test another components/projects with Minishift.

@gbraad

This comment has been minimized.

Member

gbraad commented Jul 12, 2018

@biels

This comment has been minimized.

biels commented Jul 14, 2018

Coud you please explain how can we use Existing machine to expose minishift to the public network? (listening on all intrefaces)

@gbraad

This comment has been minimized.

Member

gbraad commented Jul 15, 2018

@biels

This comment has been minimized.

biels commented Jul 15, 2018

Modifying it manually after the vm has been created? With the virtual box driver then it says no host only adapter found. Is there an option for doing it with the mimishift cli?

@gbraad

This comment has been minimized.

Member

gbraad commented Jul 15, 2018

@biels

This comment has been minimized.

biels commented Jul 15, 2018

@finp

This comment has been minimized.

finp commented Jul 30, 2018

@biels good question, anyone know?

@gbraad

This comment has been minimized.

Member

gbraad commented Jul 30, 2018

@johnfriz

This comment has been minimized.

johnfriz commented Sep 25, 2018

Has there been any movement on this issue in the last few months?

cc @gbraad, @praveenkumar

@gbraad

This comment has been minimized.

Member

gbraad commented Sep 25, 2018

@laurafitzgerald

This comment has been minimized.

laurafitzgerald commented Oct 23, 2018

@gbraad any movement on this one? was there any outcome to the testing stuff?

@maf1

This comment has been minimized.

maf1 commented Nov 1, 2018

I tried the workaround using an exsiting machine proposed earlier on a headless centos 7 server:

virt-install --virt-type=kvm --name openshift.lan --ram 4096 --vcpus=2 --os-variant=centos7.0 --cdrom=.../CentOS-7-x86_64-Minimal-1804.iso --network=bridge=br0,model=virtio --graphics vnc,list
en=0.0.0.0 --noautoconsole --disk path=/var/lib/libvirt/images/openshift.lan.qcow2,size=300,bus=virtio,format=qcow2
...
ssh-copy-id root@openshift.lan
minishift start --vm-driver generic --remote-ipaddress 192.168.1.201 --remote-ssh-user root --remote-ssh-key .../.ssh/id_rsa --public-hostname openshift.lan

But the installation aborts with

OpenShift server started.

The server is accessible via web console at:
    https://openshift.lan:8443/console

You are logged in as:
    User:     developer
    Password: <any value>

To login as administrator:
    oc login -u system:admin


Error during post cluster up configuration: Unable to add sudoer role: The connection to the server 127.0.0.1:8443 was refused - did you specify the right host or port?

A plain minishift start works fine.
What am I doing wrong?

@gbraad

This comment has been minimized.

Member

gbraad commented Nov 2, 2018

@maf1

This comment has been minimized.

maf1 commented Nov 7, 2018

Any news on that? Should I open a separate issue?

@anjannath

This comment has been minimized.

Contributor

anjannath commented Nov 8, 2018

@maf1

This comment has been minimized.

maf1 commented Nov 12, 2018

@anjannath I don't want to expose to the internet but only to the local net.
And I want to keep complexity of involved components low, so I'll file a new bug as the feature "Run Against An Existing Machine" is not working properly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment