Bug #8346

[API] Bad compute node address detection on private networks

Added by Brett Smith over 3 years ago. Updated about 3 years ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
API
Target version:
Start date:
02/03/2016
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

This story follows #8198, which started using X-Forwarded-For to detect and set the IP address of compute nodes. However, when determining the likely IP of the remote client, Rails filters out any private address. If nothing's left after that, it falls back to using $REMOTE_ADDR as before.

This means that when compute nodes themselves are on a private network (e.g., 10/8), the API server ultimately "detects" their IP address as Nginx's (usually 127.0.0.1), putting wrong information in the node record.

action_dispatch.trusted_proxies became configurable in Rails 4. If we do #7709, the administrator can fix this by setting trusted_proxies to only Nginx's IP address.

History

#1 Updated by Brett Smith about 3 years ago

  • Target version set to Arvados Future Sprints

Also available in: Atom PDF