Bind/advertise/client Address help please on bare metal

bradley · November 2, 2021, 7:18pm

Ok this is so frustrating and confusing. Surely someone can help.

I have the following interface names.
enp94s0f0 - public
enp94s0f1- private
tailscale0 - vpn
lo - loop back

What I am looking to do is have the consul server to be available to all other clients and servers including the ui over the vpn. I do not what anything on the public nic whatsoever.

bind_addr = "{{ GetInterfaceIP \"enp94s0f1\" }, { GetInterfaceIP \"tailscale0\" }, \"127.0.0.1\"}"

the error is

host1 consul[80346]: ==> Multiple private IPv4 addresses found. Please configure one with ‘bind’ and/or ‘advertise’.

so I tried,

bind_addr = "0.0.0.0" advertize_addr = "{{ GetInterfaceIP \"enp94s0f1\" }, { GetInterfaceIP \"tailscale0\" }, \"127.0.0.1\"}"

same error. I am totally lost on what bind/advertise/client addr settings are for. Please can someone help.

Thanks
Brad

bradley · November 2, 2021, 7:34pm

@blake You tried to help about 3 months ago with this same issue, I got so frustrated, that I dumped the hashistack and went another direction. Now I am back, because I think it will be the best solution. So I am back trying to make this work. If you can help me out that would be awesome.

Brad

Amier · November 2, 2021, 8:29pm

Hello,

We’re glad to have you back in the Hashicorp community Bradley! We’re sorry about the frustrating experience in the past, but hopefully we can do better and convince you to stay this time

Before I dig into this, I looked at the previous post you made linked here and a community user had commented at the bottom a solution that worked for them ( quoted below ). Did you attempt this solution? I’m curious to see if it’ll fix your issue:

I know this is an old thread, but I had the same issue and I found a solution. Unfortunatelly @blake your solution is incorrect. Template library does not support single quotes:
user@hostname:~/go/bin$ ./sockaddr eval "GetInterfaceIP 'eth0'" 
ERROR[0] in: "{{GetInterfaceIP 'eth0'}}"
[0] msg: unable to parse template "{{GetInterfaceIP 'eth0'}}": template: sockaddr.Parse:1: malformed character constant: 'eth0'
It only supports double quotes:
user@hostname:~/go/bin$ ./sockaddr eval 'GetInterfaceIP "eth0"'
192.168.2.221
So .hcl file will look like this:
bind_addr = "{{ GetInterfaceIP \"eth0\" }}"

bradley · November 2, 2021, 9:29pm

Yes I did. Here is what I have working so far, the 10 network is the private lan, and the 100 network is the vpn. I only use the vpn to access the api from home and the html ui. I still don’t like the fact that I have to bind to the public ip but I will live with that. I think it is a security issue, but oh well.

bind_addr = "0.0.0.0"

addresses {
  http =  "10.10.10.1 100.X.X.X"
  https  = "10.10.10.1 100.X.X.X"
  grpc = "10.10.10.1"
}

advertise_addr = "10.10.10.1"

This does work now. Now I am trying to add the gosocket templating and I am not getting the syntax correct, and yes you can see I am escaping my " with "

bind_addr = "0.0.0.0"

addresses {
  http =  "{{ GetPrivateIPs }}"
  https  = "{{ GetPrivateIPs }}"
  grpc = "{{ GetInterfaceIP \"enp94s0f1\" }}"
}

advertise_addr = "{{ GetInterfaceIP \"enp94s0f1\" }}"

Thanks
Brad

karl-cardenas-coding · November 2, 2021, 9:35pm

Instead of “0.0.0.0” supply the IP of the interface you want Consul to advertise to other nodes, I belive that would be the IP “enp94s0f1” interface in this scenario. You got the multiple IP error because you were passing in a list of IPs to the “advertise_addr” parameter when a single value is expected.

bradley · November 2, 2021, 9:43pm

Ok I have a fix.

# this will grab the ip dynamicly from the interface name.
bind_addr = "0.0.0.0"

addresses {
  # Defaults to the first private IP address.
  http =  "{{ GetInterfaceIP \"enp94s0f1\" }} {{ GetInterfaceIP \"tailscale0\" }} {{ GetInterfaceIP \"lo\" }}"
  https  = "{{ GetInterfaceIP \"enp94s0f1\" }} {{ GetInterfaceIP \"tailscale0\" }} {{ GetInterfaceIP \"lo\" }}"
  grpc = "{{ GetInterfaceIP \"enp94s0f1\" }}"
}

advertise_addr = "{{ GetInterfaceIP \"enp94s0f1\" }}"

the GetPrivateIPs doesn’t return a space separated value, so I had to get each one individually. That is the only way it works.

brad

bradley · November 2, 2021, 9:49pm

Another thing that could really help your documentation, is when you show code snippets, you vary between hcl and json. This makes it very confusing and hard to learn the hcl syntax. Stick with one or the other please, or make the box so you can select which format you would like to see it in. Which I think would be the preferred method.

Brad

karl-cardenas-coding · November 2, 2021, 9:53pm

@bradley Definitely, we are working on showcasing both HCL and JSON to help address this gap. Thanks for sharing this with us.