docker: Preset session listen host #6686
Conversation
📝 Walkthrough📝 WalkthroughWalkthroughThe changes involve modifications to the Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Docker
participant Registry
User->>Docker: Build Docker Image
Docker->>Docker: Execute docker-entrypoint.sh
Docker->>Docker: Set HOPRD_DEFAULT_SESSION_LISTEN_HOST
Docker->>Docker: Run hoprd
Docker->>Registry: Upload Docker Image
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (3)
nix/docker-builder.nix (1)
Line range hint
24-30: LGTM! Clean implementation of command configuration.The integration of
Cmdinto the Docker image config enables flexible binary execution as intended.Consider documenting the supported binaries and their usage in the README or Docker-specific documentation to help users understand this new capability.
flake.nix (2)
181-210: Consider enhancing IP address handling and command validationThe entrypoint script implementation looks good overall, but there are a few potential improvements:
- The
hostname -icommand might return multiple IP addresses in some container configurations. Consider handling this case explicitly.- The auxiliary command execution could benefit from additional validation.
Consider applying these improvements:
dockerHoprdEntrypoint = pkgs.writeShellScriptBin "docker-entrypoint.sh" '' set -euo pipefail # if the default listen host has not been set by the user, # we will set it to the container's ip address listen_host="''${HOPRD_DEFAULT_SESSION_LISTEN_HOST:-}" listen_host_preset_ip="''${listen_host%%:*}" listen_host_preset_port="''${listen_host#*:}" if [ -z "''${listen_host_preset_ip:-}" ]; then - listen_host_ip="$(hostname -i)" + # Take the first IP address if multiple are returned + listen_host_ip="$(hostname -i | awk '{print $1}')" + + # Validate IP format + if ! echo "$listen_host_ip" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then + echo "Error: Invalid IP address format: $listen_host_ip" >&2 + exit 1 + fi if [ -z "''${listen_host_preset_port:-}" ]; then listen_host="''${listen_host_ip}" else listen_host="''${listen_host_ip}:''${listen_host_preset_port}" fi fi export HOPRD_DEFAULT_SESSION_LISTEN_HOST="''${listen_host}" if [ -x "/bin/''${1:-}" ]; then + # Validate command is in the allowed list + case "$1" in + hoprd|hoprd-api-schema) + exec "$@" + ;; + *) + echo "Error: Command not allowed: $1" >&2 + exit 1 + ;; + esac - # allow execution of auxiliary commands - exec "$@" else # default to hoprd exec /bin/hoprd "$@" fi '';
180-225: LGTM! Components are well integratedThe integration of the new Docker entrypoint:
- Correctly applies only to hoprd images
- Maintains backward compatibility
- Successfully implements the PR objective of allowing execution of other hopr binaries
This is a good architectural decision as it:
- Simplifies the user experience by auto-configuring the listen host
- Maintains flexibility by allowing user override
- Enables auxiliary command execution while keeping the default behavior
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (2)
flake.nix(1 hunks)nix/docker-builder.nix(2 hunks)
🔇 Additional comments (3)
nix/docker-builder.nix (2)
8-16: LGTM! Package additions support new functionality.
The addition of nettools is appropriate as it provides necessary utilities for the entrypoint script to determine the container's IP address.
1-6: LGTM! Parameter changes align with PR objectives.
The addition of the optional Cmd parameter and parameter reordering improves the interface while maintaining backward compatibility.
Let's verify the usage of this new parameter:
✅ Verification successful
Parameter changes are properly implemented and used
The Cmd parameter is correctly used in the codebase:
- Used in
hoprdDocker image configuration with default command["hoprd"] - Also utilized in another Docker configuration with a different command sequence
- Implementation maintains backward compatibility while adding flexibility for different commands
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check how the new Cmd parameter is used across the codebase
# Expected: Find references showing how different binaries are specified
rg -l "Cmd\s*=" --type nix
Length of output: 38
Script:
#!/bin/bash
# Let's check the actual usage in flake.nix to understand how Cmd is being used
rg "Cmd\s*=" --type nix -A 5 -B 5
Length of output: 1038
flake.nix (1)
219-225: LGTM! Docker configuration is properly set up
The Docker arguments configuration correctly:
- Includes the entrypoint script in the image
- Sets up the entrypoint to use the new script
- Configures the default command to run hoprd
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (1)
flake.nix (1)
181-211: LGTM! The entrypoint script implementation looks solid.The script effectively handles the container's IP address configuration and provides flexibility for running auxiliary commands. Good use of
set -euo pipefailfor error handling.Consider adding these improvements:
- Add a comment explaining why port 50000 is the default
- Add port number validation
if [ -z "${listen_host_preset_ip:-}" ]; then listen_host_ip="$(hostname -i)" + # Validate that we got exactly one IP + if [[ "$listen_host_ip" =~ [[:space:]] ]]; then + echo "Error: Multiple IPs returned by hostname -i" >&2 + exit 1 + fi if [ -z "${listen_host_preset_port:-}" ]; then + # Default port for HOPR sessions listen_host="${listen_host_ip}:50000" else + # Validate port number + if ! [[ "${listen_host_preset_port}" =~ ^[0-9]+$ ]] || \ + [ "${listen_host_preset_port}" -lt 1 ] || \ + [ "${listen_host_preset_port}" -gt 65535 ]; then + echo "Error: Invalid port number: ${listen_host_preset_port}" >&2 + exit 1 + fi listen_host="${listen_host_ip}:${listen_host_preset_port}" fi fi
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
📒 Files selected for processing (1)
flake.nix(1 hunks)
🔇 Additional comments (2)
flake.nix (2)
219-226: LGTM! Docker configuration changes are well-structured.
The changes correctly integrate the new entrypoint script and maintain the default behavior while enabling auxiliary command execution.
219-226: Verify binary availability for auxiliary commands.
The PR description mentions running commands like hoprd-api-schema, but we need to verify if these binaries are included in the Docker image.
This pull request introduces a new Docker entrypoint script which sets the environment variable
HOPRD_DEFAULT_SESSION_LISTEN_HOSTto the docker container's IP, unless it was configured by the user beforehand.This allows session users to only specify the listen port when opening a session, e.g.
:50001, and the hoprd node will use the default internal docker ip automatically.Moreover, other hopr binaries can now be run using the docker image by specifying them as commands. E.g.