How can I prevent access to Replicated services on a single host from other nodes in my network?


#1

If you’re running Replicated on a single node among others in a cluster behind your firewall, you might wish to block access to Replicated services from other nodes in your own network. Replicated daemon services listen on the host IP so they can be accessed from other nodes in a clustered configuration, but this behavior may not be desired for a single node install. This recipe shows how to configure Replicated to listen on the IP assigned to the docker0 interface on CentOS 7.

First pre-install docker on your machine.

sudo yum install -y docker

Then run the replicated easy install script.

curl https://get.replicated.com/docker | sudo bash -s no-docker

The machine now has two network interfaces, eth0 and docker0, so the Replicated install script will prompt you to select one. Choose the docker0 interface.

Please choose one of the following network interfaces:
[0] eth0        10.138.0.4
[1] docker0     172.17.0.1
Enter desired number (0-1): 1

After the installation finishes, edit /etc/systemd/system/replicated.service. Find the line that publishes Replicated services ports and change from:

-p 9874-9879:9874-9879/tcp \

to:

-p 172.17.0.1:9874-9879:9874-9879/tcp \

Then restart Replicated for the changes to take effect.

sudo systemctl daemon-reload
sudo systemctl restart replicated