Serf uses loopback address on public IP address nodes by default about serf HOT 8 CLOSED

Yes, I don't think this is ever the correct behavior. I think the correct behavior would be to error in this case, because you also probably don't want Serf to just bind to a public network. I think Serf should error if no explicit bind address is set and the only one it can detect is a public one.

If you explicitly set a bind address to the public IP, then it is fine.

Thoughts?

from serf.

I dont fully understand the implications of serf running on a public network. The encryption key protects other members from joining the cluster, so it seems like it would be up to the administrator to responsibly setup the cluster. regardless of the node being in a private or public network, it seems like using dns to lookup the hostname to an IP address would be the correct behavior.

from serf.

We also have to consider the case of not using encryption. Basically, if you want serf to run on a public network I prefer it is explicit so we don't have to deal with people accidentally running over a public network without encryption and then being surprised when there is an incident. I think @mitchellh has a good point that if we cannot find a suitable private address, we should error instead of using loopback.

from serf.

You should probably warn when binding to a public network without encryption explicitly.

from serf.

@thedrow That is a great idea.

from serf.

I second @thedrow

from serf.

In hashicorp/memberlist@e15d81a we now warn if binding to a public address without encryption

from serf.

And in hashicorp/memberlist@54a7ab8 we now error if bind address is "0.0.0.0" and no private IP can be found. Default behavior before was to use loopback.

from serf.