From 8638110f5ec6fa75401dc91ffeb0402ad1f86404 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Tue, 28 Apr 2026 12:40:45 -0700 Subject: [PATCH] Update Cluster-Plan-Inventory-Reference.md --- Cluster-Plan-Inventory-Reference.md | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/Cluster-Plan-Inventory-Reference.md b/Cluster-Plan-Inventory-Reference.md index ba2ea3d..1c7b152 100644 --- a/Cluster-Plan-Inventory-Reference.md +++ b/Cluster-Plan-Inventory-Reference.md @@ -75,16 +75,25 @@ hosts: | Role | Goes into `cluster.yaml` section | Notes | | --- | --- | --- | -| `master` | `master_servers:` | Raft quorum; usually 3 | -| `volume` | `volume_servers:` | Disk count + sizes derived from probe | -| `filer` | `filer_servers:` | Metadata store via `--filer-backend` | -| `s3` | `s3_servers:` | S3 gateway; auto-wired to first filer | -| `sftp` | `sftp_servers:` | SFTP gateway; auto-wired to first filer | -| `admin` | `admin_servers:` | Admin UI; **at most one host** may carry this role (single-instance component); password starts as `CHANGE_ME` | +| `master` | `master_servers:` | Raft quorum; usually 3. Default `ip.bind: 0.0.0.0` | +| `volume` | `volume_servers:` | Disk count + sizes derived from probe. Default `ip.bind: 0.0.0.0` | +| `filer` | `filer_servers:` | Metadata store via `--filer-backend`. Default `ip.bind: 0.0.0.0` | +| `s3` | `s3_servers:` | S3 gateway; auto-wired to first filer. Default `ip.bind: 0.0.0.0` | +| `sftp` | `sftp_servers:` | SFTP gateway; auto-wired to first filer. Default `ip.bind: 0.0.0.0` | +| `admin` | `admin_servers:` | Admin UI; **at most one host** may carry this role (single-instance component); password starts as `CHANGE_ME`. Default `ip.bind: 0.0.0.0` | | `worker` | `worker_servers:` | Maintenance worker; auto-wired to first admin; runs with `-jobType=all` by default (override via `worker_servers[].jobType`) | | `envoy` | `envoy_servers:` | Edge proxy | | `external` | nothing emitted | Documented-but-unmanaged hosts (e.g. an external Postgres). Used with `tag:` for `--filer-backend` substitution; never SSH-probed | +### Why `ip.bind: 0.0.0.0` + +SeaweedFS components default to binding `127.0.0.1` when `-ip.bind` isn't set, which makes them unreachable across the network in any multi-host deploy — peer masters can't form raft quorum, volumes can't register with masters, filers can't be reached by S3 or clients. Plan stamps a wildcard bind on every inbound role: + +- **`0.0.0.0`** for v4 hosts and DNS-name hosts. +- **`::`** for IPv6 hosts (so v6-only inventories don't refuse to bind 0.0.0.0). On dual-stack Linux this also accepts v4 traffic. + +If you need to bind to a specific NIC on a multi-NIC host, hand-edit the `ip.bind:` field on the relevant entry; merge runs preserve the override. + A host with multiple roles produces one entry per role across the matching sections. Inventory-side validation rejects duplicate `(ip, role)` pairs. ## SSH overrides