cmd/storagenode: make supervisor HTTP Server configurable

The current supervisord condifguration sets up the HTTP server
to listen on a tcp socket which is private i.e. available only
on localhost. This poses a regression where multiple containers
cannot be run if the host network interface is used when docker
container is run with `--network host` option.

This change adds a new env variable `SUPERVISOR_SERVER`, with
potential values `unix | private_port | public_port`, where
`unix` is set as the default value.

By default, the HTTP server is now set to listen on a UNIX
domain socket.
The file path is set to `/etc/supervisor/supervisor.sock`
instead of the /tmp directory since some systems
periodically delete older files in /tmp. If the socket file is
deleted, supervisorctl will be unable to connect to supervisord.

When SUPERVISOR_SERVER is set to `public_port` or `private_port`,
the HTTP server is set to listen on a TCP socket.

Resolves https://github.com/storj/storj/issues/4661

Change-Id: I224836dcae0293bcfe49874f2748be7723944687

cmd/storagenode/Dockerfile

@@ -1,12 +1,14 @@
 ARG DOCKER_ARCH
 ARG DOCKER_PLATFORM
 
-FROM --platform=${DOCKER_PLATFORM:-linux/amd64} storjlabs/storagenode-base:af1f0aa94-${DOCKER_ARCH:-amd64}
+FROM --platform=${DOCKER_PLATFORM:-linux/amd64} storjlabs/storagenode-base:70e276ecb-${DOCKER_ARCH:-amd64}
 ARG TAG
 ARG GOARCH
 ARG VERSION_SERVER_URL
+ARG SUPERVISOR_SERVER
 ENV GOARCH ${GOARCH:-amd64}
 ENV VERSION_SERVER_URL ${VERSION_SERVER_URL:-https://version.storj.io}
+ENV SUPERVISOR_SERVER ${SUPERVISOR_SERVER:-unix}
 EXPOSE 28967
 EXPOSE 14002
 # copy the files individually to avoid overriding the permissions on the folders

cmd/storagenode/docker-base/etc/supervisor/supervisord.conf

@@ -8,15 +8,15 @@ childlogdir=/var/log/supervisor
 [rpcinterface:supervisor]
 supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 
-[inet_http_server]
-port = 127.0.0.1:9001
-username = dummy
-password = dummy
+[unix_http_server]
+file=/etc/supervisor/supervisor.sock
+username=dummy
+password=dummy
 
 [supervisorctl]
-serverurl = http://127.0.0.1:9001
-username = dummy
-password = dummy
+serverurl=unix:///etc/supervisor/supervisor.sock
+username=dummy
+password=dummy
 
 [program:storagenode-updater]
 command=/app/storagenode-updater

cmd/storagenode/docker/entrypoint

@@ -46,6 +46,8 @@ if [ ! -f "storagenode" ]; then
   fi
 fi
 
+SUPERVISOR_SERVER="${SUPERVISOR_SERVER:-unix}"
+
 RUN_PARAMS="${RUN_PARAMS:-} --config-dir config"
 RUN_PARAMS="${RUN_PARAMS} --identity-dir identity"
 RUN_PARAMS="${RUN_PARAMS} --metrics.app-suffix=-alpha"
@@ -93,5 +95,31 @@ else
      sed -i "s#^user=root##" /etc/supervisor/supervisord.conf
   fi
 
+  #
+  case ${SUPERVISOR_SERVER} in
+  	unix) # default
+  	;;
+  	public_port)
+  	  # replace unix_http_server section to inet_http_server
+  		sed -i "s#^\[unix_http_server\]\$#\[inet_http_server\]#" /etc/supervisor/supervisord.conf
+  		# replace unix socket file with tcp public port
+      sed -i "s#^file=/etc/supervisor/supervisor.sock\$#port=*:9001#" /etc/supervisor/supervisord.conf
+      # set server url to http server address
+      sed -i "s#^serverurl=unix:///etc/supervisor/supervisor.sock\$#serverurl=http://127.0.0.1:9001#" /etc/supervisor/supervisord.conf
+  	;;
+  	private_port)
+  	  # replace unix_http_server section to inet_http_server
+  		sed -i "s#^\[unix_http_server\]\$#\[inet_http_server\]#" /etc/supervisor/supervisord.conf
+  		# replace unix socket file with tcp private port .i.e. listens on only localhost
+      sed -i "s#^file=/etc/supervisor/supervisor.sock\$#port=127.0.0.1:9001#" /etc/supervisor/supervisord.conf
+       # set server url to http server address
+      sed -i "s#^serverurl=unix:///etc/supervisor/supervisor.sock\$#serverurl=http://127.0.0.1:9001#" /etc/supervisor/supervisord.conf
+  	;;
+  	*)
+  		echo "Invalid value '${SUPERVISOR_SERVER}' for SUPERVISOR_SERVER. Expected 'unix', 'public_port' or 'private_port'"
+  		exit 1
+  	;;
+  esac
+
   exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
 fi