-
Notifications
You must be signed in to change notification settings - Fork 3.8k
/
Copy patherror.go
231 lines (200 loc) · 7.76 KB
/
error.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
// Copyright 2016 The Cockroach Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
// implied. See the License for the specific language governing
// permissions and limitations under the License.
package cli
import (
"context"
"crypto/x509"
"fmt"
"net"
"regexp"
"strings"
"github.com/lib/pq"
"github.com/pkg/errors"
"github.com/spf13/cobra"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/cockroachdb/cockroach/pkg/security"
"github.com/cockroachdb/cockroach/pkg/sql/pgwire/pgerror"
"github.com/cockroachdb/cockroach/pkg/util/grpcutil"
"github.com/cockroachdb/cockroach/pkg/util/log"
"github.com/cockroachdb/cockroach/pkg/util/netutil"
)
// reConnRefused is a regular expression that can be applied
// to the details of a GRPC connection failure.
//
// On *nix, a connect error looks like:
// dial tcp <addr>: <syscall>: connection refused
// On Windows, it looks like:
// dial tcp <addr>: <syscall>: No connection could be made because the target machine actively refused it.
// So we look for the common bit.
var reGRPCConnRefused = regexp.MustCompile(`Error while dialing dial tcp .*: connection.* refused`)
// reGRPCNoTLS is a regular expression that can be applied to the
// details of a GRPC auth failure when the server is insecure.
var reGRPCNoTLS = regexp.MustCompile(`authentication handshake failed: tls: first record does not look like a TLS handshake`)
// reGRPCAuthFailure is a regular expression that can be applied to
// the details of a GRPC auth failure when the SSL handshake fails.
var reGRPCAuthFailure = regexp.MustCompile(`authentication handshake failed: x509`)
// reGRPCConnFailed is a regular expression that can be applied
// to the details of a GRPC connection failure when, perhaps,
// the server was expecting a TLS handshake but the client didn't
// provide one (i.e. the client was started with --insecure).
// Note however in that case it's not certain what the problem is,
// as the same error could be raised for other reasons.
var reGRPCConnFailed = regexp.MustCompile(`desc = transport is closing`)
// MaybeDecorateGRPCError catches grpc errors and provides a more helpful error
// message to the user.
func MaybeDecorateGRPCError(
wrapped func(*cobra.Command, []string) error,
) func(*cobra.Command, []string) error {
return func(cmd *cobra.Command, args []string) error {
err := wrapped(cmd, args)
if err == nil {
return nil
}
extraInsecureHint := func() string {
extra := ""
if baseCfg.Insecure {
extra = "\nIf the node is configured to require secure connections,\n" +
"remove --insecure and configure secure credentials instead.\n"
}
return extra
}
connFailed := func() error {
const format = "cannot dial server.\n" +
"Is the server started already?\n" +
"If the server is started, check --host client-side and --advertise server-side.\n\n%v"
return errors.Errorf(format, err)
}
connSecurityHint := func() error {
const format = "SSL authentication error while connecting.\n%s\n%v"
return errors.Errorf(format, extraInsecureHint(), err)
}
connInsecureHint := func() error {
return errors.Errorf("cannot establish secure connection to insecure server.\n"+
"Maybe use --insecure?\n\n%v", err)
}
connRefused := func() error {
extra := extraInsecureHint()
return errors.Errorf("server closed the connection.\n"+
"Is this a CockroachDB node?\n"+extra+"\n%v", err)
}
// Is this an "unable to connect" type of error?
unwrappedErr := errors.Cause(err)
if unwrappedErr == pq.ErrSSLNotSupported {
// SQL command failed after establishing a TCP connection
// successfully, but discovering that it cannot use TLS while it
// expected the server supports TLS.
return connInsecureHint()
} else if errMsg := unwrappedErr.Error(); errMsg == "EOF" || errMsg == "unexpected EOF" {
// SQL command failed after establishing a TCP connection
// successfully, something else than CockroachDB responded, was
// confused and closed the door on us.
return connRefused()
}
switch wErr := unwrappedErr.(type) {
case *security.Error:
return errors.Errorf("cannot load certificates.\n"+
"Check your certificate settings, set --certs-dir, or use --insecure for insecure clusters.\n\n%v",
unwrappedErr)
case *x509.UnknownAuthorityError:
// A SQL connection was attempted with an incorrect CA.
return connSecurityHint()
case *pq.Error:
// SQL commands will fail with a pq error but only after
// establishing a TCP connection successfully. So if we got
// here, there was a TCP connection already.
// Did we fail due to security settings?
if wErr.Code == pgerror.CodeProtocolViolationError {
return connSecurityHint()
}
// Otherwise, there was a regular SQL error. Just report that.
return wErr
case *net.OpError:
// A non-RPC client command was used (e.g. a SQL command) and an
// error occurred early while establishing the TCP connection.
// Is this a TLS error?
if msg := wErr.Err.Error(); strings.HasPrefix(msg, "tls: ") {
// Error during the SSL handshake: a provided client
// certificate was invalid, but the CA was OK. (If the CA was
// not OK, we'd get a x509 error, see case above.)
return connSecurityHint()
}
return connFailed()
case *netutil.InitialHeartbeatFailedError:
// A GRPC TCP connection was established but there was an early failure.
// Try to distinguish the cases.
msg := wErr.Error()
if reGRPCConnRefused.MatchString(msg) {
return connFailed()
}
if reGRPCNoTLS.MatchString(msg) {
return connInsecureHint()
}
if reGRPCAuthFailure.MatchString(msg) {
return connSecurityHint()
}
if reGRPCConnFailed.MatchString(msg) {
return connRefused()
}
// Other cases may be timeouts or other situations, these
// will be handled below.
}
opTimeout := func() error {
return errors.Errorf("operation timed out.\n\n%v", err)
}
// Is it a plain context cancellation (i.e. timeout)?
switch unwrappedErr {
case context.DeadlineExceeded:
return opTimeout()
case context.Canceled:
return opTimeout()
}
// Is it a GRPC-observed context cancellation (i.e. timeout), a GRPC
// connection error, or a known indication of a too-old server?
if code := status.Code(unwrappedErr); code == codes.DeadlineExceeded {
return opTimeout()
} else if code == codes.Unimplemented &&
strings.Contains(unwrappedErr.Error(), "unknown method Decommission") ||
strings.Contains(unwrappedErr.Error(), "unknown service cockroach.server.serverpb.Init") {
return fmt.Errorf(
"incompatible client and server versions (likely server version: v1.0, required: >=v1.1)")
} else if grpcutil.IsClosedConnection(unwrappedErr) {
return errors.Errorf("connection lost.\n\n%v", err)
}
// Nothing we can special case, just return what we have.
return err
}
}
// maybeShoutError calls log.Shout on errors, better surfacing problems to the user.
func maybeShoutError(
wrapped func(*cobra.Command, []string) error,
) func(*cobra.Command, []string) error {
return func(cmd *cobra.Command, args []string) error {
err := wrapped(cmd, args)
return checkAndMaybeShout(err)
}
}
func checkAndMaybeShout(err error) error {
if err == nil {
return nil
}
severity := log.Severity_ERROR
cause := err
if ec, ok := errors.Cause(err).(*cliError); ok {
severity = ec.severity
cause = ec.cause
}
log.Shout(context.Background(), severity, cause)
return err
}