Choose safer default advertise address #1955
Conversation
| @@ -115,7 +110,7 @@ func (a *Agent) serverConfig() (*nomad.Config, error) { | |||
| if a.config.Server.BootstrapExpect == 1 { | |||
| conf.Bootstrap = true | |||
| } else { | |||
| atomic.StoreInt32(&conf.BootstrapExpect, int32(a.config.Server.BootstrapExpect)) | |||
| conf.BootstrapExpect = int32(a.config.Server.BootstrapExpect) | |||
There was a problem hiding this comment.
This code is never called concurrently with any other readers/writers (it's before the server is started), so I removed the atomic.
There was a problem hiding this comment.
I would just use the atomics. It is easier to just know that all users of the atomic variable are accessing it atomically
| @@ -115,7 +110,7 @@ func (a *Agent) serverConfig() (*nomad.Config, error) { | |||
| if a.config.Server.BootstrapExpect == 1 { | |||
| conf.Bootstrap = true | |||
| } else { | |||
| atomic.StoreInt32(&conf.BootstrapExpect, int32(a.config.Server.BootstrapExpect)) | |||
| conf.BootstrapExpect = int32(a.config.Server.BootstrapExpect) | |||
There was a problem hiding this comment.
I would just use the atomics. It is easier to just know that all users of the atomic variable are accessing it atomically
| @@ -135,11 +130,11 @@ func (a *Agent) serverConfig() (*nomad.Config, error) { | |||
| } | |||
|
|
|||
| // Set up the bind addresses | |||
| rpcAddr, err := a.getRPCAddr(true) | |||
| rpcAddr, err := net.ResolveTCPAddr("tcp", a.config.Addresses.RPC) | |||
There was a problem hiding this comment.
Mentioned offline that it isn't always the case that the client can resolve its advertise address
There was a problem hiding this comment.
After some investigation and discussion I discovered RPC and Serf advertise addresses are resolved later on in much harder to fix places, so we're not going to worry about it in this PR.
| // Use getAdvertise(&config.AdvertiseAddrs.<Service>, <Port>) to | ||
| // retrieve a default address for advertising if one isn't set. | ||
| defaultAdvertise := "" | ||
| getAdvertise := func(addr *string, port int) bool { |
There was a problem hiding this comment.
make it its own function func(addr string, port int) (string, error) so that it can be tested
| @@ -234,6 +234,7 @@ func NewServer(config *Config, consulSyncer *consul.Syncer, logger *log.Logger) | |||
| } | |||
|
|
|||
| // Initialize the RPC layer | |||
|
|
|||
| } | ||
|
|
||
| // Autoconfigure using previously set default | ||
| if defaultAdvertise != "" { |
There was a problem hiding this comment.
After its own function think you can remove this
| // retrieve a default address for advertising if one isn't set. | ||
| defaultAdvertise := "" | ||
| getAdvertise := func(addr *string, port int) bool { | ||
| if *addr != "" { |
There was a problem hiding this comment.
Should still be an error if they explicitly advertise 0.0.0.0 or localhost (in any of its ipv4 or v6 forms, or via resolution)
| defaultAdvertise := "" | ||
| getAdvertise := func(addr *string, port int) bool { | ||
| if *addr != "" { | ||
| // Default to using manually configured address |
There was a problem hiding this comment.
We should be able to append the default port (see original behavior)
* -dev mode defaults bind & advertise to localhost * Normal mode defaults bind to 0.0.0.0 & advertise to the resolved hostname. If the hostname resolves to localhost it will refuse to start and advertise must be manually set.
schmichael
force-pushed
the
b-fix-default-advertise
branch
from
4c2e6cc to
2c4b19f
Compare
| if addr := a.serverSerfAddr; addr != "10.0.0.12:4004" { | ||
| t.Fatalf("expect 10.0.0.12:4004, got: %s", addr) | ||
| if port := out.SerfConfig.MemberlistConfig.BindPort; port != 4004 { | ||
| t.Fatalf("expect 4648, got: ^d", port) |
| // | ||
| // Returns true if config is ok and false on errors. Since some normalization | ||
| // issues aren't fatal a logger must be provided to emit warnings. | ||
| func (c *Config) normalize(logger func(string), dev bool) bool { |
There was a problem hiding this comment.
Can we return an error instead?
|
|
||
| // Set the default port for this service to the bound port to keep | ||
| // configuration consistent. | ||
| if port != *defport { |
There was a problem hiding this comment.
What are you doing here? Have to say not really a fan of taking a pointer to the value. More idiomatic to just return the new value and not modify the caller
Store address+port in an unexported field for ease-of-use
| @@ -658,137 +663,116 @@ func (c *Config) Merge(b *Config) *Config { | |||
| return &result | |||
| } | |||
|
|
|||
| // normalize config to set defaults and prevent nil derefence panics. | |||
| // normalize Addresses and AdvertiseAddrs to always be initialized and have | |||
| if err != nil { | ||
| return fmt.Errorf("Failed to parse HTTP advertise address: %v", err) | ||
| } | ||
| c.AdvertiseAddrs.HTTP = addr |
There was a problem hiding this comment.
Fine for this PR but I would have imagined having normalizedBindAddrs and normalizedAdvertiseAddrs and never modifying the user supplied configs.
There was a problem hiding this comment.
Made an issue and assigned to me - #1971
| // | ||
| // Loopback is only considered a valid advertise address in dev mode. | ||
| func normalizeAdvertise(addr string, bind string, defport int, dev bool) (string, error) { | ||
| if addr != "" { |
There was a problem hiding this comment.
[summarizing offline discussion here]
Uses it here but hard fails later in rpc/serf code that resolves advertise addresses.
This matches 0.4.1 behavior, and trying to fix rpc & serf so that they don't resolve advertise addresses is out of scope for 0.5.
Leaving as-is.
Update address docs to match behavior in #1955
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
hostname. If the hostname resolves to localhost it will refuse to
start and advertise must be manually set.