Ensure that loopback is used for the advertised address when resetting

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
pull/7209/head
Brad Davidson 2023-03-24 22:19:44 +00:00 committed by Brad Davidson
parent 877247a691
commit b010db0cff
1 changed files with 17 additions and 7 deletions

View File

@ -182,7 +182,7 @@ func (e *ETCD) SetControlConfig(ctx context.Context, config *config.Control) err
e.client.Close()
}()
address, err := GetAdvertiseAddress(config.PrivateIP)
address, err := getAdvertiseAddress(config.PrivateIP)
if err != nil {
return err
}
@ -537,7 +537,7 @@ func (e *ETCD) Register(ctx context.Context, config *config.Control, handler htt
e.client.Close()
}()
address, err := GetAdvertiseAddress(config.PrivateIP)
address, err := getAdvertiseAddress(config.PrivateIP)
if err != nil {
return nil, err
}
@ -708,7 +708,7 @@ func toTLSConfig(runtime *config.ControlRuntime) (*tls.Config, error) {
}
// getAdvertiseAddress returns the IP address best suited for advertising to clients
func GetAdvertiseAddress(advertiseIP string) (string, error) {
func getAdvertiseAddress(advertiseIP string) (string, error) {
ip := advertiseIP
if ip == "" {
ipAddr, err := utilnet.ChooseHostInterface()
@ -809,9 +809,19 @@ func (e *ETCD) clientURL() string {
return fmt.Sprintf("https://%s", net.JoinHostPort(e.address, "2379"))
}
// advertiseClientURLs returns the advertised addresses for the local node.
// During cluster reset/restore we only listen on loopback to avoid having apiservers
// on other nodes connect mid-process.
func (e *ETCD) advertiseClientURLs(reset bool) string {
if reset {
return fmt.Sprintf("https://%s", net.JoinHostPort(e.config.Loopback(true), "2379"))
}
return e.clientURL()
}
// listenClientURLs returns a list of URLs to bind to for client connections.
// During cluster reset/restore, we only listen on loopback to avoid having the apiserver
// connect mid-process.
// During cluster reset/restore, we only listen on loopback to avoid having apiservers
// on other nodes connect mid-process.
func (e *ETCD) listenClientURLs(reset bool) string {
clientURLs := fmt.Sprintf("https://%s:2379", e.config.Loopback(true))
if !reset {
@ -839,7 +849,7 @@ func (e *ETCD) cluster(ctx context.Context, reset bool, options executor.Initial
ListenClientURLs: e.listenClientURLs(reset),
ListenMetricsURLs: e.listenMetricsURLs(reset),
ListenPeerURLs: e.listenPeerURLs(reset),
AdvertiseClientURLs: e.clientURL(),
AdvertiseClientURLs: e.advertiseClientURLs(reset),
DataDir: DBDir(e.config),
ServerTrust: executor.ServerTrust{
CertFile: e.config.Runtime.ServerETCDCert,
@ -1142,7 +1152,7 @@ func ClientURLs(ctx context.Context, clientAccessInfo *clientaccess.Info, selfIP
if err := json.Unmarshal(resp, &memberList); err != nil {
return nil, memberList, err
}
ip, err := GetAdvertiseAddress(selfIP)
ip, err := getAdvertiseAddress(selfIP)
if err != nil {
return nil, memberList, err
}