From 737179482c2bfb209a7d322793b4ac925181b639 Mon Sep 17 00:00:00 2001 From: James Page Date: Fri, 11 Jun 2021 12:14:59 +0100 Subject: [PATCH] clustering: tweak allowlist generation Instead of trying to resolve the network CIDR from the local unit for all units in the cluster just use the actual IP addresses of the cluster unit when generating the IP allowlist for cluster connectivity. Also add the network CIDR for the local units cluster address which is the only one that will be guaranteed to be resolvable. For deployments where all units are on the same Layer 2 network addition of units with complete automatically - in Layer 3 routed network topologies new units will be blocked until the update-unit-acls action is executed which is a service disruption operation. Closes-Bug: 1926460 Change-Id: I16e43c37e1af02fb0e23a9c460d70bf5e1dd0fb1 --- src/lib/charm/openstack/mysql_innodb_cluster.py | 11 ++++++----- .../test_lib_charm_openstack_mysql_innodb_cluster.py | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/lib/charm/openstack/mysql_innodb_cluster.py b/src/lib/charm/openstack/mysql_innodb_cluster.py index a451a16..4fa327c 100644 --- a/src/lib/charm/openstack/mysql_innodb_cluster.py +++ b/src/lib/charm/openstack/mysql_innodb_cluster.py @@ -570,15 +570,16 @@ class MySQLInnoDBClusterCharm(charms_openstack.charm.OpenStackCharm): leadership.leader_set({ make_cluster_instance_configured_key(address): True}) - def get_cluster_subnets(self): - """Return a list of subnets covering all units. + def get_cluster_addresses(self): + """Return a sorted list of addresses covering all units. - :returns: List of subnets + :returns: List of addresses :rtype: List """ ips = self.cluster_peer_addresses ips.append(self.cluster_address) - return list(set([ch_net_ip.resolve_network_cidr(ip) for ip in ips])) + ips.append(ch_net_ip.resolve_network_cidr(self.cluster_address)) + return sorted(ips) def generate_ip_allowlist_str(self): """Generate an ip allow list to permit all units to access each other. @@ -590,7 +591,7 @@ class MySQLInnoDBClusterCharm(charms_openstack.charm.OpenStackCharm): :rtype: str """ return "127.0.0.1,::1,{}".format( - ",".join(sorted(self.get_cluster_subnets()))) + ",".join(self.get_cluster_addresses())) def reached_quorum(self): """Check if all peer units have joined. diff --git a/unit_tests/test_lib_charm_openstack_mysql_innodb_cluster.py b/unit_tests/test_lib_charm_openstack_mysql_innodb_cluster.py index 404e648..f01526a 100644 --- a/unit_tests/test_lib_charm_openstack_mysql_innodb_cluster.py +++ b/unit_tests/test_lib_charm_openstack_mysql_innodb_cluster.py @@ -555,8 +555,8 @@ class TestMySQLInnoDBClusterCharm(test_utils.PatchHelper): @mock.patch(('charm.openstack.mysql_innodb_cluster.' 'MySQLInnoDBClusterCharm.cluster_address'), new_callable=mock.PropertyMock) - def test_get_cluster_subnets(self, cluster_address, - cluster_peer_addresses): + def test_get_cluster_addresses(self, cluster_address, + cluster_peer_addresses): self.patch_object( mysql_innodb_cluster.ch_net_ip, "resolve_network_cidr", @@ -568,12 +568,13 @@ class TestMySQLInnoDBClusterCharm(test_utils.PatchHelper): cluster_address.return_value = '10.0.0.12' midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm() self.assertEqual( - midbc.get_cluster_subnets(), - ['10.10.0.0/24', '10.0.0.0/24']) + midbc.get_cluster_addresses(), + ['10.0.0.0/24', '10.0.0.11', '10.0.0.12', + '10.0.0.13', '10.10.0.10']) def test_generate_ip_allowlist_str(self): midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm() - midbc.get_cluster_subnets = lambda: ['10.0.0.10', '10.0.0.11'] + midbc.get_cluster_addresses = lambda: ['10.0.0.10', '10.0.0.11'] self.assertEqual( midbc.generate_ip_allowlist_str(), '127.0.0.1,::1,10.0.0.10,10.0.0.11')