clustering: tweak allowlist generation
Instead of trying to resolve the network CIDR from the local unit for all units in the cluster just use the actual IP addresses of the cluster unit when generating the IP allowlist for cluster connectivity. Also add the network CIDR for the local units cluster address which is the only one that will be guaranteed to be resolvable. For deployments where all units are on the same Layer 2 network addition of units with complete automatically - in Layer 3 routed network topologies new units will be blocked until the update-unit-acls action is executed which is a service disruption operation. Closes-Bug: 1926460 Change-Id: I16e43c37e1af02fb0e23a9c460d70bf5e1dd0fb1
This commit is contained in:
parent
8378c9dd89
commit
737179482c
|
@ -570,15 +570,16 @@ class MySQLInnoDBClusterCharm(charms_openstack.charm.OpenStackCharm):
|
||||||
leadership.leader_set({
|
leadership.leader_set({
|
||||||
make_cluster_instance_configured_key(address): True})
|
make_cluster_instance_configured_key(address): True})
|
||||||
|
|
||||||
def get_cluster_subnets(self):
|
def get_cluster_addresses(self):
|
||||||
"""Return a list of subnets covering all units.
|
"""Return a sorted list of addresses covering all units.
|
||||||
|
|
||||||
:returns: List of subnets
|
:returns: List of addresses
|
||||||
:rtype: List
|
:rtype: List
|
||||||
"""
|
"""
|
||||||
ips = self.cluster_peer_addresses
|
ips = self.cluster_peer_addresses
|
||||||
ips.append(self.cluster_address)
|
ips.append(self.cluster_address)
|
||||||
return list(set([ch_net_ip.resolve_network_cidr(ip) for ip in ips]))
|
ips.append(ch_net_ip.resolve_network_cidr(self.cluster_address))
|
||||||
|
return sorted(ips)
|
||||||
|
|
||||||
def generate_ip_allowlist_str(self):
|
def generate_ip_allowlist_str(self):
|
||||||
"""Generate an ip allow list to permit all units to access each other.
|
"""Generate an ip allow list to permit all units to access each other.
|
||||||
|
@ -590,7 +591,7 @@ class MySQLInnoDBClusterCharm(charms_openstack.charm.OpenStackCharm):
|
||||||
:rtype: str
|
:rtype: str
|
||||||
"""
|
"""
|
||||||
return "127.0.0.1,::1,{}".format(
|
return "127.0.0.1,::1,{}".format(
|
||||||
",".join(sorted(self.get_cluster_subnets())))
|
",".join(self.get_cluster_addresses()))
|
||||||
|
|
||||||
def reached_quorum(self):
|
def reached_quorum(self):
|
||||||
"""Check if all peer units have joined.
|
"""Check if all peer units have joined.
|
||||||
|
|
|
@ -555,8 +555,8 @@ class TestMySQLInnoDBClusterCharm(test_utils.PatchHelper):
|
||||||
@mock.patch(('charm.openstack.mysql_innodb_cluster.'
|
@mock.patch(('charm.openstack.mysql_innodb_cluster.'
|
||||||
'MySQLInnoDBClusterCharm.cluster_address'),
|
'MySQLInnoDBClusterCharm.cluster_address'),
|
||||||
new_callable=mock.PropertyMock)
|
new_callable=mock.PropertyMock)
|
||||||
def test_get_cluster_subnets(self, cluster_address,
|
def test_get_cluster_addresses(self, cluster_address,
|
||||||
cluster_peer_addresses):
|
cluster_peer_addresses):
|
||||||
self.patch_object(
|
self.patch_object(
|
||||||
mysql_innodb_cluster.ch_net_ip,
|
mysql_innodb_cluster.ch_net_ip,
|
||||||
"resolve_network_cidr",
|
"resolve_network_cidr",
|
||||||
|
@ -568,12 +568,13 @@ class TestMySQLInnoDBClusterCharm(test_utils.PatchHelper):
|
||||||
cluster_address.return_value = '10.0.0.12'
|
cluster_address.return_value = '10.0.0.12'
|
||||||
midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm()
|
midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm()
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
midbc.get_cluster_subnets(),
|
midbc.get_cluster_addresses(),
|
||||||
['10.10.0.0/24', '10.0.0.0/24'])
|
['10.0.0.0/24', '10.0.0.11', '10.0.0.12',
|
||||||
|
'10.0.0.13', '10.10.0.10'])
|
||||||
|
|
||||||
def test_generate_ip_allowlist_str(self):
|
def test_generate_ip_allowlist_str(self):
|
||||||
midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm()
|
midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm()
|
||||||
midbc.get_cluster_subnets = lambda: ['10.0.0.10', '10.0.0.11']
|
midbc.get_cluster_addresses = lambda: ['10.0.0.10', '10.0.0.11']
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
midbc.generate_ip_allowlist_str(),
|
midbc.generate_ip_allowlist_str(),
|
||||||
'127.0.0.1,::1,10.0.0.10,10.0.0.11')
|
'127.0.0.1,::1,10.0.0.10,10.0.0.11')
|
||||||
|
|
Loading…
Reference in New Issue