clustering: tweak allowlist generation

Instead of trying to resolve the network CIDR from the local unit for all units in the cluster just use the actual IP addresses of the cluster unit when generating the IP allowlist for cluster connectivity. Also add the network CIDR for the local units cluster address which is the only one that will be guaranteed to be resolvable. For deployments where all units are on the same Layer 2 network addition of units with complete automatically - in Layer 3 routed network topologies new units will be blocked until the update-unit-acls action is executed which is a service disruption operation. Closes-Bug: 1926460 Change-Id: I16e43c37e1af02fb0e23a9c460d70bf5e1dd0fb1
2021-06-11 12:14:59 +01:00 · 2021-06-11 12:14:59 +01:00 · 737179482c
parent 8378c9dd89
commit 737179482c
2 changed files with 12 additions and 10 deletions
--- a/src/lib/charm/openstack/mysql_innodb_cluster.py
+++ b/src/lib/charm/openstack/mysql_innodb_cluster.py
@ -570,15 +570,16 @@ class MySQLInnoDBClusterCharm(charms_openstack.charm.OpenStackCharm):
        leadership.leader_set({
            make_cluster_instance_configured_key(address): True})

-    def get_cluster_subnets(self):
-        """Return a list of subnets covering all units.
+    def get_cluster_addresses(self):
+        """Return a sorted list of addresses covering all units.

-        :returns: List of subnets
+        :returns: List of addresses
        :rtype: List
        """
        ips = self.cluster_peer_addresses
        ips.append(self.cluster_address)
-        return list(set([ch_net_ip.resolve_network_cidr(ip) for ip in ips]))
+        ips.append(ch_net_ip.resolve_network_cidr(self.cluster_address))
+        return sorted(ips)

    def generate_ip_allowlist_str(self):
        """Generate an ip allow list to permit all units to access each other.
@ -590,7 +591,7 @@ class MySQLInnoDBClusterCharm(charms_openstack.charm.OpenStackCharm):
        :rtype: str
        """
        return "127.0.0.1,::1,{}".format(
-            ",".join(sorted(self.get_cluster_subnets())))
+            ",".join(self.get_cluster_addresses()))

    def reached_quorum(self):
        """Check if all peer units have joined.
--- a/unit_tests/test_lib_charm_openstack_mysql_innodb_cluster.py
+++ b/unit_tests/test_lib_charm_openstack_mysql_innodb_cluster.py
@ -555,8 +555,8 @@ class TestMySQLInnoDBClusterCharm(test_utils.PatchHelper):
    @mock.patch(('charm.openstack.mysql_innodb_cluster.'
                 'MySQLInnoDBClusterCharm.cluster_address'),
                new_callable=mock.PropertyMock)
-    def test_get_cluster_subnets(self, cluster_address,
-                                 cluster_peer_addresses):
+    def test_get_cluster_addresses(self, cluster_address,
+                                   cluster_peer_addresses):
        self.patch_object(
            mysql_innodb_cluster.ch_net_ip,
            "resolve_network_cidr",
@ -568,12 +568,13 @@ class TestMySQLInnoDBClusterCharm(test_utils.PatchHelper):
        cluster_address.return_value = '10.0.0.12'
        midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm()
        self.assertEqual(
-            midbc.get_cluster_subnets(),
-            ['10.10.0.0/24', '10.0.0.0/24'])
+            midbc.get_cluster_addresses(),
+            ['10.0.0.0/24', '10.0.0.11', '10.0.0.12',
+             '10.0.0.13', '10.10.0.10'])

    def test_generate_ip_allowlist_str(self):
        midbc = mysql_innodb_cluster.MySQLInnoDBClusterCharm()
-        midbc.get_cluster_subnets = lambda: ['10.0.0.10', '10.0.0.11']
+        midbc.get_cluster_addresses = lambda: ['10.0.0.10', '10.0.0.11']
        self.assertEqual(
            midbc.generate_ip_allowlist_str(),
            '127.0.0.1,::1,10.0.0.10,10.0.0.11')