-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cli/server: Use AdvertiseAddr instead of Addr where appropriate #17145
Conversation
As far as I can tell, this wasn't actually breaking anything, since getClientGRPCConn, the only caller of addrWithDefaultHost, isn't called from within the start command, which is the only command where AdvertiseAddr can differ from Addr. Fixes cockroachdb#17143
@@ -910,7 +910,7 @@ func (s *Server) Start(ctx context.Context) error { | |||
s.stopper.AddCloser(stop.CloserFn(gwCancel)) | |||
|
|||
// Setup HTTP<->gRPC handlers. | |||
conn, err := s.rpcContext.GRPCDial(s.cfg.Addr) | |||
conn, err := s.rpcContext.GRPCDial(s.cfg.AdvertiseAddr) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are you sure that's right? Depending on Addr vs AdvertiseAddr and the network topology, this may force local connections to go through an external interface, even a firewall.
Reviewed 1 of 1 files at r1, 1 of 1 files at r2. pkg/cli/start.go, line 626 at r1 (raw file):
this function has just one caller - can we inline it? I don't think it does anything other than obscure things. pkg/server/server.go, line 913 at r2 (raw file): Previously, mberhault (marc) wrote…
+1 Continues to be a bummer that we can't directly forward to the local server. Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/cli/start.go, line 626 at r1 (raw file): Previously, tamird (Tamir Duberstein) wrote…
It seems like a reasonably well-contained function to me. Are you fine with leaving it? pkg/server/server.go, line 913 at r2 (raw file): Previously, tamird (Tamir Duberstein) wrote…
Depending on the network configuration, it certainly could make local connections less efficient, but I can't think of a case in which it flat out wouldn't work. Can you? Because a node's AdvertiseAddr will always have to be included in that node's cert, and it will always have to be routable as well. Always using the hostname can fail if the hostname isn't routable (as with the hostname on same Macs) or wasn't included in the cert (as can easily be the case in container-based deployments if the admin isn't careful about setting each container's hostname). Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file): Previously, a-robinson (Alex Robinson) wrote…
Of course, falling back from Addr to AdvertiseAddr upon error would presumably be best, but in my testing this never returned an error, so we'd have to rework what we're doing here to fail fast and detect the problem. Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/cli/start.go, line 626 at r1 (raw file): Previously, a-robinson (Alex Robinson) wrote…
I guess; it seems to me that it does more to obscure than to abstract. pkg/server/server.go, line 913 at r2 (raw file):
Isn't this what #16177 was about? Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file): Previously, tamird (Tamir Duberstein) wrote…
Yes, that ensures the hostname is always routable, but not that it's always included in the cert. And always including it in the cert isn't practical in all environments. Perhaps we could fall back to insecure connections when node is connecting to itself, although if we're investing the effort it'd probably be better placed in trying to forward directly to the local server. Do you have a pointer to discussion on why that wasn't feasible? Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file): Previously, a-robinson (Alex Robinson) wrote…
There's no discussion - there's just no API to do it in grpc-gateway; see e.g. https://godoc.org/github.com/cockroachdb/cockroach/pkg/server/serverpb#RegisterAdminHandler which wants a Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file):
Can't we use Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file): Previously, bdarnell (Ben Darnell) wrote…
I'm pretty sure Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file): Previously, tamird (Tamir Duberstein) wrote…
I'm not sure I understand. Isn't that mostly what we're already doing? https://github.com/cockroachdb/cockroach/blob/master/pkg/server/server.go#L583 It's fine if we don't want to do this due to the extra networking complexity involved. It would certainly be better to only fall back to Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file):
I did a quick test and
Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file): Previously, bdarnell (Ben Darnell) wrote…
It will be guaranteed to route, but won't work in the case where the cluster is secured and the node's certificate doesn't include Comments from Reviewable |
Review status: all files reviewed at latest revision, 2 unresolved discussions, all commit checks successful. pkg/server/server.go, line 913 at r2 (raw file): Previously, a-robinson (Alex Robinson) wrote…
It should be safe to disable certificate hostname verification in this case. Comments from Reviewable |
@bdarnell, can you confirm how your proposed change would affect multiple-node clusters? I'm not clear based on your comment. It seems like we have two goals here: not having to go out to network hardware to support requests from the admin UI, and making sure that admin UI requests can always be served, regardless of the particular host/advertise-host/certificate hosts. |
My proposal should work for multi-node clusters. If no |
I think this issue may also be related? #19233 (comment) |
@couchand you're more than welcome to take this over, I don't plan to touch it soon. |
I just merged #17490 which includes grpc-ecosystem/grpc-gateway#454 - that change allows constructing the grpc gateway entirely without network connections; I believe that can solve this problem. Unfortunately, I'm not sure how to make the various grpc internals such as metadata work, but I'm sure it's doable. |
Actually, I think we can do this using |
cli: Fix internal client connections to use AdvertiseAddr, not Addr
As far as I can tell, this wasn't actually breaking anything, since
getClientGRPCConn, the only caller of addrWithDefaultHost, isn't called
from within the start command, which is the only command where
AdvertiseAddr can differ from Addr.
Fixes #17143
server: Use AdvertiseAddr instead of Addr HTTP<->gRPC connections
Fixes #10374