Skip to content

Commit

Permalink
Merge pull request hashicorp#8 from Aestek/script-check-local-remote-…
Browse files Browse the repository at this point in the history
…criteo

Script check local remote criteo
  • Loading branch information
pierresouchay authored Oct 11, 2018
2 parents 1774024 + e0f5261 commit 45189b4
Show file tree
Hide file tree
Showing 15 changed files with 421 additions and 155 deletions.
47 changes: 30 additions & 17 deletions agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,13 @@ const (
"service, but no reason was provided. This is a default message."
)

type configSource int

const (
ConfigSourceLocal configSource = iota
ConfigSourceRemote
)

// delegate defines the interface shared by both
// consul.Client and consul.Server.
type delegate interface {
Expand Down Expand Up @@ -1704,7 +1711,7 @@ func (a *Agent) purgeCheck(checkID types.CheckID) error {
// AddService is used to add a service entry.
// This entry is persistent and the agent will make a best effort to
// ensure it is registered
func (a *Agent) AddService(service *structs.NodeService, chkTypes []*structs.CheckType, persist bool, token string) error {
func (a *Agent) AddService(service *structs.NodeService, chkTypes []*structs.CheckType, persist bool, token string, source configSource) error {
if service.Service == "" {
return fmt.Errorf("Service name missing")
}
Expand Down Expand Up @@ -1786,7 +1793,7 @@ func (a *Agent) AddService(service *structs.NodeService, chkTypes []*structs.Che
if chkType.Status != "" {
check.Status = chkType.Status
}
if err := a.AddCheck(check, chkType, persist, token); err != nil {
if err := a.AddCheck(check, chkType, persist, token, source); err != nil {
return err
}
}
Expand Down Expand Up @@ -1841,7 +1848,7 @@ func (a *Agent) RemoveService(serviceID string, persist bool) error {
// This entry is persistent and the agent will make a best effort to
// ensure it is registered. The Check may include a CheckType which
// is used to automatically update the check status
func (a *Agent) AddCheck(check *structs.HealthCheck, chkType *structs.CheckType, persist bool, token string) error {
func (a *Agent) AddCheck(check *structs.HealthCheck, chkType *structs.CheckType, persist bool, token string, source configSource) error {
if check.CheckID == "" {
return fmt.Errorf("CheckID missing")
}
Expand All @@ -1851,8 +1858,14 @@ func (a *Agent) AddCheck(check *structs.HealthCheck, chkType *structs.CheckType,
return fmt.Errorf("Check is not valid: %v", err)
}

if chkType.IsScript() && !a.config.EnableScriptChecks {
return fmt.Errorf("Scripts are disabled on this agent; to enable, configure 'enable_script_checks' to true")
if chkType.IsScript() {
if source == ConfigSourceLocal && !a.config.EnableLocalScriptChecks {
return fmt.Errorf("Scripts are disabled on this agent; to enable, configure 'enable_script_checks' or 'enable_local_script_checks' to true")
}

if source == ConfigSourceRemote && !a.config.EnableRemoteScriptChecks {
return fmt.Errorf("Scripts are disabled on this agent from remote calls; to enable, configure 'enable_script_checks' to true")
}
}
}

Expand Down Expand Up @@ -2161,7 +2174,7 @@ func (a *Agent) RemoveCheck(checkID types.CheckID, persist bool) error {
// assigned. We need to restore from disk to enable to continue authenticating
// running proxies that already had that credential injected.
func (a *Agent) addProxyLocked(proxy *structs.ConnectManagedProxy, persist, FromFile bool,
restoredProxyToken string) error {
restoredProxyToken string, source configSource) error {
// Lookup the target service token in state if there is one.
token := a.State.ServiceToken(proxy.TargetServiceID)

Expand Down Expand Up @@ -2203,7 +2216,7 @@ func (a *Agent) addProxyLocked(proxy *structs.ConnectManagedProxy, persist, From
}
}

err = a.AddService(proxyService, chkTypes, persist, token)
err = a.AddService(proxyService, chkTypes, persist, token, source)
if err != nil {
// Remove the state too
a.State.RemoveProxy(proxyService.ID)
Expand Down Expand Up @@ -2233,10 +2246,10 @@ func (a *Agent) addProxyLocked(proxy *structs.ConnectManagedProxy, persist, From
// assigned. We need to restore from disk to enable to continue authenticating
// running proxies that already had that credential injected.
func (a *Agent) AddProxy(proxy *structs.ConnectManagedProxy, persist, FromFile bool,
restoredProxyToken string) error {
restoredProxyToken string, source configSource) error {
a.proxyLock.Lock()
defer a.proxyLock.Unlock()
return a.addProxyLocked(proxy, persist, FromFile, restoredProxyToken)
return a.addProxyLocked(proxy, persist, FromFile, restoredProxyToken, source)
}

// resolveProxyCheckAddress returns the best address to use for a TCP check of
Expand Down Expand Up @@ -2713,7 +2726,7 @@ func (a *Agent) loadServices(conf *config.RuntimeConfig) error {
if err != nil {
return fmt.Errorf("Failed to validate checks for service %q: %v", service.Name, err)
}
if err := a.AddService(ns, chkTypes, false, service.Token); err != nil {
if err := a.AddService(ns, chkTypes, false, service.Token, ConfigSourceLocal); err != nil {
return fmt.Errorf("Failed to register service %q: %v", service.Name, err)
}
}
Expand Down Expand Up @@ -2775,7 +2788,7 @@ func (a *Agent) loadServices(conf *config.RuntimeConfig) error {
} else {
a.logger.Printf("[DEBUG] agent: restored service definition %q from %q",
serviceID, file)
if err := a.AddService(p.Service, nil, false, p.Token); err != nil {
if err := a.AddService(p.Service, nil, false, p.Token, ConfigSourceLocal); err != nil {
return fmt.Errorf("failed adding service %q: %s", serviceID, err)
}
}
Expand All @@ -2801,7 +2814,7 @@ func (a *Agent) loadChecks(conf *config.RuntimeConfig) error {
for _, check := range conf.Checks {
health := check.HealthCheck(conf.NodeName)
chkType := check.CheckType()
if err := a.AddCheck(health, chkType, false, check.Token); err != nil {
if err := a.AddCheck(health, chkType, false, check.Token, ConfigSourceLocal); err != nil {
return fmt.Errorf("Failed to register check '%s': %v %v", check.Name, err, check)
}
}
Expand Down Expand Up @@ -2856,7 +2869,7 @@ func (a *Agent) loadChecks(conf *config.RuntimeConfig) error {
// services into the active pool
p.Check.Status = api.HealthCritical

if err := a.AddCheck(p.Check, p.ChkType, false, p.Token); err != nil {
if err := a.AddCheck(p.Check, p.ChkType, false, p.Token, ConfigSourceLocal); err != nil {
// Purge the check if it is unable to be restored.
a.logger.Printf("[WARN] agent: Failed to restore check %q: %s",
checkID, err)
Expand Down Expand Up @@ -2957,7 +2970,7 @@ func (a *Agent) loadProxies(conf *config.RuntimeConfig) error {
restoredToken = persisted.ProxyToken
}

if err := a.addProxyLocked(proxy, true, true, restoredToken); err != nil {
if err := a.addProxyLocked(proxy, true, true, restoredToken, ConfigSourceLocal); err != nil {
return fmt.Errorf("failed adding proxy: %s", err)
}
}
Expand All @@ -2974,7 +2987,7 @@ func (a *Agent) loadProxies(conf *config.RuntimeConfig) error {
} else if !persisted.FromFile {
if a.State.Proxy(proxyID) == nil {
a.logger.Printf("[DEBUG] agent: restored proxy definition %q", proxyID)
if err := a.addProxyLocked(persisted.Proxy, false, false, persisted.ProxyToken); err != nil {
if err := a.addProxyLocked(persisted.Proxy, false, false, persisted.ProxyToken, ConfigSourceLocal); err != nil {
return fmt.Errorf("failed adding proxy %q: %v", proxyID, err)
}
} else {
Expand Down Expand Up @@ -3064,7 +3077,7 @@ func (a *Agent) EnableServiceMaintenance(serviceID, reason, token string) error
ServiceName: service.Service,
Status: api.HealthCritical,
}
a.AddCheck(check, nil, true, token)
a.AddCheck(check, nil, true, token, ConfigSourceLocal)
a.logger.Printf("[INFO] agent: Service %q entered maintenance mode", serviceID)

return nil
Expand Down Expand Up @@ -3110,7 +3123,7 @@ func (a *Agent) EnableNodeMaintenance(reason, token string) {
Notes: reason,
Status: api.HealthCritical,
}
a.AddCheck(check, nil, true, token)
a.AddCheck(check, nil, true, token, ConfigSourceLocal)
a.logger.Printf("[INFO] agent: Node entered maintenance mode")
}

Expand Down
6 changes: 3 additions & 3 deletions agent/agent_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -398,7 +398,7 @@ func (s *HTTPServer) AgentRegisterCheck(resp http.ResponseWriter, req *http.Requ
}

// Add the check.
if err := s.agent.AddCheck(health, chkType, true, token); err != nil {
if err := s.agent.AddCheck(health, chkType, true, token, ConfigSourceRemote); err != nil {
return nil, err
}
s.syncChanges()
Expand Down Expand Up @@ -767,12 +767,12 @@ func (s *HTTPServer) AgentRegisterService(resp http.ResponseWriter, req *http.Re
}

// Add the service.
if err := s.agent.AddService(ns, chkTypes, true, token); err != nil {
if err := s.agent.AddService(ns, chkTypes, true, token, ConfigSourceRemote); err != nil {
return nil, err
}
// Add proxy (which will add proxy service so do it before we trigger sync)
if proxy != nil {
if err := s.agent.AddProxy(proxy, true, false, ""); err != nil {
if err := s.agent.AddProxy(proxy, true, false, "", ConfigSourceRemote); err != nil {
return nil, err
}
}
Expand Down
Loading

0 comments on commit 45189b4

Please sign in to comment.