Merge pull request #7022 from hashicorp/f-handshake-deadlines-oss

core: add limits to unauthorized connections
hashicorp · Jan 30, 2020 · dd8fbf4 · dd8fbf4
2 parents d82904e + b97fecc
commit dd8fbf4
Show file tree

Hide file tree

Showing 20 changed files with 1,797 additions and 182 deletions.
diff --git a/command/agent/agent.go b/command/agent/agent.go
@@ -340,6 +340,26 @@ func convertServerConfig(agentConfig *Config) (*nomad.Config, error) {
 	conf.DisableDispatchedJobSummaryMetrics = agentConfig.Telemetry.DisableDispatchedJobSummaryMetrics
 	conf.BackwardsCompatibleMetrics = agentConfig.Telemetry.BackwardsCompatibleMetrics
 
+	// Parse Limits timeout from a string into durations
+	if d, err := time.ParseDuration(agentConfig.Limits.RPCHandshakeTimeout); err != nil {
+		return nil, fmt.Errorf("error parsing rpc_handshake_timeout: %v", err)
+	} else if d < 0 {
+		return nil, fmt.Errorf("rpc_handshake_timeout must be >= 0")
+	} else {
+		conf.RPCHandshakeTimeout = d
+	}
+
+	// Set max rpc conns; nil/0 == unlimited
+	// Leave a little room for streaming RPCs
+	minLimit := config.LimitsNonStreamingConnsPerClient + 5
+	if agentConfig.Limits.RPCMaxConnsPerClient == nil || *agentConfig.Limits.RPCMaxConnsPerClient == 0 {
+		conf.RPCMaxConnsPerClient = 0
+	} else if limit := *agentConfig.Limits.RPCMaxConnsPerClient; limit <= minLimit {
+		return nil, fmt.Errorf("rpc_max_conns_per_client must be > %d; found: %d", minLimit, limit)
+	} else {
+		conf.RPCMaxConnsPerClient = limit
+	}
+
 	return conf, nil
 }