Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(#23388): Add a preferred address family option for network-interface #23389

Merged
merged 7 commits into from
Jul 12, 2024

Conversation

guifran001
Copy link
Contributor

As some services might not support IPv6, nomad
needs a way to expose service on IPv4 instead of IPv6

see #23388 for more details

This pr adds a ignore-ipv6 option to nomad to ignore IPv6 addresses.

If preferred, I could change to code to add a -preferred-ip-family instead.

As some services might not support IPv6, nomad
needs a way to expose service on IPv4 instead of IPv6
Copy link

hashicorp-cla-app bot commented Jun 19, 2024

CLA assistant check
All committers have signed the CLA.

@gulducat
Copy link
Member

Hi @guifran001, thank you for the PR! We have a near-term priority on evaluating and improving IPv6 in Nomad, so your contribution is timely. :)

If preferred, I could change to code to add a -preferred-ip-family instead.

I do think this is preferable, because some users/environments may actually want to use IPv6, which in some cases is hard to accomplish at the moment.

I'd suggest validating that the user input is one of these two constants: https://github.com/hashicorp/nomad/blob/v1.8.1/nomad/structs/structs.go#L2728-L2729 to be able to error early on bad input before the client agent gets up and running. It looks like you have already found the constant(s), since you check for one here. If the value is an empty string, we should default to the current behavior. Aside from that, I think most of your approach would only need minor tweaking.

Let me know how it goes, and if you'd like any assistance with it!

Removed ignore-ipv6 option and add this option
instead has it allows to specifically use IPv6 too
@guifran001
Copy link
Contributor Author

Hi @gulducat,
Happy to know that my timing is good.

I have refactor to add a preferred-address-family instead of the ignore-ipv6 option and validated the entry with the constants you mentioned.

I have sorted both NetworkResource and NodeNetworkResource, is that OK or it should only apply to NodeNetworkResource ?

Tell me if it makes sense or if you want me to refactor / improve my code.

Copy link
Member

@gulducat gulducat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey thanks! I have this on my list to review more thoroughly soon. So far I've only kicked the tires a bit to see the scope of what's covered here, found a couple little discrepancies. I'll get back to you sometime this week with more details!

command/agent/command.go Outdated Show resolved Hide resolved
command/agent/command.go Outdated Show resolved Hide resolved
Copy link
Member

@gulducat gulducat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey this is great, thanks! I have just a few comments for ya.

I'm going to be out most of next week, so I might not be able to get back to you until after that. If you make changes before then, I'll try to pass to a teammate, or if you're ok waiting then I will check in after I get back!

client/fingerprint/network.go Outdated Show resolved Hide resolved
client/fingerprint/network.go Outdated Show resolved Hide resolved
client/fingerprint/network_test.go Show resolved Hide resolved
client/fingerprint/network_test.go Outdated Show resolved Hide resolved
client/fingerprint/network_test.go Outdated Show resolved Hide resolved
command/agent/command.go Outdated Show resolved Hide resolved
client/fingerprint/network.go Outdated Show resolved Hide resolved
Removed relic of the past
Added unit test
Improve readibility and remove duplicated code
Copy link
Contributor Author

@guifran001 guifran001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the review. I was in an hurry when I did it. Sorry for all the relics that were still there

client/fingerprint/network.go Outdated Show resolved Hide resolved
client/fingerprint/network.go Outdated Show resolved Hide resolved
client/fingerprint/network_test.go Show resolved Hide resolved
client/fingerprint/network_test.go Outdated Show resolved Hide resolved
client/fingerprint/network_test.go Outdated Show resolved Hide resolved
command/agent/command.go Outdated Show resolved Hide resolved
@guifran001 guifran001 changed the title feat(#23388): add ignore-ipv6 option feat(#23388): Add a preferred address family option for network-interface Jul 3, 2024
Copy link
Member

@gulducat gulducat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huge improvement! And almost done, I think. Just need a little documentation, a concern with the test, and one of the relics is still hanging around.

command/agent/config.go Show resolved Hide resolved
Comment on lines 342 to 343
if strings.ToUpper(net.CIDR) == strings.ToUpper(tc.expectedCIDR) {
t.Errorf("Expected CIDR %s; got %s", tc.expectedCIDR, net.IP)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't this be an error if the CIDRs are not equal? also the error output shows net.IP which confused me for a sec.

Suggested change
if strings.ToUpper(net.CIDR) == strings.ToUpper(tc.expectedCIDR) {
t.Errorf("Expected CIDR %s; got %s", tc.expectedCIDR, net.IP)
if strings.ToUpper(net.CIDR) != strings.ToUpper(tc.expectedCIDR) {
t.Errorf("Expected CIDR %s; got %s", tc.expectedCIDR, net.CIDR)

that causes the test to fail:

=== RUN   TestNetworkFingerPrint_default_device/Loopback_IPv6
    network_test.go:343: Expected CIDR 2001:DB8::/48; got 2001:db8::/128

=== RUN   TestNetworkFingerPrint_default_device/Loopback_IPv4
    network_test.go:343: Expected CIDR 127.0.0.1/8; got 127.0.0.0/32

=== RUN   TestNetworkFingerPrint_default_device/Loopback_No_preferred_address_family
    network_test.go:343: Expected CIDR 2001:DB8::/48; got 2001:db8::/128

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!
I'm a bit confused about how CIDR 127.0.0.1/8 result in IP address 127.0.0.0 instead of 127.0.0.1

I'm going to compare the IP instead of the CIDR. In the end, we want to make sure they are on the expected family.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks like 127.0.0.0 is coming from the test NetworkInterfaceDetectorOnlyLo's usage of net.ParseCIDR

It returns the IP address and the network implied by the IP and prefix length. For example, ParseCIDR("192.0.2.1/24") returns the IP address 192.0.2.1 and the network 192.0.2.0/24.

the mockish test interface implementation is only using the IPNet and discarding IP.

I agree using the IP for this test is fine, since it does confirm the by-family sorting behavior we're expecting to see. 👍

client/fingerprint/network.go Outdated Show resolved Hide resolved
- Fix a bug in a unit test: comparison was inverted and
  it was hiding another bug
- add preferred_address_family option documentation
- remove relics
@gulducat
Copy link
Member

This looks great @guifran001! Just one more bit of bookkeeping that I forgot to mention:

In the repo root, run make cl to create a changelog file, an improvement with a Note like

client: add a preferred_address_family config to prefer ipv4 or ipv6 for service discovery

(or something like that)

Then I'll merge this in, so it can go out with the 1.8.2 release soon!

@gulducat gulducat added backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/1.8.x backport to 1.8.x release line labels Jul 12, 2024
Copy link
Member

@gulducat gulducat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @guifran001! 🎉

@gulducat gulducat merged commit 1c44521 into hashicorp:main Jul 12, 2024
25 of 26 checks passed
@guifran001 guifran001 deleted the 23388_ignore-ipv6 branch July 12, 2024 20:37
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/ent/1.8.x+ent Changes are backported to 1.8.x+ent backport/1.8.x backport to 1.8.x release line theme/ipv6
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants