Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable go-sockaddr templating for network-interface #10404

Merged
merged 4 commits into from
Apr 20, 2021
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 51 additions & 1 deletion command/agent/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -801,7 +801,7 @@ func (mode *devModeConfig) networkConfig() error {
return fmt.Errorf(errMsg, err)
}
if len(ifAddrs) < 1 {
return fmt.Errorf(errMsg, "could not find public network inteface")
return fmt.Errorf(errMsg, "could not find public network interface")
}
iface := ifAddrs[0].Name
mode.iface = iface
Expand Down Expand Up @@ -1191,9 +1191,59 @@ func (c *Config) normalizeAddrs() error {
c.AdvertiseAddrs.Serf = addr
}

// Skip network_interface evaluation if not a client
if c.Client != nil && c.Client.Enabled && c.Client.NetworkInterface != "" {
parsed, err := parseSingleInterfaceTemplate(c.Client.NetworkInterface)
if err != nil {
return fmt.Errorf("Failed to parse network-interface: %v", err)
}

c.Client.NetworkInterface = parsed
}

return nil
}

// parseSingleInterfaceTemplate parses a go-sockaddr template and returns an
// error if it doesn't result in a single value.
func parseSingleInterfaceTemplate(tpl string) (string, error) {
out, err := template.Parse(tpl)
if err != nil {
// Typically something like:
// unable to parse template "{{printfl \"en50\"}}": template: sockaddr.Parse:1: function "printfl" not defined
return "", err
}

// Remove any extra empty space around the rendered result and check if the
// result is also not empty if the user provided a template.
out = strings.TrimSpace(out)
if tpl != "" && out == "" {
return "", fmt.Errorf("template %q evaluated to empty result", tpl)
}

// `template.Parse` returns a space-separated list of results, but on
// Windows network interfaces are allowed to have spaces, so there is no
angrycub marked this conversation as resolved.
Show resolved Hide resolved
// guaranteed separators that we can use to test if the template returned
// multiple interfaces.
// The test below checks if the template results to a single valid interface.

if !isValidInterface(out) {
angrycub marked this conversation as resolved.
Show resolved Hide resolved
return "", fmt.Errorf("invalid interface name %q", out)
}
return out, nil

}

// isValidInterface returns true if the input interface name exists.
func isValidInterface(name string) bool {
if name == "" {
return true
}

_, err := net.InterfaceByName(name)
return err == nil
}

// parseSingleIPTemplate is used as a helper function to parse out a single IP
// address from a config parameter.
func parseSingleIPTemplate(ipTmpl string) (string, error) {
Expand Down
90 changes: 90 additions & 0 deletions command/agent/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"testing"
"time"

sockaddr "github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/nomad/client/testutil"
"github.com/hashicorp/nomad/helper"
"github.com/hashicorp/nomad/helper/freeport"
Expand Down Expand Up @@ -984,6 +985,95 @@ func TestConfig_normalizeAddrs(t *testing.T) {
if c.AdvertiseAddrs.RPC != "127.0.0.1:4647" {
t.Fatalf("expected RPC advertise address 127.0.0.1:4647, got %s", c.AdvertiseAddrs.RPC)
}

// find the first interface
ifaces, err := sockaddr.GetAllInterfaces()
if err != nil {
t.Fatalf("failed to get interfaces: %v", err)
}
iface := ifaces[0]

// allow network_interface templates
c = &Config{
BindAddr: "127.0.0.1",
Ports: &Ports{
HTTP: 4646,
RPC: 4647,
Serf: 4648,
},
Addresses: &Addresses{},
AdvertiseAddrs: &AdvertiseAddrs{
HTTP: "127.0.0.1:4646",
RPC: "127.0.0.1:4647",
Serf: "127.0.0.1:4648",
},
DevMode: false,
Client: &ClientConfig{
Enabled: true,
NetworkInterface: `{{ GetAllInterfaces | attr "name" }}`,
},
}

if err := c.normalizeAddrs(); err != nil {
t.Fatalf("unable to normalize addresses: %s", err)
}

if c.Client.NetworkInterface != iface.Name {
t.Fatalf("expected client network_interface to be %q, got %q", iface.Name, c.Client.NetworkInterface)
}

// allow raw network_interface
c = &Config{
BindAddr: "127.0.0.1",
Ports: &Ports{
HTTP: 4646,
RPC: 4647,
Serf: 4648,
},
Addresses: &Addresses{},
AdvertiseAddrs: &AdvertiseAddrs{
HTTP: "127.0.0.1:4646",
RPC: "127.0.0.1:4647",
Serf: "127.0.0.1:4648",
},
DevMode: false,
Client: &ClientConfig{
Enabled: true,
NetworkInterface: iface.Name,
},
}

if err := c.normalizeAddrs(); err != nil {
t.Fatalf("unable to normalize addresses: %s", err)
}

if c.Client.NetworkInterface != iface.Name {
t.Fatalf("expected client network_interface to be %q, got %q", iface.Name, c.Client.NetworkInterface)
}

// invalid network_interface template
c = &Config{
BindAddr: "127.0.0.1",
Ports: &Ports{
HTTP: 4646,
RPC: 4647,
Serf: 4648,
},
Addresses: &Addresses{},
AdvertiseAddrs: &AdvertiseAddrs{
HTTP: "127.0.0.1:4646",
RPC: "127.0.0.1:4647",
Serf: "127.0.0.1:4648",
},
DevMode: false,
Client: &ClientConfig{
Enabled: true,
NetworkInterface: "not an interface",
},
}
if err := c.normalizeAddrs(); err == nil {
angrycub marked this conversation as resolved.
Show resolved Hide resolved
t.Fatal("expected normalizeAddrs to fail")
}
}

func TestIsMissingPort(t *testing.T) {
Expand Down
3 changes: 2 additions & 1 deletion website/content/docs/configuration/client.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@ client {
to force network fingerprinting on. When run in dev mode, this defaults to the
loopback interface. When not in dev mode, the interface attached to the
default route is used. The scheduler chooses from these fingerprinted IP
addresses when allocating ports for tasks.
addresses when allocating ports for tasks. This value support [go-sockaddr/template
format][go-sockaddr/template].
angrycub marked this conversation as resolved.
Show resolved Hide resolved

If no non-local IP addresses are found, Nomad could fingerprint link-local IPv6
addresses depending on the client's
Expand Down