support setting tls configs in "SetNode" #526
Conversation
| if client == nil { | ||
| return nil | ||
| } | ||
| if err := validateEngine(ctx, client, config.ConnectionTimeout); err != nil { |
There was a problem hiding this comment.
这里和L86都是为了真正检查这个engine的可用性,可以一定程度上防止之前http请求连接到https的问题。
| addIfNotEmpty(fmt.Sprintf(nodeCaKey, node.Name), node.Ca) | ||
| addIfNotEmpty(fmt.Sprintf(nodeCertKey, node.Name), node.Cert) | ||
| addIfNotEmpty(fmt.Sprintf(nodeKeyKey, node.Name), node.Key) | ||
| enginefactory.RemoveEngineFromCache(node.Endpoint, node.Ca, node.Cert, node.Key) |
There was a problem hiding this comment.
这里提供一个可以清除engine缓存的入口,调用eru-cli node set可以清除对应node的engine缓存。
但是要保证ca / cert / key都跟之前的一致,才能清除掉缓存。例如对于开启了TLS的node,如果只是调用eru-cli node set xxx-node而不传任何参数的话,这里Ca / Cert / Key都是空字符串,自然清除不掉正确的缓存。
There was a problem hiding this comment.
这些很细节的地方需要好好文档记录 过一个月可能自己都忘了怎么清除缓存..
| @@ -180,13 +190,19 @@ func (m *Mercury) UpdateNodeResource(ctx context.Context, node *types.Node, reso | |||
| } | |||
|
|
|||
| func (m *Mercury) makeClient(ctx context.Context, node *types.Node) (client engine.API, err error) { | |||
| // try to get from cache without ca/cert/key | |||
| if client = enginefactory.GetEngineFromCache(ctx, m.config, node.Endpoint, "", "", ""); client != nil { | |||
There was a problem hiding this comment.
在不知道有没有配置TLS的情况下,先拿空的去试一试,这样可以减轻ETCD的压力。即使配置了TLS,缓存里查不到也不会有网络IO,性能应该还行。
| return | ||
| nodes = append(nodes, node) | ||
| } | ||
| wg := &sync.WaitGroup{} |
There was a problem hiding this comment.
因为后面GetEngine每次都要调用Info来validate一下,这里还是并发请求比较好。
| Bind string `yaml:"bind" required:"true" default:"5001"` // HTTP API address | ||
| LockTimeout time.Duration `yaml:"lock_timeout" required:"true" default:"30s"` // timeout for lock (ttl) | ||
| GlobalTimeout time.Duration `yaml:"global_timeout" required:"true" default:"300s"` // timeout for remove, run_and_wait and build, in second | ||
| ConnectionTimeout time.Duration `yaml:"connection_timeout" default:"10s"` // timeout for connections |
There was a problem hiding this comment.
加了一个配置项,“小timeout”
There was a problem hiding this comment.
做咩的
GlobalTimeout太大了,用于一些api call之类的地方不太合适,所以放了个“小timeout”。
DuodenumL
force-pushed
the
feature/endpoint
branch
from
03a79fa to
25c1a1d
Compare
| keyFormats := []string{nodeCaKey, nodeCertKey, nodeKeyKey} | ||
| data := []string{"", "", ""} | ||
| for i := 0; i < 3; i++ { | ||
| ev, err := m.GetOne(ctx, fmt.Sprintf(keyFormats[i], node.Name)) | ||
| if err != nil { | ||
| if !errors.Is(err, types.ErrBadCount) { | ||
| log.Warnf(ctx, "[makeClient] Get key failed %v", err) | ||
| return nil, err |
There was a problem hiding this comment.
拿不到就不应该继续了,否则用不正确的tls config去连接,可能会出奇怪问题。
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
DuodenumL
force-pushed
the
feature/endpoint
branch
from
25c1a1d to
2c20e43
Compare
| @@ -153,6 +159,10 @@ func (m *Mercury) UpdateNodes(ctx context.Context, nodes ...*types.Node) error { | |||
| d := string(bytes) | |||
| data[fmt.Sprintf(nodeInfoKey, node.Name)] = d | |||
| data[fmt.Sprintf(nodePodKey, node.Podname, node.Name)] = d | |||
| addIfNotEmpty(fmt.Sprintf(nodeCaKey, node.Name), node.Ca) | |||
| addIfNotEmpty(fmt.Sprintf(nodeCertKey, node.Name), node.Cert) | |||
| addIfNotEmpty(fmt.Sprintf(nodeKeyKey, node.Name), node.Key) | |||
There was a problem hiding this comment.
没法通过api删掉,但是可以去etcd里手动把那三个key给删了
There was a problem hiding this comment.
硬要想办法的话,可以在proto里设置一个"message String",区分nil和""和含义...就是很麻烦和繁琐,看着也不好看
There was a problem hiding this comment.
要不把 delta 用起来? node set options 里有个 delta 参数, 默认是 false, 规定只有 true 的时候才改变 ca. 这正好符合使用场景, 因为改变 ca 的时候就是需要 cli node set --delta 才能保持资源不变.
There was a problem hiding this comment.
要不把 delta 用起来? node set options 里有个 delta 参数, 默认是 false, 规定只有 true 的时候才改变 ca. 这正好符合使用场景, 因为改变 ca 的时候就是需要 cli node set --delta 才能保持资源不变.
感觉还是有点奇怪,比如原本这个node是有tls相关的这些东西的,然后cli node set --delta --memory 1G xxx-node,那这个时候要不要把ca置为空?
| keyFormats := []string{nodeCaKey, nodeCertKey, nodeKeyKey} | ||
| data := []string{"", "", ""} | ||
| for i := 0; i < 3; i++ { | ||
| ev, err := m.GetOne(ctx, fmt.Sprintf(keyFormats[i], node.Name)) | ||
| if err != nil { | ||
| if !errors.Is(err, types.ErrBadCount) { | ||
| log.Warnf(ctx, "[makeClient] Get key failed %v", err) | ||
| return nil, err |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
DuodenumL
force-pushed
the
feature/endpoint
branch
2 times, most recently
from
93922ad to
abe3dba
Compare
|
然后这 PR 先不合, 你接下来去把 cli 也适配上, 然后用 cli 测试一下, 包括缓存更新这些隐藏的功能, 测完之后再合并这个. |
jschwinger233
changed the title
cli我已经做完测过了,明天push一下 |
DuodenumL
force-pushed
the
feature/endpoint
branch
from
abe3dba to
036f2f9
Compare
|
只是刷新缓存和删除ca这两个操作太 tricky 了, 不过暂时也没什么好办法, 先这样吧 |
jschwinger233
changed the title
jschwinger233
changed the title
在SetNode里支持设置ca / cert / key,以及一些其它的小优化。