Merge pull request #215 from Netflix/disable-ipv6

Make it so you can disable IPv6
Netflix · Jan 26, 2019 · 1199ace · 1199ace
2 parents e071c67 + 8def0b1
commit 1199ace
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 6 deletions.
diff --git a/vpc/allocate/ip_pool_manager.go b/vpc/allocate/ip_pool_manager.go
@@ -107,11 +107,14 @@ func (mgr *IPPoolManager) allocateIP(ctx *context.VPCContext, batchSize int, ipR
 		ctx.Logger.WithField("ip", ip).Debug("Successfully allocated IP")
 		return ip, lock, err
 	} else if err == errNoFreeIPAddressFound {
+		ctx.Logger.Info("No free IP addresses available, trying to assign more")
+		now := time.Now()
 		err = assignMoreIPs(ctx, batchSize, ipRefreshTimeout, mgr.networkInterface, ipAssignmentFunction, ipFetchFunction)
 		if err != nil {
-			ctx.Logger.Warning("Unable assign more IPs: ", err)
+			ctx.Logger.WithField("duration", time.Since(now)).WithError(err).Warning("Unable assign more IPs")
 			return "", nil, err
 		}
+		ctx.Logger.WithField("duration", time.Since(now)).Info("Successfully completed IP allocation")
 		return mgr.doAllocate(ctx, ipFetchFunction)
 	}
 

diff --git a/vpc/ec2wrapper/ec2metadata.go b/vpc/ec2wrapper/ec2metadata.go
@@ -197,6 +197,9 @@ func (mdc *EC2MetadataClientWrapper) getMetadata(path string) (string, error) {
 }
 
 func ipStringToList(ips string) []string {
+	if ips == "" {
+		return []string{}
+	}
 	// This expects a non-\n terminated list of IPs separated by \n, and returns a normalized form
 	addresses := strings.Split(ips, "\n")
 	result := make([]string, len(addresses))

diff --git a/vpc/ec2wrapper/ec2metadata_test.go b/vpc/ec2wrapper/ec2metadata_test.go
@@ -108,6 +108,7 @@ func TestMetadataService(t *testing.T) {
 		mac:          primaryInterfaceMac,
 		deviceNumber: 0,
 		interfaceID:  "eni-primary",
+		ipv6s:        []string{},
 	}
 	secondaryInterface := &testInterface{
 		mac:          secondaryInterfaceMac,
@@ -137,4 +138,10 @@ func TestMetadataService(t *testing.T) {
 	assert.Len(t, interfaces, 2)
 	assert.Equal(t, []string{"1.2.3.4", "9.8.1.2"}, interfaces[secondaryInterfaceMac].GetIPv4Addresses())
 	assert.Equal(t, []string{"2604:5000::bb", "aa::cc"}, interfaces[secondaryInterfaceMac].GetIPv6Addresses())
+	assert.Equal(t, []string{}, interfaces[primaryInterfaceMac].GetIPv6Addresses())
+}
+
+func TestIPStringToList(t *testing.T) {
+	assert.Equal(t, []string{}, ipStringToList(""))
+	assert.Equal(t, []string{"1.2.3.4", "4.5.6.8"}, ipStringToList("1.2.3.4\n4.5.6.8"))
 }
diff --git a/vpc/setup/setup.go b/vpc/setup/setup.go
@@ -22,9 +22,18 @@ var Setup = cli.Command{ // nolint: golint
 	Name:   "setup",
 	Usage:  "Setup",
 	Action: context.WrapFunc(setup),
+	Flags: []cli.Flag{
+		cli.BoolFlag{
+			Name:   "disable-ipv6",
+			Usage:  "Disable IPv6 allocation",
+			EnvVar: "DISABLE_IPV6",
+		},
+	},
 }
 
 func setup(parentCtx *context.VPCContext) error {
+	disableIPv6 := parentCtx.CLIContext.Bool("disable-ipv6")
+
 	lockTimeout := time.Second
 	exclusiveLock, err := parentCtx.FSLocker.ExclusiveLock("setup", &lockTimeout)
 	if err != nil {
@@ -35,7 +44,7 @@ func setup(parentCtx *context.VPCContext) error {
 	ctx, cancel := parentCtx.WithTimeout(maxSetupTime)
 	defer cancel()
 	// setup interfaces
-	err = setupInterfaces(ctx)
+	err = setupInterfaces(ctx, disableIPv6)
 	if err != nil {
 		return cli.NewMultiError(cli.NewExitError("Unable to setup interfaces", 1), err)
 	}
@@ -60,7 +69,7 @@ func setup(parentCtx *context.VPCContext) error {
 }
 
 // TODO: Wrap in CLI errrors
-func setupInterfaces(ctx *context.VPCContext) error {
+func setupInterfaces(ctx *context.VPCContext, disableIPv6 bool) error {
 	allInterfaces, err := ctx.EC2metadataClientWrapper.Interfaces()
 	if err != nil {
 		return err
@@ -92,7 +101,7 @@ func setupInterfaces(ctx *context.VPCContext) error {
 	// Ignore interface device index 0 -- that's always the default network adapter
 	for i := 1; i < vpc.GetMaxInterfaces(ctx.InstanceType); i++ {
 		if _, ok := interfaceByIdx[i]; !ok {
-			err = attachInterfaceAtIdx(ctx, ctx.InstanceID, subnetID, i)
+			err = attachInterfaceAtIdx(ctx, disableIPv6, ctx.InstanceID, subnetID, i)
 			if err != nil {
 				ctx.Logger.Warning("Unable to attach interface: ", err)
 				return err
@@ -103,7 +112,7 @@ func setupInterfaces(ctx *context.VPCContext) error {
 	return nil
 }
 
-func attachInterfaceAtIdx(ctx *context.VPCContext, instanceID, subnetID string, idx int) error {
+func attachInterfaceAtIdx(ctx *context.VPCContext, disableIPv6 bool, instanceID, subnetID string, idx int) error {
 	ctx.Logger.WithField("idx", idx).Info("Attaching interface")
 	// TODO: Check DescribeInstances to make sure an existing interface is not in attaching
 	svc := ec2.New(ctx.AWSSession)
@@ -113,7 +122,9 @@ func attachInterfaceAtIdx(ctx *context.VPCContext, instanceID, subnetID string,
 		SubnetId:    aws.String(subnetID),
 		// We know there will always be at least 1 IPv6 address, and this way we also can check if the subnet is wired
 		// up with v6
-		Ipv6AddressCount: aws.Int64(1),
+	}
+	if !disableIPv6 {
+		createNetworkInterfaceInput.Ipv6AddressCount = aws.Int64(1)
 	}
 	createNetworkInterfaceResult, err := svc.CreateNetworkInterfaceWithContext(ctx, createNetworkInterfaceInput)
 	if err != nil {