New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

common/pick_address.cc: Copy public_netw to cluster_netw if cluster empty #12929

Merged
merged 3 commits into from Jan 24, 2017

Conversation

Projects
None yet
4 participants
@wjwithagen
Contributor

wjwithagen commented Jan 14, 2017

  • When public network is set, but cluster network is not, then
    the cluster-bindings would be on 0.0.0.0 which could be unexpeted.

In this commit we copy the public network into the cluster network
to make sure that the cluster backend is not bound on 0.0.0.0
Which could be consideren an insecure, or unexpected, action.

Signed-off-by: Willem Jan Withagen wjw@digiware.nl

@wjwithagen wjwithagen changed the title from common/pick_address.cc: Copy public_netw to cluset_netw if cluster empty to common/pick_address.cc: Copy public_netw to cluster_netw if cluster empty Jan 14, 2017

@wido

This comment has been minimized.

Member

wido commented Jan 14, 2017

Looks good to me, but can't this be done in config_opts.h already?

Otherwise this change looks good to me.

@wjwithagen

This comment has been minimized.

Contributor

wjwithagen commented Jan 14, 2017

Hi @wido ,

Not really...
But I think you mean to do it when ceph.conf is read.
There it would lead to rather awkward code to see if addresses are changed.

Furthermore it needs to be done at the latest point possible because the std values from config_opts.h can be changed at several point during its lifetime. And here is where the values are actually used. And this is where it is actually used to determine the public/cluster IPs.

lderr(cct) << "Public network was set, but cluster network was not set " << dendl;
lderr(cct) << " Using public network also for cluster network" << dendl;
cct->_conf->set_val("cluster_network", cct->_conf->public_network);
}

This comment has been minimized.

@liewegas

liewegas Jan 15, 2017

Member

I think it would be better if we do this without actually changing the cluster_network option. Just set up a local value and use that below instead...

This comment has been minimized.

@wjwithagen

wjwithagen Jan 15, 2017

Contributor

@liewegas
I think that could be done even simpler, and just pass public_network instead of cluster_network in that case.
I'll rewrite the patch.

@liewegas

This comment has been minimized.

Member

liewegas commented Jan 16, 2017

Can you add a short note to PendingReleaseNotes (in ceph.git root) noting the change in behavior so that it will get folded into the release notes?

@liewegas liewegas added the needs-qa label Jan 16, 2017

@wjwithagen

This comment has been minimized.

Contributor

wjwithagen commented Jan 16, 2017

@liewegas
Will do...

@yuriw

This comment has been minimized.

Contributor

yuriw commented Jan 16, 2017

test this please

@wjwithagen

This comment has been minimized.

Contributor

wjwithagen commented Jan 16, 2017

@liewegas
Something along these lines??

@@ -7,3 +7,12 @@
in old version would operate on different priority ranges
than new ones. Once upgraded, cluster will operate on
consistent values.
* When assigning a network to then public network and not to

This comment has been minimized.

@liewegas

liewegas Jan 17, 2017

Member

s/then/the/

This comment has been minimized.

@liewegas

liewegas Jan 17, 2017

Member

otherwise lgtm!

@wjwithagen

This comment has been minimized.

Contributor

wjwithagen commented Jan 17, 2017

@liewegas
Ack

@wjwithagen

This comment has been minimized.

Contributor

wjwithagen commented Jan 20, 2017

@liewegas
Not sure why I'm having a conflict on PendingReleaseNotes

@liewegas

This comment has been minimized.

Member

liewegas commented Jan 20, 2017

It changed from another PR that merged.. just rebase

wjwithagen added some commits Jan 13, 2017

common/pick_address.cc: Copy public_netw to cluset_netw if cluster empty
 - When public network is set, but cluster network is not, then
   the cluster-bindings would be on 0.0.0.0 which could be unexpeted.

 In this commit we copy the public network into the cluster network
 to make sure that the cluster backend is not bound on 0.0.0.0
 Which could be consideren an insecure, or unexpected, action.

Signed-off-by: Willem Jan Withagen <wjw@digiware.nl>
PendingReleaseNotes: Specify the change in behaviour of assigning to …
…public_netw

Signed-off-by: Willem Jan Withagen <wjw@digiware.nl>
@yuriw

This comment has been minimized.

Contributor

yuriw commented Jan 23, 2017

test this please

@yuriw

This comment has been minimized.

Contributor

yuriw commented Jan 23, 2017

@wjwithagen this is redy for merge, sign off needed pls

@liewegas FYI

@liewegas liewegas merged commit 7eddf91 into ceph:master Jan 24, 2017

0 of 3 checks passed

Signed-off-by Build triggered. sha1 is merged.
Details
Unmodifed Submodules Build triggered. sha1 is merged.
Details
default Build triggered. sha1 is merged.
Details

@wjwithagen wjwithagen deleted the wjwithagen:wip-wjw-empty-cluster_network branch Jan 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment