[lxc-devel] [lxd/master] Make network address bind error fatal when clustered

freeekanayaka on Github lxc-bot at linuxcontainers.org
Tue May 12 11:57:03 UTC 2020


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 361 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200512/4edfe414/attachment.bin>
-------------- next part --------------
From 2340417ec1e39ab48dd9917f580fa2fe00efb9e0 Mon Sep 17 00:00:00 2001
From: Free Ekanayaka <free.ekanayaka at canonical.com>
Date: Tue, 12 May 2020 12:55:35 +0100
Subject: [PATCH] Make network address bind error fatal when clustered

Signed-off-by: Free Ekanayaka <free.ekanayaka at canonical.com>
---
 lxd/endpoints/cluster.go   | 11 -----------
 lxd/endpoints/endpoints.go | 25 +++++++++++++++++++------
 lxd/endpoints/network.go   |  9 ++++-----
 3 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/lxd/endpoints/cluster.go b/lxd/endpoints/cluster.go
index b44d7fb88d..6e977d25e1 100644
--- a/lxd/endpoints/cluster.go
+++ b/lxd/endpoints/cluster.go
@@ -6,9 +6,7 @@ import (
 	"time"
 
 	"github.com/lxc/lxd/lxd/util"
-	"github.com/lxc/lxd/shared"
 	"github.com/lxc/lxd/shared/logger"
-	"github.com/pkg/errors"
 )
 
 // ClusterAddress returns the cluster addresss of the cluster endpoint, or an
@@ -92,12 +90,3 @@ func (e *Endpoints) ClusterUpdateAddress(address string) error {
 
 	return nil
 }
-
-func clusterCreateListener(address string, cert *shared.CertInfo) (net.Listener, error) {
-	listener, err := net.Listen("tcp", util.CanonicalNetworkAddress(address))
-	if err != nil {
-		return nil, errors.Wrap(err, "Listen to cluster address")
-	}
-
-	return networkTLSListener(listener, cert), nil
-}
diff --git a/lxd/endpoints/endpoints.go b/lxd/endpoints/endpoints.go
index 6a0c341567..feba2c178d 100644
--- a/lxd/endpoints/endpoints.go
+++ b/lxd/endpoints/endpoints.go
@@ -194,18 +194,31 @@ func (e *Endpoints) up(config *Config) error {
 			e.inherited[network] = false
 		}
 
-		// Errors here are not fatal and are just logged.
-		e.listeners[network] = networkCreateListener(config.NetworkAddress, e.cert)
+		// Errors here are not fatal and are just logged (unless we're
+		// clustered, see below).
+		var networkAddressErr error
+		e.listeners[network], networkAddressErr = networkCreateListener(config.NetworkAddress, e.cert)
 
 		isCovered := util.IsAddressCovered(config.ClusterAddress, config.NetworkAddress)
-		if config.ClusterAddress != "" && !isCovered {
-			e.listeners[cluster], err = clusterCreateListener(config.ClusterAddress, e.cert)
-			if err != nil {
-				return err
+		if config.ClusterAddress != "" {
+			if isCovered {
+				// In case of clustering we fail if we coun't
+				// bind the network address.
+				if networkAddressErr != nil {
+					return networkAddressErr
+				}
+
+			} else {
+				e.listeners[cluster], err = networkCreateListener(config.ClusterAddress, e.cert)
+				if err != nil {
+					return err
+				}
 			}
 
 			logger.Infof("Starting cluster handler:")
 			e.serveHTTP(cluster)
+		} else if networkAddressErr != nil {
+			logger.Error("Cannot listen on https socket, skipping...", log.Ctx{"err": networkAddressErr})
 		}
 
 	}
diff --git a/lxd/endpoints/network.go b/lxd/endpoints/network.go
index 5c78d8bf3a..6d9f4f1e5c 100644
--- a/lxd/endpoints/network.go
+++ b/lxd/endpoints/network.go
@@ -9,8 +9,8 @@ import (
 
 	"github.com/lxc/lxd/lxd/util"
 	"github.com/lxc/lxd/shared"
-	log "github.com/lxc/lxd/shared/log15"
 	"github.com/lxc/lxd/shared/logger"
+	"github.com/pkg/errors"
 )
 
 // NetworkPublicKey returns the public key of the TLS certificate used by the
@@ -151,13 +151,12 @@ func (e *Endpoints) NetworkUpdateCert(cert *shared.CertInfo) {
 }
 
 // Create a new net.Listener bound to the tcp socket of the network endpoint.
-func networkCreateListener(address string, cert *shared.CertInfo) net.Listener {
+func networkCreateListener(address string, cert *shared.CertInfo) (net.Listener, error) {
 	listener, err := net.Listen("tcp", util.CanonicalNetworkAddress(address))
 	if err != nil {
-		logger.Error("Cannot listen on https socket, skipping...", log.Ctx{"err": err})
-		return nil
+		return nil, errors.Wrap(err, "Bind network address")
 	}
-	return networkTLSListener(listener, cert)
+	return networkTLSListener(listener, cert), nil
 }
 
 // A variation of the standard tls.Listener that supports atomically swapping


More information about the lxc-devel mailing list