diff options
author | Håkon Hallingstad <hakon@yahooinc.com> | 2023-07-05 11:38:16 +0200 |
---|---|---|
committer | Håkon Hallingstad <hakon@yahooinc.com> | 2023-07-05 11:38:16 +0200 |
commit | 9ee3d3b3c54fd3340ef508e2e78e6cab22a22374 (patch) | |
tree | 85260ca6dfdecdcf6166686660fc40db97cab6ab /node-repository | |
parent | 05c101c0dac4debcdf1a858931c94fb6f53eed4c (diff) |
No need to handle ready tenant nodes
Diffstat (limited to 'node-repository')
10 files changed, 33 insertions, 108 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java index 17a04238ac9..9c45a8ede1c 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/NodeAcl.java @@ -55,7 +55,7 @@ public record NodeAcl(Node node, // SSH opened (which is safe for 2 reasons: SSH daemon is not run inside containers, and NPT networks // will (should) not forward port 22 traffic to container). // - parent host (for health checks and metrics) - // - nodes in same application + // - nodes in same application (Slobrok for tenant nodes, file distribution and ZK for config servers, etc). // - load balancers allocated to application trustedPorts.add(22); allNodes.parentOf(node).map(parent -> TrustedNode.of(parent, node.cloudAccount(), simplerAcl)).ifPresent(trustedNodes::add); @@ -80,13 +80,6 @@ public record NodeAcl(Node node, trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.config), node.cloudAccount(), simplerAcl)); trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.proxy), node.cloudAccount(), simplerAcl)); node.allocation().ifPresent(allocation -> trustedNodes.addAll(TrustedNode.of(allNodes.parentsOf(allNodes.owner(allocation.owner())), node.cloudAccount(), simplerAcl))); - if (node.state() == Node.State.ready) { - // Tenant nodes in state ready, trust: - // - All tenant nodes in zone. When a ready node is allocated to an application there's a brief - // window where current ACLs have not yet been applied on the node. To avoid service disruption - // during this window, ready tenant nodes trust all other tenant nodes - trustedNodes.addAll(TrustedNode.of(allNodes.nodeType(NodeType.tenant), node.cloudAccount(), simplerAcl)); - } } case config -> { // Config servers trust: diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java index 676adbf3d73..5ad0dd327c8 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/testutils/MockNodeRepository.java @@ -126,7 +126,7 @@ public class MockNodeRepository extends NodeRepository { .status(Status.initial() .withVespaVersion(new Version("1.2.3")) .withContainerImage(DockerImage.fromString("docker-registry.domain.tld:8080/dist/vespa:1.2.3"))) - .cloudAccount(defaultCloudAccount) + .cloudAccount(tenantAccount) .build(); nodes.add(node5); diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java index 8d487dea38b..1fb339e8814 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/provisioning/AclProvisioningTest.java @@ -67,23 +67,26 @@ public class AclProvisioningTest { } @Test - public void trusted_nodes_for_unallocated_node() { + public void trusted_nodes_for_parked_node() { NodeList configServers = tester.makeConfigServers(3, "default", Version.fromString("6.123.456")); // Populate repo - tester.makeReadyNodes(10, nodeResources); + List<Node> tenantNodes = tester.makeReadyNodes(10, nodeResources); List<Node> proxyNodes = tester.makeReadyNodes(3, "default", NodeType.proxy); // Allocate 2 nodes to an application - deploy(2); + Set<String> deployedTenantNodes = deploy(2).stream().map(Node::hostname).collect(Collectors.toSet()); + + tester.move(Node.State.parked, tenantNodes.stream() + .filter(node -> !deployedTenantNodes.contains(node.hostname())) + .toList()); - // Get trusted nodes for a ready tenant node - Node node = tester.nodeRepository().nodes().list(Node.State.ready).nodeType(NodeType.tenant).first().get(); + // Get trusted nodes for a parked tenant node + Node node = tester.nodeRepository().nodes().list(Node.State.parked).nodeType(NodeType.tenant).first().get(); NodeAcl nodeAcl = node.acl(tester.nodeRepository().nodes().list(), tester.nodeRepository().loadBalancers(), tester.nodeRepository().zone(), true); - NodeList tenantNodes = tester.nodeRepository().nodes().list().nodeType(NodeType.tenant); - // Trusted nodes are all proxy-, config-, and, tenant-nodes - assertAcls(trustedNodesOf(List.of(proxyNodes, configServers.asList(), tenantNodes.asList()), node.cloudAccount()), List.of(nodeAcl)); + // Trusted nodes are all config-nodes + assertAcls(trustedNodesOf(List.of(proxyNodes, configServers.asList()), node.cloudAccount()), List.of(nodeAcl)); } @Test @@ -171,7 +174,7 @@ public class AclProvisioningTest { .findFirst() .orElseThrow(() -> new RuntimeException("Expected to find ACL for node " + node.hostname())); assertEquals(host.hostname(), node.parentHostname().get()); - assertAcls(trustedNodesOf(List.of(configServers.asList(), nodes, List.of(host)), node.cloudAccount()), nodeAcl); + assertAcls(trustedNodesOf(List.of(configServers.asList(), List.of(host)), node.cloudAccount()), nodeAcl); } } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java index d93c8e3cbeb..e2082a70c3c 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/NodesV2ApiTest.java @@ -460,7 +460,7 @@ public class NodesV2ApiTest { @Test public void acls_for_exclave_tenant_host() throws Exception { - assertFile(new Request("http://localhost:8080/nodes/v2/acl/host3.yahoo.com"), "acl-tenant-node.json"); + assertFile(new Request("http://localhost:8080/nodes/v2/acl/host5.yahoo.com"), "acl-tenant-node.json"); } @Test diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json index c5094e03348..de7b4de7fd9 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-config-server.json @@ -232,15 +232,6 @@ "trustedBy": "cfg1.yahoo.com" }, { - "hostname": "host5.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.5.1", - "ports": [ - 19070 - ], - "trustedBy": "cfg1.yahoo.com" - }, - { "hostname": "host55.yahoo.com", "type": "tenant", "ipAddress": "::55:1", diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json index f947540f7c5..2ca385a26b6 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/acl-tenant-node.json @@ -4,98 +4,32 @@ "hostname": "cfg1.yahoo.com", "type": "config", "ipAddress": "::201:1", - "trustedBy": "host3.yahoo.com" + "trustedBy": "host5.yahoo.com" }, { "hostname": "cfg2.yahoo.com", "type": "config", "ipAddress": "::202:1", - "trustedBy": "host3.yahoo.com" + "trustedBy": "host5.yahoo.com" }, { - "hostname": "host1.yahoo.com", - "type": "tenant", - "ipAddress": "::1:1", - "trustedBy": "host3.yahoo.com" + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "::101:1", + "trustedBy": "host5.yahoo.com" }, { - "hostname": "host10.yahoo.com", - "type": "tenant", - "ipAddress": "::10:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host13.yahoo.com", - "type": "tenant", - "ipAddress": "::13:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host14.yahoo.com", - "type": "tenant", - "ipAddress": "::14:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host2.yahoo.com", - "type": "tenant", - "ipAddress": "::2:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host3.yahoo.com", - "type": "tenant", - "ipAddress": "127.0.3.1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host3.yahoo.com", - "type": "tenant", - "ipAddress": "::3:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host4.yahoo.com", - "type": "tenant", - "ipAddress": "::4:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host5.yahoo.com", - "type": "tenant", - "ipAddress": "::5:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host55.yahoo.com", - "type": "tenant", - "ipAddress": "::55:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host6.yahoo.com", - "type": "tenant", - "ipAddress": "::6:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "host7.yahoo.com", - "type": "tenant", - "ipAddress": "::7:1", - "trustedBy": "host3.yahoo.com" - }, - { - "hostname": "test-node-pool-102-2", - "type": "tenant", - "ipAddress": "::102:2", - "trustedBy": "host3.yahoo.com" + "hostname": "dockerhost2.yahoo.com", + "type": "host", + "ipAddress": "127.0.101.1", + "trustedBy": "host5.yahoo.com" } ], "trustedNetworks": [], "trustedPorts": [ { "port": 22, - "trustedBy": "host3.yahoo.com" + "trustedBy": "host5.yahoo.com" } ], "trustedUdpPorts": [] diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json index 540a0086cbf..3e41d87dd4a 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes-recursive.json @@ -1,6 +1,7 @@ { "nodes": [ @include(docker-node2.json), - @include(node3.json) + @include(node3.json), + @include(node5.json) ] } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json index 33fd4daa699..fa34aca85c8 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/enclave-nodes.json @@ -5,6 +5,9 @@ }, { "url":"http://localhost:8080/nodes/v2/node/host3.yahoo.com" + }, + { + "url":"http://localhost:8080/nodes/v2/node/host5.yahoo.com" } ] } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json index bf2f37d7c50..b71e0c6f6a6 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5-after-changes.json @@ -74,5 +74,5 @@ ], "ipAddresses": ["127.0.5.1", "::5:1"], "additionalIpAddresses": [], - "cloudAccount": "aws:111222333444" + "cloudAccount": "aws:777888999000" } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json index 2d74768e53c..dad099ebf71 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/responses/node5.json @@ -76,5 +76,5 @@ ], "ipAddresses": ["127.0.5.1", "::5:1"], "additionalIpAddresses": [], - "cloudAccount": "aws:111222333444" + "cloudAccount": "aws:777888999000" } |