summaryrefslogtreecommitdiffstats
path: root/node-repository/src/main/java/com/yahoo
diff options
context:
space:
mode:
Diffstat (limited to 'node-repository/src/main/java/com/yahoo')
-rw-r--r--node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java11
-rw-r--r--node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java51
2 files changed, 45 insertions, 17 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java
index ad3c98d4512..26b83b37b9c 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java
@@ -1,7 +1,6 @@
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.provision.maintenance;
-import com.yahoo.config.provision.CloudName;
import com.yahoo.config.provision.NodeType;
import com.yahoo.jdisc.Metric;
import com.yahoo.vespa.hosted.provision.Node;
@@ -78,15 +77,9 @@ public class HostResumeProvisioner extends NodeRepositoryMaintainer {
/** Verify DNS configuration of given node */
private void verifyDns(Node node, IP.Config ipConfig) {
- for (var ipAddress : ipConfig.primary()) {
- IP.verifyDns(node.hostname(), ipAddress, nodeRepository().nameResolver(), verifyPtr(node, ipAddress));
+ for (String ipAddress : ipConfig.primary()) {
+ IP.verifyDns(node.hostname(), ipAddress, node.type(), nodeRepository().nameResolver(), node.cloudAccount(), nodeRepository().zone());
}
}
- private boolean verifyPtr(Node node, String address) {
- if (node.cloudAccount().isEnclave(nodeRepository().zone())) return false;
- if (nodeRepository().zone().cloud().name().equals(CloudName.GCP) && IP.isV6(address)) return false;
- return true;
- }
-
}
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java
index 549fce92a5c..7a2508729ed 100644
--- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java
+++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java
@@ -3,7 +3,11 @@ package com.yahoo.vespa.hosted.provision.node;
import com.google.common.net.InetAddresses;
import com.google.common.primitives.UnsignedBytes;
+import com.yahoo.config.provision.CloudAccount;
+import com.yahoo.config.provision.CloudName;
import com.yahoo.config.provision.HostName;
+import com.yahoo.config.provision.NodeType;
+import com.yahoo.config.provision.Zone;
import com.yahoo.vespa.hosted.provision.LockedNodeList;
import com.yahoo.vespa.hosted.provision.Node;
import com.yahoo.vespa.hosted.provision.NodeList;
@@ -13,6 +17,7 @@ import com.yahoo.vespa.hosted.provision.persistence.NameResolver.RecordType;
import java.net.InetAddress;
import java.util.Collections;
import java.util.Comparator;
+import java.util.EnumSet;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
@@ -398,15 +403,45 @@ public record IP() {
}
}
+ public enum DnsRecordType { FORWARD, PUBLIC_FORWARD, REVERSE }
+
+ /** Returns the set of DNS record types for a host and its children and the given version (ipv6), host type, etc. */
+ public static Set<DnsRecordType> dnsRecordTypesFor(boolean ipv6, NodeType hostType, CloudName cloudName, boolean exclave) {
+ if (cloudName == CloudName.AWS)
+ return exclave ?
+ EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.PUBLIC_FORWARD) :
+ EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.PUBLIC_FORWARD, DnsRecordType.REVERSE);
+
+ if (cloudName == CloudName.GCP) {
+ if (exclave) {
+ return ipv6 ?
+ EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.PUBLIC_FORWARD) :
+ EnumSet.noneOf(DnsRecordType.class);
+ } else {
+ return hostType == confighost && ipv6 ?
+ EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.REVERSE, DnsRecordType.PUBLIC_FORWARD) :
+ EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.REVERSE);
+ }
+ }
+
+ throw new IllegalArgumentException("Does not manage DNS for cloud " + cloudName);
+ }
+
/** Verify DNS configuration of given hostname and IP address */
- public static void verifyDns(String hostname, String ipAddress, NameResolver resolver, boolean hasPtr) {
- RecordType recordType = isV6(ipAddress) ? RecordType.AAAA : RecordType.A;
- Set<String> addresses = resolver.resolve(hostname, recordType);
- if (!addresses.equals(Set.of(ipAddress)))
- throw new IllegalArgumentException("Expected " + hostname + " to resolve to " + ipAddress +
- ", but got " + addresses);
-
- if (hasPtr) {
+ public static void verifyDns(String hostname, String ipAddress, NodeType nodeType, NameResolver resolver,
+ CloudAccount cloudAccount, Zone zone) {
+ boolean ipv6 = isV6(ipAddress);
+ Set<DnsRecordType> recordTypes = dnsRecordTypesFor(ipv6, nodeType, zone.cloud().name(), cloudAccount.isEnclave(zone));
+
+ if (recordTypes.contains(DnsRecordType.FORWARD)) {
+ RecordType recordType = ipv6 ? RecordType.AAAA : RecordType.A;
+ Set<String> addresses = resolver.resolve(hostname, recordType);
+ if (!addresses.equals(Set.of(ipAddress)))
+ throw new IllegalArgumentException("Expected " + hostname + " to resolve to " + ipAddress +
+ ", but got " + addresses);
+ }
+
+ if (recordTypes.contains(DnsRecordType.REVERSE)) {
Optional<String> reverseHostname = resolver.resolveHostname(ipAddress);
if (reverseHostname.isEmpty())
throw new IllegalArgumentException(ipAddress + " did not resolve to a hostname");