diff options
Diffstat (limited to 'node-repository/src/main')
2 files changed, 45 insertions, 17 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java index ad3c98d4512..26b83b37b9c 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/maintenance/HostResumeProvisioner.java @@ -1,7 +1,6 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.provision.maintenance; -import com.yahoo.config.provision.CloudName; import com.yahoo.config.provision.NodeType; import com.yahoo.jdisc.Metric; import com.yahoo.vespa.hosted.provision.Node; @@ -78,15 +77,9 @@ public class HostResumeProvisioner extends NodeRepositoryMaintainer { /** Verify DNS configuration of given node */ private void verifyDns(Node node, IP.Config ipConfig) { - for (var ipAddress : ipConfig.primary()) { - IP.verifyDns(node.hostname(), ipAddress, nodeRepository().nameResolver(), verifyPtr(node, ipAddress)); + for (String ipAddress : ipConfig.primary()) { + IP.verifyDns(node.hostname(), ipAddress, node.type(), nodeRepository().nameResolver(), node.cloudAccount(), nodeRepository().zone()); } } - private boolean verifyPtr(Node node, String address) { - if (node.cloudAccount().isEnclave(nodeRepository().zone())) return false; - if (nodeRepository().zone().cloud().name().equals(CloudName.GCP) && IP.isV6(address)) return false; - return true; - } - } diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java index 549fce92a5c..7a2508729ed 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/node/IP.java @@ -3,7 +3,11 @@ package com.yahoo.vespa.hosted.provision.node; import com.google.common.net.InetAddresses; import com.google.common.primitives.UnsignedBytes; +import com.yahoo.config.provision.CloudAccount; +import com.yahoo.config.provision.CloudName; import com.yahoo.config.provision.HostName; +import com.yahoo.config.provision.NodeType; +import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.provision.LockedNodeList; import com.yahoo.vespa.hosted.provision.Node; import com.yahoo.vespa.hosted.provision.NodeList; @@ -13,6 +17,7 @@ import com.yahoo.vespa.hosted.provision.persistence.NameResolver.RecordType; import java.net.InetAddress; import java.util.Collections; import java.util.Comparator; +import java.util.EnumSet; import java.util.HashSet; import java.util.LinkedHashSet; import java.util.List; @@ -398,15 +403,45 @@ public record IP() { } } + public enum DnsRecordType { FORWARD, PUBLIC_FORWARD, REVERSE } + + /** Returns the set of DNS record types for a host and its children and the given version (ipv6), host type, etc. */ + public static Set<DnsRecordType> dnsRecordTypesFor(boolean ipv6, NodeType hostType, CloudName cloudName, boolean exclave) { + if (cloudName == CloudName.AWS) + return exclave ? + EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.PUBLIC_FORWARD) : + EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.PUBLIC_FORWARD, DnsRecordType.REVERSE); + + if (cloudName == CloudName.GCP) { + if (exclave) { + return ipv6 ? + EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.PUBLIC_FORWARD) : + EnumSet.noneOf(DnsRecordType.class); + } else { + return hostType == confighost && ipv6 ? + EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.REVERSE, DnsRecordType.PUBLIC_FORWARD) : + EnumSet.of(DnsRecordType.FORWARD, DnsRecordType.REVERSE); + } + } + + throw new IllegalArgumentException("Does not manage DNS for cloud " + cloudName); + } + /** Verify DNS configuration of given hostname and IP address */ - public static void verifyDns(String hostname, String ipAddress, NameResolver resolver, boolean hasPtr) { - RecordType recordType = isV6(ipAddress) ? RecordType.AAAA : RecordType.A; - Set<String> addresses = resolver.resolve(hostname, recordType); - if (!addresses.equals(Set.of(ipAddress))) - throw new IllegalArgumentException("Expected " + hostname + " to resolve to " + ipAddress + - ", but got " + addresses); - - if (hasPtr) { + public static void verifyDns(String hostname, String ipAddress, NodeType nodeType, NameResolver resolver, + CloudAccount cloudAccount, Zone zone) { + boolean ipv6 = isV6(ipAddress); + Set<DnsRecordType> recordTypes = dnsRecordTypesFor(ipv6, nodeType, zone.cloud().name(), cloudAccount.isEnclave(zone)); + + if (recordTypes.contains(DnsRecordType.FORWARD)) { + RecordType recordType = ipv6 ? RecordType.AAAA : RecordType.A; + Set<String> addresses = resolver.resolve(hostname, recordType); + if (!addresses.equals(Set.of(ipAddress))) + throw new IllegalArgumentException("Expected " + hostname + " to resolve to " + ipAddress + + ", but got " + addresses); + } + + if (recordTypes.contains(DnsRecordType.REVERSE)) { Optional<String> reverseHostname = resolver.resolveHostname(ipAddress); if (reverseHostname.isEmpty()) throw new IllegalArgumentException(ipAddress + " did not resolve to a hostname"); |