2013-12-12 19:07:14 +00:00
|
|
|
package consul
|
|
|
|
|
2013-12-19 22:18:55 +00:00
|
|
|
import (
|
2014-01-08 00:58:16 +00:00
|
|
|
"encoding/binary"
|
2013-12-31 23:44:17 +00:00
|
|
|
"fmt"
|
|
|
|
"net"
|
2014-04-29 17:55:42 +00:00
|
|
|
"runtime"
|
2013-12-19 22:37:54 +00:00
|
|
|
"strconv"
|
2019-04-26 17:49:28 +00:00
|
|
|
"strings"
|
2014-06-16 21:36:12 +00:00
|
|
|
|
2017-07-06 10:48:37 +00:00
|
|
|
"github.com/hashicorp/consul/agent/metadata"
|
2018-10-19 16:04:07 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2017-04-13 00:09:57 +00:00
|
|
|
"github.com/hashicorp/go-version"
|
2019-04-26 17:49:28 +00:00
|
|
|
"github.com/hashicorp/hil"
|
|
|
|
"github.com/hashicorp/hil/ast"
|
2014-06-16 21:36:12 +00:00
|
|
|
"github.com/hashicorp/serf/serf"
|
2013-12-19 22:18:55 +00:00
|
|
|
)
|
|
|
|
|
2013-12-31 23:44:17 +00:00
|
|
|
/*
|
|
|
|
* Contains an entry for each private block:
|
|
|
|
* 10.0.0.0/8
|
2015-06-19 19:20:30 +00:00
|
|
|
* 100.64.0.0/10
|
2015-09-02 10:24:14 +00:00
|
|
|
* 127.0.0.0/8
|
|
|
|
* 169.254.0.0/16
|
2013-12-31 23:44:17 +00:00
|
|
|
* 172.16.0.0/12
|
2015-09-02 10:24:14 +00:00
|
|
|
* 192.168.0.0/16
|
2013-12-31 23:44:17 +00:00
|
|
|
*/
|
|
|
|
var privateBlocks []*net.IPNet
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
// Add each private block
|
2015-09-02 10:24:14 +00:00
|
|
|
privateBlocks = make([]*net.IPNet, 6)
|
2015-06-19 19:20:30 +00:00
|
|
|
|
2013-12-31 23:44:17 +00:00
|
|
|
_, block, err := net.ParseCIDR("10.0.0.0/8")
|
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Bad cidr. Got %v", err))
|
|
|
|
}
|
|
|
|
privateBlocks[0] = block
|
|
|
|
|
2015-09-02 10:24:14 +00:00
|
|
|
_, block, err = net.ParseCIDR("100.64.0.0/10")
|
2013-12-31 23:44:17 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Bad cidr. Got %v", err))
|
|
|
|
}
|
|
|
|
privateBlocks[1] = block
|
|
|
|
|
2015-09-02 10:24:14 +00:00
|
|
|
_, block, err = net.ParseCIDR("127.0.0.0/8")
|
2013-12-31 23:44:17 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Bad cidr. Got %v", err))
|
|
|
|
}
|
|
|
|
privateBlocks[2] = block
|
2015-06-19 19:20:30 +00:00
|
|
|
|
2015-09-02 10:24:14 +00:00
|
|
|
_, block, err = net.ParseCIDR("169.254.0.0/16")
|
2015-06-19 19:20:30 +00:00
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Bad cidr. Got %v", err))
|
|
|
|
}
|
|
|
|
privateBlocks[3] = block
|
2015-09-02 10:24:14 +00:00
|
|
|
|
|
|
|
_, block, err = net.ParseCIDR("172.16.0.0/12")
|
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Bad cidr. Got %v", err))
|
|
|
|
}
|
|
|
|
privateBlocks[4] = block
|
|
|
|
|
|
|
|
_, block, err = net.ParseCIDR("192.168.0.0/16")
|
|
|
|
if err != nil {
|
|
|
|
panic(fmt.Sprintf("Bad cidr. Got %v", err))
|
|
|
|
}
|
|
|
|
privateBlocks[5] = block
|
2013-12-31 23:44:17 +00:00
|
|
|
}
|
|
|
|
|
2015-10-27 21:30:29 +00:00
|
|
|
// CanServersUnderstandProtocol checks to see if all the servers in the given
|
2015-10-27 22:56:36 +00:00
|
|
|
// list understand the given protocol version. If there are no servers in the
|
|
|
|
// list then this will return false.
|
2015-10-27 21:30:29 +00:00
|
|
|
func CanServersUnderstandProtocol(members []serf.Member, version uint8) (bool, error) {
|
|
|
|
numServers, numWhoGrok := 0, 0
|
|
|
|
for _, m := range members {
|
|
|
|
if m.Tags["role"] != "consul" {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
numServers++
|
|
|
|
|
2018-01-28 18:40:13 +00:00
|
|
|
vsnMin, err := strconv.Atoi(m.Tags["vsn_min"])
|
2015-10-27 21:30:29 +00:00
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
2018-01-28 18:40:13 +00:00
|
|
|
vsnMax, err := strconv.Atoi(m.Tags["vsn_max"])
|
2015-10-27 22:56:36 +00:00
|
|
|
if err != nil {
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
|
|
|
|
v := int(version)
|
2018-01-28 18:40:13 +00:00
|
|
|
if (v >= vsnMin) && (v <= vsnMax) {
|
2015-10-27 21:30:29 +00:00
|
|
|
numWhoGrok++
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (numServers > 0) && (numWhoGrok == numServers), nil
|
|
|
|
}
|
|
|
|
|
2015-07-02 22:36:59 +00:00
|
|
|
// Returns if a member is a consul node. Returns a bool,
|
2015-02-19 22:45:47 +00:00
|
|
|
// and the datacenter.
|
2014-01-09 23:45:14 +00:00
|
|
|
func isConsulNode(m serf.Member) (bool, string) {
|
2014-01-30 21:13:29 +00:00
|
|
|
if m.Tags["role"] != "node" {
|
2014-01-09 23:45:14 +00:00
|
|
|
return false, ""
|
|
|
|
}
|
2014-01-30 21:13:29 +00:00
|
|
|
return true, m.Tags["dc"]
|
2014-01-09 23:45:14 +00:00
|
|
|
}
|
|
|
|
|
2013-12-31 23:44:17 +00:00
|
|
|
// Returns if the given IP is in a private block
|
2018-01-28 18:40:13 +00:00
|
|
|
func isPrivateIP(ipStr string) bool {
|
|
|
|
ip := net.ParseIP(ipStr)
|
2013-12-31 23:44:17 +00:00
|
|
|
for _, priv := range privateBlocks {
|
|
|
|
if priv.Contains(ip) {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2015-09-02 10:24:36 +00:00
|
|
|
// Returns addresses from interfaces that is up
|
|
|
|
func activeInterfaceAddresses() ([]net.Addr, error) {
|
|
|
|
var upAddrs []net.Addr
|
2015-09-02 10:24:44 +00:00
|
|
|
var loAddrs []net.Addr
|
2015-09-02 10:24:36 +00:00
|
|
|
|
|
|
|
interfaces, err := net.Interfaces()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Failed to get interfaces: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, iface := range interfaces {
|
|
|
|
// Require interface to be up
|
|
|
|
if iface.Flags&net.FlagUp == 0 {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
addresses, err := iface.Addrs()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Failed to get interface addresses: %v", err)
|
|
|
|
}
|
|
|
|
|
2015-09-02 10:24:44 +00:00
|
|
|
if iface.Flags&net.FlagLoopback != 0 {
|
|
|
|
loAddrs = append(loAddrs, addresses...)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2015-09-02 10:24:36 +00:00
|
|
|
upAddrs = append(upAddrs, addresses...)
|
|
|
|
}
|
|
|
|
|
2015-09-02 10:24:44 +00:00
|
|
|
if len(upAddrs) == 0 {
|
|
|
|
return loAddrs, nil
|
|
|
|
}
|
|
|
|
|
2015-09-02 10:24:36 +00:00
|
|
|
return upAddrs, nil
|
|
|
|
}
|
|
|
|
|
2013-12-31 23:44:17 +00:00
|
|
|
// GetPrivateIP is used to return the first private IP address
|
|
|
|
// associated with an interface on the machine
|
2014-05-15 18:27:30 +00:00
|
|
|
func GetPrivateIP() (net.IP, error) {
|
2015-09-02 10:24:36 +00:00
|
|
|
addresses, err := activeInterfaceAddresses()
|
2013-12-31 23:44:17 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Failed to get interface addresses: %v", err)
|
|
|
|
}
|
|
|
|
|
2015-08-15 21:32:38 +00:00
|
|
|
return getPrivateIP(addresses)
|
|
|
|
}
|
|
|
|
|
|
|
|
func getPrivateIP(addresses []net.Addr) (net.IP, error) {
|
2015-07-17 02:24:47 +00:00
|
|
|
var candidates []net.IP
|
|
|
|
|
2013-12-31 23:44:17 +00:00
|
|
|
// Find private IPv4 address
|
2014-05-15 18:27:30 +00:00
|
|
|
for _, rawAddr := range addresses {
|
|
|
|
var ip net.IP
|
|
|
|
switch addr := rawAddr.(type) {
|
|
|
|
case *net.IPAddr:
|
|
|
|
ip = addr.IP
|
|
|
|
case *net.IPNet:
|
|
|
|
ip = addr.IP
|
|
|
|
default:
|
2013-12-31 23:44:17 +00:00
|
|
|
continue
|
|
|
|
}
|
2014-05-15 18:27:30 +00:00
|
|
|
|
|
|
|
if ip.To4() == nil {
|
2013-12-31 23:44:17 +00:00
|
|
|
continue
|
|
|
|
}
|
2014-05-15 18:27:30 +00:00
|
|
|
if !isPrivateIP(ip.String()) {
|
2013-12-31 23:44:17 +00:00
|
|
|
continue
|
|
|
|
}
|
2015-07-17 02:24:47 +00:00
|
|
|
candidates = append(candidates, ip)
|
|
|
|
}
|
|
|
|
numIps := len(candidates)
|
|
|
|
switch numIps {
|
|
|
|
case 0:
|
|
|
|
return nil, fmt.Errorf("No private IP address found")
|
|
|
|
case 1:
|
|
|
|
return candidates[0], nil
|
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("Multiple private IPs found. Please configure one.")
|
2013-12-31 23:44:17 +00:00
|
|
|
}
|
2015-08-15 21:32:38 +00:00
|
|
|
|
2013-12-31 23:44:17 +00:00
|
|
|
}
|
2014-01-08 00:58:16 +00:00
|
|
|
|
2015-09-05 15:53:41 +00:00
|
|
|
// GetPublicIPv6 is used to return the first public IP address
|
|
|
|
// associated with an interface on the machine
|
|
|
|
func GetPublicIPv6() (net.IP, error) {
|
|
|
|
addresses, err := net.InterfaceAddrs()
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Failed to get interface addresses: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return getPublicIPv6(addresses)
|
|
|
|
}
|
|
|
|
|
2016-03-19 23:14:45 +00:00
|
|
|
func isUniqueLocalAddress(ip net.IP) bool {
|
|
|
|
return len(ip) == net.IPv6len && ip[0] == 0xfc && ip[1] == 0x00
|
|
|
|
}
|
|
|
|
|
2015-09-05 15:53:41 +00:00
|
|
|
func getPublicIPv6(addresses []net.Addr) (net.IP, error) {
|
|
|
|
var candidates []net.IP
|
|
|
|
|
|
|
|
// Find public IPv6 address
|
|
|
|
for _, rawAddr := range addresses {
|
|
|
|
var ip net.IP
|
|
|
|
switch addr := rawAddr.(type) {
|
|
|
|
case *net.IPAddr:
|
|
|
|
ip = addr.IP
|
|
|
|
case *net.IPNet:
|
|
|
|
ip = addr.IP
|
|
|
|
default:
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if ip.To4() != nil {
|
|
|
|
continue
|
|
|
|
}
|
2016-03-19 23:14:45 +00:00
|
|
|
|
|
|
|
if ip.IsLinkLocalUnicast() || isUniqueLocalAddress(ip) || ip.IsLoopback() {
|
2015-09-05 15:53:41 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
candidates = append(candidates, ip)
|
|
|
|
}
|
|
|
|
numIps := len(candidates)
|
|
|
|
switch numIps {
|
|
|
|
case 0:
|
|
|
|
return nil, fmt.Errorf("No public IPv6 address found")
|
|
|
|
case 1:
|
|
|
|
return candidates[0], nil
|
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("Multiple public IPv6 addresses found. Please configure one.")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-01-08 00:58:16 +00:00
|
|
|
// Converts bytes to an integer
|
|
|
|
func bytesToUint64(b []byte) uint64 {
|
|
|
|
return binary.BigEndian.Uint64(b)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Converts a uint to a byte slice
|
|
|
|
func uint64ToBytes(u uint64) []byte {
|
|
|
|
buf := make([]byte, 8)
|
|
|
|
binary.BigEndian.PutUint64(buf, u)
|
|
|
|
return buf
|
|
|
|
}
|
2014-04-29 17:55:42 +00:00
|
|
|
|
|
|
|
// runtimeStats is used to return various runtime information
|
|
|
|
func runtimeStats() map[string]string {
|
|
|
|
return map[string]string{
|
|
|
|
"os": runtime.GOOS,
|
|
|
|
"arch": runtime.GOARCH,
|
|
|
|
"version": runtime.Version(),
|
|
|
|
"max_procs": strconv.FormatInt(int64(runtime.GOMAXPROCS(0)), 10),
|
|
|
|
"goroutines": strconv.FormatInt(int64(runtime.NumGoroutine()), 10),
|
|
|
|
"cpu_count": strconv.FormatInt(int64(runtime.NumCPU()), 10),
|
|
|
|
}
|
|
|
|
}
|
2017-04-13 00:09:57 +00:00
|
|
|
|
|
|
|
// ServersMeetMinimumVersion returns whether the given alive servers are at least on the
|
|
|
|
// given Consul version
|
|
|
|
func ServersMeetMinimumVersion(members []serf.Member, minVersion *version.Version) bool {
|
2019-07-26 19:57:57 +00:00
|
|
|
return ServersMeetRequirements(members, func(srv *metadata.Server) bool {
|
|
|
|
return srv.Status != serf.StatusAlive || !srv.Build.LessThan(minVersion)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// ServersMeetMinimumVersion returns whether the given alive servers from a particular
|
|
|
|
// datacenter are at least on the given Consul version. This requires at least 1 alive server in the DC
|
|
|
|
func ServersInDCMeetMinimumVersion(members []serf.Member, datacenter string, minVersion *version.Version) (bool, bool) {
|
|
|
|
found := false
|
|
|
|
ok := ServersMeetRequirements(members, func(srv *metadata.Server) bool {
|
|
|
|
if srv.Status != serf.StatusAlive || srv.Datacenter != datacenter {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
found = true
|
|
|
|
return !srv.Build.LessThan(minVersion)
|
|
|
|
})
|
|
|
|
|
|
|
|
return ok, found
|
|
|
|
}
|
|
|
|
|
|
|
|
// ServersMeetRequirements returns whether the given server members meet the requirements as defined by the
|
|
|
|
// callback function
|
|
|
|
func ServersMeetRequirements(members []serf.Member, meetsRequirements func(*metadata.Server) bool) bool {
|
2017-04-13 00:09:57 +00:00
|
|
|
for _, member := range members {
|
2019-07-26 19:57:57 +00:00
|
|
|
if valid, parts := metadata.IsConsulServer(member); valid {
|
|
|
|
if !meetsRequirements(parts) {
|
2017-04-13 00:09:57 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
2017-04-13 01:38:36 +00:00
|
|
|
}
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
func ServersGetACLMode(members []serf.Member, leader string, datacenter string) (numServers int, mode structs.ACLMode, leaderMode structs.ACLMode) {
|
|
|
|
numServers = 0
|
2018-10-19 16:04:07 +00:00
|
|
|
mode = structs.ACLModeEnabled
|
2018-10-31 20:00:46 +00:00
|
|
|
leaderMode = structs.ACLModeUnknown
|
2018-10-19 16:04:07 +00:00
|
|
|
for _, member := range members {
|
|
|
|
if valid, parts := metadata.IsConsulServer(member); valid {
|
|
|
|
|
|
|
|
if datacenter != "" && parts.Datacenter != datacenter {
|
|
|
|
continue
|
|
|
|
}
|
2018-10-31 20:00:46 +00:00
|
|
|
|
|
|
|
numServers += 1
|
|
|
|
|
2018-10-19 16:04:07 +00:00
|
|
|
if memberAddr := (&net.TCPAddr{IP: member.Addr, Port: parts.Port}).String(); memberAddr == leader {
|
|
|
|
leaderMode = parts.ACLs
|
|
|
|
}
|
|
|
|
|
|
|
|
switch parts.ACLs {
|
|
|
|
case structs.ACLModeDisabled:
|
|
|
|
// anything disabled means we cant enable ACLs
|
|
|
|
mode = structs.ACLModeDisabled
|
|
|
|
case structs.ACLModeEnabled:
|
|
|
|
// do nothing
|
|
|
|
case structs.ACLModeLegacy:
|
|
|
|
// This covers legacy mode and older server versions that don't advertise ACL support
|
|
|
|
if mode != structs.ACLModeDisabled && mode != structs.ACLModeUnknown {
|
|
|
|
mode = structs.ACLModeLegacy
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
if mode != structs.ACLModeDisabled {
|
|
|
|
mode = structs.ACLModeUnknown
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
2019-04-26 17:49:28 +00:00
|
|
|
|
|
|
|
// InterpolateHIL processes the string as if it were HIL and interpolates only
|
|
|
|
// the provided string->string map as possible variables.
|
|
|
|
func InterpolateHIL(s string, vars map[string]string) (string, error) {
|
|
|
|
if strings.Index(s, "${") == -1 {
|
|
|
|
// Skip going to the trouble of parsing something that has no HIL.
|
|
|
|
return s, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
tree, err := hil.Parse(s)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
vm := make(map[string]ast.Variable)
|
|
|
|
for k, v := range vars {
|
|
|
|
vm[k] = ast.Variable{
|
|
|
|
Type: ast.TypeString,
|
|
|
|
Value: v,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
config := &hil.EvalConfig{
|
|
|
|
GlobalScope: &ast.BasicScope{
|
|
|
|
VarMap: vm,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
result, err := hil.Eval(tree, config)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
if result.Type != hil.TypeString {
|
|
|
|
return "", fmt.Errorf("generated unexpected hil type: %s", result.Type)
|
|
|
|
}
|
|
|
|
|
|
|
|
return result.Value.(string), nil
|
|
|
|
}
|