2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2017-03-30 19:35:50 +00:00
|
|
|
package consul
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2022-04-07 14:48:48 +00:00
|
|
|
|
2020-09-25 17:46:38 +00:00
|
|
|
autopilot "github.com/hashicorp/raft-autopilot"
|
|
|
|
"github.com/hashicorp/serf/serf"
|
2021-04-08 22:58:15 +00:00
|
|
|
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2017-03-30 19:35:50 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// AutopilotGetConfiguration is used to retrieve the current Autopilot configuration.
|
2020-09-25 17:46:38 +00:00
|
|
|
func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, reply *structs.AutopilotConfig) error {
|
2021-04-20 18:55:24 +00:00
|
|
|
if done, err := op.srv.ForwardRPC("Operator.AutopilotGetConfiguration", args, reply); done {
|
2017-03-30 19:35:50 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// This action requires operator read access.
|
2023-02-07 20:19:09 +00:00
|
|
|
authz, err := op.srv.ACLResolver.ResolveToken(args.Token)
|
2017-03-30 19:35:50 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-02-02 17:07:29 +00:00
|
|
|
if err := op.srv.validateEnterpriseToken(authz.Identity()); err != nil {
|
2020-02-04 20:58:56 +00:00
|
|
|
return err
|
|
|
|
}
|
2022-03-11 02:48:27 +00:00
|
|
|
|
|
|
|
if err := authz.ToAllowAuthorizer().OperatorReadAllowed(nil); err != nil {
|
|
|
|
return err
|
2017-03-30 19:35:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
state := op.srv.fsm.State()
|
|
|
|
_, config, err := state.AutopilotConfig()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2017-04-13 17:43:07 +00:00
|
|
|
if config == nil {
|
|
|
|
return fmt.Errorf("autopilot config not initialized yet")
|
|
|
|
}
|
2017-03-30 19:35:50 +00:00
|
|
|
|
|
|
|
*reply = *config
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// AutopilotSetConfiguration is used to set the current Autopilot configuration.
|
|
|
|
func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error {
|
2021-04-20 18:55:24 +00:00
|
|
|
if done, err := op.srv.ForwardRPC("Operator.AutopilotSetConfiguration", args, reply); done {
|
2017-03-30 19:35:50 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// This action requires operator write access.
|
2023-02-07 20:19:09 +00:00
|
|
|
authz, err := op.srv.ACLResolver.ResolveToken(args.Token)
|
2017-03-30 19:35:50 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-02-02 17:07:29 +00:00
|
|
|
if err := op.srv.validateEnterpriseToken(authz.Identity()); err != nil {
|
2020-02-04 20:58:56 +00:00
|
|
|
return err
|
|
|
|
}
|
2022-03-11 02:48:27 +00:00
|
|
|
|
|
|
|
if err := authz.ToAllowAuthorizer().OperatorWriteAllowed(nil); err != nil {
|
|
|
|
return err
|
2017-03-30 19:35:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Apply the update
|
|
|
|
resp, err := op.srv.raftApply(structs.AutopilotRequestType, args)
|
|
|
|
if err != nil {
|
2021-04-08 22:58:15 +00:00
|
|
|
return fmt.Errorf("raft apply failed: %w", err)
|
2017-03-30 19:35:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Check if the return type is a bool.
|
|
|
|
if respBool, ok := resp.(bool); ok {
|
|
|
|
*reply = respBool
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// ServerHealth is used to get the current health of the servers.
|
2020-09-25 17:46:38 +00:00
|
|
|
func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs.AutopilotHealthReply) error {
|
2021-04-20 18:55:24 +00:00
|
|
|
if done, err := op.srv.ForwardRPC("Operator.ServerHealth", args, reply); done {
|
2017-03-30 19:35:50 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// This action requires operator read access.
|
2023-02-07 20:19:09 +00:00
|
|
|
authz, err := op.srv.ACLResolver.ResolveToken(args.Token)
|
2017-03-30 19:35:50 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-02-02 17:07:29 +00:00
|
|
|
if err := op.srv.validateEnterpriseToken(authz.Identity()); err != nil {
|
2020-02-04 20:58:56 +00:00
|
|
|
return err
|
|
|
|
}
|
2022-03-11 02:48:27 +00:00
|
|
|
|
|
|
|
if err := authz.ToAllowAuthorizer().OperatorReadAllowed(nil); err != nil {
|
|
|
|
return err
|
2020-09-25 17:46:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
state := op.srv.autopilot.GetState()
|
|
|
|
|
2020-11-16 22:08:17 +00:00
|
|
|
if state == nil {
|
|
|
|
// this behavior seems odd but its functionally equivalent to 1.8.5 where if
|
|
|
|
// autopilot didn't have a health reply yet it would just return no error
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-09-25 17:46:38 +00:00
|
|
|
health := structs.AutopilotHealthReply{
|
|
|
|
Healthy: state.Healthy,
|
|
|
|
FailureTolerance: state.FailureTolerance,
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, srv := range state.Servers {
|
|
|
|
srvHealth := structs.AutopilotServerHealth{
|
|
|
|
ID: string(srv.Server.ID),
|
|
|
|
Name: srv.Server.Name,
|
|
|
|
Address: string(srv.Server.Address),
|
|
|
|
Version: srv.Server.Version,
|
|
|
|
Leader: srv.State == autopilot.RaftLeader,
|
|
|
|
Voter: srv.State == autopilot.RaftLeader || srv.State == autopilot.RaftVoter,
|
|
|
|
LastContact: srv.Stats.LastContact,
|
|
|
|
LastTerm: srv.Stats.LastTerm,
|
|
|
|
LastIndex: srv.Stats.LastIndex,
|
|
|
|
Healthy: srv.Health.Healthy,
|
|
|
|
StableSince: srv.Health.StableSince,
|
|
|
|
}
|
|
|
|
|
|
|
|
switch srv.Server.NodeStatus {
|
|
|
|
case autopilot.NodeAlive:
|
|
|
|
srvHealth.SerfStatus = serf.StatusAlive
|
|
|
|
case autopilot.NodeLeft:
|
|
|
|
srvHealth.SerfStatus = serf.StatusLeft
|
|
|
|
case autopilot.NodeFailed:
|
|
|
|
srvHealth.SerfStatus = serf.StatusFailed
|
|
|
|
default:
|
|
|
|
srvHealth.SerfStatus = serf.StatusNone
|
|
|
|
}
|
|
|
|
|
|
|
|
health.Servers = append(health.Servers, srvHealth)
|
|
|
|
}
|
|
|
|
|
|
|
|
*reply = health
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (op *Operator) AutopilotState(args *structs.DCSpecificRequest, reply *autopilot.State) error {
|
2021-04-20 18:55:24 +00:00
|
|
|
if done, err := op.srv.ForwardRPC("Operator.AutopilotState", args, reply); done {
|
2020-09-25 17:46:38 +00:00
|
|
|
return err
|
2017-03-30 19:35:50 +00:00
|
|
|
}
|
|
|
|
|
2020-09-25 17:46:38 +00:00
|
|
|
// This action requires operator read access.
|
2023-02-07 20:19:09 +00:00
|
|
|
authz, err := op.srv.ACLResolver.ResolveToken(args.Token)
|
2017-03-30 19:35:50 +00:00
|
|
|
if err != nil {
|
2020-09-25 17:46:38 +00:00
|
|
|
return err
|
|
|
|
}
|
2022-02-02 17:07:29 +00:00
|
|
|
if err := op.srv.validateEnterpriseToken(authz.Identity()); err != nil {
|
2020-09-25 17:46:38 +00:00
|
|
|
return err
|
2017-03-30 19:35:50 +00:00
|
|
|
}
|
2022-03-11 02:48:27 +00:00
|
|
|
|
|
|
|
if err := authz.ToAllowAuthorizer().OperatorReadAllowed(nil); err != nil {
|
|
|
|
return err
|
2017-03-30 19:35:50 +00:00
|
|
|
}
|
|
|
|
|
2020-09-25 17:46:38 +00:00
|
|
|
state := op.srv.autopilot.GetState()
|
|
|
|
if state == nil {
|
|
|
|
return fmt.Errorf("Failed to get autopilot state: no state found")
|
|
|
|
}
|
2017-03-30 19:35:50 +00:00
|
|
|
|
2020-09-25 17:46:38 +00:00
|
|
|
*reply = *state
|
2017-03-30 19:35:50 +00:00
|
|
|
return nil
|
|
|
|
}
|