segments: ensure that the serf_lan_allowed_cidrs applies to network segments (#11495)

This commit is contained in:
R.B. Boyer 2021-11-04 17:17:19 -05:00 committed by GitHub
parent e9ca2e091e
commit 44c023a302
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions

3
.changelog/11495.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
segments: **(Enterprise only)** ensure that the serf_lan_allowed_cidrs applies to network segments
```

View File

@ -1270,6 +1270,7 @@ func segmentConfig(config *config.RuntimeConfig) ([]consul.NetworkSegment, error
serfConf.MemberlistConfig.BindPort = s.Bind.Port
serfConf.MemberlistConfig.AdvertiseAddr = s.Advertise.IP.String()
serfConf.MemberlistConfig.AdvertisePort = s.Advertise.Port
serfConf.MemberlistConfig.CIDRsAllowed = config.SerfAllowedCIDRsLAN
if config.ReconnectTimeoutLAN != 0 {
serfConf.ReconnectTimeout = config.ReconnectTimeoutLAN
@ -1565,6 +1566,17 @@ func (a *Agent) LANMembersInAgentPartition() []serf.Member {
return a.delegate.LANMembersInAgentPartition()
}
// LANMembers returns the LAN members for one of:
//
// - the requested partition
// - the requested segment
// - all segments
//
// This is limited to segments and partitions that the node is a member of.
func (a *Agent) LANMembers(f consul.LANMemberFilter) ([]serf.Member, error) {
return a.delegate.LANMembers(f)
}
// WANMembers is used to retrieve the WAN members
func (a *Agent) WANMembers() []serf.Member {
if srv, ok := a.delegate.(*consul.Server); ok {