From 44c023a3020fdd139c5be330f318a3c12339f08e Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Thu, 4 Nov 2021 17:17:19 -0500 Subject: [PATCH] segments: ensure that the serf_lan_allowed_cidrs applies to network segments (#11495) --- .changelog/11495.txt | 3 +++ agent/agent.go | 12 ++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 .changelog/11495.txt diff --git a/.changelog/11495.txt b/.changelog/11495.txt new file mode 100644 index 0000000000..059a7fedef --- /dev/null +++ b/.changelog/11495.txt @@ -0,0 +1,3 @@ +```release-note:improvement +segments: **(Enterprise only)** ensure that the serf_lan_allowed_cidrs applies to network segments +``` diff --git a/agent/agent.go b/agent/agent.go index ba4bb650fd..9e9cf5c213 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -1270,6 +1270,7 @@ func segmentConfig(config *config.RuntimeConfig) ([]consul.NetworkSegment, error serfConf.MemberlistConfig.BindPort = s.Bind.Port serfConf.MemberlistConfig.AdvertiseAddr = s.Advertise.IP.String() serfConf.MemberlistConfig.AdvertisePort = s.Advertise.Port + serfConf.MemberlistConfig.CIDRsAllowed = config.SerfAllowedCIDRsLAN if config.ReconnectTimeoutLAN != 0 { serfConf.ReconnectTimeout = config.ReconnectTimeoutLAN @@ -1565,6 +1566,17 @@ func (a *Agent) LANMembersInAgentPartition() []serf.Member { return a.delegate.LANMembersInAgentPartition() } +// LANMembers returns the LAN members for one of: +// +// - the requested partition +// - the requested segment +// - all segments +// +// This is limited to segments and partitions that the node is a member of. +func (a *Agent) LANMembers(f consul.LANMemberFilter) ([]serf.Member, error) { + return a.delegate.LANMembers(f) +} + // WANMembers is used to retrieve the WAN members func (a *Agent) WANMembers() []serf.Member { if srv, ok := a.delegate.(*consul.Server); ok {