diff --git a/.changelog/15065.txt b/.changelog/15065.txt new file mode 100644 index 0000000000..1a7af8a6c8 --- /dev/null +++ b/.changelog/15065.txt @@ -0,0 +1,3 @@ +```release-note:bug +peering: fix the error of wan address isn't taken by the peering token. +``` \ No newline at end of file diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index d9daeaea15..ba3c387ad5 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -205,23 +205,33 @@ func meshGatewayAdresses(state *state.Store, ws memdb.WatchSet, wan bool) ([]str return addrs, nil } +func parseNodeAddr(node *structs.ServiceNode) string { + // Prefer the wan address + if v, ok := node.TaggedAddresses[structs.TaggedAddressWAN]; ok { + return v + } + return node.Address +} + func serverAddresses(state *state.Store) ([]string, error) { - _, nodes, err := state.ServiceNodes(nil, "consul", structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword) + _, nodes, err := state.ServiceNodes(nil, structs.ConsulServiceName, structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword) if err != nil { return nil, err } var addrs []string for _, node := range nodes { + addr := parseNodeAddr(node) + // Prefer the TLS port if it is defined. grpcPortStr := node.ServiceMeta["grpc_tls_port"] if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 { - addrs = append(addrs, node.Address+":"+grpcPortStr) + addrs = append(addrs, addr+":"+grpcPortStr) continue } // Fallback to the standard port if TLS is not defined. grpcPortStr = node.ServiceMeta["grpc_port"] if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 { - addrs = append(addrs, node.Address+":"+grpcPortStr) + addrs = append(addrs, addr+":"+grpcPortStr) continue } // Skip node if neither defined. diff --git a/agent/consul/peering_backend_test.go b/agent/consul/peering_backend_test.go index a962bdefc0..e8218bc431 100644 --- a/agent/consul/peering_backend_test.go +++ b/agent/consul/peering_backend_test.go @@ -9,6 +9,7 @@ import ( gogrpc "google.golang.org/grpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/pool" @@ -99,6 +100,28 @@ func TestPeeringBackend_GetLocalServerAddresses(t *testing.T) { require.Equal(t, []string{expect}, addrs) }) + testutil.RunStep(t, "prefer WAN address for servers", func(t *testing.T) { + req := structs.RegisterRequest{ + Datacenter: cfg.Datacenter, + Node: cfg.NodeName, + ID: cfg.NodeID, + Address: "127.0.0.1", + EnterpriseMeta: *acl.DefaultEnterpriseMeta(), + + // Add a tagged WAN address to the server registration + TaggedAddresses: map[string]string{ + structs.TaggedAddressWAN: "3.4.5.6", + }, + } + require.NoError(t, srv.fsm.State().EnsureRegistration(200, &req)) + + addrs, err := backend.GetLocalServerAddresses() + require.NoError(t, err) + + expect := fmt.Sprintf("3.4.5.6:%d", srv.config.GRPCTLSPort) + require.Equal(t, []string{expect}, addrs) + }) + testutil.RunStep(t, "existence of mesh config entry is not enough to peer through gateways", func(t *testing.T) { mesh := structs.MeshConfigEntry{ // Enable unrelated config. @@ -112,7 +135,7 @@ func TestPeeringBackend_GetLocalServerAddresses(t *testing.T) { require.NoError(t, err) // Still expect server address because PeerThroughMeshGateways was not enabled. - expect := fmt.Sprintf("127.0.0.1:%d", srv.config.GRPCTLSPort) + expect := fmt.Sprintf("3.4.5.6:%d", srv.config.GRPCTLSPort) require.Equal(t, []string{expect}, addrs) })