From: John Mulligan <jmulligan@redhat.com>
Date: Tue, 11 Jul 2023 21:07:25 +0000 (-0400)
Subject: pybind/mgr/cephadm: add all known good IPs for hosts to haproxy list
X-Git-Tag: v18.2.1~326^2~7
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a312e3986a94a021f050fd67127d26e6c25f5db6;p=ceph.git

pybind/mgr/cephadm: add all known good IPs for hosts to haproxy list

Fixes: https://tracker.ceph.com/issues/61852

It was discovered that when the primary IP address of hosts managed by
cephadm are not all on the same subnet, then there's a chance that
ganesha will reject haproxy protocol connections.

Expand the list to all valid addresses for the hosts under management
such that we will not reject proxy protocol messages from the hosts
under cephadm management. This method was chosen over more sophisticated
possible approaches because we do not want to complicate the workflow
for the people setting up haxproxy+ganesha and do not want to miss any
possible subtle edge cases by trying to come up with the "perfect" list
of addresses.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit aab6a04df274e74d873827724247a1145797441b)
---

diff --git a/src/pybind/mgr/cephadm/services/nfs.py b/src/pybind/mgr/cephadm/services/nfs.py
index 715a0db72973..f94a00f5bdf9 100644
--- a/src/pybind/mgr/cephadm/services/nfs.py
+++ b/src/pybind/mgr/cephadm/services/nfs.py
@@ -1,4 +1,5 @@
 import errno
+import ipaddress
 import logging
 import os
 import subprocess
@@ -310,7 +311,21 @@ class NFSService(CephService):
         # good enough to prevent acceping haproxy protocol messages
         # from "rouge" systems that are not under our control. At
         # least until we learn otherwise.
-        return [
-            self.mgr.inventory.get_addr(h)
-            for h in self.mgr.inventory.keys()
-        ]
+        cluster_ips: List[str] = []
+        for host in self.mgr.inventory.keys():
+            default_addr = self.mgr.inventory.get_addr(host)
+            cluster_ips.append(default_addr)
+            nets = self.mgr.cache.networks.get(host)
+            if not nets:
+                continue
+            for subnet, iface in nets.items():
+                ip_subnet = ipaddress.ip_network(subnet)
+                if ipaddress.ip_address(default_addr) in ip_subnet:
+                    continue  # already present
+                if ip_subnet.is_loopback or ip_subnet.is_link_local:
+                    continue  # ignore special subnets
+                addrs: List[str] = sum((addr_list for addr_list in iface.values()), [])
+                if addrs:
+                    # one address per interface/subnet is enough
+                    cluster_ips.append(addrs[0])
+        return cluster_ips