From a312e3986a94a021f050fd67127d26e6c25f5db6 Mon Sep 17 00:00:00 2001
From: John Mulligan <jmulligan@redhat.com>
Date: Tue, 11 Jul 2023 17:07:25 -0400
Subject: [PATCH] pybind/mgr/cephadm: add all known good IPs for hosts to
 haproxy list

Fixes: https://tracker.ceph.com/issues/61852

It was discovered that when the primary IP address of hosts managed by
cephadm are not all on the same subnet, then there's a chance that
ganesha will reject haproxy protocol connections.

Expand the list to all valid addresses for the hosts under management
such that we will not reject proxy protocol messages from the hosts
under cephadm management. This method was chosen over more sophisticated
possible approaches because we do not want to complicate the workflow
for the people setting up haxproxy+ganesha and do not want to miss any
possible subtle edge cases by trying to come up with the "perfect" list
of addresses.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit aab6a04df274e74d873827724247a1145797441b)
---
 src/pybind/mgr/cephadm/services/nfs.py | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/src/pybind/mgr/cephadm/services/nfs.py b/src/pybind/mgr/cephadm/services/nfs.py
index 715a0db7297..f94a00f5bdf 100644
--- a/src/pybind/mgr/cephadm/services/nfs.py
+++ b/src/pybind/mgr/cephadm/services/nfs.py
@@ -1,4 +1,5 @@
 import errno
+import ipaddress
 import logging
 import os
 import subprocess
@@ -310,7 +311,21 @@ class NFSService(CephService):
         # good enough to prevent acceping haproxy protocol messages
         # from "rouge" systems that are not under our control. At
         # least until we learn otherwise.
-        return [
-            self.mgr.inventory.get_addr(h)
-            for h in self.mgr.inventory.keys()
-        ]
+        cluster_ips: List[str] = []
+        for host in self.mgr.inventory.keys():
+            default_addr = self.mgr.inventory.get_addr(host)
+            cluster_ips.append(default_addr)
+            nets = self.mgr.cache.networks.get(host)
+            if not nets:
+                continue
+            for subnet, iface in nets.items():
+                ip_subnet = ipaddress.ip_network(subnet)
+                if ipaddress.ip_address(default_addr) in ip_subnet:
+                    continue  # already present
+                if ip_subnet.is_loopback or ip_subnet.is_link_local:
+                    continue  # ignore special subnets
+                addrs: List[str] = sum((addr_list for addr_list in iface.values()), [])
+                if addrs:
+                    # one address per interface/subnet is enough
+                    cluster_ips.append(addrs[0])
+        return cluster_ips
-- 
2.39.5