Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bootstrapping on non-init servers #11844

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Fix bootstrapping on non-init servers #11844

wants to merge 5 commits into from
+320 −120

Conversation

brandond
Copy link
Member

@brandond brandond commented Feb 25, 2025
edited
Loading

Proposed Changes

  • Serve HTTP bootstrap data from datastore before disk
    Fixes issue where CA rotation would fail on servers with join URL set due to using old data from disk on other server.
  • Control-plane-only nodes try bootstrapping via etcd load-balancer if they have client certs, to avoid a dependency on the server URL
    Fixes issue where control-plane-only nodes could not come up if the server they were joined against is not up, despite other servers being available.

Types of Changes

bugfix

Verification

See linked issue

Testing

Linked Issues

User-Facing Change

Further Comments

@brandond brandond requested a review from a team as a code owner February 25, 2025 00:34
@codecov Codecov
Copy link

codecov bot commented Feb 25, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 15.52795% with 136 lines in your changes missing coverage. Please review.

Project coverage is 44.92%. Comparing base (5894af3) to head (365131f).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
pkg/cluster/bootstrap.go 11.26% 59 Missing and 4 partials ⚠️
pkg/cluster/cluster.go 0.00% 30 Missing ⚠️
pkg/cluster/storage.go 25.00% 15 Missing ⚠️
pkg/clientaccess/token.go 38.88% 10 Missing and 1 partial ⚠️
pkg/etcd/etcd.go 0.00% 8 Missing ⚠️
pkg/daemons/control/server.go 33.33% 2 Missing and 4 partials ⚠️
pkg/server/handlers/secrets-encrypt.go 0.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11844      +/-   ##
==========================================
- Coverage   47.54%   44.92%   -2.62%     
==========================================
  Files         190      190              
  Lines       19022    19094      +72     
==========================================
- Hits         9044     8578     -466     
- Misses       8690     9274     +584     
+ Partials     1288     1242      -46
Flag Coverage Δ
e2etests 35.89% <11.18%> (-5.48%) ⬇️
inttests 35.32% <13.04%> (-0.09%) ⬇️
unittests 16.80% <3.72%> (-0.07%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@brandond brandond force-pushed the fix-rotateca-bootstrap branch 2 times, most recently from 6663139 to d6357c1 Compare February 25, 2025 04:26
@brandond brandond changed the title Serve HTTP bootstrap data from datastore before disk Fix bootstrapping on non-init servers Feb 25, 2025
@brandond brandond force-pushed the fix-rotateca-bootstrap branch from 6298b17 to 1dd7a29 Compare February 26, 2025 01:36
dereknola
dereknola previously approved these changes Feb 26, 2025
View reviewed changes
@brandond brandond force-pushed the fix-rotateca-bootstrap branch 10 times, most recently from f0d91fe to a402795 Compare February 26, 2025 21:22
@brandond
Serve HTTP bootstrap data from datastore before disk
362c6a0 
Fixes issue where CA rotation would fail on servers with join URL set due to using old data from disk on other server

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Use existing server-CA and hash if available
ceff793 
Also wraps errors along the cluster prepare path to improve tracability.

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Use etcd proxy to bootstrap control-plane-only nodes, if possible
a0bba36 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Fix panic when secret-encrypt status is checked before runtime core i…
49c6c3c 
…s ready

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Increase e2e log verbosity and collect logs on failure
365131f 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond brandond force-pushed the fix-rotateca-bootstrap branch from a402795 to 365131f Compare February 26, 2025 22:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dereknola dereknola dereknola approved these changes

@vitorsavian vitorsavian vitorsavian approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@brandond @dereknola @vitorsavian