Fixes #36928 - (sorta) handle load balanced smart proxies when registering hosts #10804
Conversation
app/controllers/katello/api/rhsm/candlepin_proxies_controller.rb
Outdated
Show resolved
Hide resolved
|
|
||
| def registering_thru_load_balancer?(hostname) | ||
| # If the request doesn't come from any known smart proxy, it came from a load balancer. | ||
| get_content_source_id(hostname).nil? |
There was a problem hiding this comment.
Is this a safe assumption? Could you instead check all smart-proxies registration URLs and see if they match the hostname?
There was a problem hiding this comment.
Yeah, that would be better. At this point I should probably just change it not to use the header, too..
There was a problem hiding this comment.
Updated to check if hostname is a known load balancer. 👍
|
@ekohl given you had a lot of opinion around the implementation where we used registration_url to indicate a load-balancer rather than introducing a dedicated parameter to indicate load-balancing I think you should review this. |
jeremylenz
force-pushed
the
36928-load-balancers-whoa
branch
from
e4139f2 to
4245df0
Compare
jeremylenz
force-pushed
the
36928-load-balancers-whoa
branch
from
4245df0 to
46a24de
Compare
|
Added some tests; marking ready for review. |
jeremylenz
force-pushed
the
36928-load-balancers-whoa
branch
from
53f81be to
a865133
Compare
|
@adamruzicka @jeremylenz I have done some testings on a Sat\Cap 6.15 + Haproxy setup with two RHEL clients .. The results are looking great. Details can be found in the private comment 11 of the main Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=2240956 |
There was a problem hiding this comment.
After poking around the rails console on a load-balanced set up, this is looking good to me! Credit to @sayan3296 for the setup.
jeremylenz
force-pushed
the
36928-load-balancers-whoa
branch
from
a865133 to
ed31c3b
Compare
jeremylenz
force-pushed
the
36928-load-balancers-whoa
branch
from
ed31c3b to
4254bde
Compare
jeremylenz
force-pushed
the
36928-load-balancers-whoa
branch
from
4254bde to
a0ddb54
Compare
| @@ -6,6 +6,7 @@ | |||
| require "oauth" | |||
| require "gettext_i18n_rails" | |||
| require "foreman-tasks" | |||
| require "foreman_remote_execution" | |||
There was a problem hiding this comment.
Given
Line 37 in 6d8d3ca
I am rather confident we never have a Katello install w/o REX.
But at the same time it indicates that the way we load stuff differs so heavily in prod/dev/test, that things go weird.
There was a problem hiding this comment.
https://community.theforeman.org/t/requiring-rex-in-katello-4-0/19582 indicates that dep is here to stay :)
…ering hosts (Katello#10804) * Fixes #36928 - (sorta) handle load balanced smart proxies when registering hosts (cherry picked from commit 27e9e68)
What are the changes introduced in this pull request?
As we know, currently
--serverurlparameter tosubscription-manager, which contacts the server you specify for registration.registered_throughvalue is set to the hostname of the load balancer, which is not a smart proxy.registered_throughvalue won't match the name of any known Smart Proxy.registered_throughSmart Proxy to be listed as[], breaking Remote Execution on certain setups depending on your settings.With this change, some methods are added to attempt to surmise
In the case of smart proxies, this is determined by comparing the smart proxy's
registration_urlhostname with itsurlhostname. If they're different, we assume it's a load balanced setup.In the case of host registration, this is still determined (for now) by comparing the request headers to known smart proxy names.
Additionally, we add the following behavior changes when a host is registered through a load balancer:
registered_throughto all known smart proxies behind the load balancernil, becausenilassumes the host has access to all library content, when actually it only has access to content synced by its smart proxy(ies).Considerations taken when implementing this change?
Ideally a load balancer would be a Foreman entity which holds a list of smart proxies, and the user would explicitly tell us which smart proxies go with which load balancer, and we could just refer to that. But that would require a rather large effort, so this is being offered as somewhat of a stopgap to fix the immediate bug. None of the changes here preclude a more proper feature design from happening later.
What are the testing steps for this pull request?
I actually haven't tested this with a load balancer yet. You may leave my hard-codings in, or ideally set up an actual load balancer and take them out.