mirror of
https://github.com/minio/minio.git
synced 2025-11-09 21:49:46 -05:00
fix: upon DNS refresh() failure use previous values (#17561)
DNS refresh() in-case of MinIO can safely re-use the previous values on bare-metal setups, since bare-metal arrangements do not change DNS in any manner commonly. This PR simplifies that, we only ever need DNS caching on bare-metal setups. - On containerized setups do not enable DNS caching at all, as it may have adverse effects on the overall effectiveness of k8s DNS systems. k8s DNS systems are dynamic and expect applications to avoid managing DNS caching themselves, instead provide a cleaner container native caching implementations that must be used. - update IsDocker() detection, including podman runtime - move to minio/dnscache fork for a simpler package
This commit is contained in:
Harshavardhana
GitHub
@@ -66,7 +66,6 @@ import (
|
||||
"github.com/minio/pkg/ellipses"
|
||||
"github.com/minio/pkg/env"
|
||||
xnet "github.com/minio/pkg/net"
|
||||
"github.com/rs/dnscache"
|
||||
)
|
||||
|
||||
// serverDebugLog will enable debug printing
|
||||
@@ -96,11 +95,6 @@ func init() {
|
||||
|
||||
initGlobalContext()
|
||||
|
||||
options := dnscache.ResolverRefreshOptions{
|
||||
ClearUnused: true,
|
||||
PersistOnFailure: false,
|
||||
}
|
||||
|
||||
t, _ := minioVersionToReleaseTime(Version)
|
||||
if !t.IsZero() {
|
||||
globalVersionUnix = uint64(t.Unix())
|
||||
@@ -108,24 +102,16 @@ func init() {
|
||||
|
||||
globalIsCICD = env.Get("MINIO_CI_CD", "") != "" || env.Get("CI", "") != ""
|
||||
|
||||
containers := IsKubernetes() || IsDocker() || IsBOSH() || IsDCOS() || IsPCFTile()
|
||||
|
||||
// Call to refresh will refresh names in cache. If you pass true, it will also
|
||||
// remove cached names not looked up since the last call to Refresh. It is a good idea
|
||||
// to call this method on a regular interval.
|
||||
// Call to refresh will refresh names in cache.
|
||||
go func() {
|
||||
var t *time.Ticker
|
||||
if containers {
|
||||
// k8s DNS TTL is 30s (Attempt a refresh only after)
|
||||
t = time.NewTicker(30 * time.Second)
|
||||
} else {
|
||||
t = time.NewTicker(10 * time.Minute)
|
||||
}
|
||||
// Baremetal setups set DNS refresh window to 10 minutes.
|
||||
t := time.NewTicker(10 * time.Minute)
|
||||
defer t.Stop()
|
||||
for {
|
||||
select {
|
||||
case <-t.C:
|
||||
globalDNSCache.RefreshWithOptions(options)
|
||||
globalDNSCache.Refresh()
|
||||
|
||||
case <-GlobalContext.Done():
|
||||
return
|
||||
}
|
||||
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/minio/console/restapi"
|
||||
"github.com/minio/dnscache"
|
||||
"github.com/minio/madmin-go/v3"
|
||||
"github.com/minio/minio-go/v7"
|
||||
"github.com/minio/minio-go/v7/pkg/set"
|
||||
@@ -34,7 +35,6 @@ import (
|
||||
"github.com/minio/minio/internal/config"
|
||||
"github.com/minio/minio/internal/handlers"
|
||||
"github.com/minio/minio/internal/kms"
|
||||
"github.com/rs/dnscache"
|
||||
|
||||
"github.com/dustin/go-humanize"
|
||||
"github.com/minio/minio/internal/auth"
|
||||
|
||||
@@ -121,13 +121,27 @@ func GetCurrentReleaseTime() (releaseTime time.Time, err error) {
|
||||
// IsDocker - returns if the environment minio is running in docker or
|
||||
// not. The check is a simple file existence check.
|
||||
//
|
||||
// https://github.com/moby/moby/blob/master/daemon/initlayer/setup_unix.go#L25
|
||||
// https://github.com/moby/moby/blob/master/daemon/initlayer/setup_unix.go
|
||||
// https://github.com/containers/podman/blob/master/libpod/runtime.go
|
||||
//
|
||||
// "/.dockerenv": "file",
|
||||
// "/.dockerenv": "file",
|
||||
// "/run/.containerenv": "file",
|
||||
func IsDocker() bool {
|
||||
_, err := os.Stat("/.dockerenv")
|
||||
var err error
|
||||
for _, envfile := range []string{
|
||||
"/.dockerenv",
|
||||
"/run/.containerenv",
|
||||
} {
|
||||
_, err = os.Stat(envfile)
|
||||
if err == nil {
|
||||
return true
|
||||
}
|
||||
}
|
||||
if osIsNotExist(err) {
|
||||
return false
|
||||
// if none of the files are present we may be running inside
|
||||
// CRI-O, Containerd etc..
|
||||
// Fallback to our container specific ENVs if they are set.
|
||||
return env.IsSet("MINIO_ACCESS_KEY_FILE")
|
||||
}
|
||||
|
||||
// Log error, as we will not propagate it to caller
|
||||
@@ -523,7 +537,7 @@ const (
|
||||
defaultMinisignPubkey = "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
|
||||
)
|
||||
|
||||
func verifyBinary(u *url.URL, sha256Sum []byte, releaseInfo string, mode string, reader []byte) (err error) {
|
||||
func verifyBinary(u *url.URL, sha256Sum []byte, releaseInfo, mode string, reader []byte) (err error) {
|
||||
if !atomic.CompareAndSwapUint32(&updateInProgress, 0, 1) {
|
||||
return errors.New("update already in progress")
|
||||
}
|
||||
|
||||
49
cmd/utils.go
49
cmd/utils.go
@@ -557,8 +557,13 @@ func ToS3ETag(etag string) string {
|
||||
|
||||
// GetDefaultConnSettings returns default HTTP connection settings.
|
||||
func GetDefaultConnSettings() xhttp.ConnSettings {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: rest.DefaultTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
@@ -568,8 +573,13 @@ func GetDefaultConnSettings() xhttp.ConnSettings {
|
||||
// NewInternodeHTTPTransport returns a transport for internode MinIO
|
||||
// connections.
|
||||
func NewInternodeHTTPTransport() func() http.RoundTripper {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: rest.DefaultTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
CipherSuites: fips.TLSCiphers(),
|
||||
@@ -582,8 +592,13 @@ func NewInternodeHTTPTransport() func() http.RoundTripper {
|
||||
// NewCustomHTTPProxyTransport is used only for proxied requests, specifically
|
||||
// only supports HTTP/1.1
|
||||
func NewCustomHTTPProxyTransport() func() *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: rest.DefaultTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
CipherSuites: fips.TLSCiphers(),
|
||||
@@ -596,8 +611,13 @@ func NewCustomHTTPProxyTransport() func() *http.Transport {
|
||||
// NewHTTPTransportWithClientCerts returns a new http configuration
|
||||
// used while communicating with the cloud backends.
|
||||
func NewHTTPTransportWithClientCerts(clientCert, clientKey string) *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
s := xhttp.ConnSettings{
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: defaultDialTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
@@ -609,8 +629,7 @@ func NewHTTPTransportWithClientCerts(clientCert, clientKey string) *http.Transpo
|
||||
defer cancel()
|
||||
transport, err := s.NewHTTPTransportWithClientCerts(ctx, clientCert, clientKey)
|
||||
if err != nil {
|
||||
logger.LogIf(ctx, fmt.Errorf("failed to load client key and cert, please check your endpoint configuration: %s",
|
||||
err.Error()))
|
||||
logger.LogIf(ctx, fmt.Errorf("Unable to load client key and cert, please check your client certificate configuration: %w", err))
|
||||
}
|
||||
return transport
|
||||
}
|
||||
@@ -629,9 +648,14 @@ const defaultDialTimeout = 5 * time.Second
|
||||
|
||||
// NewHTTPTransportWithTimeout allows setting a timeout.
|
||||
func NewHTTPTransportWithTimeout(timeout time.Duration) *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DialContext: newCustomDialContext(),
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
DialTimeout: defaultDialTimeout,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
@@ -639,10 +663,8 @@ func NewHTTPTransportWithTimeout(timeout time.Duration) *http.Transport {
|
||||
}.NewHTTPTransportWithTimeout(timeout)
|
||||
}
|
||||
|
||||
type dialContext func(ctx context.Context, network, addr string) (net.Conn, error)
|
||||
|
||||
// newCustomDialContext setups a custom dialer for any external communication and proxies.
|
||||
func newCustomDialContext() dialContext {
|
||||
func newCustomDialContext() xhttp.DialContext {
|
||||
return func(ctx context.Context, network, addr string) (net.Conn, error) {
|
||||
dialer := &net.Dialer{
|
||||
Timeout: 15 * time.Second,
|
||||
@@ -665,9 +687,14 @@ func newCustomDialContext() dialContext {
|
||||
// NewRemoteTargetHTTPTransport returns a new http configuration
|
||||
// used while communicating with the remote replication targets.
|
||||
func NewRemoteTargetHTTPTransport(insecure bool) func() *http.Transport {
|
||||
lookupHost := globalDNSCache.LookupHost
|
||||
if IsKubernetes() || IsDocker() {
|
||||
lookupHost = nil
|
||||
}
|
||||
|
||||
return xhttp.ConnSettings{
|
||||
DialContext: newCustomDialContext(),
|
||||
DNSCache: globalDNSCache,
|
||||
LookupHost: lookupHost,
|
||||
RootCAs: globalRootCAs,
|
||||
TCPOptions: globalTCPOptions,
|
||||
EnableHTTP2: false,
|
||||
|
||||
Reference in New Issue
Block a user