mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-05 12:32:54 +00:00
storcon: use https for pageservers (#10759)
## Problem Storage controller uses unsecure http for pageserver API. Closes: https://github.com/neondatabase/cloud/issues/23734 Closes: https://github.com/neondatabase/cloud/issues/24091 ## Summary of changes - Add an optional `listen_https_port` field to storage controller's Node state and its API (RegisterNode/ListNodes/etc). - Allow updating `listen_https_port` on node registration to gradually add https port for all nodes. - Add `use_https_pageserver_api` CLI option to storage controller to enable https. - Pageserver doesn't support https for now and always reports `https_port=None`. This will be addressed in follow-up PR.
This commit is contained in:
Dmitrii Kovalkov
GitHub
@@ -1630,6 +1630,7 @@ def neon_env_builder(
|
||||
class PageserverPort:
|
||||
pg: int
|
||||
http: int
|
||||
https: int | None = None
|
||||
|
||||
|
||||
class LogUtils:
|
||||
@@ -1886,6 +1887,7 @@ class NeonStorageController(MetricsGetter, LogUtils):
|
||||
"node_id": int(node.id),
|
||||
"listen_http_addr": "localhost",
|
||||
"listen_http_port": node.service_port.http,
|
||||
"listen_https_port": node.service_port.https,
|
||||
"listen_pg_addr": "localhost",
|
||||
"listen_pg_port": node.service_port.pg,
|
||||
"availability_zone_id": node.az_id,
|
||||
|
||||
@@ -3764,3 +3764,56 @@ def test_storage_controller_node_flap_detach_race(
|
||||
assert len(locs) == 1, f"{shard} has {len(locs)} attached locations"
|
||||
|
||||
wait_until(validate_locations, timeout=10)
|
||||
|
||||
|
||||
def test_update_node_on_registration(neon_env_builder: NeonEnvBuilder):
|
||||
"""
|
||||
Check that storage controller handles node_register requests with updated fields correctly.
|
||||
1. Run storage controller and register 1 pageserver without https port.
|
||||
2. Register the same pageserver with https port. Check that port has been updated.
|
||||
3. Restart the storage controller. Check that https port is persistent.
|
||||
4. Register the same pageserver without https port again (rollback). Check that port has been removed.
|
||||
"""
|
||||
neon_env_builder.num_pageservers = 1
|
||||
env = neon_env_builder.init_configs()
|
||||
|
||||
env.storage_controller.start()
|
||||
env.storage_controller.wait_until_ready()
|
||||
|
||||
pageserver = env.pageservers[0]
|
||||
|
||||
# Step 1. Register pageserver without https port.
|
||||
env.storage_controller.node_register(pageserver)
|
||||
env.storage_controller.consistency_check()
|
||||
|
||||
nodes = env.storage_controller.node_list()
|
||||
assert len(nodes) == 1
|
||||
assert nodes[0]["listen_https_port"] is None
|
||||
|
||||
# Step 2. Register pageserver with https port.
|
||||
pageserver.service_port.https = 1234
|
||||
env.storage_controller.node_register(pageserver)
|
||||
env.storage_controller.consistency_check()
|
||||
|
||||
nodes = env.storage_controller.node_list()
|
||||
assert len(nodes) == 1
|
||||
assert nodes[0]["listen_https_port"] == 1234
|
||||
|
||||
# Step 3. Restart storage controller.
|
||||
env.storage_controller.stop()
|
||||
env.storage_controller.start()
|
||||
env.storage_controller.wait_until_ready()
|
||||
env.storage_controller.consistency_check()
|
||||
|
||||
nodes = env.storage_controller.node_list()
|
||||
assert len(nodes) == 1
|
||||
assert nodes[0]["listen_https_port"] == 1234
|
||||
|
||||
# Step 4. Register pageserver with no https port again.
|
||||
pageserver.service_port.https = None
|
||||
env.storage_controller.node_register(pageserver)
|
||||
env.storage_controller.consistency_check()
|
||||
|
||||
nodes = env.storage_controller.node_list()
|
||||
assert len(nodes) == 1
|
||||
assert nodes[0]["listen_https_port"] is None
|
||||
|
||||
Reference in New Issue
Block a user