mirrors/scylladb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef0da14d6fd393702be8bbfc866fe256c82380d0
scylladb/locator
History
Felipe Mendes f67bb43a7a locator: ec2_snitch: IMDSv2 support 
Access to AWS Metadata may be configured in three distinct ways:
   1 - Optional HTTP tokens and HTTP endpoint enabled: The default as it works today
   2 - Required HTTP tokens and HTTP endpoint enabled: Which support is entirely missing today
   3 - HTTP endpoint disabled: Which effectively forbids one to use Ec2Snitch or Ec2MultiRegionSnitch

This commit makes the 2nd option the default which is not only AWS recommended option, but is also entirely compatible with the 1st option.
In addition, we now validate the HTTP response when querying the IMDS server. Therefore - should a HTTP 403 be received - Scylla will
properly notify users on what they are trying to do incorrectly in their setup.

The commit was tested under the following circumstances (covering all 3 variants):
 - Ec2Snitch: IMDSv2 optional & required, and HTTP server disabled.
 - Ec2MultiRegionSnitch: IMDSv2 optional & required, and HTTP server disabled.

Refs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
      https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html
      https://github.com/scylladb/scylladb/issues/9987
Fixes: https://github.com/scylladb/scylladb/issues/10490
Closes: https://github.com/scylladb/scylladb/issues/10490

Closes #11636
2022-10-04 15:48:42 +03:00
..
abstract_replication_strategy.cc
replication_strategy: Construct temp tokens in place
2022-09-22 19:19:32 +03:00
abstract_replication_strategy.hh
replication_strategy: Accept dc-rack as get_pending_address_ranges argument
2022-08-26 09:39:44 +03:00
azure_snitch.cc
snitch: Use invoke_on_others() to replicate
2022-05-20 18:16:22 +03:00
azure_snitch.hh
treewide: remove empty comments in top-of-files
2022-05-13 07:11:58 +02:00
ec2_multi_region_snitch.cc
locator: ec2_snitch: IMDSv2 support
2022-10-04 15:48:42 +03:00
ec2_multi_region_snitch.hh
locator: Do not enforce public ip address for broadcast_rpc_address
2022-05-11 14:46:30 +02:00
ec2_snitch.cc
locator: ec2_snitch: IMDSv2 support
2022-10-04 15:48:42 +03:00
ec2_snitch.hh
locator: ec2_snitch: IMDSv2 support
2022-10-04 15:48:42 +03:00
everywhere_replication_strategy.cc
abstract_replication_strategy: calculate_natural_endpoints: return endpoint_set
2022-08-08 17:31:00 +03:00
everywhere_replication_strategy.hh
abstract_replication_strategy: add has_uniform_natural_endpoints
2022-08-11 10:34:14 +03:00
gce_snitch.cc
snitch: Use invoke_on_others() to replicate
2022-05-20 18:16:22 +03:00
gce_snitch.hh
treewide: remove empty comments in top-of-files
2022-05-13 07:11:58 +02:00
gossiping_property_file_snitch.cc
storage_service: Re-gossiping snitch data in reconfiguration callback
2022-09-23 14:31:55 +03:00
gossiping_property_file_snitch.hh
snitch: Remove reconnectable snitch helper
2022-07-26 13:51:05 +03:00
host_id.hh
everywhere: define locator::host_id as a strong tagged_uuid type
2022-08-12 06:01:44 +03:00
local_strategy.cc
abstract_replication_strategy: calculate_natural_endpoints: return endpoint_set
2022-08-08 17:31:00 +03:00
local_strategy.hh
abstract_replication_strategy: add has_uniform_natural_endpoints
2022-08-11 10:34:14 +03:00
network_topology_strategy.cc
abstract_replication_strategy: calculate_natural_endpoints: return endpoint_set
2022-08-08 17:31:00 +03:00
network_topology_strategy.hh
abstract_replication_strategy: calculate_natural_endpoints: return endpoint_set
2022-08-08 17:31:00 +03:00
production_snitch_base.cc
snitch, messaging: Dont relookup dc/rack on internal IP
2022-09-01 11:32:34 +03:00
production_snitch_base.hh
snitch: Remove reconnectable snitch helper
2022-07-26 13:51:05 +03:00
rack_inferring_snitch.cc
snitch: Make config-based construction of all drivers
2022-04-11 14:38:34 +03:00
rack_inferring_snitch.hh
snitch: Make config-based construction of all drivers
2022-04-11 14:38:34 +03:00
simple_snitch.cc
snitch: Make config-based construction of all drivers
2022-04-11 14:38:34 +03:00
simple_snitch.hh
snitch: Move sort_by_proximity() to topology
2022-09-05 15:17:04 +03:00
simple_strategy.cc
abstract_replication_strategy: calculate_natural_endpoints: return endpoint_set
2022-08-08 17:31:00 +03:00
simple_strategy.hh
abstract_replication_strategy: calculate_natural_endpoints: return endpoint_set
2022-08-08 17:31:00 +03:00
snitch_base.cc
snitch: Move sort_by_proximity() to topology
2022-09-05 15:17:04 +03:00
snitch_base.hh
snitch: Move sort_by_proximity() to topology
2022-09-05 15:17:04 +03:00
token_metadata.cc
topology: Define copy-sonctructor with init-lists
2022-09-22 19:18:58 +03:00
token_metadata.hh
token_metadata: Provide dc/rack for bootstrapping nodes
2022-09-22 06:55:52 +03:00