)]}' { "commit": "58cf3bca19e0d04a5dda6ad32a72459bb03df3cf", "tree": "5c11fb1f25eae37790ef870b1b937bfe6302674b", "parents": [ "ec19b60842e905a4400e5f8b46b783a54d0a025a" ], "author": { "name": "Serge Bazanski", "email": "serge@monogon.tech", "time": "Wed Mar 09 20:33:36 2022 +0100" }, "committer": { "name": "Sergiusz Bazanski", "email": "serge@monogon.tech", "time": "Fri Mar 11 11:40:50 2022 +0000" }, "message": "m/n/core: remove local listener from curator\n\nWhile working on a client library to access a cluster reliably, a\nthought popped into my head:\n\nDo we even need to run the local (UNIX domain socket) listener in the\nCurator?\n\nAnd, after checking all code paths, to my surprise... no, not really.\nWhy did we ever do it? Perhaps because we started differently structured\ncluster bootstrap codebase that caused it to be a hard requirement. Or\nmaybe it was just a momentary lapse of reason. Regardless, with the\ncurrent codebase, it makes no sense: we always have Node credentials\navailable, and we run the Curator on all network interfaces. So why not\njust connect over loopback and use TLS?\n\nHere are some of the benefits of removing the local listener:\n\nIt removes a whole bunch of code, and pulling at a few more threads in\nthe Curator and RPC codebases will probably let us remove quite a bit\nmore now unused abstractions.\n\nIt leads to a more secure product, as we have one less privilege domain\nsocket to worry about (although we still have the etcd one... but that\u0027s\na whole different can of worms).\n\nAnd most importantly, it paves the way for a vastly simplified cluster\nclient - one in which the transport is the same regardless of whether we\nconnect to a local or remote curator. This should let us use bog\nstandard gRPC load balancing / resolving extensions to reach the Curator\nin an idiomatic and robust way.\n\nChange-Id: I1fe9b04ba3b5f4e001050c25aec61a761077492f\nReviewed-on: https://review.monogon.dev/c/monogon/+/624\nReviewed-by: Mateusz Zalega \u003cmateusz@monogon.tech\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "571a7ca9d344fb95b7bbc2a7d0c315edcd8175e8", "old_mode": 33188, "old_path": "metropolis/node/core/curator/BUILD.bazel", "new_id": "90ae216e41efeb4141f5c90751ea711a8c9fc927", "new_mode": 33188, "new_path": "metropolis/node/core/curator/BUILD.bazel" }, { "type": "modify", "old_id": "e2472969c01b4c8eccc092526e4407957d5a0174", "old_mode": 33188, "old_path": "metropolis/node/core/curator/curator.go", "new_id": "5d6eedd3df0cf2adef08bd779c25162c1c79c08d", "new_mode": 33188, "new_path": "metropolis/node/core/curator/curator.go" }, { "type": "modify", "old_id": "9212a524adb0e65fa82e69a3aff07330ce3d78a3", "old_mode": 33188, "old_path": "metropolis/node/core/curator/curator_test.go", "new_id": "cd5889be6a2968f9d47c098f54487b8c9bbe7fed", "new_mode": 33188, "new_path": "metropolis/node/core/curator/curator_test.go" }, { "type": "modify", "old_id": "e4829bf2295217e8ed511b0e4933aa4ff28cc065", "old_mode": 33188, "old_path": "metropolis/node/core/curator/impl_leader_test.go", "new_id": "174b53cdd8a908cea0b5508e8dbe251b7269b734", "new_mode": 33188, "new_path": "metropolis/node/core/curator/impl_leader_test.go" }, { "type": "modify", "old_id": "d14285118d4d0aae056c2a06592f318c9e5e3f43", "old_mode": 33188, "old_path": "metropolis/node/core/curator/listener.go", "new_id": "a8d7e4206429e4937e5550a23f727d8ef6be4bf2", "new_mode": 33188, "new_path": "metropolis/node/core/curator/listener.go" }, { "type": "modify", "old_id": "7c1744edfe5b1ae3ac590f560bf0cab922a62a65", "old_mode": 33188, "old_path": "metropolis/node/core/curator/listener_test.go", "new_id": "ccd094c21d379238511d44bf1cae7faa789e0a6c", "new_mode": 33188, "new_path": "metropolis/node/core/curator/listener_test.go" }, { "type": "modify", "old_id": "da54d039fc406d0d0e1658bfc81dfeaa12d85646", "old_mode": 33188, "old_path": "metropolis/node/core/curator/proto/api/api.proto", "new_id": "9a03a15b8fbbb87771291962211062314a392ddf", "new_mode": 33188, "new_path": "metropolis/node/core/curator/proto/api/api.proto" }, { "type": "modify", "old_id": "39fda2c79ad21a677b6b4cb43b819c6dcc6e1409", "old_mode": 33188, "old_path": "metropolis/node/core/localstorage/directory_root.go", "new_id": "c3a49cba6928643e094e0e4951085eeecc7d4f66", "new_mode": 33188, "new_path": "metropolis/node/core/localstorage/directory_root.go" }, { "type": "modify", "old_id": "d06743814369a509a058658d4210951fab1b5ebb", "old_mode": 33188, "old_path": "metropolis/node/core/localstorage/storage.go", "new_id": "27ffd1dff789d187ee12a49adf67be86a9f6baea", "new_mode": 33188, "new_path": "metropolis/node/core/localstorage/storage.go" }, { "type": "modify", "old_id": "4f9d196c45e7e54c7e2b6606c9393be889159de4", "old_mode": 33188, "old_path": "metropolis/node/core/roleserve/value_clustermembership.go", "new_id": "d699473e57c9f30f4bef99d541055e500cb90a64", "new_mode": 33188, "new_path": "metropolis/node/core/roleserve/value_clustermembership.go" }, { "type": "modify", "old_id": "6193c5aee28de22e7577647dc2f53a5a8a14f1c9", "old_mode": 33188, "old_path": "metropolis/node/core/roleserve/worker_controlplane.go", "new_id": "aa5b4a3995042d8a302a77e609757be0e83efc5e", "new_mode": 33188, "new_path": "metropolis/node/core/roleserve/worker_controlplane.go" }, { "type": "modify", "old_id": "50cf36a1fb81d96884f124d5c80891dd26af143a", "old_mode": 33188, "old_path": "metropolis/node/core/rpc/server_authentication.go", "new_id": "82cdf9c941c8942a4b1f25b81fe258aebfa22c55", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/server_authentication.go" }, { "type": "modify", "old_id": "795b46022def5b3807906ef8d8175c945d683ec8", "old_mode": 33188, "old_path": "metropolis/node/core/rpc/server_authentication_test.go", "new_id": "f0ae6a2e456791db90b689c4b78b4d81d61303f4", "new_mode": 33188, "new_path": "metropolis/node/core/rpc/server_authentication_test.go" } ] }