Host filter #567
Host filter #567
Conversation
| @@ -3,6 +3,7 @@ mod cluster; | |||
| pub(crate) mod connection; | |||
| mod connection_pool; | |||
| pub mod downgrading_consistency_retry_policy; | |||
| pub mod host_filter; | |||
There was a problem hiding this comment.
This could also be reexported in lib.rs for convenience.
scylla/src/transport/topology.rs
Outdated
| @@ -251,6 +255,9 @@ impl MetadataReader { | |||
| let mut result = self.fetch_metadata(initial).await; | |||
| if let Ok(metadata) = result { | |||
| self.update_known_peers(&metadata); | |||
| if initial { | |||
| self.check_that_control_connection_is_an_accepted_host(&metadata); | |||
There was a problem hiding this comment.
Would it be possible to do the same filtering that we do in update_known_peers in the constructor?
We would be sure that the control connection is connected to an accepted peer.
Forcing the user to specify only known_peers that are accepted by the host filter seems overly restrictive.
I can imagine that someone might want to write a single app with predefined list of peers and then deploy it in multiple DCs, something like:
let session = SessionBuilder::new()
.known_peers(["eu-1", "eu-2", "eu-3", "us-1", "us-2", "us-3"])
.host_filter(make_host_filter_for_dc(get_dc_from_env_variable()));
.build()There was a problem hiding this comment.
It would be nice if it were possible, but unfortunately not all kinds of filters can be implemented this way. For example, we don't really know which nodes are in which DC until we fetch topology data from system.local/system.peers.
|
Let's also make an issue that documentation for |
Introduces the host_filter module. Host filters will be used for restricting the set of nodes towards which the driver should open connections. The following filters are implemented for the time being: - AcceptAllHostFilter: accepts all nodes, - AllowListHostFilter: only nodes from the provided list are accepted, - DcHostfilter: only nodes from given DC are accepted.
Now, it is possible to provide a HostFilter for a Session via SessionConfig or SessionBuilder.
In order to make host filters effective the connection pool in Node is wrapped in an optional. Nodes disabled by the session's host filters will have the connection pool set to None.
Now, on topology refresh, nodes that are not accepted by the host filtered are created in disabled mode, i.e. they do not create a connection pool and do not establish any connections to the node.
Now, the control connection is aware of the host filter and carefully tries to omit filtered out nodes. If the initial nodes list contained a node that is not accepted by the host filter and a control connection has been established to it, a warning will be printed and the driver will try to re-establish it to one of the accepted nodes. Additionally, in case of a mistake where an incorrect host filter is provided and all nodes are filtered out, a message is printed which points out the problem.
|
v2:
|
|
This PR adds host filters. With host filters, it is possible to prevent some nodes from establishing connections to the cluster at all. For example, the set of nodes for which connections are allowed can be restricted to the local DC.
Tested manually with cql-stress and a 3 node cluster - applied an allowlist of nodes and observed in metrics that forbidden nodes do not have additional connections and do not receive any requests.
Fixes: #561
Pre-review checklist
Fixes:annotations to PR description.