etcd version
3.23
ETCD Cluster doesn't enable Role Auth, and the username and password are used in client.
For example:
var Etcd_dsn []string = ["192.168.1.10:2379","192.168.1.11:2379","192.168.1.12:2379"]
var Etcd_username string = "root"
var Etcd_passwd string = "pass"
cfg := etcdclient.Config{
Endpoints: Etcd_dsn,
TLS: _tlsConfig,
DialTimeout:ETCD_CONNECT_TIMEOUT,
AutoSyncInterval: time.Second * 300,
Username: Etcd_username,
Password: Etcd_passwd,
}
client, err := clientv3.New(cfg)
if err != nil {
return err
}
Two results:
- It will work well with less endpoints
- It will return
context deadline exceed with many endpoints
The rootcause of BUG:
- When client code use username and password ,it will go to the code
err := c.getToken(ctx) at client.go line 356.
- In
getToken function, it will not stop trying another endpoint until sucessfull if get error after call the auth.authenticate.
- It will return
rpctypes.ErrAuthNotEnabled after trying all endpoints if ETCD cluster don't use Auth.
- When with less endpoints, the
ctx will not get timeout after trying all endpoints.
- When with many endpoints, the
ctx will get timeout when after trying most endpoints. The error rpctypes.ErrAuthNotEnabled in the 311th line of client.go will turn to be context deadline exceeded
- In the line client.go 365, it will be ignored when the err is not
rpctypes.ErrAuthNotEnabled when handling the result of c.getToken(ctx). It will not communicate normaly when get other error types.
We can get a conclusion that it will not function as well as we wish when the number of endpoints is not sure.
In my production , the ETCD cluster in the TEST environment has three endpoints which are deployed in different IDC , while it in PRODUCT environment has seven or nine endpoints which are deployed in different IDC. It will work well in the TEST but doesn't work in the PRODUCT when the code isn't changed.
The err rpctypes.ErrAuthNotEnabled can be ignored if the communication to ETCD works well just like in client.go 358 line .
I think it can return directly when the function getToken get err rpctypes.ErrAuthNotEnabled. It don't need to try other endpoints.
etcd version
3.23
ETCD Cluster doesn't enable Role Auth, and the username and password are used in client.
For example:
Two results:
context deadline exceedwith many endpointsThe rootcause of BUG:
err := c.getToken(ctx)at client.go line 356.getTokenfunction, it will not stop trying another endpoint until sucessfull if get error after call theauth.authenticate.rpctypes.ErrAuthNotEnabledafter trying all endpoints if ETCD cluster don't use Auth.ctxwill not get timeout after trying all endpoints.ctxwill get timeout when after trying most endpoints. The errorrpctypes.ErrAuthNotEnabledin the 311th line of client.go will turn to becontext deadline exceededrpctypes.ErrAuthNotEnabledwhen handling the result ofc.getToken(ctx). It will not communicate normaly when get other error types.We can get a conclusion that it will not function as well as we wish when the number of endpoints is not sure.
In my production , the ETCD cluster in the TEST environment has three endpoints which are deployed in different IDC , while it in PRODUCT environment has seven or nine endpoints which are deployed in different IDC. It will work well in the TEST but doesn't work in the PRODUCT when the code isn't changed.
The err
rpctypes.ErrAuthNotEnabledcan be ignored if the communication to ETCD works well just like in client.go 358 line .I think it can return directly when the function
getTokenget errrpctypes.ErrAuthNotEnabled. It don't need to try other endpoints.