Avoid erroring out when localhost cannot be resolved

During certificate generation, k0s makes an effort to compile a comprehensive list of SANs for the TLS certificates. Consequently, it tries to ensure that connections from localhost will function properly: It attempts to perform a lookup for localhost to include its IP address in the list of SANs. Although this lookup is typically expected to succeed, as it's assumed to be local to the machine anyways, it may fail in specific setups, leading to cluster formation issues. Instead of treating a failed IP lookup for localhost as a critical error, record the error in the logs and proceed with the execution. This approach is likely to be effective if localhost resolves to its standard address, 127.0.0.1. Additionally, introduce some log statements to capture errors that would otherwise go unnoticed, such as those arising from attempts to resolve the machine's hostname. Signed-off-by: Tom Wieczorek <[email protected]>
k0sproject · Aug 10, 2023 · f0fb56d · f0fb56d
1 parent ba1443c
commit f0fb56d
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/cmd/controller/certificates.go b/cmd/controller/certificates.go
@@ -56,8 +56,10 @@ func (c *Certificates) Init(ctx context.Context) error {
 		return err
 	}
 
+	log := logrus.WithField("component", "certificates")
+
 	// We need CA cert loaded to generate client configs
-	logrus.Debugf("CA key and cert exists, loading")
+	log.Debug("CA key and cert exists, loading")
 	cert, err := os.ReadFile(caCertPath)
 	if err != nil {
 		return fmt.Errorf("failed to read ca cert: %w", err)
@@ -175,7 +177,7 @@ func (c *Certificates) Init(ctx context.Context) error {
 		"127.0.0.1",
 	}
 
-	localIPs, err := detectLocalIPs(ctx)
+	localIPs, err := detectLocalIPs(ctx, log)
 	if err != nil {
 		return fmt.Errorf("error detecting local IP: %w", err)
 	}
@@ -219,12 +221,17 @@ func (c *Certificates) Init(ctx context.Context) error {
 	return eg.Wait()
 }
 
-func detectLocalIPs(ctx context.Context) ([]string, error) {
+func detectLocalIPs(ctx context.Context, log logrus.FieldLogger) ([]string, error) {
 	resolver := net.DefaultResolver
 
 	addrs, err := resolver.LookupIPAddr(ctx, "localhost")
 	if err != nil {
-		return nil, err
+		if errors.Is(err, ctx.Err()) {
+			return nil, err
+		}
+
+		log.WithError(err).Warn("Failed to lookup localhost, this may be a problem for certificate verification when localhost resolves to something other than 127.0.0.1.")
+		addrs = nil
 	}
 
 	if hostname, err := os.Hostname(); err == nil {
@@ -233,6 +240,8 @@ func detectLocalIPs(ctx context.Context) ([]string, error) {
 			addrs = append(addrs, hostnameAddrs...)
 		} else if errors.Is(err, ctx.Err()) {
 			return nil, err
+		} else {
+			log.WithError(err).Warnf("Failed to lookup the machine's hostname %q, this may be a problem for certificate verification.", hostname)
 		}
 	}