mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-08 01:37:54 +00:00
59a97f2e3e
Fixes #657 Between v4.25.0 and v4.26.4, commit 72865ff62 changed cluster endpoint resolution to prefer IP addresses over hostnames to reduce DNS lookups (refs #620). However, this caused TLS certificate validation to fail for installations with VerifySSL=true, because Proxmox certificates typically contain hostnames (e.g., pve01.example.com), not IP addresses. When all cluster endpoints failed TLS validation during the initial health check, the ClusterClient marked all nodes as unhealthy. Subsequent calls to GetAllStorage() would fail with "no healthy nodes available in cluster", causing storage data to disappear from the UI despite the cluster being fully operational. **Root Cause:** The IP-first approach breaks TLS hostname verification when: - VerifySSL is enabled (common for production environments) - Certificates are issued with hostnames, not IPs (standard practice) - Result: x509 certificate validation fails (e.g., "certificate is valid for pve01.example.com, not 10.0.0.44") **Solution:** Conditionally prefer hostnames vs IPs based on TLS validation requirements: 1. When TLS hostname verification is required (VerifySSL=true AND no fingerprint override), prefer hostname to ensure certificate CN/SAN validation succeeds. 2. When TLS verification is bypassed (VerifySSL=false OR fingerprint provided), prefer IP to reduce DNS lookups. This approach: - Fixes the regression for users with VerifySSL enabled - Preserves the DNS optimization for self-signed/fingerprint configs - Maintains backwards compatibility with v4.25.0 behavior - Does not compromise TLS security **Testing:** Users reported that rolling back to v4.25.0 fixed their storage visibility. This fix should restore storage for v4.26.4+ while maintaining the DNS optimization for appropriate scenarios. |
||
|---|---|---|
| .. | ||
| backoff.go | ||
| backoff_test.go | ||
| backup_guard_test.go | ||
| ceph.go | ||
| circuit_breaker.go | ||
| circuit_breaker_test.go | ||
| container_disk_usage.go | ||
| diagnostic_snapshots.go | ||
| docker_commands.go | ||
| docker_commands_test.go | ||
| fake_executor_integration.go | ||
| fs_filters.go | ||
| fs_filters_test.go | ||
| harness_integration.go | ||
| helpers_test.go | ||
| integration_integration_test.go | ||
| main_test.go | ||
| metrics.go | ||
| metrics_history.go | ||
| metrics_history_concurrency_test.go | ||
| monitor.go | ||
| monitor_docker_test.go | ||
| monitor_health_test.go | ||
| monitor_host_agents_test.go | ||
| monitor_memory_test.go | ||
| monitor_pmg_test.go | ||
| monitor_polling.go | ||
| monitor_snapshots_test.go | ||
| monitor_storage_test.go | ||
| poller.go | ||
| ratetracker.go | ||
| ratetracker_concurrency_test.go | ||
| reload.go | ||
| scheduler.go | ||
| staleness_tracker.go | ||
| staleness_tracker_test.go | ||
| task_queue.go | ||
| temperature.go | ||
| temperature_service.go | ||
| temperature_test.go | ||