[managment] add flag to disable the old legacy grpc endpoint (#5372)

2026-04-15 23:06:38 +00:00 · 2026-02-17 19:53:14 +01:00
parent 2dbdb5c1a7
commit e9b2a6e808
4 changed files with 75 additions and 46 deletions
--- a/combined/cmd/root.go
+++ b/combined/cmd/root.go
@@ -488,15 +488,17 @@ func createManagementServer(cfg *CombinedConfig, mgmtConfig *nbconfig.Config) (*
 	mgmtPort, _ := strconv.Atoi(portStr)
 	mgmtSrv := mgmtServer.NewServer(
-		mgmtConfig,
+		&mgmtServer.Config{
-		dnsDomain,
+			NbConfig:                mgmtConfig,
-		singleAccModeDomain,
+			DNSDomain:               dnsDomain,
-		mgmtPort,
+			MgmtSingleAccModeDomain: singleAccModeDomain,
-		cfg.Server.MetricsPort,
+			MgmtPort:                mgmtPort,
-		mgmt.DisableAnonymousMetrics,
+			MgmtMetricsPort:         cfg.Server.MetricsPort,
-		mgmt.DisableGeoliteUpdate,
+			DisableMetrics:          mgmt.DisableAnonymousMetrics,
-		// Always enable user deletion from IDP in combined server (embedded IdP is always enabled)
+			DisableGeoliteUpdate:    mgmt.DisableGeoliteUpdate,
-		true,
+			// Always enable user deletion from IDP in combined server (embedded IdP is always enabled)
 			UserDeleteFromIDPEnabled: true,
 		},
 	)
 	return mgmtSrv, nil
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -29,11 +29,11 @@ import (
 	"github.com/netbirdio/netbird/util/crypt"
 )
-var newServer = func(config *nbconfig.Config, dnsDomain, mgmtSingleAccModeDomain string, mgmtPort int, mgmtMetricsPort int, disableMetrics, disableGeoliteUpdate, userDeleteFromIDPEnabled bool) server.Server {
+var newServer = func(cfg *server.Config) server.Server {
-	return server.NewServer(config, dnsDomain, mgmtSingleAccModeDomain, mgmtPort, mgmtMetricsPort, disableMetrics, disableGeoliteUpdate, userDeleteFromIDPEnabled)
+	return server.NewServer(cfg)
 }
-func SetNewServer(fn func(config *nbconfig.Config, dnsDomain, mgmtSingleAccModeDomain string, mgmtPort int, mgmtMetricsPort int, disableMetrics, disableGeoliteUpdate, userDeleteFromIDPEnabled bool) server.Server) {
+func SetNewServer(fn func(*server.Config) server.Server) {
 	newServer = fn
 }
@@ -110,7 +110,17 @@ var (
 				mgmtSingleAccModeDomain = ""
 			}
-			srv := newServer(config, dnsDomain, mgmtSingleAccModeDomain, mgmtPort, mgmtMetricsPort, disableMetrics, disableGeoliteUpdate, userDeleteFromIDPEnabled)
+			srv := newServer(&server.Config{
 				NbConfig:                    config,
 				DNSDomain:                   dnsDomain,
 				MgmtSingleAccModeDomain:     mgmtSingleAccModeDomain,
 				MgmtPort:                    mgmtPort,
 				MgmtMetricsPort:             mgmtMetricsPort,
 				DisableLegacyManagementPort: disableLegacyManagementPort,
 				DisableMetrics:              disableMetrics,
 				DisableGeoliteUpdate:        disableGeoliteUpdate,
 				UserDeleteFromIDPEnabled:    userDeleteFromIDPEnabled,
 			})
 			go func() {
 				if err := srv.Start(cmd.Context()); err != nil {
 					log.Fatalf("Server error: %v", err)
--- a/management/cmd/root.go
+++ b/management/cmd/root.go
@@ -16,21 +16,22 @@ const (
 )
 var (
-	dnsDomain                string
+	dnsDomain                   string
-	mgmtDataDir              string
+	mgmtDataDir                 string
-	logLevel                 string
+	logLevel                    string
-	logFile                  string
+	logFile                     string
-	disableMetrics           bool
+	disableMetrics              bool
-	disableSingleAccMode     bool
+	disableSingleAccMode        bool
-	disableGeoliteUpdate     bool
+	disableGeoliteUpdate        bool
-	idpSignKeyRefreshEnabled bool
+	idpSignKeyRefreshEnabled    bool
-	userDeleteFromIDPEnabled bool
+	userDeleteFromIDPEnabled    bool
-	mgmtPort                 int
+	mgmtPort                    int
-	mgmtMetricsPort          int
+	mgmtMetricsPort             int
-	mgmtLetsencryptDomain    string
+	disableLegacyManagementPort bool
-	mgmtSingleAccModeDomain  string
+	mgmtLetsencryptDomain       string
-	certFile                 string
+	mgmtSingleAccModeDomain     string
-	certKey                  string
+	certFile                    string
 	certKey                     string
 	rootCmd = &cobra.Command{
 		Use:          "netbird-mgmt",
@@ -55,6 +56,7 @@ func Execute() error {
 func init() {
 	mgmtCmd.Flags().IntVar(&mgmtPort, "port", 80, "server port to listen on (defaults to 443 if TLS is enabled, 80 otherwise")
 	mgmtCmd.Flags().BoolVar(&disableLegacyManagementPort, "disable-legacy-port", false, "disabling the old legacy port (33073)")
 	mgmtCmd.Flags().IntVar(&mgmtMetricsPort, "metrics-port", 9090, "metrics endpoint http port. Metrics are accessible under host:metrics-port/metrics")
 	mgmtCmd.Flags().StringVar(&mgmtDataDir, "datadir", defaultMgmtDataDir, "server data directory location")
 	mgmtCmd.Flags().StringVar(&nbconfig.MgmtConfigPath, "config", defaultMgmtConfig, "Netbird config file location. Config params specified via command line (e.g. datadir) have a precedence over configuration from this file")
--- a/management/internals/server/server.go
+++ b/management/internals/server/server.go
@@ -50,13 +50,14 @@ type BaseServer struct {
 	// AfterInit is a function that will be called after the server is initialized
 	afterInit []func(s *BaseServer)
-	disableMetrics           bool
+	disableMetrics              bool
-	dnsDomain                string
+	dnsDomain                   string
-	disableGeoliteUpdate     bool
+	disableGeoliteUpdate        bool
-	userDeleteFromIDPEnabled bool
+	userDeleteFromIDPEnabled    bool
-	mgmtSingleAccModeDomain  string
+	mgmtSingleAccModeDomain     string
-	mgmtMetricsPort          int
+	mgmtMetricsPort             int
-	mgmtPort                 int
+	mgmtPort                    int
 	disableLegacyManagementPort bool
 	proxyAuthClose func()
@@ -69,18 +70,32 @@ type BaseServer struct {
 	cancel context.CancelFunc
 }
 // Config holds the configuration parameters for creating a new server
 type Config struct {
 	NbConfig                    *nbconfig.Config
 	DNSDomain                   string
 	MgmtSingleAccModeDomain     string
 	MgmtPort                    int
 	MgmtMetricsPort             int
 	DisableLegacyManagementPort bool
 	DisableMetrics              bool
 	DisableGeoliteUpdate        bool
 	UserDeleteFromIDPEnabled    bool
 }
 // NewServer initializes and configures a new Server instance
-func NewServer(config *nbconfig.Config, dnsDomain, mgmtSingleAccModeDomain string, mgmtPort, mgmtMetricsPort int, disableMetrics, disableGeoliteUpdate, userDeleteFromIDPEnabled bool) *BaseServer {
+func NewServer(cfg *Config) *BaseServer {
 	return &BaseServer{
-		Config:                   config,
+		Config:                      cfg.NbConfig,
-		container:                make(map[string]any),
+		container:                   make(map[string]any),
-		dnsDomain:                dnsDomain,
+		dnsDomain:                   cfg.DNSDomain,
-		mgmtSingleAccModeDomain:  mgmtSingleAccModeDomain,
+		mgmtSingleAccModeDomain:     cfg.MgmtSingleAccModeDomain,
-		disableMetrics:           disableMetrics,
+		disableMetrics:              cfg.DisableMetrics,
-		disableGeoliteUpdate:     disableGeoliteUpdate,
+		disableGeoliteUpdate:        cfg.DisableGeoliteUpdate,
-		userDeleteFromIDPEnabled: userDeleteFromIDPEnabled,
+		userDeleteFromIDPEnabled:    cfg.UserDeleteFromIDPEnabled,
-		mgmtPort:                 mgmtPort,
+		mgmtPort:                    cfg.MgmtPort,
-		mgmtMetricsPort:          mgmtMetricsPort,
+		disableLegacyManagementPort: cfg.DisableLegacyManagementPort,
 		mgmtMetricsPort:             cfg.MgmtMetricsPort,
 	}
 }
@@ -152,7 +167,7 @@ func (s *BaseServer) Start(ctx context.Context) error {
 	}
 	var compatListener net.Listener
-	if s.mgmtPort != ManagementLegacyPort {
+	if s.mgmtPort != ManagementLegacyPort && !s.disableLegacyManagementPort {
 		// The Management gRPC server was running on port 33073 previously. Old agents that are already connected to it
 		// are using port 33073. For compatibility purposes we keep running a 2nd gRPC server on port 33073.
 		compatListener, err = s.serveGRPC(srvCtx, s.GRPCServer(), ManagementLegacyPort)