[Bug] IpAuthHandler blocks all cross-node raft connections in Docker bridge mode — hostname vs IP mismatch #2960
Description
Bug Type (问题类型)
None
Before submit
- 我已经确认现有的 Issues 与 FAQ 中没有相同 / 重复问题 (I have confirmed and searched that there are no similar problems in the historical issue and documents)
Environment (环境信息)
Environment
- HugeGraph PD version: 1.7.0
- Docker network mode: bridge (static IPs via ipam)
- Tested on: macOS Apple M4
- Related PR: fix(docker): migrate single-node compose from host to bridge networking #2952
- Related bug: IpAuthHandler hostname vs IP (same bridge mode root cause)
Expected & Actual behavior (期望与实际表现)
Expected: Cross-node raft connections between PD nodes work correctly in
Docker bridge network mode.
Actual: All cross-node raft connections are silently blocked by
IpAuthHandler. The allowlist is built using PeerId::getIp which returns
raw hostnames (e.g. "pd0", "pd1") but incoming connections arrive with
actual bridge IPs (e.g. "172.18.0.4") — the string comparison always
fails so every connection is dropped with no useful error.
Error in logs:
WARN IpAuthHandler - Blocked connection from 172.18.0.4
Workaround: assign static IPs to PD containers via docker-compose ipam
and use those IPs directly in HG_PD_RAFT_PEERS_LIST instead of hostnames.