cluster: fix wg1.conf generator
Signed-off-by: Nagy Károly Gábriel <k@jpi.io>
This commit is contained in:
+19
-5
@@ -6,6 +6,7 @@ import (
|
|||||||
"net/netip"
|
"net/netip"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
|
"darvaza.org/core"
|
||||||
"git.jpi.io/amery/jpictl/pkg/rings"
|
"git.jpi.io/amery/jpictl/pkg/rings"
|
||||||
"git.jpi.io/amery/jpictl/pkg/wireguard"
|
"git.jpi.io/amery/jpictl/pkg/wireguard"
|
||||||
)
|
)
|
||||||
@@ -225,17 +226,28 @@ func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) {
|
|||||||
rp.AllowCIDR(rp.Address, 32)
|
rp.AllowCIDR(rp.Address, 32)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// revive:disable:cognitive-complexity
|
||||||
func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) {
|
func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) {
|
||||||
|
// revive:enable:cognitive-complexity
|
||||||
regionID, zoneID, _, _ := r.Decode(rp.Address)
|
regionID, zoneID, _, _ := r.Decode(rp.Address)
|
||||||
|
|
||||||
// peer
|
// peer
|
||||||
rp.AllowCIDR(rp.Address, 32)
|
rp.AllowCIDR(rp.Address, 32)
|
||||||
|
|
||||||
// ring1 gateways connect to all other ring1 networks
|
// ring1 gateways connect to all other ring1 networks
|
||||||
r.ForEachZone(func(z *Zone) bool {
|
m, ok := r.ZoneIterator.(RegionIterator)
|
||||||
if !z.Is(regionID, zoneID) {
|
if !ok {
|
||||||
subnet := z.RingOnePrefix()
|
panic("Cannot iterate Region from Zone")
|
||||||
rp.AllowSubnet(subnet)
|
}
|
||||||
|
m.ForEachRegion(func(r2 *Region) bool {
|
||||||
|
if r2.IsPrimary() {
|
||||||
|
r.ForEachZone(func(z *Zone) bool {
|
||||||
|
if !z.Is(regionID, zoneID) {
|
||||||
|
subnet := z.RingOnePrefix()
|
||||||
|
rp.AllowSubnet(subnet)
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
})
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
})
|
})
|
||||||
@@ -316,7 +328,9 @@ func (rp *RingPeer) AllowCIDR(addr netip.Addr, bits int) {
|
|||||||
|
|
||||||
// AllowSubnet allows an IP range via this peer
|
// AllowSubnet allows an IP range via this peer
|
||||||
func (rp *RingPeer) AllowSubnet(subnet netip.Prefix) {
|
func (rp *RingPeer) AllowSubnet(subnet netip.Prefix) {
|
||||||
rp.PeerConfig.AllowedIPs = append(rp.PeerConfig.AllowedIPs, subnet)
|
if !core.SliceContains(rp.PeerConfig.AllowedIPs, subnet) {
|
||||||
|
rp.PeerConfig.AllowedIPs = append(rp.PeerConfig.AllowedIPs, subnet)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewRing composes a new Ring for Wireguard setup
|
// NewRing composes a new Ring for Wireguard setup
|
||||||
|
|||||||
Reference in New Issue
Block a user