From 8948b6702a39a72012d723be0b5aa9a128ee2116 Mon Sep 17 00:00:00 2001 From: Alejandro Mery Date: Mon, 29 Jul 2024 16:46:43 +0000 Subject: [PATCH 1/5] Revert "cluster: fix wg1 generation (AllowedIPs)" This reverts commit f0c09c2176337964b874efcb17d9d419794ca967. --- pkg/cluster/wireguard.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pkg/cluster/wireguard.go b/pkg/cluster/wireguard.go index 932fe32..ce71b88 100644 --- a/pkg/cluster/wireguard.go +++ b/pkg/cluster/wireguard.go @@ -97,10 +97,14 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error { // WriteWireguardConfig rewrites all wgN.conf on all machines // on the Zone attached to that ring func (z *Zone) WriteWireguardConfig(ring rings.RingID) error { - if ring == rings.RingZeroID || ring == rings.RingOneID { + switch ring { + case rings.RingZeroID: return writeWireguardConfig(z.zones, z.zones, ring) + case rings.RingOneID: + return writeWireguardConfig(z.zones, z, ring) + default: + return ErrInvalidRing(ring) } - return ErrInvalidRing(ring) } func writeWireguardConfig(z ZoneIterator, m MachineIterator, ring rings.RingID) error { From 9810f5c6c1f1e5be712503c134e42e97b2ce8013 Mon Sep 17 00:00:00 2001 From: Alejandro Mery Date: Mon, 29 Jul 2024 15:50:20 +0000 Subject: [PATCH 2/5] cluster: drop wg1.conf generation Signed-off-by: Alejandro Mery --- pkg/cluster/errors.go | 2 +- pkg/cluster/rings.go | 10 ---------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/pkg/cluster/errors.go b/pkg/cluster/errors.go index 71c133f..d34bfce 100644 --- a/pkg/cluster/errors.go +++ b/pkg/cluster/errors.go @@ -25,5 +25,5 @@ var ( // ErrInvalidRing returns an error indicating the [rings.RingID] // can't be used for the intended purpose func ErrInvalidRing(ringID rings.RingID) error { - return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID) + return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID-1) } diff --git a/pkg/cluster/rings.go b/pkg/cluster/rings.go index 161f4a5..721fdcf 100644 --- a/pkg/cluster/rings.go +++ b/pkg/cluster/rings.go @@ -27,8 +27,6 @@ func AsWireguardInterfaceID(ring rings.RingID) (WireguardInterfaceID, error) { switch ring { case rings.RingZeroID: return 0, nil - case rings.RingOneID: - return 1, nil default: return 0, ErrInvalidRing(ring) } @@ -148,17 +146,9 @@ var ( Decode: rings.DecodeRingZeroAddress, Encode: rings.RingZeroAddress, } - // RingOne is a wg1 address encoder/decoder - RingOne = RingAddressEncoder{ - ID: rings.RingOneID, - Port: RingOnePort, - Decode: rings.DecodeRingOneAddress, - Encode: rings.RingOneAddress, - } // Rings provides indexed access to the ring address encoders Rings = []RingAddressEncoder{ RingZero, - RingOne, } ) From 6e3bb24b3601cc199d0a81035d5a5893b609dd28 Mon Sep 17 00:00:00 2001 From: Alejandro Mery Date: Mon, 29 Jul 2024 16:52:59 +0000 Subject: [PATCH 3/5] cluster: further remove wg1 support Signed-off-by: Alejandro Mery --- pkg/cluster/rings.go | 43 +--------------------------------------- pkg/cluster/wireguard.go | 18 ----------------- 2 files changed, 1 insertion(+), 60 deletions(-) diff --git a/pkg/cluster/rings.go b/pkg/cluster/rings.go index 721fdcf..cc44c13 100644 --- a/pkg/cluster/rings.go +++ b/pkg/cluster/rings.go @@ -191,15 +191,7 @@ func (r *Ring) AddPeer(p *Machine) bool { }, } - switch { - case r.ID == rings.RingZeroID: - r.setRingZeroAllowedIPs(rp) - case p.IsGateway(): - r.setRingOneGatewayAllowedIPs(rp) - default: - r.setRingOneNodeAllowedIPs(rp) - } - + r.setRingZeroAllowedIPs(rp) r.Peers = append(r.Peers, rp) return true } @@ -215,39 +207,6 @@ func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) { rp.AllowCIDR(rp.Address, 32) } -func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) { - regionID, zoneID, _, _ := r.Decode(rp.Address) - - // peer - rp.AllowCIDR(rp.Address, 32) - - // ring1 gateways connect to all other ring1 networks - r.ForEachZone(func(z *Zone) bool { - if !z.Is(regionID, zoneID) { - subnet := z.RingOnePrefix() - rp.AllowSubnet(subnet) - } - return false - }) - - // ring1 gateways also connect to all ring0 addresses - r.ForEachZone(func(z *Zone) bool { - z.ForEachMachine(func(p *Machine) bool { - if p.IsGateway() { - addr, _ := p.RingZeroAddress() - rp.AllowCIDR(addr, 32) - } - return false - }) - return false - }) -} - -func (*Ring) setRingOneNodeAllowedIPs(rp *RingPeer) { - // only to the peer itself - rp.AllowCIDR(rp.Address, 32) -} - // ForEachMachine calls a function for each Machine in the ring // until instructed to terminate the loop func (r *Ring) ForEachMachine(fn func(*Machine) bool) { diff --git a/pkg/cluster/wireguard.go b/pkg/cluster/wireguard.go index ce71b88..037d446 100644 --- a/pkg/cluster/wireguard.go +++ b/pkg/cluster/wireguard.go @@ -82,13 +82,6 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error { switch ring { case rings.RingZeroID: return writeWireguardConfig(m, m, ring) - case rings.RingOneID: - var err error - m.ForEachZone(func(z *Zone) bool { - err = writeWireguardConfig(m, z, ring) - return err != nil - }) - return err default: return ErrInvalidRing(ring) } @@ -100,8 +93,6 @@ func (z *Zone) WriteWireguardConfig(ring rings.RingID) error { switch ring { case rings.RingZeroID: return writeWireguardConfig(z.zones, z.zones, ring) - case rings.RingOneID: - return writeWireguardConfig(z.zones, z, ring) default: return ErrInvalidRing(ring) } @@ -165,13 +156,6 @@ func (m *Cluster) SyncWireguardConfig(ring rings.RingID) error { switch ring { case rings.RingZeroID: return syncWireguardConfig(m, m, ring) - case rings.RingOneID: - var err error - m.ForEachZone(func(z *Zone) bool { - err = syncWireguardConfig(m, z, ring) - return err != nil - }) - return err default: return ErrInvalidRing(ring) } @@ -183,8 +167,6 @@ func (z *Zone) SyncWireguardConfig(ring rings.RingID) error { switch ring { case rings.RingZeroID: return syncWireguardConfig(z.zones, z.zones, ring) - case rings.RingOneID: - return syncWireguardConfig(z.zones, z, ring) default: return ErrInvalidRing(ring) } From 08da69f7aa56c1e47cf957768b56249eef172b80 Mon Sep 17 00:00:00 2001 From: Alejandro Mery Date: Mon, 29 Jul 2024 18:04:25 +0000 Subject: [PATCH 4/5] cluster: change wg0.conf to allow ring0/32 and ring1/32 on each peer Signed-off-by: Alejandro Mery --- pkg/cluster/rings.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/pkg/cluster/rings.go b/pkg/cluster/rings.go index cc44c13..6327c1e 100644 --- a/pkg/cluster/rings.go +++ b/pkg/cluster/rings.go @@ -196,15 +196,12 @@ func (r *Ring) AddPeer(p *Machine) bool { return true } -func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) { - regionID, zoneID, _, _ := r.Decode(rp.Address) - - // everyone on ring0 is a gateway to ring1 - subnet, _ := rings.RingOnePrefix(regionID, zoneID) - rp.AllowSubnet(subnet) - - // peer +func (*Ring) setRingZeroAllowedIPs(rp *RingPeer) { + // ring0 peer rp.AllowCIDR(rp.Address, 32) + + // everyone on ring0 has a leg on ring1 + rp.AllowCIDR(rp.Node.RingOneAddress(), 32) } // ForEachMachine calls a function for each Machine in the ring From b0356c7ebbf64c4720affb8123d71f6d4f19b7d1 Mon Sep 17 00:00:00 2001 From: Alejandro Mery Date: Mon, 29 Jul 2024 19:09:37 +0000 Subject: [PATCH 5/5] jpictl: don't append -1 to ring1 addresses on `jpictl list` Signed-off-by: Alejandro Mery --- cmd/jpictl/list.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/jpictl/list.go b/cmd/jpictl/list.go index c024329..025de03 100644 --- a/cmd/jpictl/list.go +++ b/cmd/jpictl/list.go @@ -108,7 +108,7 @@ func (*inventory) renderRingOneZone(out *tools.LazyBuffer, r *cluster.Region, z z.ForEachMachine(func(m *cluster.Machine) bool { addr := m.RingOneAddress() cidr := netip.PrefixFrom(addr, 32) - _ = out.Printf("%s\t\t%s-%v\n", cidr, m.Name, 1) + _ = out.Printf("%s\t\t%s\n", cidr, m.Name) return false }) return nil