|
|
|
@ -191,12 +191,20 @@ func (r *Ring) AddPeer(p *Machine) bool {
|
|
|
|
|
}, |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
switch { |
|
|
|
|
case r.ID == rings.RingZeroID: |
|
|
|
|
r.setRingZeroAllowedIPs(rp) |
|
|
|
|
case p.IsGateway(): |
|
|
|
|
r.setRingOneGatewayAllowedIPs(rp) |
|
|
|
|
default: |
|
|
|
|
r.setRingOneNodeAllowedIPs(rp) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
r.Peers = append(r.Peers, rp) |
|
|
|
|
return true |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (*Ring) setRingZeroAllowedIPs(rp *RingPeer) { |
|
|
|
|
func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) { |
|
|
|
|
// ring0 peer
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
|
|
|
|
@ -204,6 +212,39 @@ func (*Ring) setRingZeroAllowedIPs(rp *RingPeer) {
|
|
|
|
|
rp.AllowCIDR(rp.Node.RingOneAddress(), 32) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) { |
|
|
|
|
regionID, zoneID, _, _ := r.Decode(rp.Address) |
|
|
|
|
|
|
|
|
|
// peer
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
|
|
|
|
|
// ring1 gateways connect to all other ring1 networks
|
|
|
|
|
r.ForEachZone(func(z *Zone) bool { |
|
|
|
|
if !z.Is(regionID, zoneID) { |
|
|
|
|
subnet := z.RingOnePrefix() |
|
|
|
|
rp.AllowSubnet(subnet) |
|
|
|
|
} |
|
|
|
|
return false |
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
// ring1 gateways also connect to all ring0 addresses
|
|
|
|
|
r.ForEachZone(func(z *Zone) bool { |
|
|
|
|
z.ForEachMachine(func(p *Machine) bool { |
|
|
|
|
if p.IsGateway() { |
|
|
|
|
addr, _ := p.RingZeroAddress() |
|
|
|
|
rp.AllowCIDR(addr, 32) |
|
|
|
|
} |
|
|
|
|
return false |
|
|
|
|
}) |
|
|
|
|
return false |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (*Ring) setRingOneNodeAllowedIPs(rp *RingPeer) { |
|
|
|
|
// only to the peer itself
|
|
|
|
|
rp.AllowCIDR(rp.Address, 32) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// ForEachMachine calls a function for each Machine in the ring
|
|
|
|
|
// until instructed to terminate the loop
|
|
|
|
|
func (r *Ring) ForEachMachine(fn func(*Machine) bool) { |
|
|
|
|