Compare commits

...

6 Commits

Author SHA1 Message Date
Nagy Károly Gábriel ff3feb49f2 Merge pull request 'cluster: drop wg1.conf' (#58) 4 months ago
Alejandro Mery b0356c7ebb jpictl: don't append -1 to ring1 addresses on `jpictl list` 4 months ago
Alejandro Mery 08da69f7aa cluster: change wg0.conf to allow ring0/32 and ring1/32 on each peer 4 months ago
Alejandro Mery 6e3bb24b36 cluster: further remove wg1 support 4 months ago
Alejandro Mery 9810f5c6c1 cluster: drop wg1.conf generation 4 months ago
Alejandro Mery 8948b6702a Revert "cluster: fix wg1 generation (AllowedIPs)" 4 months ago
  1. 2
      cmd/jpictl/list.go
  2. 2
      pkg/cluster/errors.go
  3. 64
      pkg/cluster/rings.go
  4. 22
      pkg/cluster/wireguard.go

2
cmd/jpictl/list.go

@ -108,7 +108,7 @@ func (*inventory) renderRingOneZone(out *tools.LazyBuffer, r *cluster.Region, z
z.ForEachMachine(func(m *cluster.Machine) bool {
addr := m.RingOneAddress()
cidr := netip.PrefixFrom(addr, 32)
_ = out.Printf("%s\t\t%s-%v\n", cidr, m.Name, 1)
_ = out.Printf("%s\t\t%s\n", cidr, m.Name)
return false
})
return nil

2
pkg/cluster/errors.go

@ -25,5 +25,5 @@ var (
// ErrInvalidRing returns an error indicating the [rings.RingID]
// can't be used for the intended purpose
func ErrInvalidRing(ringID rings.RingID) error {
return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID)
return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID-1)
}

64
pkg/cluster/rings.go

@ -27,8 +27,6 @@ func AsWireguardInterfaceID(ring rings.RingID) (WireguardInterfaceID, error) {
switch ring {
case rings.RingZeroID:
return 0, nil
case rings.RingOneID:
return 1, nil
default:
return 0, ErrInvalidRing(ring)
}
@ -148,17 +146,9 @@ var (
Decode: rings.DecodeRingZeroAddress,
Encode: rings.RingZeroAddress,
}
// RingOne is a wg1 address encoder/decoder
RingOne = RingAddressEncoder{
ID: rings.RingOneID,
Port: RingOnePort,
Decode: rings.DecodeRingOneAddress,
Encode: rings.RingOneAddress,
}
// Rings provides indexed access to the ring address encoders
Rings = []RingAddressEncoder{
RingZero,
RingOne,
}
)
@ -201,61 +191,17 @@ func (r *Ring) AddPeer(p *Machine) bool {
},
}
switch {
case r.ID == rings.RingZeroID:
r.setRingZeroAllowedIPs(rp)
case p.IsGateway():
r.setRingOneGatewayAllowedIPs(rp)
default:
r.setRingOneNodeAllowedIPs(rp)
}
r.setRingZeroAllowedIPs(rp)
r.Peers = append(r.Peers, rp)
return true
}
func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) {
regionID, zoneID, _, _ := r.Decode(rp.Address)
// everyone on ring0 is a gateway to ring1
subnet, _ := rings.RingOnePrefix(regionID, zoneID)
rp.AllowSubnet(subnet)
// peer
rp.AllowCIDR(rp.Address, 32)
}
func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) {
regionID, zoneID, _, _ := r.Decode(rp.Address)
// peer
func (*Ring) setRingZeroAllowedIPs(rp *RingPeer) {
// ring0 peer
rp.AllowCIDR(rp.Address, 32)
// ring1 gateways connect to all other ring1 networks
r.ForEachZone(func(z *Zone) bool {
if !z.Is(regionID, zoneID) {
subnet := z.RingOnePrefix()
rp.AllowSubnet(subnet)
}
return false
})
// ring1 gateways also connect to all ring0 addresses
r.ForEachZone(func(z *Zone) bool {
z.ForEachMachine(func(p *Machine) bool {
if p.IsGateway() {
addr, _ := p.RingZeroAddress()
rp.AllowCIDR(addr, 32)
}
return false
})
return false
})
}
func (*Ring) setRingOneNodeAllowedIPs(rp *RingPeer) {
// only to the peer itself
rp.AllowCIDR(rp.Address, 32)
// everyone on ring0 has a leg on ring1
rp.AllowCIDR(rp.Node.RingOneAddress(), 32)
}
// ForEachMachine calls a function for each Machine in the ring

22
pkg/cluster/wireguard.go

@ -82,13 +82,6 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error {
switch ring {
case rings.RingZeroID:
return writeWireguardConfig(m, m, ring)
case rings.RingOneID:
var err error
m.ForEachZone(func(z *Zone) bool {
err = writeWireguardConfig(m, z, ring)
return err != nil
})
return err
default:
return ErrInvalidRing(ring)
}
@ -97,10 +90,12 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error {
// WriteWireguardConfig rewrites all wgN.conf on all machines
// on the Zone attached to that ring
func (z *Zone) WriteWireguardConfig(ring rings.RingID) error {
if ring == rings.RingZeroID || ring == rings.RingOneID {
switch ring {
case rings.RingZeroID:
return writeWireguardConfig(z.zones, z.zones, ring)
default:
return ErrInvalidRing(ring)
}
return ErrInvalidRing(ring)
}
func writeWireguardConfig(z ZoneIterator, m MachineIterator, ring rings.RingID) error {
@ -161,13 +156,6 @@ func (m *Cluster) SyncWireguardConfig(ring rings.RingID) error {
switch ring {
case rings.RingZeroID:
return syncWireguardConfig(m, m, ring)
case rings.RingOneID:
var err error
m.ForEachZone(func(z *Zone) bool {
err = syncWireguardConfig(m, z, ring)
return err != nil
})
return err
default:
return ErrInvalidRing(ring)
}
@ -179,8 +167,6 @@ func (z *Zone) SyncWireguardConfig(ring rings.RingID) error {
switch ring {
case rings.RingZeroID:
return syncWireguardConfig(z.zones, z.zones, ring)
case rings.RingOneID:
return syncWireguardConfig(z.zones, z, ring)
default:
return ErrInvalidRing(ring)
}

Loading…
Cancel
Save