cluster: improve defaults to ease initialisation of new machines #31
@@ -73,6 +73,10 @@ func (m *Cluster) scanMachines(opts *ScanOptions) error {
|
|||||||
err = p.scan(opts)
|
err = p.scan(opts)
|
||||||
return err != nil
|
return err != nil
|
||||||
})
|
})
|
||||||
|
m.ForEachMachine(func(p *Machine) bool {
|
||||||
|
err = p.scanWrapUp(opts)
|
||||||
|
return err != nil
|
||||||
|
})
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -118,21 +118,31 @@ func (m *Machine) tryApplyWireguardConfig(ring int) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error {
|
func (m *Machine) applyWireguardConfigNode(ring int, wg *wireguard.Config) error {
|
||||||
addr := wg.GetAddress()
|
addr := wg.GetAddress()
|
||||||
zoneID, nodeID, ok := Rings[ring].Decode(addr)
|
if !core.IsZero(addr) {
|
||||||
if !ok {
|
zoneID, nodeID, ok := Rings[ring].Decode(addr)
|
||||||
return fmt.Errorf("%s: invalid address", addr)
|
if !ok {
|
||||||
}
|
return fmt.Errorf("%s: invalid address", addr)
|
||||||
|
}
|
||||||
|
|
||||||
if err := m.applyZoneNodeID(zoneID, nodeID); err != nil {
|
if err := m.applyZoneNodeID(zoneID, nodeID); err != nil {
|
||||||
return core.Wrap(err, "%s: invalid address", addr)
|
return core.Wrap(err, "%s: invalid address", addr)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := m.applyWireguardInterfaceConfig(ring, wg.Interface); err != nil {
|
if err := m.applyWireguardInterfaceConfig(ring, wg.Interface); err != nil {
|
||||||
return core.Wrap(err, "interface")
|
return core.Wrap(err, "interface")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *Machine) applyWireguardConfig(ring int, wg *wireguard.Config) error {
|
||||||
|
if err := m.applyWireguardConfigNode(ring, wg); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
for _, peer := range wg.Peer {
|
for _, peer := range wg.Peer {
|
||||||
err := m.applyWireguardPeerConfig(ring, peer)
|
err := m.applyWireguardPeerConfig(ring, peer)
|
||||||
switch {
|
switch {
|
||||||
@@ -230,6 +240,23 @@ func (m *Machine) applyZoneNodeID(zoneID, nodeID int) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (m *Machine) setRingDefaults(ri *RingInfo) error {
|
||||||
|
if ri.Keys.PrivateKey.IsZero() {
|
||||||
|
m.info().
|
||||||
|
WithField("subsystem", "wireguard").
|
||||||
|
WithField("node", m.Name).
|
||||||
|
WithField("ring", ri.Ring).
|
||||||
|
Print("generating key pair")
|
||||||
|
|
||||||
|
kp, err := wireguard.NewKeyPair()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
ri.Keys = kp
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// RemoveWireguardConfig deletes wgN.conf from the machine's
|
// RemoveWireguardConfig deletes wgN.conf from the machine's
|
||||||
// config directory.
|
// config directory.
|
||||||
func (m *Machine) RemoveWireguardConfig(ring int) error {
|
func (m *Machine) RemoveWireguardConfig(ring int) error {
|
||||||
|
|||||||
@@ -68,7 +68,8 @@ func (m *Machine) setID() error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *Machine) scan(opts *ScanOptions) error {
|
// scan is called once we know about all zones and machine names
|
||||||
|
func (m *Machine) scan(_ *ScanOptions) error {
|
||||||
for i := 0; i < RingsCount; i++ {
|
for i := 0; i < RingsCount; i++ {
|
||||||
if err := m.tryApplyWireguardConfig(i); err != nil {
|
if err := m.tryApplyWireguardConfig(i); err != nil {
|
||||||
m.error(err).
|
m.error(err).
|
||||||
@@ -80,6 +81,22 @@ func (m *Machine) scan(opts *ScanOptions) error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// scanWrapUp is called once all machines have been scanned
|
||||||
|
func (m *Machine) scanWrapUp(opts *ScanOptions) error {
|
||||||
|
for _, ri := range m.Rings {
|
||||||
|
if err := m.setRingDefaults(ri); err != nil {
|
||||||
|
m.error(err).
|
||||||
|
WithField("subsystem", "wireguard").
|
||||||
|
WithField("node", m.Name).
|
||||||
|
WithField("ring", ri.Ring).
|
||||||
|
Print()
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if !opts.DontResolvePublicAddresses {
|
if !opts.DontResolvePublicAddresses {
|
||||||
return m.UpdatePublicAddresses()
|
return m.UpdatePublicAddresses()
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ func (ri *RingInfo) Merge(alter *RingInfo) error {
|
|||||||
// can't disable via Merge
|
// can't disable via Merge
|
||||||
return fmt.Errorf("invalid %s: %v → %v", "enabled", ri.Enabled, alter.Enabled)
|
return fmt.Errorf("invalid %s: %v → %v", "enabled", ri.Enabled, alter.Enabled)
|
||||||
case !canMergeKeyPairs(ri.Keys, alter.Keys):
|
case !canMergeKeyPairs(ri.Keys, alter.Keys):
|
||||||
// incompatible keypairs
|
// incompatible key pairs
|
||||||
return fmt.Errorf("invalid %s: %s ≠ %s", "keys", ri.Keys, alter.Keys)
|
return fmt.Errorf("invalid %s: %s ≠ %s", "keys", ri.Keys, alter.Keys)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -175,10 +175,12 @@ func (p interfaceConfig) Export() (InterfaceConfig, error) {
|
|||||||
ListenPort: p.ListenPort,
|
ListenPort: p.ListenPort,
|
||||||
}
|
}
|
||||||
|
|
||||||
out.PrivateKey, err = PrivateKeyFromBase64(p.PrivateKey)
|
if p.PrivateKey != "" {
|
||||||
if err != nil {
|
out.PrivateKey, err = PrivateKeyFromBase64(p.PrivateKey)
|
||||||
err = core.Wrap(err, "PrivateKey")
|
if err != nil {
|
||||||
return InterfaceConfig{}, err
|
err = core.Wrap(err, "PrivateKey")
|
||||||
|
return InterfaceConfig{}, err
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return out, nil
|
return out, nil
|
||||||
|
|||||||
Reference in New Issue
Block a user