cluster: drop wg1.conf #58
+1
-1
@@ -108,7 +108,7 @@ func (*inventory) renderRingOneZone(out *tools.LazyBuffer, r *cluster.Region, z
|
|||||||
z.ForEachMachine(func(m *cluster.Machine) bool {
|
z.ForEachMachine(func(m *cluster.Machine) bool {
|
||||||
addr := m.RingOneAddress()
|
addr := m.RingOneAddress()
|
||||||
cidr := netip.PrefixFrom(addr, 32)
|
cidr := netip.PrefixFrom(addr, 32)
|
||||||
_ = out.Printf("%s\t\t%s-%v\n", cidr, m.Name, 1)
|
_ = out.Printf("%s\t\t%s\n", cidr, m.Name)
|
||||||
return false
|
return false
|
||||||
})
|
})
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
@@ -25,5 +25,5 @@ var (
|
|||||||
// ErrInvalidRing returns an error indicating the [rings.RingID]
|
// ErrInvalidRing returns an error indicating the [rings.RingID]
|
||||||
// can't be used for the intended purpose
|
// can't be used for the intended purpose
|
||||||
func ErrInvalidRing(ringID rings.RingID) error {
|
func ErrInvalidRing(ringID rings.RingID) error {
|
||||||
return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID)
|
return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID-1)
|
||||||
}
|
}
|
||||||
|
|||||||
+5
-59
@@ -27,8 +27,6 @@ func AsWireguardInterfaceID(ring rings.RingID) (WireguardInterfaceID, error) {
|
|||||||
switch ring {
|
switch ring {
|
||||||
case rings.RingZeroID:
|
case rings.RingZeroID:
|
||||||
return 0, nil
|
return 0, nil
|
||||||
case rings.RingOneID:
|
|
||||||
return 1, nil
|
|
||||||
default:
|
default:
|
||||||
return 0, ErrInvalidRing(ring)
|
return 0, ErrInvalidRing(ring)
|
||||||
}
|
}
|
||||||
@@ -148,17 +146,9 @@ var (
|
|||||||
Decode: rings.DecodeRingZeroAddress,
|
Decode: rings.DecodeRingZeroAddress,
|
||||||
Encode: rings.RingZeroAddress,
|
Encode: rings.RingZeroAddress,
|
||||||
}
|
}
|
||||||
// RingOne is a wg1 address encoder/decoder
|
|
||||||
RingOne = RingAddressEncoder{
|
|
||||||
ID: rings.RingOneID,
|
|
||||||
Port: RingOnePort,
|
|
||||||
Decode: rings.DecodeRingOneAddress,
|
|
||||||
Encode: rings.RingOneAddress,
|
|
||||||
}
|
|
||||||
// Rings provides indexed access to the ring address encoders
|
// Rings provides indexed access to the ring address encoders
|
||||||
Rings = []RingAddressEncoder{
|
Rings = []RingAddressEncoder{
|
||||||
RingZero,
|
RingZero,
|
||||||
RingOne,
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -201,61 +191,17 @@ func (r *Ring) AddPeer(p *Machine) bool {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
switch {
|
r.setRingZeroAllowedIPs(rp)
|
||||||
case r.ID == rings.RingZeroID:
|
|
||||||
r.setRingZeroAllowedIPs(rp)
|
|
||||||
case p.IsGateway():
|
|
||||||
r.setRingOneGatewayAllowedIPs(rp)
|
|
||||||
default:
|
|
||||||
r.setRingOneNodeAllowedIPs(rp)
|
|
||||||
}
|
|
||||||
|
|
||||||
r.Peers = append(r.Peers, rp)
|
r.Peers = append(r.Peers, rp)
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) {
|
func (*Ring) setRingZeroAllowedIPs(rp *RingPeer) {
|
||||||
regionID, zoneID, _, _ := r.Decode(rp.Address)
|
// ring0 peer
|
||||||
|
|
||||||
// everyone on ring0 is a gateway to ring1
|
|
||||||
subnet, _ := rings.RingOnePrefix(regionID, zoneID)
|
|
||||||
rp.AllowSubnet(subnet)
|
|
||||||
|
|
||||||
// peer
|
|
||||||
rp.AllowCIDR(rp.Address, 32)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) {
|
|
||||||
regionID, zoneID, _, _ := r.Decode(rp.Address)
|
|
||||||
|
|
||||||
// peer
|
|
||||||
rp.AllowCIDR(rp.Address, 32)
|
rp.AllowCIDR(rp.Address, 32)
|
||||||
|
|
||||||
// ring1 gateways connect to all other ring1 networks
|
// everyone on ring0 has a leg on ring1
|
||||||
r.ForEachZone(func(z *Zone) bool {
|
rp.AllowCIDR(rp.Node.RingOneAddress(), 32)
|
||||||
if !z.Is(regionID, zoneID) {
|
|
||||||
subnet := z.RingOnePrefix()
|
|
||||||
rp.AllowSubnet(subnet)
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
})
|
|
||||||
|
|
||||||
// ring1 gateways also connect to all ring0 addresses
|
|
||||||
r.ForEachZone(func(z *Zone) bool {
|
|
||||||
z.ForEachMachine(func(p *Machine) bool {
|
|
||||||
if p.IsGateway() {
|
|
||||||
addr, _ := p.RingZeroAddress()
|
|
||||||
rp.AllowCIDR(addr, 32)
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
})
|
|
||||||
return false
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func (*Ring) setRingOneNodeAllowedIPs(rp *RingPeer) {
|
|
||||||
// only to the peer itself
|
|
||||||
rp.AllowCIDR(rp.Address, 32)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ForEachMachine calls a function for each Machine in the ring
|
// ForEachMachine calls a function for each Machine in the ring
|
||||||
|
|||||||
@@ -82,13 +82,6 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error {
|
|||||||
switch ring {
|
switch ring {
|
||||||
case rings.RingZeroID:
|
case rings.RingZeroID:
|
||||||
return writeWireguardConfig(m, m, ring)
|
return writeWireguardConfig(m, m, ring)
|
||||||
case rings.RingOneID:
|
|
||||||
var err error
|
|
||||||
m.ForEachZone(func(z *Zone) bool {
|
|
||||||
err = writeWireguardConfig(m, z, ring)
|
|
||||||
return err != nil
|
|
||||||
})
|
|
||||||
return err
|
|
||||||
default:
|
default:
|
||||||
return ErrInvalidRing(ring)
|
return ErrInvalidRing(ring)
|
||||||
}
|
}
|
||||||
@@ -97,10 +90,12 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error {
|
|||||||
// WriteWireguardConfig rewrites all wgN.conf on all machines
|
// WriteWireguardConfig rewrites all wgN.conf on all machines
|
||||||
// on the Zone attached to that ring
|
// on the Zone attached to that ring
|
||||||
func (z *Zone) WriteWireguardConfig(ring rings.RingID) error {
|
func (z *Zone) WriteWireguardConfig(ring rings.RingID) error {
|
||||||
if ring == rings.RingZeroID || ring == rings.RingOneID {
|
switch ring {
|
||||||
|
case rings.RingZeroID:
|
||||||
return writeWireguardConfig(z.zones, z.zones, ring)
|
return writeWireguardConfig(z.zones, z.zones, ring)
|
||||||
|
default:
|
||||||
|
return ErrInvalidRing(ring)
|
||||||
}
|
}
|
||||||
return ErrInvalidRing(ring)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func writeWireguardConfig(z ZoneIterator, m MachineIterator, ring rings.RingID) error {
|
func writeWireguardConfig(z ZoneIterator, m MachineIterator, ring rings.RingID) error {
|
||||||
@@ -161,13 +156,6 @@ func (m *Cluster) SyncWireguardConfig(ring rings.RingID) error {
|
|||||||
switch ring {
|
switch ring {
|
||||||
case rings.RingZeroID:
|
case rings.RingZeroID:
|
||||||
return syncWireguardConfig(m, m, ring)
|
return syncWireguardConfig(m, m, ring)
|
||||||
case rings.RingOneID:
|
|
||||||
var err error
|
|
||||||
m.ForEachZone(func(z *Zone) bool {
|
|
||||||
err = syncWireguardConfig(m, z, ring)
|
|
||||||
return err != nil
|
|
||||||
})
|
|
||||||
return err
|
|
||||||
default:
|
default:
|
||||||
return ErrInvalidRing(ring)
|
return ErrInvalidRing(ring)
|
||||||
}
|
}
|
||||||
@@ -179,8 +167,6 @@ func (z *Zone) SyncWireguardConfig(ring rings.RingID) error {
|
|||||||
switch ring {
|
switch ring {
|
||||||
case rings.RingZeroID:
|
case rings.RingZeroID:
|
||||||
return syncWireguardConfig(z.zones, z.zones, ring)
|
return syncWireguardConfig(z.zones, z.zones, ring)
|
||||||
case rings.RingOneID:
|
|
||||||
return syncWireguardConfig(z.zones, z, ring)
|
|
||||||
default:
|
default:
|
||||||
return ErrInvalidRing(ring)
|
return ErrInvalidRing(ring)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user