-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC] Add site.conf option for fastd peer upgrade #1257
Conversation
Next time please just update your pull request instead of opening a new one. |
c2c52a7
to
bc0002f
Compare
500e1d8
to
524d965
Compare
please adjust the commit message to include the module being changed. |
@@ -92,6 +92,64 @@ function add_groups(prefix, groups, parent) | |||
end | |||
end | |||
|
|||
local function match_custom(gp) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of defining match_custom using something like
if (string.find(gp, 'custom'))
then
print 'We have a match'
end
could be used for a little more brevity & clarity.
docs/user/site.rst
Outdated
@@ -230,6 +235,8 @@ mesh_vpn | |||
methods = {'salsa2012+umac'}, | |||
-- configurable = true, | |||
-- syslog_level = 'warn', | |||
-- delete_old_peers = false, | |||
-- delete_custom_peers = false, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you elaborate on the use case of delete_custom_peers?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This option is more about being able to retain custom peers. As the default for site values is always false I had to name it this way.
If you update from another community and your community does not support N2N or you want to abandon N2N or never planned on introducing it, you might want to get custom peers deleted also.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is N2N? i don't know about custom peers and N2N either, so this should be documented with this Pull Request so everyone knows what it is
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
node to node VPN. I think it is great supporting that however I did not get this from the custom peers and rather would call them n2n_peers but that is just taking nit-picking to an extreme.
There is another PR open for supporting node to node VPN...
I changed the title to make clear that I didn't want to get this merged as it is, but to drive forth the fallen asleep topic about handling peers on update. |
@CodeFetch so what reactions would drive you to continue working on this to make it merge-ready? :D |
@rotanid Sorry, I'm very busy at the moment. I'm going to clean this up after initial xlat464 support. |
@CodeFetch it's been another year now, whats the progress/plan here? i'm not sure why people open PRs and don't do anything afterwards - this way opening the PR is wasted time for the opener... |
This commit introduces two additional fastd site.conf options: `sysupgrade_remove_old_peers` removes peer and peer group entries existing from an old configuration except those which were defined using the node2node VPN feature after a sysupgrade. `sysupgrade_remove_n2n_peers` removes existing peer and peer group entries which were defined using the node2node VPN feature (which have 'n2n_vpn' in their name) after a sysupgrade.
@rotanid Done. |
@CodeFetch thanks! |
@rotanid That's why I didn't want to call it n2n_vpn, but custom. The user may want to keep some "custom" entries whether they are being set by the n2n feature or by hand. |
IMO: If site.conf ships a peer group that should supersede the locally configured peer group of the same name, so just replace that, no knob please. Edit: Obvious gotcha is the missing possibility to delete an unused group, d'oh. |
@mweinelt This was discussed earlier and NeoRaider did not want to break the ability to incrementally add peers to peer groups. @rotanid I'll have a look at the node2node feature the next days. It shouldn't be that hard to get it merged, should it? christf said it is not considered before the babel release. I don't see a real reason for this. I just want to get these annoying 3 year old PRs merged. Having an established fastd node2node solution means I can be certain how the uci structure looks like and may simplify this PR. Thus you can set it blocked. |
@rotanid Okay I've realized that it was not clear what I want to achieve here and I was confused about it at some point, too. At the moment there is only a single fastd mesh package called "gluon-mesh-vpn-fastd". This should be more modular. The package "gluon-mesh-vpn-fastd-core" should provide the configuration and upgrade scripts that are common to each flavor. The forwarding option of the node2node feature will always disable forwarding, too. The node2node feature should be able to define "custom" peers and ones defined using site.conf (If the node is a regular one it uses the node2node feature to use custom peerings defined by the user. However if it is a supernode it will use the node2node feature to connect with other supernodes and e.g. nameservers which will either be defined in the site.conf or manually). In that case the term "custom" and "n2n" peers cannot be used interchangeably anymore. In the future another package may come up to allow supernode functionality using gluon which will allow forwarding between peers using even another fastd instance providing connectivity to regular nodes. This package will have a configuration option to permit nodes to connect without authorization and will be able to handle site.conf and custom peer entries, too (thus the firmware does not always have to be flashed when a new node's public is being submitted). Thus "custom" peers should not only be a feature of n2n, but be provided by the "gluon-mesh-vpn-fastd-core" package. I'm going to change this pull-request to not rely on the naming of the options to decide whether a peer/peer group is custom, but introduce a boolean option called "custom" to peers/peer groups and fastd instances. If custom is set to true on one level of the configuration hierarchy all children will be considered custom. I'm also going to split the "gluon-mesh-vpn-fastd" package into "gluon-mesh-vpn-fastd-core" and "gluon-mesh-vpn-fastd-n2s". |
Today in review we decided the following:
|
@christf's comment sort of mixes up the short-term and long-term solutions I proposed: Short-term we will simply add a flag |
So the only change is that the "custom" flag should be called "preserve" instead? |
Basically, the whole implementation can be simplified to:
|
@NeoRaider Maybe I misunderstand you...
I think one needs to check whether a group's subelements contain the |
Meanwhile I've seen that there is a more elegant way to do this. Thus I'll look into it next week. |
Superseded by #2021. |
Shouldn't this resolve #557?
BTW: Sorry for my inability to use Github. I don't like pull requests.