Age | Commit message (Collapse) | Author |
|
|
|
|
|
Disabling wg-quick services will remove interfaces, making the predict of netlink changes outdated.
|
|
|
|
|
|
executed after all done
This resolves conflicts with systemd managed wg-quick legacy services
|
|
|
|
|
|
|
|
|
|
Existing wg-quick services will be automatically removed. Manual inspection may be required.
|
|
getPeerIPv6() will return "" rather than null if the actual value should be null. However, '<#if peer_ipv6??>' in the template will only check it for null, not for empty. Therefore, when peer_ipv6 equals to "", the peer_ipv6_ll will not be set and thus, lead to a null pointer rendering error at wg_conf.ftlh:8.
|
|
Now we are shifting from transactional operations (Central tells what to do like provision, reload or unprovision to nodes) to declarative configurations (Central renders a desired state of all BGP sessions and VPN tunnels and the agent will compare the desired state with actual state and merge changes).
This greatly simplifies provision process and reduces atomic operations. It also simplifies locks as now, the only lock is deploy lock.
However, the current implementation does not support result tracing. That is, all provision results are ignored and the provision status will not be updated nor the user will know whether a peer is successfully provisioned. This will be introduced later.
Even if error tracking is more difficult, using this method or communication still results in great benifit in reducing errors. Nodes are now stateless: whenever a deploy is required, it compares all its local state to the desired state. Thus, issues will be likely solved by restarting.
Lastly, unprovision operations will not block peer deletion. Their results will also be ignored.
Breaking changes:
* Not compatible with existing central / agents. They must be upgraded together.
* Agents now must not be installed on the same machine.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|