fastd and mesh changes #128
Conversation
you need a second repo for the gateway keys. be sure to remove them from your normal key repo.
| @@ -37,6 +42,14 @@ | |||
| $mesh_ipv6_prefixlen = ip_prefixlen($mesh_ipv6) | |||
| $mesh_ipv6_address = ip_address($mesh_ipv6) | |||
|
|
|||
| # set default interface names | |||
| if $mesh_interface == "" { | |||
| $mesh_interface = "${mesh_code}-mesh-vpn" | |||
There was a problem hiding this comment.
"-mesh-vpn" already has 9 characters, I think the limit for an interface name is 15 so only 6 chars left for each interface.
that's why I chose "-mvpn" instead
There was a problem hiding this comment.
simply choosing a new naming scheme breaks monitoring on our site (monitoring system has to be adapted, graphs start empty again, ...). with my change it is possible to set an interface name while keeping the known default.
| $fastd_secret, # fastd secret | ||
| $fastd_port, # fastd port | ||
| $fastd_gw_port, # fastd gateway/backbone port |
There was a problem hiding this comment.
I understand this like this:
with this change we will have to change the gateway.pp: $fastd_gw_port and $fastd_gw_git will define the extra fastd instance for the fastd communication beween gateways.
|
I adapted my manifest.pp as far as I could: rubo77/ffnord-example@2319020 Now I get the error: This error is gone, if you configure a $mesh_interface and $gw_interface in your manifest, just the empty name doesn't work like this |
…second fastd instance. The second fastd instance has to be adapted to work. Empty interface names must be fixed here: ffnord/ffnord-puppet-gateway#128 (comment)
…second fastd instance. The second fastd instance has to be adapted to work. Empty interface names must be fixed here: ffnord/ffnord-puppet-gateway#128 (comment)
…second fastd instance. The second fastd instance has to be adapted to work. Empty interface names must be fixed here: ffnord/ffnord-puppet-gateway#128 (comment)
|
You have to introduce a new variable which is mutable and use that in all declarations, where the original/non-mutable variable is used. |
|
This Change-set forces an extra gateway fastd instance for every mesh, instantiated on the server. So for multi community setups you will have at least four fastd instances running. Furthermore the gatway only fastd scheme is enforced. Which I dislike, hence it enforces restructuring the the fastd key handling. Hence increase the restructuring work needed to migrate to gateways setup with this puppet package harder. Especially if there are gateway server in the network whose are not managed with the package. So I vote for opt-in for this feature. |
|
Info Kommentar: Meine PR ( #176 )hatte dadurch, dass ich die lint fehler berichtigt habe auch zeilen verschoben. Deswegen der conflict. |
|
The idea with the $fastd_methods was nice, should we adapt that part? |
methods and interface name are now configurable.
a second fastd instance is added to each mesh serving for inter-gw traffic