From 30a557cc69bccfe7017242d4059769877c7e8fae Mon Sep 17 00:00:00 2001 From: Christopher Blaha Date: Wed, 19 Jul 2023 12:22:10 -0400 Subject: [PATCH 01/13] update develop to v0.20.5 (#2458) --- .github/ISSUE_TEMPLATE/bug-report.yml | 1 + README.md | 2 +- compose/docker-compose.netclient.yml | 2 +- controllers/docs.go | 2 +- k8s/client/netclient-daemonset.yaml | 2 +- k8s/client/netclient.yaml | 2 +- k8s/server/netmaker-ui.yaml | 2 +- main.go | 2 +- release.md | 4 ++-- scripts/nm-upgrade-0-17-1-to-0-19-0.sh | 2 +- swagger.yaml | 2 +- 11 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index a6acac69..21ee0616 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -31,6 +31,7 @@ body: label: Version description: What version are you running? options: + - v0.20.5 - v0.20.4 - v0.20.3 - v0.20.2 diff --git a/README.md b/README.md index 1ee6d840..cdc995b7 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@

- + diff --git a/compose/docker-compose.netclient.yml b/compose/docker-compose.netclient.yml index 96c6ead6..f7f0fe1f 100644 --- a/compose/docker-compose.netclient.yml +++ b/compose/docker-compose.netclient.yml @@ -3,7 +3,7 @@ version: "3.4" services: netclient: container_name: netclient - image: 'gravitl/netclient:v0.20.4' + image: 'gravitl/netclient:v0.20.5' hostname: netmaker-1 network_mode: host restart: on-failure diff --git a/controllers/docs.go b/controllers/docs.go index 52cb55f6..1e409c47 100644 --- a/controllers/docs.go +++ b/controllers/docs.go @@ -10,7 +10,7 @@ // // Schemes: https // BasePath: / -// Version: 0.20.4 +// Version: 0.20.5 // Host: netmaker.io // // Consumes: diff --git a/k8s/client/netclient-daemonset.yaml b/k8s/client/netclient-daemonset.yaml index 5c310628..57efaa85 100644 --- a/k8s/client/netclient-daemonset.yaml +++ b/k8s/client/netclient-daemonset.yaml @@ -16,7 +16,7 @@ spec: hostNetwork: true containers: - name: netclient - image: gravitl/netclient:v0.20.4 + image: gravitl/netclient:v0.20.5 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/client/netclient.yaml b/k8s/client/netclient.yaml index dd54033b..8ab17867 100644 --- a/k8s/client/netclient.yaml +++ b/k8s/client/netclient.yaml @@ -28,7 +28,7 @@ spec: # - "" containers: - name: netclient - image: gravitl/netclient:v0.20.4 + image: gravitl/netclient:v0.20.5 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/server/netmaker-ui.yaml b/k8s/server/netmaker-ui.yaml index 8719225e..0037a960 100644 --- a/k8s/server/netmaker-ui.yaml +++ b/k8s/server/netmaker-ui.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: netmaker-ui - image: gravitl/netmaker-ui:v0.20.4 + image: gravitl/netmaker-ui:v0.20.5 ports: - containerPort: 443 env: diff --git a/main.go b/main.go index d4dea722..6abd9768 100644 --- a/main.go +++ b/main.go @@ -29,7 +29,7 @@ import ( "golang.org/x/exp/slog" ) -var version = "v0.20.4" +var version = "v0.20.5" // Start DB Connection and start API Request Handler func main() { diff --git a/release.md b/release.md index 431528a5..df6d1bbd 100644 --- a/release.md +++ b/release.md @@ -1,5 +1,5 @@ -# Netmaker v0.20.4 +# Netmaker v0.20.5 ## Whats New - FreeBSD 13/14 specific binaries @@ -16,7 +16,7 @@ - netclient-gui (windows) will display an erroneous error dialog when joining a network (can be ignored) - netclient-gui will continously display error dialog if netmaker server is offline - Incorrect metrics against ext clients -- Host ListenPorts set to 0 after migration from 0.17.1 -> 0.20.4 +- Host ListenPorts set to 0 after migration from 0.17.1 -> 0.20.5 - Mac IPv6 addresses/route issues - Docker client can not re-join after complete deletion - netclient-gui network tab blank after disconnect diff --git a/scripts/nm-upgrade-0-17-1-to-0-19-0.sh b/scripts/nm-upgrade-0-17-1-to-0-19-0.sh index da80590a..98139d7d 100644 --- a/scripts/nm-upgrade-0-17-1-to-0-19-0.sh +++ b/scripts/nm-upgrade-0-17-1-to-0-19-0.sh @@ -1,6 +1,6 @@ #!/bin/bash -LATEST="v0.20.4" +LATEST="v0.20.5" INSTALL_PATH="/root" trap restore_old_netmaker_instructions diff --git a/swagger.yaml b/swagger.yaml index 079ae858..392776c0 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -704,7 +704,7 @@ info: API calls must be authenticated via a header of the format -H “Authorization: Bearer ” There are two methods to obtain YOUR_SECRET_KEY: 1. Using the masterkey. By default, this value is “secret key,” but you should change this on your instance and keep it secure. This value can be set via env var at startup or in a config file (config/environments/< env >.yaml). See the [Netmaker](https://docs.netmaker.org/index.html) documentation for more details. 2. Using a JWT received for a node. This can be retrieved by calling the /api/nodes//authenticate endpoint, as documented below. title: Netmaker - version: 0.20.4 + version: 0.20.5 paths: /api/dns: get: From f4a5520f86dab1858c11dac9291a7e9f6a6b05c5 Mon Sep 17 00:00:00 2001 From: Aceix Date: Wed, 26 Jul 2023 05:02:54 +0000 Subject: [PATCH 02/13] Kwesi/net 326 bug client ac ls (#2462) * feat(NET-326): return 200 [] instead of 500 when there are not network acls * fix(NET-326): implement allow/deny client acl functions * fix(NET-326): implement extclient acl update * fix(NET-326): kame fixes, send peer updates --- controllers/ext_client.go | 11 +++++++++-- ee/logic/ext_acls.go | 18 +++++++++--------- logic/clients.go | 16 ++++++++++++---- logic/extpeers.go | 7 +++++++ logic/hosts.go | 9 +++++++++ logic/peers.go | 13 ++++++++----- models/extclient.go | 13 +++++++------ 7 files changed, 61 insertions(+), 26 deletions(-) diff --git a/controllers/ext_client.go b/controllers/ext_client.go index 7552dcdb..cb687c31 100644 --- a/controllers/ext_client.go +++ b/controllers/ext_client.go @@ -423,6 +423,7 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) { var update models.CustomExtClient var oldExtClient models.ExtClient + var sendPeerUpdate bool err := json.NewDecoder(r.Body).Decode(&update) if err != nil { logger.Log(0, r.Header.Get("user"), "error decoding request body: ", @@ -478,9 +479,15 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) { logger.Log(0, "failed to associate client", update.ClientID, "to user", oldExtClient.OwnerID) } } + if len(update.DeniedACLs) != len(oldExtClient.DeniedACLs) { + sendPeerUpdate = true + logic.SetClientACLs(&oldExtClient, update.DeniedACLs) + } // == END PRO == - var changedEnabled = (update.Enabled != oldExtClient.Enabled) // indicates there was a change in enablement + if update.Enabled != oldExtClient.Enabled { + sendPeerUpdate = true + } // extra var need as logic.Update changes oldExtClient currentClient := oldExtClient newclient, err := logic.UpdateExtClient(&oldExtClient, &update) @@ -492,7 +499,7 @@ func updateExtClient(w http.ResponseWriter, r *http.Request) { return } logger.Log(0, r.Header.Get("user"), "updated ext client", update.ClientID) - if changedEnabled { // need to send a peer update to the ingress node as enablement of one of it's clients has changed + if sendPeerUpdate { // need to send a peer update to the ingress node as enablement of one of it's clients has changed if ingressNode, err := logic.GetNodeByID(newclient.IngressGatewayID); err == nil { if err = mq.PublishPeerUpdate(); err != nil { logger.Log(1, "error setting ext peers on", ingressNode.ID.String(), ":", err.Error()) diff --git a/ee/logic/ext_acls.go b/ee/logic/ext_acls.go index ec6dc054..32138e25 100644 --- a/ee/logic/ext_acls.go +++ b/ee/logic/ext_acls.go @@ -7,11 +7,11 @@ func DenyClientNode(ec *models.ExtClient, clientOrNodeID string) (ok bool) { if ec == nil || len(clientOrNodeID) == 0 { return } - if ec.ACLs == nil { - ec.ACLs = map[string]struct{}{} + if ec.DeniedACLs == nil { + ec.DeniedACLs = map[string]struct{}{} } ok = true - ec.ACLs[clientOrNodeID] = struct{}{} + ec.DeniedACLs[clientOrNodeID] = struct{}{} return } @@ -20,22 +20,22 @@ func IsClientNodeAllowed(ec *models.ExtClient, clientOrNodeID string) bool { if ec == nil || len(clientOrNodeID) == 0 { return false } - if ec.ACLs == nil { + if ec.DeniedACLs == nil { return true } - _, ok := ec.ACLs[clientOrNodeID] - return ok + _, ok := ec.DeniedACLs[clientOrNodeID] + return !ok } // RemoveDeniedNodeFromClient - removes a node id from set of denied nodes func RemoveDeniedNodeFromClient(ec *models.ExtClient, clientOrNodeID string) bool { - if ec.ACLs == nil { + if ec.DeniedACLs == nil { return true } - _, ok := ec.ACLs[clientOrNodeID] + _, ok := ec.DeniedACLs[clientOrNodeID] if !ok { return false } - delete(ec.ACLs, clientOrNodeID) + delete(ec.DeniedACLs, clientOrNodeID) return true } diff --git a/logic/clients.go b/logic/clients.go index 2eb58fed..685a128b 100644 --- a/logic/clients.go +++ b/logic/clients.go @@ -10,11 +10,17 @@ import ( var ( // DenyClientNodeAccess - function to handle adding a node to an ext client's denied node set - DenyClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { return true } + DenyClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { + return true + } // IsClientNodeAllowed - function to check if an ext client's denied node set contains a node ID - IsClientNodeAllowed = func(ec *models.ExtClient, clientOrNodeID string) bool { return true } + IsClientNodeAllowed = func(ec *models.ExtClient, clientOrNodeID string) bool { + return true + } // AllowClientNodeAccess - function to handle removing a node ID from ext client's denied nodes, thus allowing it - AllowClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { return true } + AllowClientNodeAccess = func(ec *models.ExtClient, clientOrNodeID string) bool { + return true + } ) // SetClientDefaultACLs - set's a client's default ACLs based on network and nodes in network @@ -34,6 +40,8 @@ func SetClientDefaultACLs(ec *models.ExtClient) error { currNode := networkNodes[i] if network.DefaultACL == "no" || currNode.DefaultACL == "no" { DenyClientNodeAccess(ec, currNode.ID.String()) + } else { + AllowClientNodeAccess(ec, currNode.ID.String()) } } return nil @@ -44,7 +52,7 @@ func SetClientACLs(ec *models.ExtClient, newACLs map[string]struct{}) { if ec == nil || newACLs == nil || !isEE { return } - ec.ACLs = newACLs + ec.DeniedACLs = newACLs } // IsClientNodeAllowedByID - checks if a given ext client ID + nodeID are allowed diff --git a/logic/extpeers.go b/logic/extpeers.go index 643a8729..b2d99039 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -3,6 +3,7 @@ package logic import ( "encoding/json" "fmt" + "reflect" "sync" "time" @@ -94,6 +95,9 @@ func GetNetworkExtClients(network string) ([]models.ExtClient, error) { } records, err := database.FetchRecords(database.EXT_CLIENT_TABLE_NAME) if err != nil { + if database.IsEmptyRecord(err) { + return extclients, nil + } return extclients, err } for _, value := range records { @@ -231,6 +235,9 @@ func UpdateExtClient(old *models.ExtClient, update *models.CustomExtClient) (*mo if update.ExtraAllowedIPs != nil && StringDifference(old.ExtraAllowedIPs, update.ExtraAllowedIPs) != nil { new.ExtraAllowedIPs = update.ExtraAllowedIPs } + if update.DeniedACLs != nil && !reflect.DeepEqual(old.DeniedACLs, update.DeniedACLs) { + new.DeniedACLs = update.DeniedACLs + } return new, CreateExtClient(new) } diff --git a/logic/hosts.go b/logic/hosts.go index 1972f818..7eb70c9c 100644 --- a/logic/hosts.go +++ b/logic/hosts.go @@ -409,6 +409,15 @@ func DissasociateNodeFromHost(n *models.Node, h *models.Host) error { } else { h.Nodes = RemoveStringSlice(h.Nodes, index) } + go func() { + if servercfg.Is_EE { + if clients, err := GetNetworkExtClients(n.Network); err != nil { + for i := range clients { + AllowClientNodeAccess(&clients[i], n.ID.String()) + } + } + } + }() if err := deleteNodeByID(n); err != nil { return err } diff --git a/logic/peers.go b/logic/peers.go index 1d8a5401..585c1335 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -199,7 +199,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } if node.IsIngressGateway || node.IsEgressGateway { if peer.IsIngressGateway { - _, extPeerIDAndAddrs, err := getExtPeers(&peer) + _, extPeerIDAndAddrs, err := getExtPeers(&peer, &node) if err == nil { for _, extPeerIdAndAddr := range extPeerIDAndAddrs { extPeerIdAndAddr := extPeerIdAndAddr @@ -322,7 +322,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N var extPeers []wgtypes.PeerConfig var extPeerIDAndAddrs []models.IDandAddr if node.IsIngressGateway { - extPeers, extPeerIDAndAddrs, err = getExtPeers(&node) + extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node) if err == nil { for _, extPeerIdAndAddr := range extPeerIDAndAddrs { extPeerIdAndAddr := extPeerIdAndAddr @@ -463,7 +463,7 @@ func GetProxyListenPort(host *models.Host) int { return proxyPort } -func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, error) { +func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, error) { var peers []wgtypes.PeerConfig var idsAndAddr []models.IDandAddr extPeers, err := GetNetworkExtClients(node.Network) @@ -476,6 +476,9 @@ func getExtPeers(node *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, e } for _, extPeer := range extPeers { extPeer := extPeer + if !IsClientNodeAllowed(&extPeer, peer.ID.String()) { + continue + } pubkey, err := wgtypes.ParseKey(extPeer.PublicKey) if err != nil { logger.Log(1, "error parsing ext pub key:", err.Error()) @@ -598,7 +601,7 @@ func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet // handle ingress gateway peers if peer.IsIngressGateway { - extPeers, _, err := getExtPeers(peer) + extPeers, _, err := getExtPeers(peer, node) if err != nil { logger.Log(2, "could not retrieve ext peers for ", peer.ID.String(), err.Error()) } @@ -766,7 +769,7 @@ func filterNodeMapForClientACLs(publicKey, network string, nodePeerMap map[strin } for k := range nodePeerMap { currNodePeer := nodePeerMap[k] - if _, ok := client.ACLs[currNodePeer.ID]; ok { + if _, ok := client.DeniedACLs[currNodePeer.ID]; ok { delete(nodePeerMap, k) } } diff --git a/models/extclient.go b/models/extclient.go index abd398ea..2b3704c2 100644 --- a/models/extclient.go +++ b/models/extclient.go @@ -15,14 +15,15 @@ type ExtClient struct { LastModified int64 `json:"lastmodified" bson:"lastmodified"` Enabled bool `json:"enabled" bson:"enabled"` OwnerID string `json:"ownerid" bson:"ownerid"` - ACLs map[string]struct{} `json:"acls,omitempty" bson:"acls,omitempty"` + DeniedACLs map[string]struct{} `json:"deniednodeacls" bson:"acls,omitempty"` } // CustomExtClient - struct for CustomExtClient params type CustomExtClient struct { - ClientID string `json:"clientid,omitempty"` - PublicKey string `json:"publickey,omitempty"` - DNS string `json:"dns,omitempty"` - ExtraAllowedIPs []string `json:"extraallowedips,omitempty"` - Enabled bool `json:"enabled,omitempty"` + ClientID string `json:"clientid,omitempty"` + PublicKey string `json:"publickey,omitempty"` + DNS string `json:"dns,omitempty"` + ExtraAllowedIPs []string `json:"extraallowedips,omitempty"` + Enabled bool `json:"enabled,omitempty"` + DeniedACLs map[string]struct{} `json:"deniednodeacls" bson:"acls,omitempty"` } From 645bc4c126336c6ed5791e8cf9a786f4911e708f Mon Sep 17 00:00:00 2001 From: Abhishek K <32607604+abhishek9686@users.noreply.github.com> Date: Wed, 26 Jul 2023 11:22:49 +0530 Subject: [PATCH 03/13] NET-447: Removed proxy related fields and code (#2459) * remove related fields and code * remover metrics collection from server code * fw update struct * add ext client flag to metrics data * simply nat types * rm proxy update from cli --- cli/cmd/host/update.go | 6 - config/config.go | 116 +++++++++--------- controllers/ext_client.go | 7 +- logic/host_test.go | 52 ++------ logic/hosts.go | 37 +----- logic/metrics/metrics.go | 90 -------------- logic/peers.go | 225 +++++------------------------------ metrics/metrics.go | 83 ------------- models/api_host.go | 10 -- models/host.go | 20 +--- models/metrics.go | 39 +++--- models/mqtt.go | 13 +- models/node.go | 3 - models/proxy.go | 68 ----------- mq/handlers.go | 19 ++- mq/publishers.go | 14 --- scripts/netmaker.default.env | 4 - scripts/nm-quick.sh | 2 +- servercfg/serverconf.go | 38 ------ 19 files changed, 138 insertions(+), 708 deletions(-) delete mode 100644 logic/metrics/metrics.go delete mode 100644 metrics/metrics.go delete mode 100644 models/proxy.go diff --git a/cli/cmd/host/update.go b/cli/cmd/host/update.go index 6a435ee4..87fdb9fe 100644 --- a/cli/cmd/host/update.go +++ b/cli/cmd/host/update.go @@ -15,9 +15,7 @@ var ( endpoint string name string listenPort int - proxyListenPort int mtu int - proxyEnabled bool isStatic bool isDefault bool ) @@ -42,9 +40,7 @@ var hostUpdateCmd = &cobra.Command{ apiHost.EndpointIP = endpoint apiHost.Name = name apiHost.ListenPort = listenPort - apiHost.ProxyListenPort = proxyListenPort apiHost.MTU = mtu - apiHost.ProxyEnabled = proxyEnabled apiHost.IsStatic = isStatic apiHost.IsDefault = isDefault } @@ -57,9 +53,7 @@ func init() { hostUpdateCmd.Flags().StringVar(&endpoint, "endpoint", "", "Endpoint of the Host") hostUpdateCmd.Flags().StringVar(&name, "name", "", "Host name") hostUpdateCmd.Flags().IntVar(&listenPort, "listen_port", 0, "Listen port of the host") - hostUpdateCmd.Flags().IntVar(&proxyListenPort, "proxy_listen_port", 0, "Proxy listen port of the host") hostUpdateCmd.Flags().IntVar(&mtu, "mtu", 0, "Host MTU size") - hostUpdateCmd.Flags().BoolVar(&proxyEnabled, "proxy", false, "Enable proxy ?") hostUpdateCmd.Flags().BoolVar(&isStatic, "static", false, "Make Host Static ?") hostUpdateCmd.Flags().BoolVar(&isDefault, "default", false, "Make Host Default ?") rootCmd.AddCommand(hostUpdateCmd) diff --git a/config/config.go b/config/config.go index 1d0c7d1f..fa47fab6 100644 --- a/config/config.go +++ b/config/config.go @@ -32,68 +32,60 @@ type EnvironmentConfig struct { // ServerConfig - server conf struct type ServerConfig struct { - CoreDNSAddr string `yaml:"corednsaddr"` - APIConnString string `yaml:"apiconn"` - APIHost string `yaml:"apihost"` - APIPort string `yaml:"apiport"` - Broker string `yam:"broker"` - ServerBrokerEndpoint string `yaml:"serverbrokerendpoint"` - BrokerType string `yaml:"brokertype"` - EmqxRestEndpoint string `yaml:"emqxrestendpoint"` - NetclientAutoUpdate string `yaml:"netclientautoupdate"` - NetclientEndpointDetection string `yaml:"netclientendpointdetection"` - MasterKey string `yaml:"masterkey"` - DNSKey string `yaml:"dnskey"` - AllowedOrigin string `yaml:"allowedorigin"` - NodeID string `yaml:"nodeid"` - RestBackend string `yaml:"restbackend"` - MessageQueueBackend string `yaml:"messagequeuebackend"` - DNSMode string `yaml:"dnsmode"` - DisableRemoteIPCheck string `yaml:"disableremoteipcheck"` - Version string `yaml:"version"` - SQLConn string `yaml:"sqlconn"` - Platform string `yaml:"platform"` - Database string `yaml:"database"` - Verbosity int32 `yaml:"verbosity"` - AuthProvider string `yaml:"authprovider"` - OIDCIssuer string `yaml:"oidcissuer"` - ClientID string `yaml:"clientid"` - ClientSecret string `yaml:"clientsecret"` - FrontendURL string `yaml:"frontendurl"` - DisplayKeys string `yaml:"displaykeys"` - AzureTenant string `yaml:"azuretenant"` - Telemetry string `yaml:"telemetry"` - HostNetwork string `yaml:"hostnetwork"` - Server string `yaml:"server"` - PublicIPService string `yaml:"publicipservice"` - MQPassword string `yaml:"mqpassword"` - MQUserName string `yaml:"mqusername"` - MetricsExporter string `yaml:"metrics_exporter"` - BasicAuth string `yaml:"basic_auth"` - LicenseValue string `yaml:"license_value"` - NetmakerTenantID string `yaml:"netmaker_tenant_id"` - IsEE string `yaml:"is_ee"` - StunPort int `yaml:"stun_port"` - StunList string `yaml:"stun_list"` - Proxy string `yaml:"proxy"` - DefaultProxyMode ProxyMode `yaml:"defaultproxymode"` - TurnServer string `yaml:"turn_server"` - TurnApiServer string `yaml:"turn_api_server"` - TurnPort int `yaml:"turn_port"` - TurnUserName string `yaml:"turn_username"` - TurnPassword string `yaml:"turn_password"` - UseTurn bool `yaml:"use_turn"` - UsersLimit int `yaml:"user_limit"` - ClientsLimit int `yaml:"client_limit"` - NetworksLimit int `yaml:"network_limit"` - HostsLimit int `yaml:"host_limit"` - DeployedByOperator bool `yaml:"deployed_by_operator"` -} - -// ProxyMode - default proxy mode for server -type ProxyMode struct { - Set bool - Value bool + CoreDNSAddr string `yaml:"corednsaddr"` + APIConnString string `yaml:"apiconn"` + APIHost string `yaml:"apihost"` + APIPort string `yaml:"apiport"` + Broker string `yam:"broker"` + ServerBrokerEndpoint string `yaml:"serverbrokerendpoint"` + BrokerType string `yaml:"brokertype"` + EmqxRestEndpoint string `yaml:"emqxrestendpoint"` + NetclientAutoUpdate string `yaml:"netclientautoupdate"` + NetclientEndpointDetection string `yaml:"netclientendpointdetection"` + MasterKey string `yaml:"masterkey"` + DNSKey string `yaml:"dnskey"` + AllowedOrigin string `yaml:"allowedorigin"` + NodeID string `yaml:"nodeid"` + RestBackend string `yaml:"restbackend"` + MessageQueueBackend string `yaml:"messagequeuebackend"` + DNSMode string `yaml:"dnsmode"` + DisableRemoteIPCheck string `yaml:"disableremoteipcheck"` + Version string `yaml:"version"` + SQLConn string `yaml:"sqlconn"` + Platform string `yaml:"platform"` + Database string `yaml:"database"` + Verbosity int32 `yaml:"verbosity"` + AuthProvider string `yaml:"authprovider"` + OIDCIssuer string `yaml:"oidcissuer"` + ClientID string `yaml:"clientid"` + ClientSecret string `yaml:"clientsecret"` + FrontendURL string `yaml:"frontendurl"` + DisplayKeys string `yaml:"displaykeys"` + AzureTenant string `yaml:"azuretenant"` + Telemetry string `yaml:"telemetry"` + HostNetwork string `yaml:"hostnetwork"` + Server string `yaml:"server"` + PublicIPService string `yaml:"publicipservice"` + MQPassword string `yaml:"mqpassword"` + MQUserName string `yaml:"mqusername"` + MetricsExporter string `yaml:"metrics_exporter"` + BasicAuth string `yaml:"basic_auth"` + LicenseValue string `yaml:"license_value"` + NetmakerTenantID string `yaml:"netmaker_tenant_id"` + IsEE string `yaml:"is_ee"` + StunPort int `yaml:"stun_port"` + StunList string `yaml:"stun_list"` + TurnServer string `yaml:"turn_server"` + TurnApiServer string `yaml:"turn_api_server"` + TurnPort int `yaml:"turn_port"` + TurnUserName string `yaml:"turn_username"` + TurnPassword string `yaml:"turn_password"` + UseTurn bool `yaml:"use_turn"` + UsersLimit int `yaml:"user_limit"` + ClientsLimit int `yaml:"client_limit"` + NetworksLimit int `yaml:"network_limit"` + HostsLimit int `yaml:"host_limit"` + DeployedByOperator bool `yaml:"deployed_by_operator"` } // SQLConfig - Generic SQL Config diff --git a/controllers/ext_client.go b/controllers/ext_client.go index cb687c31..ad99ef3b 100644 --- a/controllers/ext_client.go +++ b/controllers/ext_client.go @@ -348,11 +348,8 @@ func createExtClient(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) return } - listenPort := host.ListenPort - if host.ProxyEnabled { - listenPort = host.ProxyListenPort - } - extclient.IngressGatewayEndpoint = host.EndpointIP.String() + ":" + strconv.FormatInt(int64(listenPort), 10) + listenPort := logic.GetPeerListenPort(host) + extclient.IngressGatewayEndpoint = fmt.Sprintf("%s:%d", host.EndpointIP.String(), listenPort) extclient.Enabled = true parentNetwork, err := logic.GetNetwork(networkName) if err == nil { // check if parent network default ACL is enabled (yes) or not (no) diff --git a/logic/host_test.go b/logic/host_test.go index 333c99bd..405ef7fb 100644 --- a/logic/host_test.go +++ b/logic/host_test.go @@ -30,16 +30,14 @@ func TestMain(m *testing.M) { func TestCheckPorts(t *testing.T) { h := models.Host{ - ID: uuid.New(), - EndpointIP: net.ParseIP("192.168.1.1"), - ListenPort: 51821, - ProxyListenPort: maxPort, + ID: uuid.New(), + EndpointIP: net.ParseIP("192.168.1.1"), + ListenPort: 51821, } testHost := models.Host{ - ID: uuid.New(), - EndpointIP: net.ParseIP("192.168.1.1"), - ListenPort: 51830, - ProxyListenPort: 51730, + ID: uuid.New(), + EndpointIP: net.ParseIP("192.168.1.1"), + ListenPort: 51830, } //not sure why this initialization is required but without it // RemoveHost returns database is closed @@ -49,45 +47,17 @@ func TestCheckPorts(t *testing.T) { t.Run("no change", func(t *testing.T) { is := is.New(t) CheckHostPorts(&testHost) - t.Log(testHost.ListenPort, testHost.ProxyListenPort) - t.Log(h.ListenPort, h.ProxyListenPort) + t.Log(testHost.ListenPort) + t.Log(h.ListenPort) is.Equal(testHost.ListenPort, 51830) - is.Equal(testHost.ProxyListenPort, 51730) }) t.Run("same listen port", func(t *testing.T) { is := is.New(t) testHost.ListenPort = 51821 CheckHostPorts(&testHost) - t.Log(testHost.ListenPort, testHost.ProxyListenPort) - t.Log(h.ListenPort, h.ProxyListenPort) + t.Log(testHost.ListenPort) + t.Log(h.ListenPort) is.Equal(testHost.ListenPort, 51822) - is.Equal(testHost.ProxyListenPort, 51730) - }) - t.Run("same proxy port", func(t *testing.T) { - is := is.New(t) - testHost.ProxyListenPort = 65535 - CheckHostPorts(&testHost) - t.Log(testHost.ListenPort, testHost.ProxyListenPort) - t.Log(h.ListenPort, h.ProxyListenPort) - is.Equal(testHost.ListenPort, 51822) - is.Equal(testHost.ProxyListenPort, minPort) - }) - t.Run("listenport equals proxy port", func(t *testing.T) { - is := is.New(t) - testHost.ListenPort = maxPort - CheckHostPorts(&testHost) - t.Log(testHost.ListenPort, testHost.ProxyListenPort) - t.Log(h.ListenPort, h.ProxyListenPort) - is.Equal(testHost.ListenPort, minPort) - is.Equal(testHost.ProxyListenPort, minPort+1) - }) - t.Run("proxyport equals listenport", func(t *testing.T) { - is := is.New(t) - testHost.ProxyListenPort = 51821 - CheckHostPorts(&testHost) - t.Log(testHost.ListenPort, testHost.ProxyListenPort) - t.Log(h.ListenPort, h.ProxyListenPort) - is.Equal(testHost.ListenPort, minPort) - is.Equal(testHost.ProxyListenPort, 51822) }) + } diff --git a/logic/hosts.go b/logic/hosts.go index 7eb70c9c..904bdb5f 100644 --- a/logic/hosts.go +++ b/logic/hosts.go @@ -6,7 +6,6 @@ import ( "encoding/json" "errors" "fmt" - "log" "net/http" "sort" "strconv" @@ -184,15 +183,6 @@ func CreateHost(h *models.Host) error { } h.HostPass = string(hash) h.AutoUpdate = servercfg.AutoUpdateEnabled() - // if another server has already updated proxyenabled, leave it alone - if !h.ProxyEnabledSet { - log.Println("checking default proxy", servercfg.GetServerConfig().DefaultProxyMode) - if servercfg.GetServerConfig().DefaultProxyMode.Set { - h.ProxyEnabledSet = true - h.ProxyEnabled = servercfg.GetServerConfig().DefaultProxyMode.Value - log.Println("set proxy enabled to ", h.ProxyEnabled) - } - } checkForZombieHosts(h) return UpsertHost(h) } @@ -228,11 +218,6 @@ func UpdateHost(newHost, currentHost *models.Host) { newHost.ListenPort = currentHost.ListenPort } - if newHost.ProxyListenPort == 0 { - newHost.ProxyListenPort = currentHost.ProxyListenPort - } - newHost.PublicListenPort = currentHost.PublicListenPort - } // UpdateHostFromClient - used for updating host on server with update recieved from client @@ -250,18 +235,6 @@ func UpdateHostFromClient(newHost, currHost *models.Host) (sendPeerUpdate bool) currHost.WgPublicListenPort = newHost.WgPublicListenPort sendPeerUpdate = true } - if newHost.ProxyListenPort != 0 && currHost.ProxyListenPort != newHost.ProxyListenPort { - currHost.ProxyListenPort = newHost.ProxyListenPort - sendPeerUpdate = true - } - if newHost.PublicListenPort != 0 && currHost.PublicListenPort != newHost.PublicListenPort { - currHost.PublicListenPort = newHost.PublicListenPort - sendPeerUpdate = true - } - if currHost.ProxyEnabled != newHost.ProxyEnabled { - currHost.ProxyEnabled = newHost.ProxyEnabled - sendPeerUpdate = true - } if currHost.EndpointIP.String() != newHost.EndpointIP.String() { currHost.EndpointIP = newHost.EndpointIP sendPeerUpdate = true @@ -523,7 +496,6 @@ func CheckHostPorts(h *models.Host) { continue } portsInUse[host.ListenPort] = true - portsInUse[host.ProxyListenPort] = true } // iterate until port is not found or max iteration is reached for i := 0; portsInUse[h.ListenPort] && i < maxPort-minPort+1; i++ { @@ -532,14 +504,7 @@ func CheckHostPorts(h *models.Host) { h.ListenPort = minPort } } - // allocate h.ListenPort so it is unavailable to h.ProxyListenPort - portsInUse[h.ListenPort] = true - for i := 0; portsInUse[h.ProxyListenPort] && i < maxPort-minPort+1; i++ { - h.ProxyListenPort++ - if h.ProxyListenPort > maxPort { - h.ProxyListenPort = minPort - } - } + } // HostExists - checks if given host already exists diff --git a/logic/metrics/metrics.go b/logic/metrics/metrics.go deleted file mode 100644 index ca0786ce..00000000 --- a/logic/metrics/metrics.go +++ /dev/null @@ -1,90 +0,0 @@ -package metrics - -import ( - "time" - - "github.com/gravitl/netmaker/logger" - proxy_metrics "github.com/gravitl/netmaker/metrics" - "github.com/gravitl/netmaker/models" - "golang.zx2c4.com/wireguard/wgctrl" -) - -// Collect - collects metrics -func Collect(iface, server, network string, peerMap models.PeerMap, proxy bool) (*models.Metrics, error) { - var metrics models.Metrics - metrics.Connectivity = make(map[string]models.Metric) - var wgclient, err = wgctrl.New() - if err != nil { - fillUnconnectedData(&metrics, peerMap) - return &metrics, err - } - defer wgclient.Close() - device, err := wgclient.Device(iface) - if err != nil { - fillUnconnectedData(&metrics, peerMap) - return &metrics, err - } - // TODO handle freebsd?? - for i := range device.Peers { - currPeer := device.Peers[i] - if _, ok := peerMap[currPeer.PublicKey.String()]; !ok { - continue - } - id := peerMap[currPeer.PublicKey.String()].ID - address := peerMap[currPeer.PublicKey.String()].Address - if id == "" || address == "" { - logger.Log(0, "attempted to parse metrics for invalid peer from server", id, address) - continue - } - proxyMetrics := proxy_metrics.GetMetric(server, currPeer.PublicKey.String()) - var newMetric = models.Metric{ - NodeName: peerMap[currPeer.PublicKey.String()].Name, - } - logger.Log(2, "collecting metrics for peer", address) - newMetric.TotalReceived = int64(proxyMetrics.TrafficRecieved) - newMetric.TotalSent = int64(proxyMetrics.TrafficSent) - newMetric.Latency = int64(proxyMetrics.LastRecordedLatency) - newMetric.Connected = proxyMetrics.NodeConnectionStatus[id] - newMetric.CollectedByProxy = proxy - if newMetric.Connected { - newMetric.Uptime = 1 - } - // check device peer to see if WG is working if ping failed - if !newMetric.Connected { - if currPeer.ReceiveBytes > 0 && - currPeer.TransmitBytes > 0 && - time.Now().Before(currPeer.LastHandshakeTime.Add(time.Minute<<1)) { - newMetric.Connected = true - newMetric.Uptime = 1 - } - } - newMetric.TotalTime = 1 - metrics.Connectivity[id] = newMetric - if len(proxyMetrics.NodeConnectionStatus) == 1 { - proxy_metrics.ResetMetricsForPeer(server, currPeer.PublicKey.String()) - } else { - proxy_metrics.ResetMetricForNode(server, currPeer.PublicKey.String(), id) - } - } - - fillUnconnectedData(&metrics, peerMap) - return &metrics, nil -} - -// == used to fill zero value data for non connected peers == -func fillUnconnectedData(metrics *models.Metrics, peerMap models.PeerMap) { - for r := range peerMap { - id := peerMap[r].ID - if !metrics.Connectivity[id].Connected { - newMetric := models.Metric{ - NodeName: peerMap[r].Name, - Uptime: 0, - TotalTime: 1, - Connected: false, - Latency: 999, - PercentUp: 0, - } - metrics.Connectivity[id] = newMetric - } - } -} diff --git a/logic/peers.go b/logic/peers.go index 585c1335..b5a15b24 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -15,69 +15,9 @@ import ( "golang.zx2c4.com/wireguard/wgctrl/wgtypes" ) -// GetProxyUpdateForHost - gets the proxy update for host -func GetProxyUpdateForHost(host *models.Host) (models.ProxyManagerPayload, error) { - proxyPayload := models.ProxyManagerPayload{ - Action: models.ProxyUpdate, - } - peerConfMap := make(map[string]models.PeerConf) - var ingressStatus bool - for _, nodeID := range host.Nodes { - - node, err := GetNodeByID(nodeID) - if err != nil { - continue - } - if !node.Connected || node.PendingDelete || node.Action == models.NODE_DELETE { - continue - } - currentPeers, err := GetNetworkNodes(node.Network) - if err != nil { - continue - } - for _, peer := range currentPeers { - if peer.ID == node.ID { - //skip yourself - continue - } - if !peer.Connected || peer.PendingDelete || peer.Action == models.NODE_DELETE { - continue - } - peerHost, err := GetHost(peer.HostID.String()) - if err != nil { - continue - } - var currPeerConf models.PeerConf - var found bool - if currPeerConf, found = peerConfMap[peerHost.PublicKey.String()]; !found { - currPeerConf = models.PeerConf{ - Proxy: peerHost.ProxyEnabled, - PublicListenPort: int32(GetPeerListenPort(peerHost)), - ProxyListenPort: GetProxyListenPort(peerHost), - NatType: peerHost.NatType, - } - } - - peerConfMap[peerHost.PublicKey.String()] = currPeerConf - } - if node.IsIngressGateway { - ingressStatus = true - _, peerConfMap, err = getExtPeersForProxy(&node, peerConfMap) - if err == nil { - - } else if !database.IsEmptyRecord(err) { - logger.Log(1, "error retrieving external clients:", err.Error()) - } - } - - } - proxyPayload.IsIngress = ingressStatus - proxyPayload.PeerMap = peerConfMap - return proxyPayload, nil -} - // GetPeerUpdateForHost - gets the consolidated peer update for the host from all networks -func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.Node, deletedNode *models.Node, deletedClients []models.ExtClient) (models.HostPeerUpdate, error) { +func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.Node, + deletedNode *models.Node, deletedClients []models.ExtClient) (models.HostPeerUpdate, error) { if host == nil { return models.HostPeerUpdate{}, errors.New("host is nil") } @@ -87,13 +27,14 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N hostPeerUpdate := models.HostPeerUpdate{ Host: *host, Server: servercfg.GetServer(), - HostPeerIDs: make(models.HostPeerMap, 0), ServerVersion: servercfg.GetVersion(), ServerAddrs: []models.ServerAddr{}, - IngressInfo: models.IngressInfo{ - ExtPeers: make(map[string]models.ExtClientInfo), + FwUpdate: models.FwUpdate{ + IngressInfo: models.IngressInfo{ + ExtPeers: make(map[string]models.ExtClientInfo), + }, + EgressInfo: make(map[string]models.EgressInfo), }, - EgressInfo: make(map[string]models.EgressInfo), PeerIDs: make(models.PeerMap, 0), Peers: []wgtypes.PeerConfig{}, NodePeers: []wgtypes.PeerConfig{}, @@ -145,7 +86,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } relayPeer.Endpoint = &net.UDPAddr{ IP: relayHost.EndpointIP, - Port: getPeerWgListenPort(relayHost), + Port: GetPeerListenPort(relayHost), } if uselocal { @@ -216,7 +157,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } } if node.IsIngressGateway && peer.IsEgressGateway { - hostPeerUpdate.IngressInfo.EgressRanges = append(hostPeerUpdate.IngressInfo.EgressRanges, + hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges = append(hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges, peer.EgressGatewayRanges...) } nodePeerMap[peerHost.PublicKey.String()] = models.PeerRouteInfo{ @@ -231,7 +172,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) { // if node is relayed and peer is not the relay, set remove to true - if _, ok := hostPeerUpdate.HostPeerIDs[peerHost.PublicKey.String()]; ok { + if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok { continue } peerConfig.Remove = true @@ -255,7 +196,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } peerConfig.Endpoint = &net.UDPAddr{ IP: peerHost.EndpointIP, - Port: getPeerWgListenPort(peerHost), + Port: GetPeerListenPort(peerHost), } if uselocal { @@ -271,22 +212,14 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N peerConfig.AllowedIPs = allowedips // only append allowed IPs if valid connection } - peerProxyPort := GetProxyListenPort(peerHost) + peerPort := GetPeerListenPort(peerHost) var nodePeer wgtypes.PeerConfig - if _, ok := hostPeerUpdate.HostPeerIDs[peerHost.PublicKey.String()]; !ok { - hostPeerUpdate.HostPeerIDs[peerHost.PublicKey.String()] = make(map[string]models.IDandAddr) + if _, ok := peerIndexMap[peerHost.PublicKey.String()]; !ok { hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, peerConfig) peerIndexMap[peerHost.PublicKey.String()] = len(hostPeerUpdate.Peers) - 1 - hostPeerUpdate.HostPeerIDs[peerHost.PublicKey.String()][peer.ID.String()] = models.IDandAddr{ - ID: peer.ID.String(), - Address: peer.PrimaryAddress(), - Name: peerHost.Name, - Network: peer.Network, - ProxyListenPort: peerProxyPort, - } hostPeerUpdate.HostNetworkInfo[peerHost.PublicKey.String()] = models.HostNetworkInfo{ - Interfaces: peerHost.Interfaces, - ProxyListenPort: peerProxyPort, + Interfaces: peerHost.Interfaces, + ListenPort: peerPort, } nodePeer = peerConfig } else { @@ -294,27 +227,20 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N peerAllowedIPs = append(peerAllowedIPs, peerConfig.AllowedIPs...) hostPeerUpdate.Peers[peerIndexMap[peerHost.PublicKey.String()]].AllowedIPs = peerAllowedIPs hostPeerUpdate.Peers[peerIndexMap[peerHost.PublicKey.String()]].Remove = false - hostPeerUpdate.HostPeerIDs[peerHost.PublicKey.String()][peer.ID.String()] = models.IDandAddr{ - ID: peer.ID.String(), - Address: peer.PrimaryAddress(), - Name: peerHost.Name, - Network: peer.Network, - ProxyListenPort: GetProxyListenPort(peerHost), - } hostPeerUpdate.HostNetworkInfo[peerHost.PublicKey.String()] = models.HostNetworkInfo{ - Interfaces: peerHost.Interfaces, - ProxyListenPort: peerProxyPort, + Interfaces: peerHost.Interfaces, + ListenPort: peerPort, } nodePeer = hostPeerUpdate.Peers[peerIndexMap[peerHost.PublicKey.String()]] } if node.Network == network { // add to peers map for metrics hostPeerUpdate.PeerIDs[peerHost.PublicKey.String()] = models.IDandAddr{ - ID: peer.ID.String(), - Address: peer.PrimaryAddress(), - Name: peerHost.Name, - Network: peer.Network, - ProxyListenPort: peerHost.ProxyListenPort, + ID: peer.ID.String(), + Address: peer.PrimaryAddress(), + Name: peerHost.Name, + Network: peer.Network, + ListenPort: GetPeerListenPort(peerHost), } hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, nodePeer) } @@ -322,6 +248,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N var extPeers []wgtypes.PeerConfig var extPeerIDAndAddrs []models.IDandAddr if node.IsIngressGateway { + hostPeerUpdate.FwUpdate.IsIngressGw = true extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node) if err == nil { for _, extPeerIdAndAddr := range extPeerIDAndAddrs { @@ -339,15 +266,8 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...) for _, extPeerIdAndAddr := range extPeerIDAndAddrs { extPeerIdAndAddr := extPeerIdAndAddr - hostPeerUpdate.HostPeerIDs[extPeerIdAndAddr.ID] = make(map[string]models.IDandAddr) - hostPeerUpdate.HostPeerIDs[extPeerIdAndAddr.ID][extPeerIdAndAddr.ID] = models.IDandAddr{ - ID: extPeerIdAndAddr.ID, - Address: extPeerIdAndAddr.Address, - Name: extPeerIdAndAddr.Name, - Network: node.Network, - } - hostPeerUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{ + hostPeerUpdate.FwUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{ Masquerade: true, IngGwAddr: net.IPNet{ IP: net.ParseIP(node.PrimaryAddress()), @@ -371,7 +291,8 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } } if node.IsEgressGateway { - hostPeerUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{ + hostPeerUpdate.FwUpdate.IsEgressGw = true + hostPeerUpdate.FwUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{ EgressID: node.ID.String(), Network: node.PrimaryNetworkRange(), EgressGwAddr: net.IPNet{ @@ -429,40 +350,15 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N return hostPeerUpdate, nil } -// getPeerWgListenPort - fetches the wg listen port for the host -func getPeerWgListenPort(host *models.Host) int { - peerPort := host.ListenPort - if host.WgPublicListenPort != 0 { - peerPort = host.WgPublicListenPort - } - return peerPort -} - // GetPeerListenPort - given a host, retrieve it's appropriate listening port func GetPeerListenPort(host *models.Host) int { peerPort := host.ListenPort if host.WgPublicListenPort != 0 { peerPort = host.WgPublicListenPort } - if host.ProxyEnabled { - if host.PublicListenPort != 0 { - peerPort = host.PublicListenPort - } else if host.ProxyListenPort != 0 { - peerPort = host.ProxyListenPort - } - } return peerPort } -// GetProxyListenPort - fetches the proxy listen port -func GetProxyListenPort(host *models.Host) int { - proxyPort := host.ProxyListenPort - if host.PublicListenPort != 0 { - proxyPort = host.PublicListenPort - } - return proxyPort -} - func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandAddr, error) { var peers []wgtypes.PeerConfig var idsAndAddr []models.IDandAddr @@ -523,77 +419,16 @@ func getExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA } peers = append(peers, peer) idsAndAddr = append(idsAndAddr, models.IDandAddr{ - ID: peer.PublicKey.String(), - Name: extPeer.ClientID, - Address: primaryAddr, + ID: peer.PublicKey.String(), + Name: extPeer.ClientID, + Address: primaryAddr, + IsExtClient: true, }) } return peers, idsAndAddr, nil } -func getExtPeersForProxy(node *models.Node, proxyPeerConf map[string]models.PeerConf) ([]wgtypes.PeerConfig, map[string]models.PeerConf, error) { - var peers []wgtypes.PeerConfig - host, err := GetHost(node.HostID.String()) - if err != nil { - logger.Log(0, "error retrieving host for node", node.ID.String(), err.Error()) - } - - extPeers, err := GetNetworkExtClients(node.Network) - if err != nil { - return peers, proxyPeerConf, err - } - for _, extPeer := range extPeers { - pubkey, err := wgtypes.ParseKey(extPeer.PublicKey) - if err != nil { - logger.Log(1, "error parsing ext pub key:", err.Error()) - continue - } - - if host.PublicKey.String() == extPeer.PublicKey || - extPeer.IngressGatewayID != node.ID.String() || !extPeer.Enabled { - continue - } - - var allowedips []net.IPNet - var peer wgtypes.PeerConfig - if extPeer.Address != "" { - var peeraddr = net.IPNet{ - IP: net.ParseIP(extPeer.Address), - Mask: net.CIDRMask(32, 32), - } - if peeraddr.IP != nil && peeraddr.Mask != nil { - allowedips = append(allowedips, peeraddr) - } - } - - if extPeer.Address6 != "" { - var addr6 = net.IPNet{ - IP: net.ParseIP(extPeer.Address6), - Mask: net.CIDRMask(128, 128), - } - if addr6.IP != nil && addr6.Mask != nil { - allowedips = append(allowedips, addr6) - } - } - - peer = wgtypes.PeerConfig{ - PublicKey: pubkey, - ReplaceAllowedIPs: true, - AllowedIPs: allowedips, - } - extConf := models.PeerConf{ - IsExtClient: true, - Address: net.ParseIP(extPeer.Address), - } - proxyPeerConf[peer.PublicKey.String()] = extConf - - peers = append(peers, peer) - } - return peers, proxyPeerConf, nil - -} - // GetAllowedIPs - calculates the wireguard allowedip field for a peer of a node based on the peer and node settings func GetAllowedIPs(node, peer *models.Node, metrics *models.Metrics) []net.IPNet { var allowedips []net.IPNet diff --git a/metrics/metrics.go b/metrics/metrics.go deleted file mode 100644 index 27913ad9..00000000 --- a/metrics/metrics.go +++ /dev/null @@ -1,83 +0,0 @@ -package metrics - -import ( - "sync" - "time" - - "github.com/gravitl/netmaker/models" -) - -// lock for metrics map -var metricsMapLock = &sync.RWMutex{} - -// metrics data map -var metricsPeerMap = make(map[string]map[string]*models.ProxyMetric) - -// GetMetricByServer - get metric data of peers by server -func GetMetricByServer(server string) map[string]*models.ProxyMetric { - metricsMapLock.RLock() - defer metricsMapLock.RUnlock() - if _, ok := metricsPeerMap[server]; !ok { - return nil - } - return metricsPeerMap[server] -} - -// GetMetric - fetches the metric data for the peer -func GetMetric(server, peerKey string) models.ProxyMetric { - metric := models.ProxyMetric{} - peerMetricMap := GetMetricByServer(server) - metricsMapLock.RLock() - defer metricsMapLock.RUnlock() - if peerMetricMap == nil { - return metric - } - if m, ok := peerMetricMap[peerKey]; ok && m != nil { - metric = *m - } - return metric -} - -// UpdateMetric - updates metric data for the peer -func UpdateMetric(server, peerKey string, metric *models.ProxyMetric) { - metricsMapLock.Lock() - defer metricsMapLock.Unlock() - if metricsPeerMap[server] == nil { - metricsPeerMap[server] = make(map[string]*models.ProxyMetric) - } - metricsPeerMap[server][peerKey] = metric -} - -// UpdateMetricByPeer - updates metrics data by peer public key -func UpdateMetricByPeer(peerKey string, metric *models.ProxyMetric, onlyTraffic bool) { - metricsMapLock.Lock() - defer metricsMapLock.Unlock() - for server, peerKeyMap := range metricsPeerMap { - if peerMetric, ok := peerKeyMap[peerKey]; ok { - peerMetric.TrafficRecieved += metric.TrafficRecieved - peerMetric.TrafficSent += metric.TrafficSent - if !onlyTraffic { - peerMetric.LastRecordedLatency = metric.LastRecordedLatency - } - - metricsPeerMap[server][peerKey] = peerMetric - } - } -} - -// ResetMetricsForPeer - reset metrics for peer -func ResetMetricsForPeer(server, peerKey string) { - metricsMapLock.Lock() - defer metricsMapLock.Unlock() - delete(metricsPeerMap[server], peerKey) -} - -// ResetMetricForNode - resets node level metrics -func ResetMetricForNode(server, peerKey, peerID string) { - metric := GetMetric(server, peerKey) - delete(metric.NodeConnectionStatus, peerID) - UpdateMetric(server, peerKey, &metric) -} - -// MetricCollectionInterval - collection interval for metrics -const MetricCollectionInterval = time.Second * 25 diff --git a/models/api_host.go b/models/api_host.go index abf29555..c71147fc 100644 --- a/models/api_host.go +++ b/models/api_host.go @@ -16,9 +16,6 @@ type ApiHost struct { Debug bool `json:"debug"` IsStatic bool `json:"isstatic"` ListenPort int `json:"listenport"` - LocalListenPort int `json:"locallistenport"` - ProxyListenPort int `json:"proxy_listen_port"` - PublicListenPort int `json:"public_listen_port" yaml:"public_listen_port"` WgPublicListenPort int `json:"wg_public_listen_port" yaml:"wg_public_listen_port"` MTU int `json:"mtu" yaml:"mtu"` Interfaces []Iface `json:"interfaces" yaml:"interfaces"` @@ -28,7 +25,6 @@ type ApiHost struct { MacAddress string `json:"macaddress"` InternetGateway string `json:"internetgateway"` Nodes []string `json:"nodes"` - ProxyEnabled bool `json:"proxy_enabled" yaml:"proxy_enabled"` IsDefault bool `json:"isdefault" yaml:"isdefault"` IsRelayed bool `json:"isrelayed" bson:"isrelayed" yaml:"isrelayed"` RelayedBy string `json:"relayed_by" bson:"relayed_by" yaml:"relayed_by"` @@ -60,10 +56,7 @@ func (h *Host) ConvertNMHostToAPI() *ApiHost { a.Name = h.Name a.OS = h.OS a.Nodes = h.Nodes - a.ProxyEnabled = h.ProxyEnabled - a.PublicListenPort = h.PublicListenPort a.WgPublicListenPort = h.WgPublicListenPort - a.ProxyListenPort = h.ProxyListenPort a.PublicKey = h.PublicKey.String() a.Verbosity = h.Verbosity a.Version = h.Version @@ -95,8 +88,6 @@ func (a *ApiHost) ConvertAPIHostToNMHost(currentHost *Host) *Host { h.IsK8S = currentHost.IsK8S h.IsStatic = a.IsStatic h.ListenPort = a.ListenPort - h.ProxyListenPort = a.ProxyListenPort - h.PublicListenPort = currentHost.PublicListenPort h.MTU = a.MTU h.MacAddress = currentHost.MacAddress h.PublicKey = currentHost.PublicKey @@ -106,7 +97,6 @@ func (a *ApiHost) ConvertAPIHostToNMHost(currentHost *Host) *Host { h.Nodes = currentHost.Nodes h.TrafficKeyPublic = currentHost.TrafficKeyPublic h.OS = currentHost.OS - h.ProxyEnabled = a.ProxyEnabled h.IsDefault = a.IsDefault h.NatType = currentHost.NatType h.TurnEndpoint = currentHost.TurnEndpoint diff --git a/models/host.go b/models/host.go index 12e79d40..3aa7f53b 100644 --- a/models/host.go +++ b/models/host.go @@ -25,15 +25,11 @@ var OS_Types = struct { // NAT_Types - the type of NAT in which a HOST currently resides (simplified) var NAT_Types = struct { - Public string - Symmetric string - Asymmetric string - Double string + Public string + BehindNAT string }{ - Public: "public", - Symmetric: "symmetric", - Asymmetric: "asymmetric", - Double: "double", + Public: "public", + BehindNAT: "behind_nat", } // WIREGUARD_INTERFACE name of wireguard interface @@ -54,24 +50,16 @@ type Host struct { Interface string `json:"interface" yaml:"interface"` Debug bool `json:"debug" yaml:"debug"` ListenPort int `json:"listenport" yaml:"listenport"` - PublicListenPort int `json:"public_listen_port" yaml:"public_listen_port"` WgPublicListenPort int `json:"wg_public_listen_port" yaml:"wg_public_listen_port"` - ProxyListenPort int `json:"proxy_listen_port" yaml:"proxy_listen_port"` MTU int `json:"mtu" yaml:"mtu"` PublicKey wgtypes.Key `json:"publickey" yaml:"publickey"` MacAddress net.HardwareAddr `json:"macaddress" yaml:"macaddress"` TrafficKeyPublic []byte `json:"traffickeypublic" yaml:"traffickeypublic"` InternetGateway net.UDPAddr `json:"internetgateway" yaml:"internetgateway"` Nodes []string `json:"nodes" yaml:"nodes"` - IsRelayed bool `json:"isrelayed" yaml:"isrelayed"` - RelayedBy string `json:"relayed_by" yaml:"relayed_by"` - IsRelay bool `json:"isrelay" yaml:"isrelay"` - RelayedHosts []string `json:"relay_hosts" yaml:"relay_hosts"` Interfaces []Iface `json:"interfaces" yaml:"interfaces"` DefaultInterface string `json:"defaultinterface" yaml:"defaultinterface"` EndpointIP net.IP `json:"endpointip" yaml:"endpointip"` - ProxyEnabled bool `json:"proxy_enabled" yaml:"proxy_enabled"` - ProxyEnabledSet bool `json:"proxy_enabled_updated" yaml:"proxy_enabled_updated"` IsDocker bool `json:"isdocker" yaml:"isdocker"` IsK8S bool `json:"isk8s" yaml:"isk8s"` IsStatic bool `json:"isstatic" yaml:"isstatic"` diff --git a/models/metrics.go b/models/metrics.go index 1ff3cb5a..b8abf697 100644 --- a/models/metrics.go +++ b/models/metrics.go @@ -15,26 +15,26 @@ type Metrics struct { // Metric - holds a metric for data between nodes type Metric struct { - NodeName string `json:"node_name" bson:"node_name" yaml:"node_name"` - Uptime int64 `json:"uptime" bson:"uptime" yaml:"uptime"` - TotalTime int64 `json:"totaltime" bson:"totaltime" yaml:"totaltime"` - Latency int64 `json:"latency" bson:"latency" yaml:"latency"` - TotalReceived int64 `json:"totalreceived" bson:"totalreceived" yaml:"totalreceived"` - TotalSent int64 `json:"totalsent" bson:"totalsent" yaml:"totalsent"` - ActualUptime time.Duration `json:"actualuptime" bson:"actualuptime" yaml:"actualuptime"` - PercentUp float64 `json:"percentup" bson:"percentup" yaml:"percentup"` - Connected bool `json:"connected" bson:"connected" yaml:"connected"` - CollectedByProxy bool `json:"collected_by_proxy" bson:"collected_by_proxy" yaml:"collected_by_proxy"` + NodeName string `json:"node_name" bson:"node_name" yaml:"node_name"` + Uptime int64 `json:"uptime" bson:"uptime" yaml:"uptime"` + TotalTime int64 `json:"totaltime" bson:"totaltime" yaml:"totaltime"` + Latency int64 `json:"latency" bson:"latency" yaml:"latency"` + TotalReceived int64 `json:"totalreceived" bson:"totalreceived" yaml:"totalreceived"` + TotalSent int64 `json:"totalsent" bson:"totalsent" yaml:"totalsent"` + ActualUptime time.Duration `json:"actualuptime" bson:"actualuptime" yaml:"actualuptime"` + PercentUp float64 `json:"percentup" bson:"percentup" yaml:"percentup"` + Connected bool `json:"connected" bson:"connected" yaml:"connected"` } // IDandAddr - struct to hold ID and primary Address type IDandAddr struct { - ID string `json:"id" bson:"id" yaml:"id"` - Address string `json:"address" bson:"address" yaml:"address"` - Name string `json:"name" bson:"name" yaml:"name"` - IsServer string `json:"isserver" bson:"isserver" yaml:"isserver" validate:"checkyesorno"` - Network string `json:"network" bson:"network" yaml:"network" validate:"network"` - ProxyListenPort int `json:"proxy_listen_port" yaml:"proxy_listen_port"` + ID string `json:"id" bson:"id" yaml:"id"` + Address string `json:"address" bson:"address" yaml:"address"` + Name string `json:"name" bson:"name" yaml:"name"` + IsServer string `json:"isserver" bson:"isserver" yaml:"isserver" validate:"checkyesorno"` + Network string `json:"network" bson:"network" yaml:"network" validate:"network"` + ListenPort int `json:"listen_port" yaml:"listen_port"` + IsExtClient bool `json:"is_extclient"` } // HostInfoMap - map of host public keys to host networking info @@ -42,16 +42,13 @@ type HostInfoMap map[string]HostNetworkInfo // HostNetworkInfo - holds info related to host networking (used for client side peer calculations) type HostNetworkInfo struct { - Interfaces []Iface `json:"interfaces" yaml:"interfaces"` - ProxyListenPort int `json:"proxy_listen_port" yaml:"proxy_listen_port"` + Interfaces []Iface `json:"interfaces" yaml:"interfaces"` + ListenPort int `json:"listen_port" yaml:"listen_port"` } // PeerMap - peer map for ids and addresses in metrics type PeerMap map[string]IDandAddr -// HostPeerMap - host peer map for ids and addresses -type HostPeerMap map[string]map[string]IDandAddr - // MetricsMap - map for holding multiple metrics in memory type MetricsMap map[string]Metrics diff --git a/models/mqtt.go b/models/mqtt.go index a68b7bba..e818df67 100644 --- a/models/mqtt.go +++ b/models/mqtt.go @@ -15,14 +15,11 @@ type HostPeerUpdate struct { ServerAddrs []ServerAddr `json:"serveraddrs" bson:"serveraddrs" yaml:"serveraddrs"` NodePeers []wgtypes.PeerConfig `json:"peers" bson:"peers" yaml:"peers"` Peers []wgtypes.PeerConfig - HostPeerIDs HostPeerMap `json:"hostpeerids" bson:"hostpeerids" yaml:"hostpeerids"` - ProxyUpdate ProxyManagerPayload `json:"proxy_update" bson:"proxy_update" yaml:"proxy_update"` - EgressInfo map[string]EgressInfo `json:"egress_info" bson:"egress_info" yaml:"egress_info"` // map key is node ID - IngressInfo IngressInfo `json:"ingress_info" bson:"ext_peers" yaml:"ext_peers"` PeerIDs PeerMap `json:"peerids" bson:"peerids" yaml:"peerids"` EndpointDetection bool `json:"endpointdetection" yaml:"endpointdetection"` HostNetworkInfo HostInfoMap `json:"host_network_info,omitempty" bson:"host_network_info,omitempty" yaml:"host_network_info,omitempty"` EgressRoutes []EgressNetworkRoutes `json:"egress_network_routes"` + FwUpdate FwUpdate `json:"fw_update"` } // IngressInfo - struct for ingress info @@ -69,3 +66,11 @@ type KeyUpdate struct { Network string `json:"network" bson:"network"` Interface string `json:"interface" bson:"interface"` } + +// FwUpdate - struct for firewall updates +type FwUpdate struct { + IsIngressGw bool `json:"is_ingress_gw"` + IsEgressGw bool `json:"is_egress_gw"` + IngressInfo IngressInfo `json:"ingress_info"` + EgressInfo map[string]EgressInfo `json:"egress_info"` +} diff --git a/models/node.go b/models/node.go index 2153627f..f9c3867b 100644 --- a/models/node.go +++ b/models/node.go @@ -483,7 +483,6 @@ func (ln *LegacyNode) ConvertToNewNode() (*Host, *Node) { host.HostPass = ln.Password host.Name = ln.Name host.ListenPort = int(ln.ListenPort) - host.ProxyListenPort = int(ln.ProxyListenPort) host.MTU = int(ln.MTU) host.PublicKey, _ = wgtypes.ParseKey(ln.PublicKey) host.MacAddress, _ = net.ParseMAC(ln.MacAddress) @@ -540,7 +539,6 @@ func (n *Node) Legacy(h *Host, s *ServerConfig, net *Network) *LegacyNode { l.Name = h.Name l.NetworkSettings = *net l.ListenPort = int32(h.ListenPort) - l.ProxyListenPort = int32(h.ProxyListenPort) l.PublicKey = h.PublicKey.String() l.Endpoint = h.EndpointIP.String() //l.AllowedIPs = @@ -580,7 +578,6 @@ func (n *Node) Legacy(h *Host, s *ServerConfig, net *Network) *LegacyNode { l.InternetGateway = h.InternetGateway.String() l.Connected = formatBool(n.Connected) //l.PendingDelete = formatBool(n.PendingDelete) - l.Proxy = h.ProxyEnabled l.DefaultACL = n.DefaultACL l.OwnerID = n.OwnerID //l.Failover = n.Failover diff --git a/models/proxy.go b/models/proxy.go deleted file mode 100644 index 0a33d25f..00000000 --- a/models/proxy.go +++ /dev/null @@ -1,68 +0,0 @@ -package models - -import ( - "net" - "time" - - "golang.zx2c4.com/wireguard/wgctrl/wgtypes" -) - -// ProxyAction - type for proxy action -type ProxyAction string - -const ( - // default proxy port - NmProxyPort = 51722 - // PersistentKeepaliveInterval - default keepalive for wg peer - DefaultPersistentKeepaliveInterval = time.Duration(time.Second * 20) - - // ProxyUpdate - constant for proxy update action - ProxyUpdate ProxyAction = "PROXY_UPDATE" - // ProxyDeletePeers - constant for proxy delete peers action - ProxyDeletePeers ProxyAction = "PROXY_DELETE" - // ProxyDeleteAllPeers - constant for proxy delete all peers action - ProxyDeleteAllPeers ProxyAction = "PROXY_DELETE_ALL" - // NoProxy - constant for no ProxyAction - NoProxy ProxyAction = "NO_PROXY" -) - -// RelayedConf - struct relayed peers config -type RelayedConf struct { - RelayedPeerEndpoint *net.UDPAddr `json:"relayed_peer_endpoint"` - RelayedPeerPubKey string `json:"relayed_peer_pub_key"` - Peers []wgtypes.PeerConfig `json:"relayed_peers"` -} - -// PeerConf - struct for peer config in the network -type PeerConf struct { - Proxy bool `json:"proxy"` - PublicListenPort int32 `json:"public_listen_port"` - ProxyListenPort int `json:"proxy_listen_port"` - IsExtClient bool `json:"is_ext_client"` - Address net.IP `json:"address"` - IsRelayed bool `json:"is_relayed"` - RelayedTo *net.UDPAddr `json:"relayed_to"` - NatType string `json:"nat_type"` -} - -// ProxyManagerPayload - struct for proxy manager payload -type ProxyManagerPayload struct { - Action ProxyAction `json:"action"` - InterfaceName string `json:"interface_name"` - Server string `json:"server"` - Peers []wgtypes.PeerConfig `json:"peers"` - PeerMap map[string]PeerConf `json:"peer_map"` - IsIngress bool `json:"is_ingress"` - IsRelayed bool `json:"is_relayed"` - RelayedTo *net.UDPAddr `json:"relayed_to"` - IsRelay bool `json:"is_relay"` - RelayedPeerConf map[string]RelayedConf `json:"relayed_conf"` -} - -// Metric - struct for metric data -type ProxyMetric struct { - NodeConnectionStatus map[string]bool `json:"node_connection_status"` - LastRecordedLatency uint64 `json:"last_recorded_latency"` - TrafficSent int64 `json:"traffic_sent"` // stored in MB - TrafficRecieved int64 `json:"traffic_recieved"` // stored in MB -} diff --git a/mq/handlers.go b/mq/handlers.go index b1e5d577..52e9664d 100644 --- a/mq/handlers.go +++ b/mq/handlers.go @@ -324,21 +324,18 @@ func updateNodeMetrics(currentNode *models.Node, newMetrics *models.Metrics) boo oldMetric := oldMetrics.Connectivity[k] currMetric.TotalTime += oldMetric.TotalTime currMetric.Uptime += oldMetric.Uptime // get the total uptime for this connection - if currMetric.CollectedByProxy { + + if currMetric.TotalReceived < oldMetric.TotalReceived { currMetric.TotalReceived += oldMetric.TotalReceived + } else { + currMetric.TotalReceived += int64(math.Abs(float64(currMetric.TotalReceived) - float64(oldMetric.TotalReceived))) + } + if currMetric.TotalSent < oldMetric.TotalSent { currMetric.TotalSent += oldMetric.TotalSent } else { - if currMetric.TotalReceived < oldMetric.TotalReceived { - currMetric.TotalReceived += oldMetric.TotalReceived - } else { - currMetric.TotalReceived += int64(math.Abs(float64(currMetric.TotalReceived) - float64(oldMetric.TotalReceived))) - } - if currMetric.TotalSent < oldMetric.TotalSent { - currMetric.TotalSent += oldMetric.TotalSent - } else { - currMetric.TotalSent += int64(math.Abs(float64(currMetric.TotalSent) - float64(oldMetric.TotalSent))) - } + currMetric.TotalSent += int64(math.Abs(float64(currMetric.TotalSent) - float64(oldMetric.TotalSent))) } + if currMetric.Uptime == 0 || currMetric.TotalTime == 0 { currMetric.PercentUp = 0 } else { diff --git a/mq/publishers.go b/mq/publishers.go index e5b7dd39..2badddb8 100644 --- a/mq/publishers.go +++ b/mq/publishers.go @@ -96,20 +96,6 @@ func PublishSingleHostPeerUpdate(host *models.Host, allNodes []models.Node, dele if len(peerUpdate.Peers) == 0 { // no peers to send return nil } - if host.OS != models.OS_Types.IoT { - proxyUpdate, err := logic.GetProxyUpdateForHost(host) - if err != nil { - return err - } - proxyUpdate.Server = servercfg.GetServer() - if host.ProxyEnabled { - proxyUpdate.Action = models.ProxyUpdate - } else { - proxyUpdate.Action = models.NoProxy - } - - peerUpdate.ProxyUpdate = proxyUpdate - } data, err := json.Marshal(&peerUpdate) if err != nil { diff --git a/scripts/netmaker.default.env b/scripts/netmaker.default.env index 226895e4..799df19f 100644 --- a/scripts/netmaker.default.env +++ b/scripts/netmaker.default.env @@ -46,10 +46,6 @@ SERVER_BROKER_ENDPOINT="ws://mq:1883" STUN_PORT="3478" # Logging verbosity level - 1, 2, or 3 VERBOSITY="1" -# If ON, all new clients will enable proxy by default -# If OFF, all new clients will disable proxy by default -# If AUTO, stick with the existing logic for NAT detection -DEFAULT_PROXY_MODE="off" # Port to access turn server TURN_PORT="3479" # Config for using turn, accepts either true/false diff --git a/scripts/nm-quick.sh b/scripts/nm-quick.sh index 67b30668..3f5339fd 100755 --- a/scripts/nm-quick.sh +++ b/scripts/nm-quick.sh @@ -310,7 +310,7 @@ save_config() { ( local toCopy=("SERVER_HOST" "MASTER_KEY" "TURN_USERNAME" "TURN_PASSWORD" "MQ_USERNAME" "MQ_PASSWORD" "INSTALL_TYPE" "NODE_ID" "DNS_MODE" "NETCLIENT_AUTO_UPDATE" "API_PORT" "CORS_ALLOWED_ORIGIN" "DISPLAY_KEYS" "DATABASE" "SERVER_BROKER_ENDPOINT" "STUN_PORT" "VERBOSITY" - "DEFAULT_PROXY_MODE" "TURN_PORT" "USE_TURN" "DEBUG_MODE" "TURN_API_PORT" "REST_BACKEND" + "TURN_PORT" "USE_TURN" "DEBUG_MODE" "TURN_API_PORT" "REST_BACKEND" "DISABLE_REMOTE_IP_CHECK" "NETCLIENT_ENDPOINT_DETECTION" "TELEMETRY" "AUTH_PROVIDER" "CLIENT_ID" "CLIENT_SECRET" "FRONTEND_URL" "AZURE_TENANT" "OIDC_ISSUER" "EXPORTER_API_PORT") for name in "${toCopy[@]}"; do diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index 910bd997..18170a7e 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -90,7 +90,6 @@ func GetServerConfig() config.ServerConfig { if Is_EE { cfg.IsEE = "yes" } - cfg.DefaultProxyMode = GetDefaultProxyMode() return cfg } @@ -731,17 +730,6 @@ func GetTurnPassword() string { } -// IsProxyEnabled - is proxy on or off -func IsProxyEnabled() bool { - var enabled = false //default - if os.Getenv("PROXY") != "" { - enabled = os.Getenv("PROXY") == "on" - } else if config.Config.Server.Proxy != "" { - enabled = config.Config.Server.Proxy == "on" - } - return enabled -} - // GetNetworkLimit - fetches free tier limits on users func GetUserLimit() int { var userslimit int @@ -794,32 +782,6 @@ func DeployedByOperator() bool { return config.Config.Server.DeployedByOperator } -// GetDefaultProxyMode - default proxy mode for a server -func GetDefaultProxyMode() config.ProxyMode { - var ( - mode config.ProxyMode - def string - ) - if os.Getenv("DEFAULT_PROXY_MODE") != "" { - def = os.Getenv("DEFAULT_PROXY_MODE") - } else if config.Config.Server.DefaultProxyMode.Set { - return config.Config.Server.DefaultProxyMode - } - switch strings.ToUpper(def) { - case "ON": - mode.Set = true - mode.Value = true - case "OFF": - mode.Set = true - mode.Value = false - // AUTO or any other value - default: - mode.Set = false - } - return mode - -} - // parseStunList - turn string into slice of StunServers func parseStunList(stunString string) ([]models.StunServer, error) { var err error From 4bcb3d0196784ca0d434cd8668e8574f7cc3ac5c Mon Sep 17 00:00:00 2001 From: Gabriel de Souza Seibel Date: Thu, 27 Jul 2023 03:03:46 -0300 Subject: [PATCH 04/13] [NET-398] Netmaker should indicate licensing/payment issues (#2465) * Add more details to license validation errors * Use err.Error() to get string to log * Enhance error handling for license validation * Use slog in validation --- ee/license.go | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/ee/license.go b/ee/license.go index b49f9027..dfbb36ec 100644 --- a/ee/license.go +++ b/ee/license.go @@ -7,13 +7,15 @@ import ( "bytes" "crypto/rand" "encoding/json" + "errors" "fmt" + "golang.org/x/exp/slog" "io" "net/http" + "os" "time" "github.com/gravitl/netmaker/database" - "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/logic" "github.com/gravitl/netmaker/models" "github.com/gravitl/netmaker/netclient/ncutils" @@ -49,19 +51,22 @@ func AddLicenseHooks() { func ValidateLicense() error { licenseKeyValue := servercfg.GetLicenseKey() netmakerTenantID := servercfg.GetNetmakerTenantID() - logger.Log(0, "proceeding with Netmaker license validation...") - if len(licenseKeyValue) == 0 || len(netmakerTenantID) == 0 { - logger.FatalLog0(errValidation.Error()) + slog.Info("proceeding with Netmaker license validation...") + if len(licenseKeyValue) == 0 { + failValidation(errors.New("empty license-key (LICENSE_KEY environment variable)")) + } + if len(netmakerTenantID) == 0 { + failValidation(errors.New("empty tenant-id (NETMAKER_TENANT_ID environment variable)")) } apiPublicKey, err := getLicensePublicKey(licenseKeyValue) if err != nil { - logger.FatalLog0(errValidation.Error()) + failValidation(fmt.Errorf("failed to get license public key: %w", err)) } tempPubKey, tempPrivKey, err := FetchApiServerKeys() if err != nil { - logger.FatalLog0(errValidation.Error()) + failValidation(fmt.Errorf("failed to fetch api server keys: %w", err)) } licenseSecret := LicenseSecret{ @@ -71,35 +76,38 @@ func ValidateLicense() error { secretData, err := json.Marshal(&licenseSecret) if err != nil { - logger.FatalLog0(errValidation.Error()) + failValidation(fmt.Errorf("failed to marshal license secret: %w", err)) } encryptedData, err := ncutils.BoxEncrypt(secretData, apiPublicKey, tempPrivKey) if err != nil { - logger.FatalLog0(errValidation.Error()) + failValidation(fmt.Errorf("failed to encrypt license secret data: %w", err)) } validationResponse, err := validateLicenseKey(encryptedData, tempPubKey) - if err != nil || len(validationResponse) == 0 { - logger.FatalLog0(errValidation.Error()) + if err != nil { + failValidation(fmt.Errorf("failed to validate license key: %w", err)) + } + if len(validationResponse) == 0 { + failValidation(errors.New("empty validation response")) } var licenseResponse ValidatedLicense if err = json.Unmarshal(validationResponse, &licenseResponse); err != nil { - logger.FatalLog0(errValidation.Error()) + failValidation(fmt.Errorf("failed to unmarshal validation response: %w", err)) } respData, err := ncutils.BoxDecrypt(base64decode(licenseResponse.EncryptedLicense), apiPublicKey, tempPrivKey) if err != nil { - logger.FatalLog0(errValidation.Error()) + failValidation(fmt.Errorf("failed to decrypt license: %w", err)) } license := LicenseKey{} if err = json.Unmarshal(respData, &license); err != nil { - logger.FatalLog0(errValidation.Error()) + failValidation(fmt.Errorf("failed to unmarshal license key: %w", err)) } - logger.Log(0, "License validation succeeded!") + slog.Info("License validation succeeded!") return nil } @@ -150,6 +158,11 @@ func FetchApiServerKeys() (pub *[32]byte, priv *[32]byte, err error) { return pub, priv, nil } +func failValidation(err error) { + slog.Error(errValidation.Error(), "error", err) + os.Exit(0) +} + func getLicensePublicKey(licensePubKeyEncoded string) (*[32]byte, error) { decodedPubKey := base64decode(licensePubKeyEncoded) return ncutils.ConvertBytesToKey(decodedPubKey) @@ -187,11 +200,11 @@ func validateLicenseKey(encryptedData []byte, publicKey *[32]byte) ([]byte, erro if err != nil { return nil, err } - logger.Log(3, "proceeding with cached response, Netmaker API may be down") + slog.Warn("proceeding with cached response, Netmaker API may be down") } else { defer validateResponse.Body.Close() if validateResponse.StatusCode != 200 { - return nil, fmt.Errorf("could not validate license") + return nil, fmt.Errorf("could not validate license, got status code %d", validateResponse.StatusCode) } // if you received a 200 cache the response locally body, err = io.ReadAll(validateResponse.Body) From 7e8b66e03d8c7c9ebf3fbb85469a11728079d99a Mon Sep 17 00:00:00 2001 From: Gabriel de Souza Seibel Date: Thu, 27 Jul 2023 03:04:15 -0300 Subject: [PATCH 05/13] [NET-353] Solve race condition with "unique" ips (#2461) * Use a lock for getting unique ips * Make getting & setting unique ips atomic * Remove some blank lines * Set addressLock to &sync.Mutex on declaration --- logic/extpeers.go | 3 +++ logic/networks.go | 5 ++++- logic/nodes.go | 4 ++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/logic/extpeers.go b/logic/extpeers.go index b2d99039..6b6e1a71 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -154,6 +154,9 @@ func GetExtClientByPubKey(publicKey string, network string) (*models.ExtClient, // CreateExtClient - creates an extclient func CreateExtClient(extclient *models.ExtClient) error { + // lock because we need unique IPs and having it concurrent makes parallel calls result in same "unique" IPs + addressLock.Lock() + defer addressLock.Unlock() if len(extclient.PublicKey) == 0 { privateKey, err := wgtypes.GeneratePrivateKey() diff --git a/logic/networks.go b/logic/networks.go index 102c39d3..61ea17d3 100644 --- a/logic/networks.go +++ b/logic/networks.go @@ -7,6 +7,7 @@ import ( "net" "sort" "strings" + "sync" "github.com/c-robinson/iplib" validator "github.com/go-playground/validator/v10" @@ -147,7 +148,7 @@ func GetNetworkSettings(networkname string) (models.Network, error) { return network, nil } -// UniqueAddress - see if address is unique +// UniqueAddress - get a unique ipv4 address func UniqueAddress(networkName string, reverse bool) (net.IP, error) { add := net.IP{} var network models.Network @@ -424,3 +425,5 @@ func SortNetworks(unsortedNetworks []models.Network) { } // == Private == + +var addressLock = &sync.Mutex{} diff --git a/logic/nodes.go b/logic/nodes.go index c0d79f35..93ed106d 100644 --- a/logic/nodes.go +++ b/logic/nodes.go @@ -460,6 +460,10 @@ func updateProNodeACLS(node *models.Node) error { // createNode - creates a node in database func createNode(node *models.Node) error { + // lock because we need unique IPs and having it concurrent makes parallel calls result in same "unique" IPs + addressLock.Lock() + defer addressLock.Unlock() + host, err := GetHost(node.HostID.String()) if err != nil { return err From ab73278597589145b4de6f68f628a4379d81dc30 Mon Sep 17 00:00:00 2001 From: Abhishek K <32607604+abhishek9686@users.noreply.github.com> Date: Fri, 28 Jul 2023 09:20:43 +0530 Subject: [PATCH 06/13] add timestamp to turn signal (#2470) --- models/host.go | 1 + 1 file changed, 1 insertion(+) diff --git a/models/host.go b/models/host.go index 3aa7f53b..70947ba2 100644 --- a/models/host.go +++ b/models/host.go @@ -142,6 +142,7 @@ type Signal struct { ToHostPubKey string `json:"to_host_pubkey"` Reply bool `json:"reply"` Action SignalAction `json:"action"` + TimeStamp int64 `json:"timestamp"` } // RegisterMsg - login message struct for hosts to join via SSO login From aafaa91af0c922157cd49a8dcb059ed2e3d3074f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Jul 2023 10:58:45 +0530 Subject: [PATCH 07/13] Bump github.com/txn2/txeh from 1.4.0 to 1.5.3 (#2464) Bumps [github.com/txn2/txeh](https://github.com/txn2/txeh) from 1.4.0 to 1.5.3. - [Release notes](https://github.com/txn2/txeh/releases) - [Changelog](https://github.com/txn2/txeh/blob/master/.goreleaser.yml) - [Commits](https://github.com/txn2/txeh/compare/v1.4.0...v1.5.3) --- updated-dependencies: - dependency-name: github.com/txn2/txeh dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6a95af3a..127a1baa 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.8.4 - github.com/txn2/txeh v1.4.0 + github.com/txn2/txeh v1.5.3 golang.org/x/crypto v0.11.0 golang.org/x/net v0.12.0 // indirect golang.org/x/oauth2 v0.10.0 diff --git a/go.sum b/go.sum index f6bc93af..6361884e 100644 --- a/go.sum +++ b/go.sum @@ -109,8 +109,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/txn2/txeh v1.4.0 h1:0tdvpA4HGJrj8X3kmrU6o/JFStI009nKxwDpMK5CnRU= -github.com/txn2/txeh v1.4.0/go.mod h1:Mgq0hY184zCrDBLgvkIp+9NYGHoYbJcu4xKqUcx1shc= +github.com/txn2/txeh v1.5.3 h1:ZMgc3r+5/AFtE/ayCoICpvxj7xl/CYsZjnIGhozV/Kc= +github.com/txn2/txeh v1.5.3/go.mod h1:qYzGG9kCzeVEI12geK4IlanHWY8X4uy/I3NcW7mk8g4= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g= github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM= From 6ef61cf48e8a960813006f075d036244045c61a5 Mon Sep 17 00:00:00 2001 From: Abhishek K <32607604+abhishek9686@users.noreply.github.com> Date: Fri, 28 Jul 2023 19:12:18 +0530 Subject: [PATCH 08/13] Revert "Bump github.com/txn2/txeh from 1.4.0 to 1.5.3 (#2464)" (#2475) This reverts commit aafaa91af0c922157cd49a8dcb059ed2e3d3074f. --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 127a1baa..6a95af3a 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ require ( github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.8.4 - github.com/txn2/txeh v1.5.3 + github.com/txn2/txeh v1.4.0 golang.org/x/crypto v0.11.0 golang.org/x/net v0.12.0 // indirect golang.org/x/oauth2 v0.10.0 diff --git a/go.sum b/go.sum index 6361884e..f6bc93af 100644 --- a/go.sum +++ b/go.sum @@ -109,8 +109,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/txn2/txeh v1.5.3 h1:ZMgc3r+5/AFtE/ayCoICpvxj7xl/CYsZjnIGhozV/Kc= -github.com/txn2/txeh v1.5.3/go.mod h1:qYzGG9kCzeVEI12geK4IlanHWY8X4uy/I3NcW7mk8g4= +github.com/txn2/txeh v1.4.0 h1:0tdvpA4HGJrj8X3kmrU6o/JFStI009nKxwDpMK5CnRU= +github.com/txn2/txeh v1.4.0/go.mod h1:Mgq0hY184zCrDBLgvkIp+9NYGHoYbJcu4xKqUcx1shc= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g= github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM= From cf11169553e731d66b365c945de0292e239ea34f Mon Sep 17 00:00:00 2001 From: Abhishek K <32607604+abhishek9686@users.noreply.github.com> Date: Fri, 28 Jul 2023 19:44:51 +0530 Subject: [PATCH 09/13] NET-433: Only Set Routes for NAT enabled egress GW (#2469) * remove related fields and code * remover metrics collection from server code * fw update struct * add ext client flag to metrics data * simply nat types * rm proxy update from cli * remove ingress routes from firewall update * check if egress ranges are present * rm unused func --- logic/peers.go | 96 +------------------------------------------------- models/mqtt.go | 15 ++++---- 2 files changed, 7 insertions(+), 104 deletions(-) diff --git a/logic/peers.go b/logic/peers.go index b5a15b24..9068a4a6 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -30,9 +30,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N ServerVersion: servercfg.GetVersion(), ServerAddrs: []models.ServerAddr{}, FwUpdate: models.FwUpdate{ - IngressInfo: models.IngressInfo{ - ExtPeers: make(map[string]models.ExtClientInfo), - }, EgressInfo: make(map[string]models.EgressInfo), }, PeerIDs: make(models.PeerMap, 0), @@ -110,10 +107,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N } currentPeers := GetNetworkNodesMemory(allNodes, node.Network) - var nodePeerMap map[string]models.PeerRouteInfo - if node.IsIngressGateway || node.IsEgressGateway { - nodePeerMap = make(map[string]models.PeerRouteInfo) - } for _, peer := range currentPeers { peer := peer if peer.ID.String() == node.ID.String() { @@ -138,38 +131,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N EgressRanges: peer.EgressGatewayRanges, }) } - if node.IsIngressGateway || node.IsEgressGateway { - if peer.IsIngressGateway { - _, extPeerIDAndAddrs, err := getExtPeers(&peer, &node) - if err == nil { - for _, extPeerIdAndAddr := range extPeerIDAndAddrs { - extPeerIdAndAddr := extPeerIdAndAddr - nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{ - PeerAddr: net.IPNet{ - IP: net.ParseIP(extPeerIdAndAddr.Address), - Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address), - }, - PeerKey: extPeerIdAndAddr.ID, - Allow: true, - ID: extPeerIdAndAddr.ID, - } - } - } - } - if node.IsIngressGateway && peer.IsEgressGateway { - hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges = append(hostPeerUpdate.FwUpdate.IngressInfo.EgressRanges, - peer.EgressGatewayRanges...) - } - nodePeerMap[peerHost.PublicKey.String()] = models.PeerRouteInfo{ - PeerAddr: net.IPNet{ - IP: net.ParseIP(peer.PrimaryAddress()), - Mask: getCIDRMaskFromAddr(peer.PrimaryAddress()), - }, - PeerKey: peerHost.PublicKey.String(), - Allow: true, - ID: peer.ID.String(), - } - } if (node.IsRelayed && node.RelayedBy != peer.ID.String()) || (peer.IsRelayed && peer.RelayedBy != node.ID.String()) { // if node is relayed and peer is not the relay, set remove to true if _, ok := peerIndexMap[peerHost.PublicKey.String()]; ok { @@ -248,39 +209,11 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N var extPeers []wgtypes.PeerConfig var extPeerIDAndAddrs []models.IDandAddr if node.IsIngressGateway { - hostPeerUpdate.FwUpdate.IsIngressGw = true extPeers, extPeerIDAndAddrs, err = getExtPeers(&node, &node) if err == nil { - for _, extPeerIdAndAddr := range extPeerIDAndAddrs { - extPeerIdAndAddr := extPeerIdAndAddr - nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{ - PeerAddr: net.IPNet{ - IP: net.ParseIP(extPeerIdAndAddr.Address), - Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address), - }, - PeerKey: extPeerIdAndAddr.ID, - Allow: true, - ID: extPeerIdAndAddr.ID, - } - } hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...) for _, extPeerIdAndAddr := range extPeerIDAndAddrs { extPeerIdAndAddr := extPeerIdAndAddr - - hostPeerUpdate.FwUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{ - Masquerade: true, - IngGwAddr: net.IPNet{ - IP: net.ParseIP(node.PrimaryAddress()), - Mask: getCIDRMaskFromAddr(node.PrimaryAddress()), - }, - Network: node.PrimaryNetworkRange(), - ExtPeerAddr: net.IPNet{ - IP: net.ParseIP(extPeerIdAndAddr.Address), - Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address), - }, - ExtPeerKey: extPeerIdAndAddr.ID, - Peers: filterNodeMapForClientACLs(extPeerIdAndAddr.ID, node.Network, nodePeerMap), - } if node.Network == network { hostPeerUpdate.PeerIDs[extPeerIdAndAddr.ID] = extPeerIdAndAddr hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, extPeers...) @@ -290,7 +223,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N logger.Log(1, "error retrieving external clients:", err.Error()) } } - if node.IsEgressGateway { + if node.IsEgressGateway && node.EgressGatewayRequest.NatEnabled == "yes" && len(node.EgressGatewayRequest.Ranges) > 0 { hostPeerUpdate.FwUpdate.IsEgressGw = true hostPeerUpdate.FwUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{ EgressID: node.ID.String(), @@ -299,7 +232,6 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N IP: net.ParseIP(node.PrimaryAddress()), Mask: getCIDRMaskFromAddr(node.PrimaryAddress()), }, - GwPeers: nodePeerMap, EgressGWCfg: node.EgressGatewayRequest, } } @@ -584,29 +516,3 @@ func getCIDRMaskFromAddr(addr string) net.IPMask { } return cidr } - -// accounts for ext client ACLs -func filterNodeMapForClientACLs(publicKey, network string, nodePeerMap map[string]models.PeerRouteInfo) map[string]models.PeerRouteInfo { - if !isEE { - return nodePeerMap - } - if nodePeerMap == nil { - return map[string]models.PeerRouteInfo{} - } - - if len(publicKey) == 0 || len(network) == 0 { - return nodePeerMap - } - - client, err := GetExtClientByPubKey(publicKey, network) - if err != nil { - return nodePeerMap - } - for k := range nodePeerMap { - currNodePeer := nodePeerMap[k] - if _, ok := client.DeniedACLs[currNodePeer.ID]; ok { - delete(nodePeerMap, k) - } - } - return nodePeerMap -} diff --git a/models/mqtt.go b/models/mqtt.go index e818df67..b50e8cd2 100644 --- a/models/mqtt.go +++ b/models/mqtt.go @@ -30,11 +30,10 @@ type IngressInfo struct { // EgressInfo - struct for egress info type EgressInfo struct { - EgressID string `json:"egress_id" yaml:"egress_id"` - Network net.IPNet `json:"network" yaml:"network"` - EgressGwAddr net.IPNet `json:"egress_gw_addr" yaml:"egress_gw_addr"` - GwPeers map[string]PeerRouteInfo `json:"gateway_peers" yaml:"gateway_peers"` - EgressGWCfg EgressGatewayRequest `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"` + EgressID string `json:"egress_id" yaml:"egress_id"` + Network net.IPNet `json:"network" yaml:"network"` + EgressGwAddr net.IPNet `json:"egress_gw_addr" yaml:"egress_gw_addr"` + EgressGWCfg EgressGatewayRequest `json:"egress_gateway_cfg" yaml:"egress_gateway_cfg"` } // EgressNetworkRoutes - struct for egress network routes for adding routes to peer's interface @@ -69,8 +68,6 @@ type KeyUpdate struct { // FwUpdate - struct for firewall updates type FwUpdate struct { - IsIngressGw bool `json:"is_ingress_gw"` - IsEgressGw bool `json:"is_egress_gw"` - IngressInfo IngressInfo `json:"ingress_info"` - EgressInfo map[string]EgressInfo `json:"egress_info"` + IsEgressGw bool `json:"is_egress_gw"` + EgressInfo map[string]EgressInfo `json:"egress_info"` } From 114db708d61af738d810cbe4aba48e90b57e0764 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Fri, 28 Jul 2023 11:46:35 -0400 Subject: [PATCH 10/13] ignore network parameter passed to delete ingress endpoint (#2471) --- controllers/node.go | 2 +- go.mod | 6 ------ go.sum | 8 -------- logic/gateway.go | 8 ++++---- 4 files changed, 5 insertions(+), 19 deletions(-) diff --git a/controllers/node.go b/controllers/node.go index 1d92acd5..3b4aceed 100644 --- a/controllers/node.go +++ b/controllers/node.go @@ -566,7 +566,7 @@ func deleteIngressGateway(w http.ResponseWriter, r *http.Request) { var params = mux.Vars(r) nodeid := params["nodeid"] netid := params["network"] - node, wasFailover, removedClients, err := logic.DeleteIngressGateway(netid, nodeid) + node, wasFailover, removedClients, err := logic.DeleteIngressGateway(nodeid) if err != nil { logger.Log(0, r.Header.Get("user"), fmt.Sprintf("failed to delete ingress gateway on node [%s] on network [%s]: %v", diff --git a/go.mod b/go.mod index 6a95af3a..4c5524d0 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,6 @@ require ( golang.org/x/oauth2 v0.10.0 golang.org/x/sys v0.10.0 // indirect golang.org/x/text v0.11.0 // indirect - golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c // indirect golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220324164955-056925b7df31 google.golang.org/protobuf v1.31.0 // indirect gopkg.in/yaml.v3 v3.0.1 @@ -62,14 +61,9 @@ require ( github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/go-cmp v0.5.9 // indirect github.com/hashicorp/go-version v1.6.0 - github.com/josharian/native v1.0.0 // indirect github.com/leodido/go-urn v1.2.4 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect - github.com/mdlayher/genetlink v1.2.0 // indirect - github.com/mdlayher/netlink v1.6.0 // indirect - github.com/mdlayher/socket v0.1.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect golang.org/x/sync v0.1.0 // indirect diff --git a/go.sum b/go.sum index f6bc93af..d71d2c46 100644 --- a/go.sum +++ b/go.sum @@ -43,7 +43,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= @@ -58,7 +57,6 @@ github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mO github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/josharian/native v1.0.0 h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk= github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q= github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= @@ -72,13 +70,9 @@ github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4 github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.17 h1:mCRHCLDUBXgpKAqIKsaAaAsrAlbkeomtRFKXh2L6YIM= github.com/mattn/go-sqlite3 v1.14.17/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= -github.com/mdlayher/genetlink v1.2.0 h1:4yrIkRV5Wfk1WfpWTcoOlGmsWgQj3OtQN9ZsbrE+XtU= github.com/mdlayher/genetlink v1.2.0/go.mod h1:ra5LDov2KrUCZJiAtEvXXZBxGMInICMXIwshlJ+qRxQ= -github.com/mdlayher/netlink v1.6.0 h1:rOHX5yl7qnlpiVkFWoqccueppMtXzeziFjWAjLg6sz0= github.com/mdlayher/netlink v1.6.0/go.mod h1:0o3PlBmGst1xve7wQ7j/hwpNaFaH4qCRyWCdcZk8/vA= -github.com/mdlayher/socket v0.1.1 h1:q3uOGirUPfAV2MUoaC7BavjQ154J7+JOkTWyiV+intI= github.com/mdlayher/socket v0.1.1/go.mod h1:mYV5YIZAfHh4dzDVzI8x8tWLWCliuX8Mon5Awbj+qDs= -github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721 h1:RlZweED6sbSArvlE924+mUcZuXKLBHA35U7LN621Bws= github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= @@ -164,8 +158,6 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8T golang.zx2c4.com/go118/netip v0.0.0-20211111135330-a4a02eeacf9d/go.mod h1:5yyfuiqVIJ7t+3MqrpTQ+QqRkMWiESiyDvPNvKYCecg= golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI= golang.zx2c4.com/wireguard v0.0.0-20220202223031-3b95c81cc178/go.mod h1:TjUWrnD5ATh7bFvmm/ALEJZQ4ivKbETb6pmyj1vUoNI= -golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c h1:Okh6a1xpnJslG9Mn84pId1Mn+Q8cvpo4HCeeFWHo0cA= -golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c/go.mod h1:enML0deDxY1ux+B6ANGiwtg0yAJi1rctkTpcHNAVPyg= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220324164955-056925b7df31 h1:AgW3hljgTzuRbCB0j+q9tXT0uy6ij7vMjEzSCeMlQY0= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220324164955-056925b7df31/go.mod h1:8P32Ilp1kCpwB4ItaHyvSk4xAtnpQ+8gQVfg5WaO1TU= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= diff --git a/logic/gateway.go b/logic/gateway.go index 083092ee..90827e13 100644 --- a/logic/gateway.go +++ b/logic/gateway.go @@ -127,13 +127,13 @@ func CreateIngressGateway(netid string, nodeid string, ingress models.IngressReq } // DeleteIngressGateway - deletes an ingress gateway -func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, []models.ExtClient, error) { +func DeleteIngressGateway(nodeid string) (models.Node, bool, []models.ExtClient, error) { removedClients := []models.ExtClient{} node, err := GetNodeByID(nodeid) if err != nil { return models.Node{}, false, removedClients, err } - clients, err := GetExtClientsByID(nodeid, networkName) + clients, err := GetExtClientsByID(nodeid, node.Network) if err != nil && !database.IsEmptyRecord(err) { return models.Node{}, false, removedClients, err } @@ -141,7 +141,7 @@ func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, removedClients = clients // delete ext clients belonging to ingress gateway - if err = DeleteGatewayExtClients(node.ID.String(), networkName); err != nil { + if err = DeleteGatewayExtClients(node.ID.String(), node.Network); err != nil { return models.Node{}, false, removedClients, err } logger.Log(3, "deleting ingress gateway") @@ -163,7 +163,7 @@ func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, if err != nil { return models.Node{}, wasFailover, removedClients, err } - err = SetNetworkNodesLastModified(networkName) + err = SetNetworkNodesLastModified(node.Network) return node, wasFailover, removedClients, err } From a7914b1631359806be812fa64f339ab6a62198fa Mon Sep 17 00:00:00 2001 From: Aceix Date: Fri, 28 Jul 2023 15:58:36 +0000 Subject: [PATCH 11/13] fix(NET-388): fix to update node dns toggle (#2472) --- models/node.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/models/node.go b/models/node.go index f9c3867b..ba236cbe 100644 --- a/models/node.go +++ b/models/node.go @@ -358,7 +358,7 @@ func (node *LegacyNode) SetDefaultFailover() { } } -// Node.Fill - fills other node data into calling node data if not set on calling node +// Node.Fill - fills other node data into calling node data if not set on calling node (skips DNSOn) func (newNode *Node) Fill(currentNode *Node, isEE bool) { // TODO add new field for nftables present newNode.ID = currentNode.ID newNode.HostID = currentNode.HostID @@ -404,9 +404,6 @@ func (newNode *Node) Fill(currentNode *Node, isEE bool) { // TODO add new field if newNode.IngressGatewayRange6 == "" { newNode.IngressGatewayRange6 = currentNode.IngressGatewayRange6 } - if newNode.DNSOn != currentNode.DNSOn { - newNode.DNSOn = currentNode.DNSOn - } if newNode.Action == "" { newNode.Action = currentNode.Action } From f2dcac12afdaf4f0828d47cb6deb38768254e9a2 Mon Sep 17 00:00:00 2001 From: Abhishek K <32607604+abhishek9686@users.noreply.github.com> Date: Mon, 31 Jul 2023 19:02:22 +0530 Subject: [PATCH 12/13] use local port for metrics pinger (#2479) --- logic/peers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logic/peers.go b/logic/peers.go index 9068a4a6..258a505f 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -201,7 +201,7 @@ func GetPeerUpdateForHost(network string, host *models.Host, allNodes []models.N Address: peer.PrimaryAddress(), Name: peerHost.Name, Network: peer.Network, - ListenPort: GetPeerListenPort(peerHost), + ListenPort: peerHost.ListenPort, } hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, nodePeer) } From fbac884ce2f4f028f026f5c4468d583a69b85ff7 Mon Sep 17 00:00:00 2001 From: Abhishek K <32607604+abhishek9686@users.noreply.github.com> Date: Tue, 1 Aug 2023 01:53:24 +0530 Subject: [PATCH 13/13] v0.20.5 release notes (#2482) * v0.20.5 release notes * add a known issue --- release.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/release.md b/release.md index df6d1bbd..3367c5e4 100644 --- a/release.md +++ b/release.md @@ -2,18 +2,18 @@ # Netmaker v0.20.5 ## Whats New -- FreeBSD 13/14 specific binaries -- Whitelabelling capabilities +- Extclient Acls +- Force delete host along with all the associated nodes ## What's Fixed -- Fixes for FreeBSD -- Mac installer installs WireGuard -- ACL rendering on UI -- Updating Endpoint IP from UI +- Deprecated Proxy +- Solved Race condition for multiple nodes joining network at same time +- Node dns toggle +- Simplified Firewall rules for added stability ## known issues +- Expired nodes are not getting cleaned up - Windows installer does not install WireGuard -- netclient-gui (windows) will display an erroneous error dialog when joining a network (can be ignored) - netclient-gui will continously display error dialog if netmaker server is offline - Incorrect metrics against ext clients - Host ListenPorts set to 0 after migration from 0.17.1 -> 0.20.5