From fde3ecced18ac1ab747df1428c1fce02ad4c9e54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Mar 2023 23:57:59 +0000 Subject: [PATCH 01/24] Bump github.com/go-playground/validator/v10 from 10.11.2 to 10.12.0 Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.11.2 to 10.12.0. - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.11.2...v10.12.0) --- updated-dependencies: - dependency-name: github.com/go-playground/validator/v10 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 11 ++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index c9dd7125..cbf58b3d 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.19 require ( github.com/eclipse/paho.mqtt.golang v1.4.2 - github.com/go-playground/validator/v10 v10.11.2 + github.com/go-playground/validator/v10 v10.12.0 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/google/uuid v1.3.0 github.com/gorilla/handlers v1.5.1 @@ -66,7 +66,7 @@ require ( github.com/google/go-cmp v0.5.9 // indirect github.com/hashicorp/go-version v1.6.0 github.com/josharian/native v1.0.0 // indirect - github.com/leodido/go-urn v1.2.1 // indirect + github.com/leodido/go-urn v1.2.2 // indirect github.com/mattn/go-runewidth v0.0.13 // indirect github.com/mdlayher/genetlink v1.2.0 // indirect github.com/mdlayher/netlink v1.6.0 // indirect diff --git a/go.sum b/go.sum index 0806a7dc..3fbfa3d4 100644 --- a/go.sum +++ b/go.sum @@ -34,8 +34,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU= -github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s= +github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI= +github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -75,8 +75,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= -github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= +github.com/leodido/go-urn v1.2.2 h1:7z68G0FCGvDk646jz1AelTYNYWrTNm0bEcFAo147wt4= +github.com/leodido/go-urn v1.2.2/go.mod h1:kUaIbLZWttglzwNuG0pgsh5vuV6u2YcGBYz1hIPjtOQ= github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw= github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= @@ -118,6 +118,7 @@ github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f/go.mod h1:UW/gxgQw github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/rwtodd/Go.Sed v0.0.0-20210816025313-55464686f9ef/go.mod h1:8AEUvGVi2uQ5b24BIhcr0GCcpd/RNAFWaN2CJFrWIIQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0= github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= @@ -232,8 +233,8 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= From 2d2e1bee4668bff9aa1eb0f9e4cd5dea774f7c5e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Mar 2023 00:02:04 +0000 Subject: [PATCH 02/24] Bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/release-assets.yml | 2 +- .github/workflows/release-branch.yml | 2 +- .github/workflows/test.yml | 8 ++++---- .github/workflows/upgraderelease.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release-assets.yml b/.github/workflows/release-assets.yml index d1919d69..1d164bad 100644 --- a/.github/workflows/release-assets.yml +++ b/.github/workflows/release-assets.yml @@ -31,7 +31,7 @@ jobs: run: | git fetch --force --tags - name: Setup go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 - name: GoReleaser (full release) diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml index 2dfdf1c8..c244b725 100644 --- a/.github/workflows/release-branch.yml +++ b/.github/workflows/release-branch.yml @@ -21,7 +21,7 @@ jobs: with: ref: develop - name: setup go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 - name: setup git diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 63b9a818..08bd67a5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 - name: Build @@ -27,7 +27,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 - name: Build @@ -44,7 +44,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 - name: run tests @@ -63,7 +63,7 @@ jobs: - name: Checkout uses: actions/checkout@v3 - name: Setup Go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 - name: run static checks diff --git a/.github/workflows/upgraderelease.yml b/.github/workflows/upgraderelease.yml index 50106875..ec3199a6 100644 --- a/.github/workflows/upgraderelease.yml +++ b/.github/workflows/upgraderelease.yml @@ -20,7 +20,7 @@ jobs: - run: | git fetch --force --tags - name: Setup go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: 1.19 - name: goreleaser From bc6235f09688f09c488b2e7114b621f74c36ef03 Mon Sep 17 00:00:00 2001 From: theguy951357 Date: Thu, 30 Mar 2023 15:08:24 -0400 Subject: [PATCH 03/24] upgrade develop to v0.18.6 --- .github/ISSUE_TEMPLATE/bug-report.yml | 1 + README.md | 2 +- compose/docker-compose-emqx.yml | 2 +- compose/docker-compose.netclient.yml | 2 +- controllers/docs.go | 2 +- k8s/client/netclient-daemonset.yaml | 2 +- k8s/client/netclient.yaml | 2 +- k8s/server/netmaker-server.yaml | 2 +- k8s/server/netmaker-ui.yaml | 2 +- main.go | 2 +- release.md | 2 +- scripts/nm-upgrade.sh | 4 ++-- swagger.yaml | 2 +- 13 files changed, 14 insertions(+), 13 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index 4b31af6b..881d19cc 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -31,6 +31,7 @@ body: label: Version description: What version are you running? options: + - v0.18.6 - v0.18.5 - v0.18.4 - v0.18.3 diff --git a/README.md b/README.md index 9d6e8dc0..dd94af80 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@

- + diff --git a/compose/docker-compose-emqx.yml b/compose/docker-compose-emqx.yml index 59782d9a..1e35b3f8 100644 --- a/compose/docker-compose-emqx.yml +++ b/compose/docker-compose-emqx.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.18.5 + image: gravitl/netmaker:v restart: always volumes: - dnsconfig:/root/config/dnsconfig diff --git a/compose/docker-compose.netclient.yml b/compose/docker-compose.netclient.yml index 61e2cbef..2b93485a 100644 --- a/compose/docker-compose.netclient.yml +++ b/compose/docker-compose.netclient.yml @@ -3,7 +3,7 @@ version: "3.4" services: netclient: container_name: netclient - image: 'gravitl/netclient:v0.18.5' + image: 'gravitl/netclient:v0.18.6' hostname: netmaker-1 network_mode: host restart: always diff --git a/controllers/docs.go b/controllers/docs.go index 49e33d9c..1a105710 100644 --- a/controllers/docs.go +++ b/controllers/docs.go @@ -10,7 +10,7 @@ // // Schemes: https // BasePath: / -// Version: 0.18.5 +// Version: // Host: netmaker.io // // Consumes: diff --git a/k8s/client/netclient-daemonset.yaml b/k8s/client/netclient-daemonset.yaml index 694b3499..fef3a0a0 100644 --- a/k8s/client/netclient-daemonset.yaml +++ b/k8s/client/netclient-daemonset.yaml @@ -16,7 +16,7 @@ spec: hostNetwork: true containers: - name: netclient - image: gravitl/netclient:v0.18.5 + image: gravitl/netclient:v env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/client/netclient.yaml b/k8s/client/netclient.yaml index cb4abb1e..65c8b643 100644 --- a/k8s/client/netclient.yaml +++ b/k8s/client/netclient.yaml @@ -28,7 +28,7 @@ spec: # - "" containers: - name: netclient - image: gravitl/netclient:v0.18.5 + image: gravitl/netclient:v env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/server/netmaker-server.yaml b/k8s/server/netmaker-server.yaml index 3724234b..31233888 100644 --- a/k8s/server/netmaker-server.yaml +++ b/k8s/server/netmaker-server.yaml @@ -79,7 +79,7 @@ spec: value: "Kubernetes" - name: VERBOSITY value: "3" - image: gravitl/netmaker:v0.18.5 + image: gravitl/netmaker:v imagePullPolicy: Always name: netmaker ports: diff --git a/k8s/server/netmaker-ui.yaml b/k8s/server/netmaker-ui.yaml index 8953aca0..23c8ae50 100644 --- a/k8s/server/netmaker-ui.yaml +++ b/k8s/server/netmaker-ui.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: netmaker-ui - image: gravitl/netmaker-ui:v0.18.5 + image: gravitl/netmaker-ui:v ports: - containerPort: 443 env: diff --git a/main.go b/main.go index 81dac51e..5f8db253 100644 --- a/main.go +++ b/main.go @@ -27,7 +27,7 @@ import ( stunserver "github.com/gravitl/netmaker/stun-server" ) -var version = "v0.18.5" +var version = "v" // Start DB Connection and start API Request Handler func main() { diff --git a/release.md b/release.md index 221199ef..d09af793 100644 --- a/release.md +++ b/release.md @@ -1,4 +1,4 @@ -# Netmaker v0.18.5 +# Netmaker v ## **Wait till out of pre-release to fully upgrade** diff --git a/scripts/nm-upgrade.sh b/scripts/nm-upgrade.sh index bc85343c..86348a21 100644 --- a/scripts/nm-upgrade.sh +++ b/scripts/nm-upgrade.sh @@ -1,6 +1,6 @@ #!/bin/bash -LATEST="v0.18.5" +LATEST="v" # check_version - make sure current version is 0.17.1 before continuing check_version() { @@ -351,7 +351,7 @@ set_compose() { STUN_PORT=3478 # RELEASE_REPLACE - Use this once release is ready - #sed -i "s/v0.17.1/v0.18.5/g" /root/docker-compose.yml + #sed -i "s/v0.17.1/v/g" /root/docker-compose.yml yq ".services.netmaker.environment.SERVER_NAME = \"$SERVER_NAME\"" -i /root/docker-compose.yml yq ".services.netmaker.environment += {\"BROKER_ENDPOINT\": \"wss://$BROKER_NAME\"}" -i /root/docker-compose.yml yq ".services.netmaker.environment += {\"SERVER_BROKER_ENDPOINT\": \"ws://mq:1883\"}" -i /root/docker-compose.yml diff --git a/swagger.yaml b/swagger.yaml index 8fe10824..fc6e5b37 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -704,7 +704,7 @@ info: API calls must be authenticated via a header of the format -H “Authorization: Bearer ” There are two methods to obtain YOUR_SECRET_KEY: 1. Using the masterkey. By default, this value is “secret key,” but you should change this on your instance and keep it secure. This value can be set via env var at startup or in a config file (config/environments/< env >.yaml). See the [Netmaker](https://docs.netmaker.org/index.html) documentation for more details. 2. Using a JWT received for a node. This can be retrieved by calling the /api/nodes//authenticate endpoint, as documented below. title: Netmaker - version: 0.18.5 + version: paths: /api/dns: get: From d82e3a9b9e222fb9f4f4698ca278e011bd068f5d Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Thu, 30 Mar 2023 15:10:17 -0400 Subject: [PATCH 04/24] add checks to user update processing --- controllers/user.go | 16 ++++++++++++++++ logic/jwts.go | 13 +++++++++++++ 2 files changed, 29 insertions(+) diff --git a/controllers/user.go b/controllers/user.go index 254ea806..27ac40e5 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -331,7 +331,18 @@ func updateUser(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") var params = mux.Vars(r) // start here + jwtUser, _, isadmin, err := logic.VerifyJWS(r.Header.Get("Authorization")) + if err != nil { + logger.Log(0, "verifyJWT error", err.Error()) + logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) + return + } username := params["username"] + if username != jwtUser && !isadmin { + logger.Log(0, "non-admin user", jwtUser, "attempted to update user", username) + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized")) + return + } user, err := logic.GetUser(username) if err != nil { logger.Log(0, username, @@ -354,6 +365,11 @@ func updateUser(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) return } + if userchange.IsAdmin && !isadmin { + logger.Log(0, "non-admin user", jwtUser, "attempted get admin privilages") + logic.ReturnErrorResponse(w, r, logic.FormatError(errors.New("not authorizied"), "unauthorized")) + return + } userchange.Networks = nil user, err = logic.UpdateUser(&userchange, user) if err != nil { diff --git a/logic/jwts.go b/logic/jwts.go index 9e26eb2f..881c1fd9 100644 --- a/logic/jwts.go +++ b/logic/jwts.go @@ -3,6 +3,7 @@ package logic import ( "errors" "fmt" + "strings" "time" "github.com/golang-jwt/jwt/v4" @@ -101,6 +102,18 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s return "", err } +// VerifyJWT verifies Auth Header +func VerifyJWS(bearerToken string) (username string, networks []string, isadmin bool, err error) { + token := "" + tokenSplit := strings.Split(bearerToken, " ") + if len(tokenSplit) > 1 { + token = tokenSplit[1] + } else { + return "", nil, false, errors.New("invalid auth header") + } + return VerifyUserToken(token) +} + // VerifyUserToken func will used to Verify the JWT Token while using APIS func VerifyUserToken(tokenString string) (username string, networks []string, isadmin bool, err error) { claims := &models.UserClaims{} From fa40a5929d17c854831eb8735eb73081e761f0cd Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Thu, 23 Mar 2023 15:37:11 -0400 Subject: [PATCH 05/24] added turn ep + nat type to host model --- logic/hosts.go | 5 +++++ models/api_host.go | 3 +++ models/host.go | 16 ++++++++++++++++ mq/handlers.go | 24 +++++++++++++++--------- 4 files changed, 39 insertions(+), 9 deletions(-) diff --git a/logic/hosts.go b/logic/hosts.go index 19feda1a..df7a0cf1 100644 --- a/logic/hosts.go +++ b/logic/hosts.go @@ -178,6 +178,11 @@ func UpdateHostFromClient(newHost, currHost *models.Host) (sendPeerUpdate bool) if newHost.Name != "" { currHost.Name = newHost.Name } + if len(newHost.NatType) > 0 && newHost.NatType != currHost.NatType { + currHost.NatType = newHost.NatType + logger.Log(0, "updated host nat type", newHost.Name, newHost.NatType) + sendPeerUpdate = true + } return } diff --git a/models/api_host.go b/models/api_host.go index 06369360..b912f36f 100644 --- a/models/api_host.go +++ b/models/api_host.go @@ -33,6 +33,7 @@ type ApiHost struct { RelayedBy string `json:"relayed_by" bson:"relayed_by" yaml:"relayed_by"` IsRelay bool `json:"isrelay" bson:"isrelay" yaml:"isrelay"` RelayedHosts []string `json:"relay_hosts" bson:"relay_hosts" yaml:"relay_hosts"` + NatType string `json:"nat_type" bson:"nat_type" yaml:"nat_type"` } // Host.ConvertNMHostToAPI - converts a Netmaker host to an API editable host @@ -112,6 +113,8 @@ func (a *ApiHost) ConvertAPIHostToNMHost(currentHost *Host) *Host { h.IsRelayed = a.IsRelayed h.ProxyEnabled = a.ProxyEnabled h.IsDefault = a.IsDefault + h.NatType = currentHost.NatType + h.TurnEndpoint = currentHost.TurnEndpoint return &h } diff --git a/models/host.go b/models/host.go index 13e44b50..bdaa8e98 100644 --- a/models/host.go +++ b/models/host.go @@ -2,6 +2,7 @@ package models import ( "net" + "net/netip" "github.com/google/uuid" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" @@ -22,6 +23,19 @@ var OS_Types = struct { IoT: "iot", } +// NAT_Types - the type of NAT in which a HOST currently resides (simplified) +var NAT_Types = struct { + Public string + Symmetric string + Asymmetric string + Double string +}{ + Public: "public", + Symmetric: "symmetric", + Asymmetric: "asymmetric", + Double: "double", +} + // WIREGUARD_INTERFACE name of wireguard interface const WIREGUARD_INTERFACE = "netmaker" @@ -60,6 +74,8 @@ type Host struct { IsK8S bool `json:"isk8s" yaml:"isk8s"` IsStatic bool `json:"isstatic" yaml:"isstatic"` IsDefault bool `json:"isdefault" yaml:"isdefault"` + NatType string `json:"nat_type,omitempty" yaml:"nat_type,omitempty"` + TurnEndpoint *netip.AddrPort `json:"turn_endpoint,omitempty" yaml:"turn_endpoint,omitempty"` } // FormatBool converts a boolean to a [yes|no] string diff --git a/mq/handlers.go b/mq/handlers.go index 51d3d5c5..22c5e62a 100644 --- a/mq/handlers.go +++ b/mq/handlers.go @@ -396,16 +396,22 @@ func handleHostCheckin(h, currentHost *models.Host) bool { for i := range h.Interfaces { h.Interfaces[i].AddressString = h.Interfaces[i].Address.String() } - ifaceDelta := len(h.Interfaces) != len(currentHost.Interfaces) || !h.EndpointIP.Equal(currentHost.EndpointIP) - currentHost.EndpointIP = h.EndpointIP - currentHost.Interfaces = h.Interfaces - currentHost.DefaultInterface = h.DefaultInterface - if err := logic.UpsertHost(currentHost); err != nil { - logger.Log(0, "failed to update host after check-in", h.Name, h.ID.String(), err.Error()) - return false + ifaceDelta := len(h.Interfaces) != len(currentHost.Interfaces) || + !h.EndpointIP.Equal(currentHost.EndpointIP) || + (len(h.NatType) > 0 && h.NatType != currentHost.NatType) || + h.DefaultInterface != currentHost.DefaultInterface + if ifaceDelta { // only save if something changes + currentHost.EndpointIP = h.EndpointIP + currentHost.Interfaces = h.Interfaces + currentHost.DefaultInterface = h.DefaultInterface + currentHost.NatType = h.NatType + if err := logic.UpsertHost(currentHost); err != nil { + logger.Log(0, "failed to update host after check-in", h.Name, h.ID.String(), err.Error()) + return false + } + logger.Log(1, "updated host after check-in", currentHost.Name, currentHost.ID.String()) } - logger.Log(0, "ping processed for host", h.Name, h.ID.String()) + logger.Log(2, "check-in processed for host", h.Name, h.ID.String()) return ifaceDelta - } From 2da7d7242f3fe6c08d058c541f65f8359e7c65dd Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Thu, 30 Mar 2023 17:33:46 -0400 Subject: [PATCH 06/24] remove debug items --- logic/hosts.go | 1 - models/api_host.go | 1 - 2 files changed, 2 deletions(-) diff --git a/logic/hosts.go b/logic/hosts.go index df7a0cf1..2ea04349 100644 --- a/logic/hosts.go +++ b/logic/hosts.go @@ -180,7 +180,6 @@ func UpdateHostFromClient(newHost, currHost *models.Host) (sendPeerUpdate bool) } if len(newHost.NatType) > 0 && newHost.NatType != currHost.NatType { currHost.NatType = newHost.NatType - logger.Log(0, "updated host nat type", newHost.Name, newHost.NatType) sendPeerUpdate = true } diff --git a/models/api_host.go b/models/api_host.go index b912f36f..608d424c 100644 --- a/models/api_host.go +++ b/models/api_host.go @@ -33,7 +33,6 @@ type ApiHost struct { RelayedBy string `json:"relayed_by" bson:"relayed_by" yaml:"relayed_by"` IsRelay bool `json:"isrelay" bson:"isrelay" yaml:"isrelay"` RelayedHosts []string `json:"relay_hosts" bson:"relay_hosts" yaml:"relay_hosts"` - NatType string `json:"nat_type" bson:"nat_type" yaml:"nat_type"` } // Host.ConvertNMHostToAPI - converts a Netmaker host to an API editable host From 8bf8201129dd743580cfe0555dc6631eca28dfca Mon Sep 17 00:00:00 2001 From: theguy951357 Date: Mon, 3 Apr 2023 09:15:32 -0400 Subject: [PATCH 07/24] missing versions --- README.md | 2 +- compose/docker-compose-emqx.yml | 4 ++-- controllers/docs.go | 2 +- k8s/client/netclient-daemonset.yaml | 2 +- k8s/client/netclient.yaml | 2 +- k8s/server/netmaker-server.yaml | 2 +- k8s/server/netmaker-ui.yaml | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index dd94af80..c7baee54 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@

- + diff --git a/compose/docker-compose-emqx.yml b/compose/docker-compose-emqx.yml index 1e35b3f8..404bcd3d 100644 --- a/compose/docker-compose-emqx.yml +++ b/compose/docker-compose-emqx.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v + image: gravitl/netmaker:v0.18.6 restart: always volumes: - dnsconfig:/root/config/dnsconfig @@ -35,7 +35,7 @@ services: - "3478:3478/udp" netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.18.4 + image: gravitl/netmaker-ui:v0.18.6 depends_on: - netmaker links: diff --git a/controllers/docs.go b/controllers/docs.go index 1a105710..a30e7ae9 100644 --- a/controllers/docs.go +++ b/controllers/docs.go @@ -10,7 +10,7 @@ // // Schemes: https // BasePath: / -// Version: +// Version: 0.18.6 // Host: netmaker.io // // Consumes: diff --git a/k8s/client/netclient-daemonset.yaml b/k8s/client/netclient-daemonset.yaml index fef3a0a0..6c6c55c1 100644 --- a/k8s/client/netclient-daemonset.yaml +++ b/k8s/client/netclient-daemonset.yaml @@ -16,7 +16,7 @@ spec: hostNetwork: true containers: - name: netclient - image: gravitl/netclient:v + image: gravitl/netclient:v0.18.6 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/client/netclient.yaml b/k8s/client/netclient.yaml index 65c8b643..5406534a 100644 --- a/k8s/client/netclient.yaml +++ b/k8s/client/netclient.yaml @@ -28,7 +28,7 @@ spec: # - "" containers: - name: netclient - image: gravitl/netclient:v + image: gravitl/netclient:v0.18.6 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/server/netmaker-server.yaml b/k8s/server/netmaker-server.yaml index 31233888..49f61009 100644 --- a/k8s/server/netmaker-server.yaml +++ b/k8s/server/netmaker-server.yaml @@ -79,7 +79,7 @@ spec: value: "Kubernetes" - name: VERBOSITY value: "3" - image: gravitl/netmaker:v + image: gravitl/netmaker:v0.18.6 imagePullPolicy: Always name: netmaker ports: diff --git a/k8s/server/netmaker-ui.yaml b/k8s/server/netmaker-ui.yaml index 23c8ae50..5aade688 100644 --- a/k8s/server/netmaker-ui.yaml +++ b/k8s/server/netmaker-ui.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: netmaker-ui - image: gravitl/netmaker-ui:v + image: gravitl/netmaker-ui:v0.18.6 ports: - containerPort: 443 env: From e87c1a34f9c401d090a7a72f76f944450af1c9d1 Mon Sep 17 00:00:00 2001 From: theguy951357 Date: Mon, 3 Apr 2023 09:36:02 -0400 Subject: [PATCH 08/24] missing version --- main.go | 2 +- release.md | 2 +- scripts/nm-upgrade.sh | 2 +- swagger.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/main.go b/main.go index 5f8db253..a3bcaa2f 100644 --- a/main.go +++ b/main.go @@ -27,7 +27,7 @@ import ( stunserver "github.com/gravitl/netmaker/stun-server" ) -var version = "v" +var version = "v0.18.6" // Start DB Connection and start API Request Handler func main() { diff --git a/release.md b/release.md index d09af793..5fa2ced4 100644 --- a/release.md +++ b/release.md @@ -1,4 +1,4 @@ -# Netmaker v +# Netmaker v0.18.6 ## **Wait till out of pre-release to fully upgrade** diff --git a/scripts/nm-upgrade.sh b/scripts/nm-upgrade.sh index 86348a21..0390c306 100644 --- a/scripts/nm-upgrade.sh +++ b/scripts/nm-upgrade.sh @@ -1,6 +1,6 @@ #!/bin/bash -LATEST="v" +LATEST="v0.18.5" # check_version - make sure current version is 0.17.1 before continuing check_version() { diff --git a/swagger.yaml b/swagger.yaml index fc6e5b37..9b89ed9f 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -704,7 +704,7 @@ info: API calls must be authenticated via a header of the format -H “Authorization: Bearer ” There are two methods to obtain YOUR_SECRET_KEY: 1. Using the masterkey. By default, this value is “secret key,” but you should change this on your instance and keep it secure. This value can be set via env var at startup or in a config file (config/environments/< env >.yaml). See the [Netmaker](https://docs.netmaker.org/index.html) documentation for more details. 2. Using a JWT received for a node. This can be retrieved by calling the /api/nodes//authenticate endpoint, as documented below. title: Netmaker - version: + version: 0.18.6 paths: /api/dns: get: From 63175d234ad6150dd89f1388d143e1249d318038 Mon Sep 17 00:00:00 2001 From: theguy951357 Date: Mon, 3 Apr 2023 09:40:25 -0400 Subject: [PATCH 09/24] version --- scripts/nm-upgrade.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/nm-upgrade.sh b/scripts/nm-upgrade.sh index 0390c306..3d570dff 100644 --- a/scripts/nm-upgrade.sh +++ b/scripts/nm-upgrade.sh @@ -351,7 +351,7 @@ set_compose() { STUN_PORT=3478 # RELEASE_REPLACE - Use this once release is ready - #sed -i "s/v0.17.1/v/g" /root/docker-compose.yml + #sed -i "s/v0.17.1/v0.18.6/g" /root/docker-compose.yml yq ".services.netmaker.environment.SERVER_NAME = \"$SERVER_NAME\"" -i /root/docker-compose.yml yq ".services.netmaker.environment += {\"BROKER_ENDPOINT\": \"wss://$BROKER_NAME\"}" -i /root/docker-compose.yml yq ".services.netmaker.environment += {\"SERVER_BROKER_ENDPOINT\": \"ws://mq:1883\"}" -i /root/docker-compose.yml From c2a4cb1145a59636e597f2332275814ade064a31 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Mon, 3 Apr 2023 09:54:16 -0400 Subject: [PATCH 10/24] update function name --- controllers/user.go | 2 +- logic/jwts.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/user.go b/controllers/user.go index 27ac40e5..78e31b0d 100644 --- a/controllers/user.go +++ b/controllers/user.go @@ -331,7 +331,7 @@ func updateUser(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") var params = mux.Vars(r) // start here - jwtUser, _, isadmin, err := logic.VerifyJWS(r.Header.Get("Authorization")) + jwtUser, _, isadmin, err := logic.VerifyJWT(r.Header.Get("Authorization")) if err != nil { logger.Log(0, "verifyJWT error", err.Error()) logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) diff --git a/logic/jwts.go b/logic/jwts.go index 881c1fd9..4ac722a6 100644 --- a/logic/jwts.go +++ b/logic/jwts.go @@ -103,7 +103,7 @@ func CreateUserJWT(username string, networks []string, isadmin bool) (response s } // VerifyJWT verifies Auth Header -func VerifyJWS(bearerToken string) (username string, networks []string, isadmin bool, err error) { +func VerifyJWT(bearerToken string) (username string, networks []string, isadmin bool, err error) { token := "" tokenSplit := strings.Split(bearerToken, " ") if len(tokenSplit) > 1 { From 1621c27c1d176b639e9768b2acad7693e387fd51 Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Mon, 3 Apr 2023 14:17:14 -0400 Subject: [PATCH 11/24] fixed hard coded dns key --- logic/security.go | 2 +- servercfg/serverconf.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/logic/security.go b/logic/security.go index 1b57dc8b..a6b13dbb 100644 --- a/logic/security.go +++ b/logic/security.go @@ -187,7 +187,7 @@ func authenticateDNSToken(tokenString string) bool { if len(tokens) < 2 { return false } - return tokens[1] == servercfg.GetDNSKey() + return len(servercfg.GetDNSKey()) > 0 && tokens[1] == servercfg.GetDNSKey() } func ContinueIfUserMatch(next http.Handler) http.HandlerFunc { diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index c59253d9..1830cb66 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -277,7 +277,7 @@ func GetMasterKey() string { // GetDNSKey - gets the configured dns key of server func GetDNSKey() string { - key := "secretkey" + key := "" if os.Getenv("DNS_KEY") != "" { key = os.Getenv("DNS_KEY") } else if config.Config.Server.DNSKey != "" { From b31b1cba7e452902b11d970722c9bb78275e1a2d Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Wed, 5 Apr 2023 12:06:15 -0400 Subject: [PATCH 12/24] keep keys if not changed --- logic/extpeers.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/logic/extpeers.go b/logic/extpeers.go index 60e4bd73..d65b2ee5 100644 --- a/logic/extpeers.go +++ b/logic/extpeers.go @@ -141,7 +141,7 @@ func CreateExtClient(extclient *models.ExtClient) error { } extclient.PrivateKey = privateKey.String() extclient.PublicKey = privateKey.PublicKey().String() - } else { + } else if len(extclient.PrivateKey) == 0 && len(extclient.PublicKey) > 0 { extclient.PrivateKey = "[ENTER PRIVATE KEY]" } @@ -194,8 +194,7 @@ func UpdateExtClient(newclientid string, network string, enabled bool, client *m if err != nil { return client, err } - if newclientid != client.ClientID { - //name change only + if newclientid != client.ClientID { // name change only client.ClientID = newclientid client.LastModified = time.Now().Unix() data, err := json.Marshal(&client) From c67403585d526124ce9e891e9904f706354316f9 Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Wed, 5 Apr 2023 12:31:51 -0400 Subject: [PATCH 13/24] move ingress/egress check outside of peers calc --- logic/peers.go | 114 ++++++++++++++++++++++++------------------------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/logic/peers.go b/logic/peers.go index f004a46e..34ac63ae 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -325,68 +325,68 @@ func GetPeerUpdateForHost(ctx context.Context, network string, host *models.Host hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, nodePeer) } } - var extPeers []wgtypes.PeerConfig - var extPeerIDAndAddrs []models.IDandAddr - if node.IsIngressGateway { - extPeers, extPeerIDAndAddrs, err = getExtPeers(&node) - if err == nil { - for _, extPeerIdAndAddr := range extPeerIDAndAddrs { - extPeerIdAndAddr := extPeerIdAndAddr - nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{ - PeerAddr: net.IPNet{ - IP: net.ParseIP(extPeerIdAndAddr.Address), - Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address), - }, - PeerKey: extPeerIdAndAddr.ID, - Allow: true, - ID: extPeerIdAndAddr.ID, - } + } + var extPeers []wgtypes.PeerConfig + var extPeerIDAndAddrs []models.IDandAddr + if node.IsIngressGateway { + extPeers, extPeerIDAndAddrs, err = getExtPeers(&node) + if err == nil { + for _, extPeerIdAndAddr := range extPeerIDAndAddrs { + extPeerIdAndAddr := extPeerIdAndAddr + nodePeerMap[extPeerIdAndAddr.ID] = models.PeerRouteInfo{ + PeerAddr: net.IPNet{ + IP: net.ParseIP(extPeerIdAndAddr.Address), + Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address), + }, + PeerKey: extPeerIdAndAddr.ID, + Allow: true, + ID: extPeerIdAndAddr.ID, + } + } + hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...) + for _, extPeerIdAndAddr := range extPeerIDAndAddrs { + extPeerIdAndAddr := extPeerIdAndAddr + hostPeerUpdate.HostPeerIDs[extPeerIdAndAddr.ID] = make(map[string]models.IDandAddr) + hostPeerUpdate.HostPeerIDs[extPeerIdAndAddr.ID][extPeerIdAndAddr.ID] = models.IDandAddr{ + ID: extPeerIdAndAddr.ID, + Address: extPeerIdAndAddr.Address, + Name: extPeerIdAndAddr.Name, + Network: node.Network, } - hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, extPeers...) - for _, extPeerIdAndAddr := range extPeerIDAndAddrs { - extPeerIdAndAddr := extPeerIdAndAddr - hostPeerUpdate.HostPeerIDs[extPeerIdAndAddr.ID] = make(map[string]models.IDandAddr) - hostPeerUpdate.HostPeerIDs[extPeerIdAndAddr.ID][extPeerIdAndAddr.ID] = models.IDandAddr{ - ID: extPeerIdAndAddr.ID, - Address: extPeerIdAndAddr.Address, - Name: extPeerIdAndAddr.Name, - Network: node.Network, - } - hostPeerUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{ - Masquerade: true, - IngGwAddr: net.IPNet{ - IP: net.ParseIP(node.PrimaryAddress()), - Mask: getCIDRMaskFromAddr(node.PrimaryAddress()), - }, - Network: node.PrimaryNetworkRange(), - ExtPeerAddr: net.IPNet{ - IP: net.ParseIP(extPeerIdAndAddr.Address), - Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address), - }, - ExtPeerKey: extPeerIdAndAddr.ID, - Peers: filterNodeMapForClientACLs(extPeerIdAndAddr.ID, node.Network, nodePeerMap), - } - if node.Network == network { - hostPeerUpdate.PeerIDs[extPeerIdAndAddr.ID] = extPeerIdAndAddr - hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, extPeers...) - } + hostPeerUpdate.IngressInfo.ExtPeers[extPeerIdAndAddr.ID] = models.ExtClientInfo{ + Masquerade: true, + IngGwAddr: net.IPNet{ + IP: net.ParseIP(node.PrimaryAddress()), + Mask: getCIDRMaskFromAddr(node.PrimaryAddress()), + }, + Network: node.PrimaryNetworkRange(), + ExtPeerAddr: net.IPNet{ + IP: net.ParseIP(extPeerIdAndAddr.Address), + Mask: getCIDRMaskFromAddr(extPeerIdAndAddr.Address), + }, + ExtPeerKey: extPeerIdAndAddr.ID, + Peers: filterNodeMapForClientACLs(extPeerIdAndAddr.ID, node.Network, nodePeerMap), + } + if node.Network == network { + hostPeerUpdate.PeerIDs[extPeerIdAndAddr.ID] = extPeerIdAndAddr + hostPeerUpdate.NodePeers = append(hostPeerUpdate.NodePeers, extPeers...) } - } else if !database.IsEmptyRecord(err) { - logger.Log(1, "error retrieving external clients:", err.Error()) } + } else if !database.IsEmptyRecord(err) { + logger.Log(1, "error retrieving external clients:", err.Error()) } - if node.IsEgressGateway { - hostPeerUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{ - EgressID: node.ID.String(), - Network: node.PrimaryNetworkRange(), - EgressGwAddr: net.IPNet{ - IP: net.ParseIP(node.PrimaryAddress()), - Mask: getCIDRMaskFromAddr(node.PrimaryAddress()), - }, - GwPeers: nodePeerMap, - EgressGWCfg: node.EgressGatewayRequest, - } + } + if node.IsEgressGateway { + hostPeerUpdate.EgressInfo[node.ID.String()] = models.EgressInfo{ + EgressID: node.ID.String(), + Network: node.PrimaryNetworkRange(), + EgressGwAddr: net.IPNet{ + IP: net.ParseIP(node.PrimaryAddress()), + Mask: getCIDRMaskFromAddr(node.PrimaryAddress()), + }, + GwPeers: nodePeerMap, + EgressGWCfg: node.EgressGatewayRequest, } } } From 9d230d35407e08f7cc400b2c3c9c585127c75199 Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Thu, 6 Apr 2023 12:27:33 -0400 Subject: [PATCH 14/24] initial commit --- controllers/node.go | 14 +++++++++++++- logic/gateway.go | 22 +++++++++++++++------- logic/peers.go | 19 +++++++++++-------- mq/publishers.go | 6 +++--- 4 files changed, 42 insertions(+), 19 deletions(-) diff --git a/controllers/node.go b/controllers/node.go index 6cfc5e3c..daf8993e 100644 --- a/controllers/node.go +++ b/controllers/node.go @@ -564,7 +564,7 @@ func deleteIngressGateway(w http.ResponseWriter, r *http.Request) { var params = mux.Vars(r) nodeid := params["nodeid"] netid := params["network"] - node, wasFailover, err := logic.DeleteIngressGateway(netid, nodeid) + node, wasFailover, removedClients, err := logic.DeleteIngressGateway(netid, nodeid) if err != nil { logger.Log(0, r.Header.Get("user"), fmt.Sprintf("failed to delete ingress gateway on node [%s] on network [%s]: %v", @@ -584,6 +584,18 @@ func deleteIngressGateway(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) json.NewEncoder(w).Encode(apiNode) + if len(removedClients) > 0 { + host, err := logic.GetHost(node.HostID.String()) + if err == nil { + go mq.PublishSingleHostPeerUpdate( + context.Background(), + host, + nil, + removedClients[:], + ) + } + } + runUpdates(&node, true) } diff --git a/logic/gateway.go b/logic/gateway.go index 5e50311b..2637f4f1 100644 --- a/logic/gateway.go +++ b/logic/gateway.go @@ -134,10 +134,11 @@ func CreateIngressGateway(netid string, nodeid string, failover bool) (models.No } // DeleteIngressGateway - deletes an ingress gateway -func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, error) { +func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, []models.ExtClient, error) { + removedClients := []models.ExtClient{} node, err := GetNodeByID(nodeid) if err != nil { - return models.Node{}, false, err + return models.Node{}, false, removedClients, err } //host, err := GetHost(node.ID.String()) //if err != nil { @@ -145,11 +146,18 @@ func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, //} //network, err := GetParentNetwork(networkName) if err != nil { - return models.Node{}, false, err + return models.Node{}, false, removedClients, err } + clients, err := GetExtClientsByID(nodeid, networkName) + if err != nil { + return models.Node{}, false, removedClients, err + } + + removedClients = clients + // delete ext clients belonging to ingress gateway if err = DeleteGatewayExtClients(node.ID.String(), networkName); err != nil { - return models.Node{}, false, err + return models.Node{}, false, removedClients, err } logger.Log(3, "deleting ingress gateway") wasFailover := node.Failover @@ -169,14 +177,14 @@ func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, data, err := json.Marshal(&node) if err != nil { - return models.Node{}, false, err + return models.Node{}, false, removedClients, err } err = database.Insert(node.ID.String(), string(data), database.NODES_TABLE_NAME) if err != nil { - return models.Node{}, wasFailover, err + return models.Node{}, wasFailover, removedClients, err } err = SetNetworkNodesLastModified(networkName) - return node, wasFailover, err + return node, wasFailover, removedClients, err } // DeleteGatewayExtClients - deletes ext clients based on gateway (mac) of ingress node and network diff --git a/logic/peers.go b/logic/peers.go index f004a46e..afaa6c3e 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -140,7 +140,7 @@ func ResetPeerUpdateContext() { } // GetPeerUpdateForHost - gets the consolidated peer update for the host from all networks -func GetPeerUpdateForHost(ctx context.Context, network string, host *models.Host, deletedNode *models.Node, deletedClient *models.ExtClient) (models.HostPeerUpdate, error) { +func GetPeerUpdateForHost(ctx context.Context, network string, host *models.Host, deletedNode *models.Node, deletedClients []models.ExtClient) (models.HostPeerUpdate, error) { if host == nil { return models.HostPeerUpdate{}, errors.New("host is nil") } @@ -408,13 +408,16 @@ func GetPeerUpdateForHost(ctx context.Context, network string, host *models.Host hostPeerUpdate.NodePeers[i] = peer } - if deletedClient != nil { - key, err := wgtypes.ParseKey(deletedClient.PublicKey) - if err == nil { - hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, wgtypes.PeerConfig{ - PublicKey: key, - Remove: true, - }) + if len(deletedClients) > 0 { + for i := range deletedClients { + deletedClient := deletedClients[i] + key, err := wgtypes.ParseKey(deletedClient.PublicKey) + if err == nil { + hostPeerUpdate.Peers = append(hostPeerUpdate.Peers, wgtypes.PeerConfig{ + PublicKey: key, + Remove: true, + }) + } } } diff --git a/mq/publishers.go b/mq/publishers.go index c530071d..ec5eb059 100644 --- a/mq/publishers.go +++ b/mq/publishers.go @@ -71,7 +71,7 @@ func PublishDeletedClientPeerUpdate(delClient *models.ExtClient) error { logic.ResetPeerUpdateContext() for _, host := range hosts { host := host - if err = PublishSingleHostPeerUpdate(logic.PeerUpdateCtx, &host, nil, delClient); err != nil { + if err = PublishSingleHostPeerUpdate(logic.PeerUpdateCtx, &host, nil, []models.ExtClient{*delClient}); err != nil { logger.Log(1, "failed to publish peer update to host", host.ID.String(), ": ", err.Error()) } } @@ -79,9 +79,9 @@ func PublishDeletedClientPeerUpdate(delClient *models.ExtClient) error { } // PublishSingleHostPeerUpdate --- determines and publishes a peer update to one host -func PublishSingleHostPeerUpdate(ctx context.Context, host *models.Host, deletedNode *models.Node, deletedClient *models.ExtClient) error { +func PublishSingleHostPeerUpdate(ctx context.Context, host *models.Host, deletedNode *models.Node, deletedClients []models.ExtClient) error { - peerUpdate, err := logic.GetPeerUpdateForHost(ctx, "", host, deletedNode, deletedClient) + peerUpdate, err := logic.GetPeerUpdateForHost(ctx, "", host, deletedNode, deletedClients) if err != nil { return err } From e8fd7df86e989bc109b67065c89a9b7649754b92 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Apr 2023 23:57:54 +0000 Subject: [PATCH 15/24] Bump golang.org/x/oauth2 from 0.6.0 to 0.7.0 Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.6.0 to 0.7.0. - [Release notes](https://github.com/golang/oauth2/releases) - [Commits](https://github.com/golang/oauth2/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index c9dd7125..181dd866 100644 --- a/go.mod +++ b/go.mod @@ -16,10 +16,10 @@ require ( github.com/stretchr/testify v1.8.2 github.com/txn2/txeh v1.3.0 golang.org/x/crypto v0.7.0 - golang.org/x/net v0.8.0 // indirect - golang.org/x/oauth2 v0.6.0 - golang.org/x/sys v0.6.0 // indirect - golang.org/x/text v0.8.0 // indirect + golang.org/x/net v0.9.0 // indirect + golang.org/x/oauth2 v0.7.0 + golang.org/x/sys v0.7.0 // indirect + golang.org/x/text v0.9.0 // indirect golang.zx2c4.com/wireguard v0.0.0-20220920152132-bb719d3a6e2c // indirect golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220324164955-056925b7df31 google.golang.org/protobuf v1.28.1 // indirect diff --git a/go.sum b/go.sum index 0806a7dc..ad1fcfc8 100644 --- a/go.sum +++ b/go.sum @@ -172,11 +172,11 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= -golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/oauth2 v0.3.0/go.mod h1:rQrIauxkUhJ6CuwEXwymO2/eh4xz2ZWF1nBkcxS+tGk= -golang.org/x/oauth2 v0.6.0 h1:Lh8GPgSKBfWSwFvtuWOfeI3aAAnbXTSutYxJiOJFgIw= -golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -198,8 +198,8 @@ golang.org/x/sys v0.0.0-20220207234003-57398862261d/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= @@ -209,8 +209,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= From 5780a4ede0b7c58848a1e12045e09d4d26326fcb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Apr 2023 23:57:59 +0000 Subject: [PATCH 16/24] Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index c9dd7125..23a8e483 100644 --- a/go.mod +++ b/go.mod @@ -44,13 +44,13 @@ require ( github.com/guumaster/tablewriter v0.0.10 github.com/matryer/is v1.4.1 github.com/olekukonko/tablewriter v0.0.5 - github.com/spf13/cobra v1.6.1 + github.com/spf13/cobra v1.7.0 ) require ( cloud.google.com/go/compute/metadata v0.2.1 // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect - github.com/inconshreveable/mousetrap v1.0.1 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/kr/pretty v0.3.1 // indirect github.com/rivo/uniseg v0.2.0 // indirect github.com/spf13/pflag v1.0.5 // indirect diff --git a/go.sum b/go.sum index 0806a7dc..1f6a2a2f 100644 --- a/go.sum +++ b/go.sum @@ -64,8 +64,8 @@ github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mO github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc= -github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/josharian/native v1.0.0 h1:Ts/E8zCSEsG17dUqv7joXJFybuMLjQfWE04tsBODTxk= github.com/josharian/native v1.0.0/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -124,8 +124,8 @@ github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDq github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= -github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA= -github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY= +github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= +github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= From 59ea7f0004982e6626e1a9f67850ca66a7b614f9 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Tue, 11 Apr 2023 11:04:36 -0400 Subject: [PATCH 17/24] don't fail deleting ingress if no extclients exist --- logic/gateway.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/logic/gateway.go b/logic/gateway.go index 2637f4f1..899af5b2 100644 --- a/logic/gateway.go +++ b/logic/gateway.go @@ -190,7 +190,10 @@ func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, // DeleteGatewayExtClients - deletes ext clients based on gateway (mac) of ingress node and network func DeleteGatewayExtClients(gatewayID string, networkName string) error { currentExtClients, err := GetNetworkExtClients(networkName) - if err != nil && !database.IsEmptyRecord(err) { + if database.IsEmptyRecord(err) { + return nil + } + if err != nil { return err } for _, extClient := range currentExtClients { From 1afad1f9ed7c5c961924b49b086d65aa192f50fd Mon Sep 17 00:00:00 2001 From: Abhishek Kondur Date: Tue, 11 Apr 2023 22:29:14 +0400 Subject: [PATCH 18/24] avoid random update of host --- controllers/node.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/controllers/node.go b/controllers/node.go index daf8993e..51518106 100644 --- a/controllers/node.go +++ b/controllers/node.go @@ -653,16 +653,6 @@ func updateNode(w http.ResponseWriter, r *http.Request) { logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) return } - if newNode.IsIngressGateway { - host.ProxyEnabled = true - err := logic.UpsertHost(host) - if err != nil { - logger.Log(0, r.Header.Get("user"), - fmt.Sprintf("failed to update host [ %s ]: %v", host.ID.String(), err)) - logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) - return - } - } relayedUpdate := false if currentNode.IsRelayed && (currentNode.Address.String() != newNode.Address.String() || currentNode.Address6.String() != newNode.Address6.String()) { relayedUpdate = true From 2aa1f736dbd1244b135d22a0555ec68867013e2c Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Tue, 11 Apr 2023 17:56:11 -0400 Subject: [PATCH 19/24] use mosquitto with ee --- compose/docker-compose.ee.yml | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index fc6e2ffe..b1987ecc 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -9,9 +9,7 @@ services: - dnsconfig:/root/config/dnsconfig - sqldata:/root/data environment: - BROKER_ENDPOINT: "wss://broker.NETMAKER_BASE_DOMAIN/mqtt" - BROKER_TYPE: "emqx" - EMQX_REST_ENDPOINT: "http://mq:18083" + BROKER_ENDPOINT: "wss://broker.NETMAKER_BASE_DOMAIN" SERVER_NAME: "NETMAKER_BASE_DOMAIN" STUN_LIST: "stun.NETMAKER_BASE_DOMAIN:3478,stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302" SERVER_HOST: "SERVER_PUBLIC_IP" @@ -25,7 +23,7 @@ services: DISPLAY_KEYS: "on" DATABASE: "sqlite" NODE_ID: "netmaker-server-1" - SERVER_BROKER_ENDPOINT: "ws://mq:8083/mqtt" + SERVER_BROKER_ENDPOINT: "ws://mq:1883" MQ_USERNAME: "REPLACE_MQ_USERNAME" MQ_PASSWORD: "REPLACE_MQ_PASSWORD" STUN_PORT: "3478" @@ -68,17 +66,18 @@ services: - dnsconfig:/root/dnsconfig mq: container_name: mq - image: emqx/emqx:5.0.9 + image: eclipse-mosquitto:2.0.15-openssl + depends_on: + - netmaker restart: unless-stopped + command: ["/mosquitto/config/wait.sh"] environment: - EMQX_NAME: "emqx" - EMQX_DASHBOARD__DEFAULT_PASSWORD: "REPLACE_MQ_PASSWORD" - EMQX_DASHBOARD__DEFAULT_USERNAME: "REPLACE_MQ_USERNAME" - ports: - - "1883:1883" # MQTT - - "8883:8883" # SSL MQTT - - "8083:8083" # Websockets - - "18083:18083" # Dashboard/REST_API + MQ_PASSWORD: "REPLACE_MQ_PASSWORD" + MQ_USERNAME: "REPLACE_MQ_USERNAME" + volumes: + - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf + - /root/wait.sh:/mosquitto/config/wait.sh + - mosquitto_logs:/mosquitto/log prometheus: container_name: prometheus image: gravitl/netmaker-prometheus:latest From 3711c1ea2801387979b6cb507555f9900cbf6a16 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Wed, 12 Apr 2023 10:16:18 -0400 Subject: [PATCH 20/24] don't fail deleting ingress if no extclients exist --- logic/gateway.go | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/logic/gateway.go b/logic/gateway.go index 899af5b2..8754582c 100644 --- a/logic/gateway.go +++ b/logic/gateway.go @@ -140,16 +140,8 @@ func DeleteIngressGateway(networkName string, nodeid string) (models.Node, bool, if err != nil { return models.Node{}, false, removedClients, err } - //host, err := GetHost(node.ID.String()) - //if err != nil { - //return models.Node{}, false, err - //} - //network, err := GetParentNetwork(networkName) - if err != nil { - return models.Node{}, false, removedClients, err - } clients, err := GetExtClientsByID(nodeid, networkName) - if err != nil { + if err != nil && !database.IsEmptyRecord(err) { return models.Node{}, false, removedClients, err } From 3b61b37bfcd7407e54a41ff03cf51fc024e75704 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Wed, 12 Apr 2023 14:34:56 -0400 Subject: [PATCH 21/24] Update exporter --- compose/docker-compose.ee.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index b1987ecc..2e7928ae 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -111,8 +111,8 @@ services: depends_on: - netmaker environment: - SERVER_BROKER_ENDPOINT: "ws://mq:8083/mqtt" - BROKER_ENDPOINT: "wss://broker.NETMAKER_BASE_DOMAIN/mqtt" + SERVER_BROKER_ENDPOINT: "ws://mq:1883" + BROKER_ENDPOINT: "wss://broker.NETMAKER_BASE_DOMAIN" PROMETHEUS: "on" VERBOSITY: "1" API_PORT: "8085" From 180123337aeccdaa49321b8f2171be1176d7b608 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Apr 2023 19:32:11 +0000 Subject: [PATCH 22/24] Bump golang.org/x/crypto from 0.7.0 to 0.8.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](https://github.com/golang/crypto/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ef8c824e..c625cabd 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.8.2 github.com/txn2/txeh v1.3.0 - golang.org/x/crypto v0.7.0 + golang.org/x/crypto v0.8.0 golang.org/x/net v0.9.0 // indirect golang.org/x/oauth2 v0.7.0 golang.org/x/sys v0.7.0 // indirect diff --git a/go.sum b/go.sum index a185451c..d435f790 100644 --- a/go.sum +++ b/go.sum @@ -156,8 +156,8 @@ golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220208050332-20e1d8d225ab/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.7.0 h1:AvwMYaRytfdeVt3u6mLaxYtErKYjxA2OXjJ1HHq6t3A= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= +golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= From 0c45e3893982505efbe5fd298521035a8ebba24e Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Wed, 12 Apr 2023 15:44:52 -0400 Subject: [PATCH 23/24] fix path var in mosquitto.conf copy command also corrected a couple of minor items reported by checkshell --- scripts/nm-upgrade.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/nm-upgrade.sh b/scripts/nm-upgrade.sh index 1ffa14e5..d5c3eb9a 100644 --- a/scripts/nm-upgrade.sh +++ b/scripts/nm-upgrade.sh @@ -22,7 +22,7 @@ backup_v17_files() { mkdir $INSTALL_PATH/netmaker_0.17.1_backup cp $INSTALL_PATH/docker-compose.yml $INSTALL_PATH/netmaker_0.17.1_backup/docker-compose.yml cp $INSTALL_PATH/Caddyfile $INSTALL_PATH/netmaker_0.17.1_backup/Caddyfile - cp $INSTALL_PATH/mosquitto.conf %INSTALL_PATH/netmaker_0.17.1_backup/mosquitto.conf + cp $INSTALL_PATH/mosquitto.conf $INSTALL_PATH/netmaker_0.17.1_backup/mosquitto.conf cp $INSTALL_PATH/wait.sh $INSTALL_PATH/netmaker_0.17.1_backup/wait.sh } @@ -38,7 +38,7 @@ backup_volumes() { restore_old_netmaker_instructions() { echo "There was a problem with the installation. Your config files and volumes have been backed up." echo "To restore Netmaker back to v0.17.1, copy all the netmaker volume backups (caddy_conf-backup, caddy_data-backup, dnsconfig-backup, mosquitto_data-backup, mosquitto_logs-backup, and sqldata-backup) back to their regular names with out the -backup." - echo "Your config files should be located in ${INSALL_PATH}/netmaker_0.17.1_backup. Simply run cp ${INSALL_PATH}/netmaker_0.17.1_backup/* . (include the .) and run docker-compose up -d." + echo "Your config files should be located in ${INSTALL_PATH}/netmaker_0.17.1_backup. Simply run cp ${INSTALL_PATH}/netmaker_0.17.1_backup/* . (include the .) and run docker-compose up -d." echo "Your netmaker should be back to v0.17.1" } @@ -119,7 +119,7 @@ install_dependencies() { echo "version: $(docker version)" else echo "Docker not found. adding to dependencies" - $dependencies += " docker.io" + dependencies+=" docker.io" fi ${update_cmd} From a498fc43c9eb7a23f46bfdfd9134188affc0521b Mon Sep 17 00:00:00 2001 From: dcarns <75687250+0xdcarns@users.noreply.github.com> Date: Thu, 13 Apr 2023 13:19:04 -0400 Subject: [PATCH 24/24] v0.18.6 release.md --- release.md | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/release.md b/release.md index 5fa2ced4..b8ac1267 100644 --- a/release.md +++ b/release.md @@ -1,27 +1,28 @@ # Netmaker v0.18.6 -## **Wait till out of pre-release to fully upgrade** - ## whats new -- Logic for ext client ACLs (not really usable until new UI is finished) -- Default proxy mode, enables users to determine if all Hosts should have proxy enabled/disabled/auto by default - - specify with DEFAULT_PROXY_MODE="on/off/auto" +- no new features ## whats fixed -- Proxy Peer calculation improvements -- DNS is populated correctly after registration by enrollment key -- Migrate is functional for Windows/Mac **note** Ports may be set to 0 after an upgrade, can be adjusted via UI to fix -- Interface data is sent on netclient register -- Upgrade script -- Latency issue with Node <-> Node Metrics -- Ports set from server for Hosts on register/join are actually used +- a few ext client/ingress issues + - viewing addresses (UI) + - when deleting an ingress gateway, ext clients are now removed from peers immediately + - ext client peers should be populated immediately after creation + - ext clients no longer reset public key when disabled/enabled + - can delete an ingress without clients +- removed unnecessary host update +- host nat type is now collected from clients +- fix peer update issue where caclulation was happening to frequently +- nm-quick && nm-upgrade +- EMQX image change && api routes ## known issues - Caddy does not handle netmaker exporter well for EE -- Migration causes a listen port of 0 for upgraded hosts +- Migration causes a listen port of 0 for some upgraded hosts - Docker clients can not re-join after deletion - Innacurate Ext Client Metrics - Issue with Mac + IPv6 addressing - Nodes on same local network may not always connect - List populates egress ranges twice - If you do NOT set STUN_LIST on server, it could lead to strange behavior on client +- No internet gateways/default routes