wesher/config.go

package main

import (
	"fmt"
	"net"

	"github.com/costela/wesher/cluster"
	"github.com/hashicorp/go-sockaddr"
	"github.com/pkg/errors"
	"github.com/stevenroose/gonfig"
)

type config struct {
	ClusterKey    []byte   `id:"cluster-key" desc:"shared key for cluster membership; must be 32 bytes base64 encoded; will be generated if not provided"`
	Join          []string `desc:"comma separated list of hostnames or IP addresses to existing cluster members; if not provided, will attempt resuming any known state or otherwise wait for further members."`
	Rejoin        int      `desc:"interval at which join nodes are joined again if away, 0 disables rejoining altogether" default:"0"`
	Init          bool     `desc:"whether to explicitly (re)initialize the cluster; any known state from previous runs will be forgotten"`
	BindAddr      string   `id:"bind-addr" desc:"IP address to bind to for cluster membership traffic (cannot be used with --bind-iface)"`
	BindIface     string   `id:"bind-iface" desc:"Interface to bind to for cluster membership traffic (cannot be used with --bind-addr)"`
	ClusterPort   int      `id:"cluster-port" desc:"port used for membership gossip traffic (both TCP and UDP); must be the same across cluster" default:"7946"`
	WireguardPort int      `id:"wireguard-port" desc:"port used for wireguard traffic (UDP); must be the same across cluster" default:"51820"`
	OverlayNet    *network `id:"overlay-net" desc:"the network in which to allocate addresses for the overlay mesh network (CIDR format); smaller networks increase the chance of IP collision" default:"10.0.0.0/8"`
	RoutedNet     *network `id:"routed-net" desc:"network used to filter routes that nodes are allowed to announce (CIDR format)" default:"0.0.0.0/32"`
	Interface     string   `desc:"name of the wireguard interface to create and manage" default:"wgoverlay"`
	NoEtcHosts    bool     `id:"no-etc-hosts" desc:"disable writing of entries to /etc/hosts"`
	LogLevel      string   `id:"log-level" desc:"set the verbosity (debug/info/warn/error)" default:"warn"`
	Version       bool     `desc:"display current version and exit"`

	// for easier local testing; will break etchosts entry
	UseIPAsName bool `id:"ip-as-name" default:"false" opts:"hidden"`
}

func loadConfig() (*config, error) {
	var config config
	err := gonfig.Load(&config, gonfig.Conf{EnvPrefix: "WESHER_"})
	if err != nil {
		return nil, err
	}

	// perform some validation
	if len(config.ClusterKey) != 0 && len(config.ClusterKey) != cluster.KeyLen {
		return nil, fmt.Errorf("unsupported cluster key length; expected %d, got %d", cluster.KeyLen, len(config.ClusterKey))
	}

	if bits, _ := ((*net.IPNet)(config.OverlayNet)).Mask.Size(); bits%8 != 0 {
		return nil, fmt.Errorf("unsupported overlay network size; net mask must be multiple of 8, got %d", bits)
	}

	if config.BindAddr != "" && config.BindIface != "" {
		return nil, fmt.Errorf("setting both bind address and bind interface is not supported")

	} else if config.BindIface != "" {
		// Compute the actual bind address based on the provided interface
		iface, err := net.InterfaceByName(config.BindIface)
		if err != nil {
			return nil, errors.Wrapf(err, "could not get interface by name %s", config.BindIface)
		}
		addrs, err := iface.Addrs()
		if err != nil {
			return nil, errors.Wrapf(err, "could not get addresses for interface %s", config.BindIface)
		}
		if len(addrs) > 0 {
			if addr, ok := addrs[0].(*net.IPNet); ok {
				config.BindAddr = addr.IP.String()
			}
		}
	} else if config.BindAddr == "" && config.BindIface == "" {
		// FIXME: this is a workaround for memberlist refusing to listen on public IPs if BindAddr==0.0.0.0
		detectedBindAddr, err := sockaddr.GetPublicIP()
		if err != nil {
			return nil, err
		}
		// if we cannot find a public IP, let memberlist do its thing
		if detectedBindAddr != "" {
			config.BindAddr = detectedBindAddr
		} else {
			config.BindAddr = "0.0.0.0"
		}
	}

	return &config, nil
}

type network net.IPNet

// UnmarshalText parses the provided byte array into the network receiver
func (n *network) UnmarshalText(data []byte) error {
	_, ipnet, err := net.ParseCIDR(string(data))
	if err != nil {
		return err
	}
	*n = network(*ipnet)
	return nil
}
first working PoC 2019-03-25 01:02:10 +01:00			`package main`

			`import (`
			`"fmt"`
			`"net"`

Split the application into modules Splitting into modules will help keep concerns separate, at the cost of a slightly more verbose code. 2020-05-07 10:25:58 +02:00			`"github.com/costela/wesher/cluster"`
work around memberlist not listening on public IPs 2019-03-27 00:26:59 +01:00			`"github.com/hashicorp/go-sockaddr"`
Use errors.Wrap instead of manual formatting 2020-05-10 18:23:46 +02:00			`"github.com/pkg/errors"`
first working PoC 2019-03-25 01:02:10 +01:00			`"github.com/stevenroose/gonfig"`
			`)`

			`type config struct {`
simplify option names 2019-03-25 23:31:32 +01:00			ClusterKey []byte `id:"cluster-key" desc:"shared key for cluster membership; must be 32 bytes base64 encoded; will be generated if not provided"`
			Join []string `desc:"comma separated list of hostnames or IP addresses to existing cluster members; if not provided, will attempt resuming any known state or otherwise wait for further members."`
Rejoin join nodes automatically This adds a --rejoin setting for rejoining cluter nodes automatically when gone. 2020-05-21 17:51:21 +02:00			Rejoin int `desc:"interval at which join nodes are joined again if away, 0 disables rejoining altogether" default:"0"`
fix broken IP detection for private-only hosts 2019-03-27 22:23:15 +01:00			Init bool `desc:"whether to explicitly (re)initialize the cluster; any known state from previous runs will be forgotten"`
add option for binding to interface this effectively still bind to an address, but resolves it based on the interface instead of explicitly. 2019-07-21 23:00:18 +02:00			BindAddr string `id:"bind-addr" desc:"IP address to bind to for cluster membership traffic (cannot be used with --bind-iface)"`
			BindIface string `id:"bind-iface" desc:"Interface to bind to for cluster membership traffic (cannot be used with --bind-addr)"`
simplify option names 2019-03-25 23:31:32 +01:00			ClusterPort int `id:"cluster-port" desc:"port used for membership gossip traffic (both TCP and UDP); must be the same across cluster" default:"7946"`
			WireguardPort int `id:"wireguard-port" desc:"port used for wireguard traffic (UDP); must be the same across cluster" default:"51820"`
			OverlayNet *network `id:"overlay-net" desc:"the network in which to allocate addresses for the overlay mesh network (CIDR format); smaller networks increase the chance of IP collision" default:"10.0.0.0/8"`
Implement networks routed through wesher This adds an option for specifying a routed network. Every node route that belongs to that routed network will be announced to the cluster and every other node will direct traffic to that node for said route. 2020-05-18 10:42:32 +02:00			RoutedNet *network `id:"routed-net" desc:"network used to filter routes that nodes are allowed to announce (CIDR format)" default:"0.0.0.0/32"`
simplify option names 2019-03-25 23:31:32 +01:00			Interface string `desc:"name of the wireguard interface to create and manage" default:"wgoverlay"`
add hosts file support 2019-03-26 23:26:29 +01:00			NoEtcHosts bool `id:"no-etc-hosts" desc:"disable writing of entries to /etc/hosts"`
simplify option names 2019-03-25 23:31:32 +01:00			LogLevel string `id:"log-level" desc:"set the verbosity (debug/info/warn/error)" default:"warn"`
add version flag 2019-03-26 23:26:54 +01:00			Version bool `desc:"display current version and exit"`
first working PoC 2019-03-25 01:02:10 +01:00
add version flag 2019-03-26 23:26:54 +01:00			`// for easier local testing; will break etchosts entry`
			UseIPAsName bool `id:"ip-as-name" default:"false" opts:"hidden"`
first working PoC 2019-03-25 01:02:10 +01:00			`}`

			`func loadConfig() (*config, error) {`
			`var config config`
			`err := gonfig.Load(&config, gonfig.Conf{EnvPrefix: "WESHER_"})`
			`if err != nil {`
			`return nil, err`
			`}`

			`// perform some validation`
Split the application into modules Splitting into modules will help keep concerns separate, at the cost of a slightly more verbose code. 2020-05-07 10:25:58 +02:00			`if len(config.ClusterKey) != 0 && len(config.ClusterKey) != cluster.KeyLen {`
			`return nil, fmt.Errorf("unsupported cluster key length; expected %d, got %d", cluster.KeyLen, len(config.ClusterKey))`
first working PoC 2019-03-25 01:02:10 +01:00			`}`

			`if bits, _ := ((*net.IPNet)(config.OverlayNet)).Mask.Size(); bits%8 != 0 {`
			`return nil, fmt.Errorf("unsupported overlay network size; net mask must be multiple of 8, got %d", bits)`
			`}`

add option for binding to interface this effectively still bind to an address, but resolves it based on the interface instead of explicitly. 2019-07-21 23:00:18 +02:00			`if config.BindAddr != "" && config.BindIface != "" {`
			`return nil, fmt.Errorf("setting both bind address and bind interface is not supported")`
Move the bindAddress computation to config parsing 2020-05-07 10:13:23 +02:00
			`} else if config.BindIface != "" {`
			`// Compute the actual bind address based on the provided interface`
			`iface, err := net.InterfaceByName(config.BindIface)`
			`if err != nil {`
Use errors.Wrap instead of manual formatting 2020-05-10 18:23:46 +02:00			`return nil, errors.Wrapf(err, "could not get interface by name %s", config.BindIface)`
Move the bindAddress computation to config parsing 2020-05-07 10:13:23 +02:00			`}`
			`addrs, err := iface.Addrs()`
			`if err != nil {`
Use errors.Wrap instead of manual formatting 2020-05-10 18:23:46 +02:00			`return nil, errors.Wrapf(err, "could not get addresses for interface %s", config.BindIface)`
Move the bindAddress computation to config parsing 2020-05-07 10:13:23 +02:00			`}`
			`if len(addrs) > 0 {`
			`if addr, ok := addrs[0].(*net.IPNet); ok {`
			`config.BindAddr = addr.IP.String()`
			`}`
			`}`
add option for binding to interface this effectively still bind to an address, but resolves it based on the interface instead of explicitly. 2019-07-21 23:00:18 +02:00			`} else if config.BindAddr == "" && config.BindIface == "" {`
Move the bindAddress computation to config parsing 2020-05-07 10:13:23 +02:00			`// FIXME: this is a workaround for memberlist refusing to listen on public IPs if BindAddr==0.0.0.0`
be more explicit about --bind-addr 2019-03-27 00:47:23 +01:00			`detectedBindAddr, err := sockaddr.GetPublicIP()`
work around memberlist not listening on public IPs 2019-03-27 00:26:59 +01:00			`if err != nil {`
			`return nil, err`
			`}`
			`// if we cannot find a public IP, let memberlist do its thing`
be more explicit about --bind-addr 2019-03-27 00:47:23 +01:00			`if detectedBindAddr != "" {`
			`config.BindAddr = detectedBindAddr`
fix broken IP detection for private-only hosts 2019-03-27 22:23:15 +01:00			`} else {`
			`config.BindAddr = "0.0.0.0"`
work around memberlist not listening on public IPs 2019-03-27 00:26:59 +01:00			`}`
			`}`

first working PoC 2019-03-25 01:02:10 +01:00			`return &config, nil`
			`}`

			`type network net.IPNet`

			`// UnmarshalText parses the provided byte array into the network receiver`
			`func (n *network) UnmarshalText(data []byte) error {`
			`_, ipnet, err := net.ParseCIDR(string(data))`
			`if err != nil {`
			`return err`
			`}`
			`n = network(ipnet)`
			`return nil`
			`}`