Propagate dns config vales across Headscale

This commit is contained in:
Juan Font Alonso 2021-10-02 11:20:42 +02:00
parent 5dbf6b5127
commit 656237e167
6 changed files with 42 additions and 22 deletions

16
api.go
View file

@ -218,7 +218,7 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m Mac
Str("func", "getMapResponse"). Str("func", "getMapResponse").
Str("machine", req.Hostinfo.Hostname). Str("machine", req.Hostinfo.Hostname).
Msg("Creating Map response") Msg("Creating Map response")
node, err := m.toNode(true) node, err := h.toNode(m, true)
if err != nil { if err != nil {
log.Error(). log.Error().
Str("func", "getMapResponse"). Str("func", "getMapResponse").
@ -242,17 +242,11 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m Mac
} }
resp := tailcfg.MapResponse{ resp := tailcfg.MapResponse{
KeepAlive: false, KeepAlive: false,
Node: node, Node: node,
Peers: *peers, Peers: *peers,
//TODO(kradalby): As per tailscale docs, if DNSConfig is nil,
// it means its not updated, maybe we can have some logic
// to check and only pass updates when its updates.
// This is probably more relevant if we try to implement
// "MagicDNS"
DNSConfig: h.cfg.DNSConfig, DNSConfig: h.cfg.DNSConfig,
SearchPaths: []string{}, Domain: h.cfg.BaseDomain,
Domain: "headscale.net",
PacketFilter: *h.aclRules, PacketFilter: *h.aclRules,
DERPMap: h.cfg.DerpMap, DERPMap: h.cfg.DerpMap,
UserProfiles: []tailcfg.UserProfile{profile}, UserProfiles: []tailcfg.UserProfile{profile},

1
app.go
View file

@ -27,6 +27,7 @@ type Config struct {
DerpMap *tailcfg.DERPMap DerpMap *tailcfg.DERPMap
EphemeralNodeInactivityTimeout time.Duration EphemeralNodeInactivityTimeout time.Duration
IPPrefix netaddr.IPPrefix IPPrefix netaddr.IPPrefix
BaseDomain string
DBtype string DBtype string
DBpath string DBpath string

View file

@ -76,7 +76,7 @@ func LoadConfig(path string) error {
} }
func GetDNSConfig() *tailcfg.DNSConfig { func GetDNSConfig() (*tailcfg.DNSConfig, string) {
if viper.IsSet("dns_config") { if viper.IsSet("dns_config") {
dnsConfig := &tailcfg.DNSConfig{} dnsConfig := &tailcfg.DNSConfig{}
@ -112,11 +112,16 @@ func GetDNSConfig() *tailcfg.DNSConfig {
dnsConfig.Proxied = viper.GetBool("dns_config.magic_dns") dnsConfig.Proxied = viper.GetBool("dns_config.magic_dns")
} }
return dnsConfig var baseDomain string
if viper.IsSet("dns_config.base_domain") {
baseDomain = viper.GetString("dns_config.base_domain")
} else {
baseDomain = "headscale.net" // does not really matter when MagicDNS is not enabled
}
return dnsConfig, baseDomain
} }
return nil return nil, ""
} }
func absPath(path string) string { func absPath(path string) string {
@ -149,12 +154,15 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
return nil, err return nil, err
} }
dnsConfig, baseDomain := GetDNSConfig()
cfg := headscale.Config{ cfg := headscale.Config{
ServerURL: viper.GetString("server_url"), ServerURL: viper.GetString("server_url"),
Addr: viper.GetString("listen_addr"), Addr: viper.GetString("listen_addr"),
PrivateKeyPath: absPath(viper.GetString("private_key_path")), PrivateKeyPath: absPath(viper.GetString("private_key_path")),
DerpMap: derpMap, DerpMap: derpMap,
IPPrefix: netaddr.MustParseIPPrefix(viper.GetString("ip_prefix")), IPPrefix: netaddr.MustParseIPPrefix(viper.GetString("ip_prefix")),
BaseDomain: baseDomain,
EphemeralNodeInactivityTimeout: viper.GetDuration("ephemeral_node_inactivity_timeout"), EphemeralNodeInactivityTimeout: viper.GetDuration("ephemeral_node_inactivity_timeout"),
@ -174,7 +182,7 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
TLSCertPath: absPath(viper.GetString("tls_cert_path")), TLSCertPath: absPath(viper.GetString("tls_cert_path")),
TLSKeyPath: absPath(viper.GetString("tls_key_path")), TLSKeyPath: absPath(viper.GetString("tls_key_path")),
DNSConfig: GetDNSConfig(), DNSConfig: dnsConfig,
} }
h, err := headscale.NewHeadscale(cfg) h, err := headscale.NewHeadscale(cfg)

View file

@ -642,6 +642,19 @@ func (s *IntegrationTestSuite) TestTailDrop() {
} }
} }
// func (s *IntegrationTestSuite) TestMagicDNS() {
// for _, scales := range s.namespaces {
// ips, err := getIPs(scales.tailscales)
// assert.Nil(s.T(), err)
// apiURLs, err := getAPIURLs(scales.tailscales)
// assert.Nil(s.T(), err)
// for hostname, tailscale := range scales.tailscales {
// }
// }
// }
func getIPs(tailscales map[string]dockertest.Resource) (map[string]netaddr.IP, error) { func getIPs(tailscales map[string]dockertest.Resource) (map[string]netaddr.IP, error) {
ips := make(map[string]netaddr.IP) ips := make(map[string]netaddr.IP)
for hostname, tailscale := range tailscales { for hostname, tailscale := range tailscales {

View file

@ -52,7 +52,7 @@ func (m Machine) isAlreadyRegistered() bool {
// toNode converts a Machine into a Tailscale Node. includeRoutes is false for shared nodes // toNode converts a Machine into a Tailscale Node. includeRoutes is false for shared nodes
// as per the expected behaviour in the official SaaS // as per the expected behaviour in the official SaaS
func (m Machine) toNode(includeRoutes bool) (*tailcfg.Node, error) { func (h *Headscale) toNode(m Machine, includeRoutes bool) (*tailcfg.Node, error) {
nKey, err := wgkey.ParseHex(m.NodeKey) nKey, err := wgkey.ParseHex(m.NodeKey)
if err != nil { if err != nil {
return nil, err return nil, err
@ -147,10 +147,12 @@ func (m Machine) toNode(includeRoutes bool) (*tailcfg.Node, error) {
keyExpiry = time.Time{} keyExpiry = time.Time{}
} }
hostname := fmt.Sprintf("%s.%s.%s", m.Name, m.Namespace.Name, h.cfg.BaseDomain)
n := tailcfg.Node{ n := tailcfg.Node{
ID: tailcfg.NodeID(m.ID), // this is the actual ID ID: tailcfg.NodeID(m.ID), // this is the actual ID
StableID: tailcfg.StableNodeID(strconv.FormatUint(m.ID, 10)), // in headscale, unlike tailcontrol server, IDs are permanent StableID: tailcfg.StableNodeID(strconv.FormatUint(m.ID, 10)), // in headscale, unlike tailcontrol server, IDs are permanent
Name: hostinfo.Hostname, Name: hostname,
User: tailcfg.UserID(m.NamespaceID), User: tailcfg.UserID(m.NamespaceID),
Key: tailcfg.NodeKey(nKey), Key: tailcfg.NodeKey(nKey),
KeyExpiry: keyExpiry, KeyExpiry: keyExpiry,
@ -169,6 +171,8 @@ func (m Machine) toNode(includeRoutes bool) (*tailcfg.Node, error) {
MachineAuthorized: m.Registered, MachineAuthorized: m.Registered,
Capabilities: []string{tailcfg.CapabilityFileSharing}, Capabilities: []string{tailcfg.CapabilityFileSharing},
} }
// TODO(juanfont): Node also has Sharer when is a shared node with info on the profile
return &n, nil return &n, nil
} }
@ -179,7 +183,7 @@ func (h *Headscale) getPeers(m Machine) (*[]*tailcfg.Node, error) {
Msg("Finding peers") Msg("Finding peers")
machines := []Machine{} machines := []Machine{}
if err := h.db.Where("namespace_id = ? AND machine_key <> ? AND registered", if err := h.db.Preload("Namespace").Where("namespace_id = ? AND machine_key <> ? AND registered",
m.NamespaceID, m.MachineKey).Find(&machines).Error; err != nil { m.NamespaceID, m.MachineKey).Find(&machines).Error; err != nil {
log.Error().Err(err).Msg("Error accessing db") log.Error().Err(err).Msg("Error accessing db")
return nil, err return nil, err
@ -194,14 +198,14 @@ func (h *Headscale) getPeers(m Machine) (*[]*tailcfg.Node, error) {
peers := []*tailcfg.Node{} peers := []*tailcfg.Node{}
for _, mn := range machines { for _, mn := range machines {
peer, err := mn.toNode(true) peer, err := h.toNode(mn, true)
if err != nil { if err != nil {
return nil, err return nil, err
} }
peers = append(peers, peer) peers = append(peers, peer)
} }
for _, sharedMachine := range sharedMachines { for _, sharedMachine := range sharedMachines {
peer, err := sharedMachine.Machine.toNode(false) // shared nodes do not expose their routes peer, err := h.toNode(sharedMachine.Machine, false) // shared nodes do not expose their routes
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -440,7 +440,7 @@ func (h *Headscale) scheduledPollWorker(
case <-updateCheckerTicker.C: case <-updateCheckerTicker.C:
// Send an update request regardless of outdated or not, if data is sent // Send an update request regardless of outdated or not, if data is sent
// to the node is determined in the updateChan consumer block // to the node is determined in the updateChan consumer block
n, _ := m.toNode(true) n, _ := h.toNode(m, true)
err := h.sendRequestOnUpdateChannel(n) err := h.sendRequestOnUpdateChannel(n)
if err != nil { if err != nil {
log.Error(). log.Error().