Commit c1749ede authored by Julien Muchembled's avatar Julien Muchembled

Detect when network prefix has changed

parent c61cab22
...@@ -5,7 +5,8 @@ from . import utils ...@@ -5,7 +5,8 @@ from . import utils
class PeerDB(object): class PeerDB(object):
# internal ip = temp arg/attribute # internal ip = temp arg/attribute
def __init__(self, db_path, registry, key_path, prefix, db_size=200): def __init__(self, db_path, registry, key_path, network, prefix,
db_size=200):
self._prefix = prefix self._prefix = prefix
self._db_size = db_size self._db_size = db_size
self._key_path = key_path self._key_path = key_path
...@@ -31,8 +32,15 @@ class PeerDB(object): ...@@ -31,8 +32,15 @@ class PeerDB(object):
try: try:
a = q("SELECT value FROM config WHERE name='registry'").next()[0] a = q("SELECT value FROM config WHERE name='registry'").next()[0]
except StopIteration: except StopIteration:
logging.info("Private IP of registry not in cache." a = self._updateRegistryIP()
" Asking registry via its public IP ...") else:
self.registry_ip = utils.binFromIp(a)
if not self.registry_ip.startswith(network):
a = self._updateRegistryIP()
logging.info("Cache initialized. Registry IP is %s", a)
def _updateRegistryIP(self):
logging.info("Asking registry its private IP...")
retry = 1 retry = 1
while True: while True:
try: try:
...@@ -42,9 +50,10 @@ class PeerDB(object): ...@@ -42,9 +50,10 @@ class PeerDB(object):
logging.warning(e) logging.warning(e)
time.sleep(retry) time.sleep(retry)
retry = min(60, retry * 2) retry = min(60, retry * 2)
q("INSERT INTO config VALUES ('registry',?)", (a,)) self._db.execute("INSERT OR REPLACE INTO config VALUES ('registry',?)",
(a,))
self.registry_ip = utils.binFromIp(a) self.registry_ip = utils.binFromIp(a)
logging.info("Cache initialized. Registry IP is %s", a) return a
def log(self): def log(self):
if logging.getLogger().isEnabledFor(5): if logging.getLogger().isEnabledFor(5):
......
...@@ -150,7 +150,6 @@ def main(): ...@@ -150,7 +150,6 @@ def main():
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read()) ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
with open(config.cert) as f: with open(config.cert) as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read()) cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
network = utils.networkFromCa(ca)
prefix = utils.binFromSubnet(utils.subnetFromCert(cert)) prefix = utils.binFromSubnet(utils.subnetFromCert(cert))
config.openvpn_args += ( config.openvpn_args += (
'--ca', config.ca, '--ca', config.ca,
...@@ -181,6 +180,7 @@ def main(): ...@@ -181,6 +180,7 @@ def main():
ca, ca_renew = maybe_renew(config.ca, ca, "CA Certificate", registry.getCa) ca, ca_renew = maybe_renew(config.ca, ca, "CA Certificate", registry.getCa)
if next_renew > ca_renew: if next_renew > ca_renew:
next_renew = ca_renew next_renew = ca_renew
network = utils.networkFromCa(ca)
if config.max_clients is None: if config.max_clients is None:
config.max_clients = config.client_count * 2 config.max_clients = config.client_count * 2
...@@ -270,7 +270,7 @@ def main(): ...@@ -270,7 +270,7 @@ def main():
# Create and open read_only pipe to get server events # Create and open read_only pipe to get server events
r_pipe, write_pipe = os.pipe() r_pipe, write_pipe = os.pipe()
read_pipe = os.fdopen(r_pipe) read_pipe = os.fdopen(r_pipe)
peer_db = db.PeerDB(db_path, registry, config.key, prefix) peer_db = db.PeerDB(db_path, registry, config.key, network, prefix)
tunnel_manager = tunnel.TunnelManager(write_pipe, peer_db, tunnel_manager = tunnel.TunnelManager(write_pipe, peer_db,
config.openvpn_args, timeout, config.tunnel_refresh, config.openvpn_args, timeout, config.tunnel_refresh,
config.client_count, config.iface_list, network, prefix, config.client_count, config.iface_list, network, prefix,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment