If you want to use multiple nodes with a portal, currently this only works if all profiles are deployed on all nodes. You can't have profile A only use node 0 and profile B use only node 1.
We need to have a way to (hard) assign IP ranges and other node specific configuration to a specific node. Currently this is done in order, the first field of the array is always assigned to node 0, the second one to node 1, etc.
This was one scenario that was never properly tested...
We might be able to reuse
nodeUrl
to map nodes to multi-node configuration options. However, we don't really know the hostname of the node connecting to the portal/node-api unless we somehow add this somewhere, e.g. the username.
We use currently
X-Node-Number
to identify the node. We could also have a similar option using the node's hostname. This of course requires that the hostname is set properly and that we have some kind of mapping between hostname and node number. I think at this point it would have been better to use hostname and not numbers at all. But perhaps we can support both!
Steps:
- make vpn-server-node also provide the hostname as a
X-Node-Name
or something (the node's FQDN)- search for
X-Node-Name
key file first before falling back to node numbers;- Extract the FQDN from the
nodeUrl
in the profile(s) and map them, so we know which node(s) receive which configurationLater we can obsolete the
nodeNumber
andprofileIdList
configuration options in vpn-server-node, but that might break existing deployments.
Another, less nice, approach would be to add a profile option:
'nodeUrl' => ['http://node-c.vpn.example.org', 'http://node-d.vpn.example,org'],
These would map to nodeNumber 0 and 1, but what if they are actually node 2 and 3? We could do something like this:
'nodeNumberList' => [2, 3],
Of course, we'll have to test this everywhere, it might also be tricky to properly implement this.
Yet another option: keep a "global", i.e "portal config" mapping between number and nodeUrl:
'nodeNumberUrlMapping' => ['http://node-a.vpn.example.org', 'node-b.vpn.example.org', 'node-c.vpn.example.org', 'node-d.vpn.example.org'],
This would assign them the nodeNumbers 0, 1, 2, 3.
Initial work on fixing this: https://git.sr.ht/~fkooman/vpn-user-portal/log/multi-node-fixes
François Kooman referenced this ticket in commit b7d1954.
François Kooman referenced this ticket in commit 7453458.
François Kooman referenced this ticket in commit 50b7bf9.
Merged in v3 branch, will be part of 3.0.6, more documentation updates required!
More updated documentation: https://github.com/eduvpn/documentation/blob/v3/MULTI_PROFILE_NODE.md
3.0.6 has been released and pushed to development repositories, expected release to production repos tomorrow.