If you want to use multiple nodes with a portal, currently this only works if all profiles are deployed on all nodes. You can't have profile A only use node 0 and profile B use only node 1.
We need to have a way to (hard) assign IP ranges and other node specific configuration to a specific node. Currently this is done in order, the first field of the array is always assigned to node 0, the second one to node 1, etc.
This was one scenario that was never properly tested...
We might be able to reuse
nodeUrlto map nodes to multi-node configuration options. However, we don't really know the hostname of the node connecting to the portal/node-api unless we somehow add this somewhere, e.g. the username.
We use currently
X-Node-Numberto identify the node. We could also have a similar option using the node's hostname. This of course requires that the hostname is set properly and that we have some kind of mapping between hostname and node number. I think at this point it would have been better to use hostname and not numbers at all. But perhaps we can support both!
- make vpn-server-node also provide the hostname as a
X-Node-Nameor something (the node's FQDN)
- search for
X-Node-Namekey file first before falling back to node numbers;
- Extract the FQDN from the
nodeUrlin the profile(s) and map them, so we know which node(s) receive which configuration
Later we can obsolete the
profileIdListconfiguration options in vpn-server-node, but that might break existing deployments.
Another, less nice, approach would be to add a profile option:'nodeUrl' => ['http://node-c.vpn.example.org', 'http://node-d.vpn.example,org'],
These would map to nodeNumber 0 and 1, but what if they are actually node 2 and 3? We could do something like this:'nodeNumberList' => [2, 3],
Of course, we'll have to test this everywhere, it might also be tricky to properly implement this.
Yet another option: keep a "global", i.e "portal config" mapping between number and nodeUrl:'nodeNumberUrlMapping' => ['http://node-a.vpn.example.org', 'node-b.vpn.example.org', 'node-c.vpn.example.org', 'node-d.vpn.example.org'],
This would assign them the nodeNumbers 0, 1, 2, 3.
Initial work on fixing this: https://git.sr.ht/~fkooman/vpn-user-portal/log/multi-node-fixes
Merged in v3 branch, will be part of 3.0.6, more documentation updates required!
More updated documentation: https://github.com/eduvpn/documentation/blob/v3/MULTI_PROFILE_NODE.md
3.0.6 has been released and pushed to development repositories, expected release to production repos tomorrow.