Commit c1749ede authored by Julien Muchembled's avatar Julien Muchembled

Detect when network prefix has changed

parent c61cab22
......@@ -5,7 +5,8 @@ from . import utils
class PeerDB(object):
# internal ip = temp arg/attribute
def __init__(self, db_path, registry, key_path, prefix, db_size=200):
def __init__(self, db_path, registry, key_path, network, prefix,
db_size=200):
self._prefix = prefix
self._db_size = db_size
self._key_path = key_path
......@@ -31,8 +32,15 @@ class PeerDB(object):
try:
a = q("SELECT value FROM config WHERE name='registry'").next()[0]
except StopIteration:
logging.info("Private IP of registry not in cache."
" Asking registry via its public IP ...")
a = self._updateRegistryIP()
else:
self.registry_ip = utils.binFromIp(a)
if not self.registry_ip.startswith(network):
a = self._updateRegistryIP()
logging.info("Cache initialized. Registry IP is %s", a)
def _updateRegistryIP(self):
logging.info("Asking registry its private IP...")
retry = 1
while True:
try:
......@@ -42,9 +50,10 @@ class PeerDB(object):
logging.warning(e)
time.sleep(retry)
retry = min(60, retry * 2)
q("INSERT INTO config VALUES ('registry',?)", (a,))
self._db.execute("INSERT OR REPLACE INTO config VALUES ('registry',?)",
(a,))
self.registry_ip = utils.binFromIp(a)
logging.info("Cache initialized. Registry IP is %s", a)
return a
def log(self):
if logging.getLogger().isEnabledFor(5):
......
......@@ -150,7 +150,6 @@ def main():
ca = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
with open(config.cert) as f:
cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
network = utils.networkFromCa(ca)
prefix = utils.binFromSubnet(utils.subnetFromCert(cert))
config.openvpn_args += (
'--ca', config.ca,
......@@ -181,6 +180,7 @@ def main():
ca, ca_renew = maybe_renew(config.ca, ca, "CA Certificate", registry.getCa)
if next_renew > ca_renew:
next_renew = ca_renew
network = utils.networkFromCa(ca)
if config.max_clients is None:
config.max_clients = config.client_count * 2
......@@ -270,7 +270,7 @@ def main():
# Create and open read_only pipe to get server events
r_pipe, write_pipe = os.pipe()
read_pipe = os.fdopen(r_pipe)
peer_db = db.PeerDB(db_path, registry, config.key, prefix)
peer_db = db.PeerDB(db_path, registry, config.key, network, prefix)
tunnel_manager = tunnel.TunnelManager(write_pipe, peer_db,
config.openvpn_args, timeout, config.tunnel_refresh,
config.client_count, config.iface_list, network, prefix,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment