From 5aa698667131d98dd1c518c9299fad3273f0fc7e Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Tue, 17 Dec 2024 13:29:45 +0400 Subject: [PATCH 1/6] v0.30.0 release notes --- release.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/release.md b/release.md index 25426a5d1..4f2eac073 100644 --- a/release.md +++ b/release.md @@ -1,21 +1,22 @@ # Netmaker v0.30.0 ## Whats New ✨ -- New ACLs and Tag Management System -- Managed DNS system (Linux) -- Simplified User Mgmt With Default Roles and Groups (Hidden away network roles) -- New Add a Node Flow for netclient and static wireguard files +- Advanced ACL Rules - port, protocol and traffic direction +- Reduced Firewall Requirements To One Single Port (443 udp/tcp) +- Option to Turn off STUN or specify custom stun servers +- Improved Connectivity Status Indicator with real-time troubleshooting help. +- Optimised MQ message size ## What's Fixed/Improved 🛠 - Metrics Data - FailOver Stability Fixes - Scalability Fixes +- Duplicate Node IP check on update ## Known Issues 🐞 - Adding Custom Private/Public Key For Remote Access Gw Clients Doesn't Get Propagated To Other Peers. - IPv6 DNS Entries Are Not Working. - Stale Peer On The Interface, When Forced Removed From Multiple Networks At Once. -- Can Still Ping The Domain Name Even When The DNS Toggle Is Switched Off. - WireGuard DNS issue on most flavours of Ubuntu 24.04 and some other newer Linux distributions. The issue is affecting the Remote Access Client (RAC) and the plain WireGuard external clients. Workaround can be found here https://help.netmaker.io/en/articles/9612016-extclient-rac-dns-issue-on-ubuntu-24-04. From 6f5398e75811d9d966975337458ef400d606b993 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Tue, 17 Dec 2024 15:32:10 +0400 Subject: [PATCH 2/6] v0.30.0 release notes --- release.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/release.md b/release.md index 4f2eac073..80f44c1d3 100644 --- a/release.md +++ b/release.md @@ -5,17 +5,16 @@ - Reduced Firewall Requirements To One Single Port (443 udp/tcp) - Option to Turn off STUN or specify custom stun servers - Improved Connectivity Status Indicator with real-time troubleshooting help. -- Optimised MQ message size ## What's Fixed/Improved 🛠 - Metrics Data +- Optimised MQ message size - FailOver Stability Fixes - Scalability Fixes - Duplicate Node IP check on update ## Known Issues 🐞 -- Adding Custom Private/Public Key For Remote Access Gw Clients Doesn't Get Propagated To Other Peers. - IPv6 DNS Entries Are Not Working. - Stale Peer On The Interface, When Forced Removed From Multiple Networks At Once. - WireGuard DNS issue on most flavours of Ubuntu 24.04 and some other newer Linux distributions. The issue is affecting the Remote Access Client (RAC) and the plain WireGuard external clients. Workaround can be found here https://help.netmaker.io/en/articles/9612016-extclient-rac-dns-issue-on-ubuntu-24-04. From 73eed6e583daf20bca517cef112cff3a41dcccbf Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Wed, 18 Dec 2024 16:18:24 +0400 Subject: [PATCH 3/6] add service type to default acl polices --- logic/acls.go | 49 ++++++++++++++++++++++-------------------- pro/logic/user_mgmt.go | 26 +++++++++++----------- 2 files changed, 40 insertions(+), 35 deletions(-) diff --git a/logic/acls.go b/logic/acls.go index cf0c4f87d..58ebd55c2 100644 --- a/logic/acls.go +++ b/logic/acls.go @@ -39,14 +39,15 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) { _, _ = ListAclsByNetwork(netID) if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-nodes")) { defaultDeviceAcl := models.Acl{ - ID: fmt.Sprintf("%s.%s", netID, "all-nodes"), - Name: "All Nodes", - MetaData: "This Policy allows all nodes in the network to communicate with each other", - Default: true, - NetworkID: netID, - Proto: models.ALL, - Port: []string{}, - RuleType: models.DevicePolicy, + ID: fmt.Sprintf("%s.%s", netID, "all-nodes"), + Name: "All Nodes", + MetaData: "This Policy allows all nodes in the network to communicate with each other", + Default: true, + NetworkID: netID, + Proto: models.ALL, + ServiceType: models.Any, + Port: []string{}, + RuleType: models.DevicePolicy, Src: []models.AclPolicyTag{ { ID: models.DeviceAclID, @@ -66,14 +67,15 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) { } if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-users")) { defaultUserAcl := models.Acl{ - ID: fmt.Sprintf("%s.%s", netID, "all-users"), - Default: true, - Name: "All Users", - MetaData: "This policy gives access to everything in the network for an user", - NetworkID: netID, - Proto: models.ALL, - Port: []string{}, - RuleType: models.UserPolicy, + ID: fmt.Sprintf("%s.%s", netID, "all-users"), + Default: true, + Name: "All Users", + MetaData: "This policy gives access to everything in the network for an user", + NetworkID: netID, + Proto: models.ALL, + ServiceType: models.Any, + Port: []string{}, + RuleType: models.UserPolicy, Src: []models.AclPolicyTag{ { ID: models.UserAclID, @@ -94,13 +96,14 @@ func CreateDefaultAclNetworkPolicies(netID models.NetworkID) { if !IsAclExists(fmt.Sprintf("%s.%s", netID, "all-remote-access-gws")) { defaultUserAcl := models.Acl{ - ID: fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"), - Default: true, - Name: "All Remote Access Gateways", - NetworkID: netID, - Proto: models.ALL, - Port: []string{}, - RuleType: models.DevicePolicy, + ID: fmt.Sprintf("%s.%s", netID, "all-remote-access-gws"), + Default: true, + Name: "All Remote Access Gateways", + NetworkID: netID, + Proto: models.ALL, + ServiceType: models.Any, + Port: []string{}, + RuleType: models.DevicePolicy, Src: []models.AclPolicyTag{ { ID: models.DeviceAclID, diff --git a/pro/logic/user_mgmt.go b/pro/logic/user_mgmt.go index 2a21a8bdb..05e5c5459 100644 --- a/pro/logic/user_mgmt.go +++ b/pro/logic/user_mgmt.go @@ -1207,12 +1207,13 @@ func CreateDefaultUserPolicies(netID models.NetworkID) { if !logic.IsAclExists(fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin)) { defaultUserAcl := models.Acl{ - ID: fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin), - Name: "Network Admin", - MetaData: "This Policy allows all network admins to communicate with all remote access gateways", - Default: true, - NetworkID: netID, - RuleType: models.UserPolicy, + ID: fmt.Sprintf("%s.%s-grp", netID, models.NetworkAdmin), + Name: "Network Admin", + MetaData: "This Policy allows all network admins to communicate with all remote access gateways", + Default: true, + ServiceType: models.Any, + NetworkID: netID, + RuleType: models.UserPolicy, Src: []models.AclPolicyTag{ { ID: models.UserGroupAclID, @@ -1238,12 +1239,13 @@ func CreateDefaultUserPolicies(netID models.NetworkID) { if !logic.IsAclExists(fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser)) { defaultUserAcl := models.Acl{ - ID: fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser), - Name: "Network User", - MetaData: "This Policy allows all network users to communicate with all remote access gateways", - Default: true, - NetworkID: netID, - RuleType: models.UserPolicy, + ID: fmt.Sprintf("%s.%s-grp", netID, models.NetworkUser), + Name: "Network User", + MetaData: "This Policy allows all network users to communicate with all remote access gateways", + Default: true, + ServiceType: models.Any, + NetworkID: netID, + RuleType: models.UserPolicy, Src: []models.AclPolicyTag{ { ID: models.UserGroupAclID, From 7361571b6a0ec412966c15d22faa1a8b062e9012 Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Wed, 18 Dec 2024 22:32:39 +0400 Subject: [PATCH 4/6] update default domain --- scripts/netmaker.default.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/netmaker.default.env b/scripts/netmaker.default.env index d534abacc..9cab2a82b 100644 --- a/scripts/netmaker.default.env +++ b/scripts/netmaker.default.env @@ -87,7 +87,7 @@ EMAIL_SENDER_USER= # sender smtp password EMAIL_SENDER_PASSWORD= # default domain for internal DNS lookup -DEFAULT_DOMAIN=netmaker.hosted +DEFAULT_DOMAIN=hosted.nm # managed dns setting, set to true to resolve dns entries on netmaker network MANAGE_DNS=false # set to true, old acl is supported, otherwise, old acl is disabled From 20038716ea36b44cb8a4e0f0c75670b191f2261c Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Wed, 18 Dec 2024 22:33:09 +0400 Subject: [PATCH 5/6] update default domain --- servercfg/serverconf.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index c928adaa9..69c4f92fc 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -685,7 +685,7 @@ func IsOldAclEnabled() bool { // GetDefaultDomain - get the default domain func GetDefaultDomain() string { //default netmaker.hosted - domain := "netmaker.hosted" + domain := "hosted.nm" if os.Getenv("DEFAULT_DOMAIN") != "" { if validateDomain(os.Getenv("DEFAULT_DOMAIN")) { domain = os.Getenv("DEFAULT_DOMAIN") From 715ed23553d69216f209694f7acfbb86e2e1468b Mon Sep 17 00:00:00 2001 From: abhishek9686 Date: Wed, 18 Dec 2024 23:07:37 +0400 Subject: [PATCH 6/6] remove default value on dns domain --- controllers/dns.go | 3 ++- logic/dns.go | 6 +++++- servercfg/serverconf.go | 7 ++----- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/controllers/dns.go b/controllers/dns.go index 67085365f..c6e08deb6 100644 --- a/controllers/dns.go +++ b/controllers/dns.go @@ -164,7 +164,8 @@ func createDNS(w http.ResponseWriter, r *http.Request) { return } // check if default domain is appended if not append - if !strings.HasSuffix(entry.Name, servercfg.GetDefaultDomain()) { + if servercfg.GetDefaultDomain() != "" && + !strings.HasSuffix(entry.Name, servercfg.GetDefaultDomain()) { entry.Name += "." + servercfg.GetDefaultDomain() } entry, err = logic.CreateDNS(entry) diff --git a/logic/dns.go b/logic/dns.go index b7bd3e895..7e0241d24 100644 --- a/logic/dns.go +++ b/logic/dns.go @@ -116,7 +116,11 @@ func GetNodeDNS(network string) ([]models.DNSEntry, error) { continue } var entry = models.DNSEntry{} - entry.Name = fmt.Sprintf("%s.%s.%s", host.Name, network, defaultDomain) + if defaultDomain == "" { + entry.Name = fmt.Sprintf("%s.%s", host.Name, network) + } else { + entry.Name = fmt.Sprintf("%s.%s.%s", host.Name, network, defaultDomain) + } entry.Network = network if node.Address.IP != nil { entry.Address = node.Address.IP.String() diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index 69c4f92fc..f415405f9 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -12,7 +12,6 @@ import ( "github.com/gravitl/netmaker/config" "github.com/gravitl/netmaker/models" - "golang.org/x/exp/slog" ) // EmqxBrokerType denotes the broker type for EMQX MQTT @@ -684,13 +683,11 @@ func IsOldAclEnabled() bool { // GetDefaultDomain - get the default domain func GetDefaultDomain() string { - //default netmaker.hosted - domain := "hosted.nm" + //default hosted.nm + var domain string if os.Getenv("DEFAULT_DOMAIN") != "" { if validateDomain(os.Getenv("DEFAULT_DOMAIN")) { domain = os.Getenv("DEFAULT_DOMAIN") - } else { - slog.Warn("invalid value, set to default domain: netmaker.hosted", "warn", os.Getenv("DEFAULT_DOMAIN")) } } return domain