Hi, I wrote a draft puppet module to maintain a L2 mesh based on tinc [1]. I tried to explain what it is about so that it makes sense even to people who know nothing about tinc [2]. Before polishing it so that it can be useful to the general public instead of just myself, I would very much appreciate your comments. This is my first experience with tinc and I would like to improve :-) Thanks for your work on tinc ! [1] the core of the puppet module http://redmine.the.re/projects/l2mesh/repository/revisions/master/entry/manifests/init.pp [2] formatted README.md http://redmine.the.re/l2mesh/l2mesh.html -------------- next part -------------- A non-text attachment was scrubbed... Name: loic.vcf Type: text/x-vcard Size: 327 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120918/59e01899/attachment.vcf> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120918/59e01899/attachment.pgp>
On Tue, Sep 18, 2012 at 03:20:56PM +0200, Loic Dachary wrote:> I wrote a draft puppet module to maintain a L2 mesh based on tinc [1]. I tried to explain what it is about so that it makes sense even to people who know nothing about tinc [2]. Before polishing it so that it can be useful to the general public instead of just myself, I would very much appreciate your comments. This is my first experience with tinc and I would like to improve :-) > > Thanks for your work on tinc ! > > [1] the core of the puppet module http://redmine.the.re/projects/l2mesh/repository/revisions/master/entry/manifests/init.pp > [2] formatted README.md http://redmine.the.re/l2mesh/l2mesh.htmlI have never used puppet myself, but it looks very nice! Some remarks: - In init.pp, there is a paragraph about race conditions when starting the init script multiple times in parallel. However, that is not a problem; tinc uses a lock on its PID file to ensure two tincds with the same netname are never started simultaneously. - You mention "bintointerface" in the README; I would omit that because it is not required, and could cause tinc to not work properly for some people. If it is optional, then perhaps it is better to list the optional variables separately. - In tinc_keygen.rb, instead of grepping the output of tincd --generate-keys for "Generating .* bits keys", it is better to just check the exit code of the tincd process. That will catch all possible errors. - I would assume people do want to give the mesh interface some IP address. How would you do that in puppet? I would think you would have to generate tinc-up files for the nodes, but there may be other possibilities. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120918/910c4fb6/attachment.pgp>
Hello Loic et al, Ill test this module out tonight on my puppet machine. Im very interested in this, great work Loic. Thanks, Adam Sent from my iPhone On Sep 18, 2012, at 9:20, Loic Dachary <loic at dachary.org> wrote:> Hi, > > I wrote a draft puppet module to maintain a L2 mesh based on tinc [1]. I tried to explain what it is about so that it makes sense even to people who know nothing about tinc [2]. Before polishing it so that it can be useful to the general public instead of just myself, I would very much appreciate your comments. This is my first experience with tinc and I would like to improve :-) > > Thanks for your work on tinc ! > > [1] the core of the puppet module http://redmine.the.re/projects/l2mesh/repository/revisions/master/entry/manifests/init.pp > [2] formatted README.md http://redmine.the.re/l2mesh/l2mesh.html > > <loic.vcf> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
Hi, Thanks a lot for your suggestions, they are very helpful :-) Would you consider adding a link to l2mesh in http://www.tinc-vpn.org/examples/ ? <li><a href="http://redmine.the.re/projects/l2mesh" class="mapitem">l2mesh is a tinc <http://www.tinc-vpn.org/> based virtual switch, implemented as a puppet module.</a></li> When looking for a solution, I browsed the FAQ http://www.tinc-vpn.org/faq/ expecting information about puppet. I would have liked to find something like: Deployment <http://www.tinc-vpn.org/faq/#index4h2> Puppet module to manage tinc https://github.com/duritong/puppet-tinc tinc <http://www.tinc-vpn.org/> based virtual switch, implemented as a puppet module http://redmine.the.re/projects/l2mesh>- In init.pp, there is a paragraph about race conditions when starting the init > script multiple times in parallel. However, that is not a problem; tinc uses > a lock on its PID file to ensure two tincds with the same netname are never > started simultaneously.I'm glad this is not a concern. http://redmine.the.re/projects/l2mesh/repository/revisions/72c3b353590efff7f5bb7346e51f3bffd6b4b539> - You mention "bintointerface" in the README; I would omit that because it is > not required, and could cause tinc to not work properly for some people. If > it is optional, then perhaps it is better to list the optional variables > separately.I removed it entirely. There is a larger issue : how to customize the configuration of tinc.conf ( compression etc. ). I'm not sure how to do that yet. http://redmine.the.re/issues/4#note-1>- In tinc_keygen.rb, instead of grepping the output of tincd --generate-keys > for "Generating .* bits keys", it is better to just check the exit code of > the tincd process. That will catch all possible errors.The Puppet::Util.execute function will raise an exception if the exit code is not zero, this is covered as well. http://rubydoc.info:8080/github/puppetlabs/puppet/master/Puppet/Util#execute-instance_method>- I would assume people do want to give the mesh interface some IP address. How > would you do that in puppet? I would think you would have to generate tinc-up > files for the nodes, but there may be other possibilities.Good point : it deserves an example. http://redmine.the.re/projects/l2mesh/repository/revisions/a65b8b8f7070f2f78a1d2926f6667135107db38d/diff http://redmine.the.re/l2mesh/l2mesh.html Cheers -------------- next part -------------- A non-text attachment was scrubbed... Name: loic.vcf Type: text/x-vcard Size: 341 bytes Desc: not available URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120921/37b2fbc9/attachment.vcf> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120921/37b2fbc9/attachment.pgp>