From 1d4872130896e92d295e0e1ef85cc2a422e3bbc6 Mon Sep 17 00:00:00 2001
From: Dominik Roth <mail@dominik-roth.eu>
Date: Sun, 24 Aug 2025 18:18:37 +0200
Subject: [PATCH] Simplify Nebula setup with DNS-based lighthouse discovery

- Use DNS domain for lighthouse discovery (works with HAProxy/Keepalived)
- All nodes are lighthouses by default for full redundancy
- Remove static_host_map complexity - DNS handles everything
- Ask for lighthouse domain during setup
- Allow disabling lighthouse mode for remote/edge nodes
- Simplified cluster secret: domain:port:ca_cert

This allows using existing HA infrastructure (DNS pointing to alive nodes)
instead of complex IP tracking and manual updates.
---
 README.md        |  9 +++---
 cluster-setup.sh | 80 ++++++++++++++++++++++++++++++------------------
 2 files changed, 55 insertions(+), 34 deletions(-)

diff --git a/README.md b/README.md
index 5683c6f..12f7403 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,8 @@ Create or join a distributed storage cluster with Nebula mesh networking and Glu
 wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/cluster-setup.sh | sudo bash
 ```
 
-- **Storage mounted at**: `/data/storage/`
-- **All data replicated** to all cluster nodes  
-- **Secure Nebula mesh** - encrypted overlay network with certificate-based trust
-- **Interactive setup** - choose create or join cluster
+- **Storage mounted at**: `/data/storage/` - all data replicated to all nodes
+- **Nebula mesh network** - encrypted overlay with certificate-based trust  
+- **DNS-based discovery** - use your existing HA setup (HAProxy/Keepalived)
+- **All nodes are lighthouses** - full redundancy, no single point of failure
+- **Simple secret sharing** - just `domain:port:ca_cert` to join
diff --git a/cluster-setup.sh b/cluster-setup.sh
index 8b0d178..200f5d1 100755
--- a/cluster-setup.sh
+++ b/cluster-setup.sh
@@ -130,31 +130,43 @@ create_cluster() {
     echo -e "${GREEN}[*] Creating new cluster...${NC}\n"
     
     local hostname=$(hostname)
-    local lighthouse_ip="192.168.100.1"
-    local external_ip=$(ip route get 1.1.1.1 | awk '{print $7; exit}')
+    local node_ip="192.168.100.1"
+    
+    # Ask for lighthouse domain
+    read -p "Enter lighthouse domain (e.g., cluster.example.com): " lighthouse_domain
+    if [ -z "$lighthouse_domain" ]; then
+        echo -e "${RED}Lighthouse domain required!${NC}"
+        exit 1
+    fi
+    
+    # Ask if this node should be a lighthouse
+    read -p "Should this node be a lighthouse? [Y/n]: " is_lighthouse
+    is_lighthouse=${is_lighthouse:-Y}
+    if [[ "$is_lighthouse" =~ ^[Yy] ]]; then
+        am_lighthouse="true"
+    else
+        am_lighthouse="false"
+    fi
     
     # Generate Nebula CA
     generate_nebula_ca
     
-    # Create lighthouse certificate
-    create_host_cert "lighthouse" "${lighthouse_ip}/24" "lighthouse,cluster"
+    # Create certificate for this node
+    create_host_cert "$hostname" "${node_ip}/24" "cluster"
     
-    # Create Nebula config for lighthouse
+    # Create Nebula config
     cat > "${NEBULA_CONFIG}/config.yaml" <<EOF
 pki:
   ca: ${NEBULA_CONFIG}/ca.crt
-  cert: ${NEBULA_CONFIG}/lighthouse.crt
-  key: ${NEBULA_CONFIG}/lighthouse.key
-
-static_host_map:
-  "${lighthouse_ip}": ["${external_ip}:${NEBULA_PORT}"]
+  cert: ${NEBULA_CONFIG}/${hostname}.crt
+  key: ${NEBULA_CONFIG}/${hostname}.key
 
 lighthouse:
-  am_lighthouse: true
+  am_lighthouse: ${am_lighthouse}
   serve_dns: false
   interval: 60
   hosts:
-    - "${lighthouse_ip}"
+    - "${lighthouse_domain}:${NEBULA_PORT}"
 
 listen:
   host: 0.0.0.0
@@ -225,9 +237,11 @@ EOF
     echo -e "${GREEN}Cluster created successfully!${NC}"
     echo -e "${GREEN}════════════════════════════════════════${NC}\n"
     echo -e "Share this cluster secret with joining nodes:\n"
-    echo -e "${GREEN}${external_ip}:${NEBULA_PORT}:${ca_cert_b64}${NC}\n"
+    echo -e "${GREEN}${lighthouse_domain}:${NEBULA_PORT}:${ca_cert_b64}${NC}\n"
     echo -e "${YELLOW}Status:${NC}"
-    echo "  - Nebula lighthouse: ${lighthouse_ip} (${external_ip}:${NEBULA_PORT})"
+    echo "  - Nebula IP: ${node_ip}"
+    echo "  - Lighthouse domain: ${lighthouse_domain}:${NEBULA_PORT}"
+    echo "  - This node is lighthouse: ${am_lighthouse}"
     echo "  - GlusterFS volume: ${GLUSTER_VOLUME}"
     echo "  - Mount point: ${GLUSTER_MOUNT_PATH}"
 }
@@ -240,7 +254,7 @@ join_cluster() {
     local my_ip=$(get_next_ip)
     
     # Get cluster details
-    read -p "Enter cluster secret (lighthouse_ip:port:ca_cert_base64): " cluster_secret
+    read -p "Enter cluster secret (lighthouse_domain:port:ca_cert_base64): " cluster_secret
     
     if [ -z "$cluster_secret" ]; then
         echo -e "${RED}Cluster secret required!${NC}"
@@ -248,10 +262,19 @@ join_cluster() {
     fi
     
     # Parse secret
-    lighthouse_ip=$(echo "$cluster_secret" | cut -d: -f1)
+    lighthouse_domain=$(echo "$cluster_secret" | cut -d: -f1)
     nebula_port=$(echo "$cluster_secret" | cut -d: -f2)
     ca_cert_b64=$(echo "$cluster_secret" | cut -d: -f3-)
     
+    # Ask if this node should be a lighthouse
+    read -p "Should this node be a lighthouse? [Y/n]: " is_lighthouse
+    is_lighthouse=${is_lighthouse:-Y}
+    if [[ "$is_lighthouse" =~ ^[Yy] ]]; then
+        am_lighthouse="true"
+    else
+        am_lighthouse="false"
+    fi
+    
     echo -e "${YELLOW}[+] Configuring Nebula (IP: ${my_ip})...${NC}"
     
     # Decode and save CA certificate
@@ -271,14 +294,11 @@ pki:
   cert: ${NEBULA_CONFIG}/${hostname}.crt
   key: ${NEBULA_CONFIG}/${hostname}.key
 
-static_host_map:
-  "192.168.100.1": ["${lighthouse_ip}:${nebula_port}"]
-
 lighthouse:
-  am_lighthouse: false
+  am_lighthouse: ${am_lighthouse}
   interval: 60
   hosts:
-    - "192.168.100.1"
+    - "${lighthouse_domain}:${nebula_port}"
 
 listen:
   host: 0.0.0.0
@@ -333,23 +353,23 @@ EOF
     echo -e "${YELLOW}[+] Waiting for Nebula connection...${NC}"
     sleep 5
     
-    # Test connection to lighthouse
-    if ! ping -c 1 -W 3 192.168.100.1 > /dev/null 2>&1; then
-        echo -e "${RED}Failed to connect to cluster via Nebula!${NC}"
-        echo "Please check the cluster secret and firewall settings."
-        exit 1
+    # Test connection - try pinging the first node
+    echo -e "${YELLOW}[+] Testing Nebula connection...${NC}"
+    if ping -c 1 -W 3 192.168.100.1 > /dev/null 2>&1; then
+        echo -e "${GREEN}[✓] Connected to node at 192.168.100.1${NC}"
+    else
+        echo -e "${YELLOW}[!] Could not reach 192.168.100.1 - this may be normal if it's the first node${NC}"
     fi
     
-    echo -e "${GREEN}[✓] Nebula connection established${NC}"
-    
     # Register with cluster
     echo "${my_ip} ${hostname} $(date)" >> "${NEBULA_CONFIG}/cluster-registry.txt"
     
     # Join GlusterFS cluster
     echo -e "${YELLOW}[+] Joining GlusterFS cluster...${NC}"
     
-    # Probe the lighthouse
-    gluster peer probe 192.168.100.1
+    # Try to probe existing nodes
+    echo -e "${YELLOW}[+] Looking for existing GlusterFS peers...${NC}"
+    gluster peer probe 192.168.100.1 2>/dev/null || echo "Could not reach 192.168.100.1"
     
     # Wait for peer to be connected
     sleep 3