dodox/nullpoint
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify Nebula setup with DNS-based lighthouse discovery

Browse Source 
- Use DNS domain for lighthouse discovery (works with HAProxy/Keepalived)
- All nodes are lighthouses by default for full redundancy
- Remove static_host_map complexity - DNS handles everything
- Ask for lighthouse domain during setup
- Allow disabling lighthouse mode for remote/edge nodes
- Simplified cluster secret: domain:port:ca_cert

This allows using existing HA infrastructure (DNS pointing to alive nodes)
instead of complex IP tracking and manual updates.
This commit is contained in:
Dominik Moritz Roth 2025-08-24 18:18:37 +02:00
parent 2c7bd4ac76
commit 1d48721308
2 changed files with 55 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@ -51,7 +51,8 @@ Create or join a distributed storage cluster with Nebula mesh networking and Glu
wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/cluster-setup.sh | sudo bash wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/cluster-setup.sh | sudo bash
``` ```
- **Storage mounted at**: `/data/storage/` - **Storage mounted at**: `/data/storage/` - all data replicated to all nodes
- **All data replicated** to all cluster nodes - **Nebula mesh network** - encrypted overlay with certificate-based trust
- **Secure Nebula mesh** - encrypted overlay network with certificate-based trust - **DNS-based discovery** - use your existing HA setup (HAProxy/Keepalived)
- **Interactive setup** - choose create or join cluster - **All nodes are lighthouses** - full redundancy, no single point of failure
- **Simple secret sharing** - just `domain:port:ca_cert` to join

80
cluster-setup.sh
View File

@ -130,31 +130,43 @@ create_cluster() {
echo -e "${GREEN}[*] Creating new cluster...${NC}\n" echo -e "${GREEN}[*] Creating new cluster...${NC}\n"
local hostname=$(hostname) local hostname=$(hostname)
local lighthouse_ip="192.168.100.1" local node_ip="192.168.100.1"
local external_ip=$(ip route get 1.1.1.1 | awk '{print $7; exit}')
# Ask for lighthouse domain
read -p "Enter lighthouse domain (e.g., cluster.example.com): " lighthouse_domain
if [ -z "$lighthouse_domain" ]; then
echo -e "${RED}Lighthouse domain required!${NC}"
exit 1
fi
# Ask if this node should be a lighthouse
read -p "Should this node be a lighthouse? [Y/n]: " is_lighthouse
is_lighthouse=${is_lighthouse:-Y}
if [[ "$is_lighthouse" =~ ^[Yy] ]]; then
am_lighthouse="true"
else
am_lighthouse="false"
fi
# Generate Nebula CA # Generate Nebula CA
generate_nebula_ca generate_nebula_ca
# Create lighthouse certificate # Create certificate for this node
create_host_cert "lighthouse" "${lighthouse_ip}/24" "lighthouse,cluster" create_host_cert "$hostname" "${node_ip}/24" "cluster"
# Create Nebula config for lighthouse # Create Nebula config
cat > "${NEBULA_CONFIG}/config.yaml" <<EOF cat > "${NEBULA_CONFIG}/config.yaml" <<EOF
pki: pki:
ca: ${NEBULA_CONFIG}/ca.crt ca: ${NEBULA_CONFIG}/ca.crt
cert: ${NEBULA_CONFIG}/lighthouse.crt cert: ${NEBULA_CONFIG}/${hostname}.crt
key: ${NEBULA_CONFIG}/lighthouse.key key: ${NEBULA_CONFIG}/${hostname}.key
static_host_map:
"${lighthouse_ip}": ["${external_ip}:${NEBULA_PORT}"]
lighthouse: lighthouse:
am_lighthouse: true am_lighthouse: ${am_lighthouse}
serve_dns: false serve_dns: false
interval: 60 interval: 60
hosts: hosts:
- "${lighthouse_ip}" - "${lighthouse_domain}:${NEBULA_PORT}"
listen: listen:
host: 0.0.0.0 host: 0.0.0.0
@ -225,9 +237,11 @@ EOF
echo -e "${GREEN}Cluster created successfully!${NC}" echo -e "${GREEN}Cluster created successfully!${NC}"
echo -e "${GREEN}════════════════════════════════════════${NC}\n" echo -e "${GREEN}════════════════════════════════════════${NC}\n"
echo -e "Share this cluster secret with joining nodes:\n" echo -e "Share this cluster secret with joining nodes:\n"
echo -e "${GREEN}${external_ip}:${NEBULA_PORT}:${ca_cert_b64}${NC}\n" echo -e "${GREEN}${lighthouse_domain}:${NEBULA_PORT}:${ca_cert_b64}${NC}\n"
echo -e "${YELLOW}Status:${NC}" echo -e "${YELLOW}Status:${NC}"
echo " - Nebula lighthouse: ${lighthouse_ip} (${external_ip}:${NEBULA_PORT})" echo " - Nebula IP: ${node_ip}"
echo " - Lighthouse domain: ${lighthouse_domain}:${NEBULA_PORT}"
echo " - This node is lighthouse: ${am_lighthouse}"
echo " - GlusterFS volume: ${GLUSTER_VOLUME}" echo " - GlusterFS volume: ${GLUSTER_VOLUME}"
echo " - Mount point: ${GLUSTER_MOUNT_PATH}" echo " - Mount point: ${GLUSTER_MOUNT_PATH}"
} }
@ -240,7 +254,7 @@ join_cluster() {
local my_ip=$(get_next_ip) local my_ip=$(get_next_ip)
# Get cluster details # Get cluster details
read -p "Enter cluster secret (lighthouse_ip:port:ca_cert_base64): " cluster_secret read -p "Enter cluster secret (lighthouse_domain:port:ca_cert_base64): " cluster_secret
if [ -z "$cluster_secret" ]; then if [ -z "$cluster_secret" ]; then
echo -e "${RED}Cluster secret required!${NC}" echo -e "${RED}Cluster secret required!${NC}"
@ -248,10 +262,19 @@ join_cluster() {
fi fi
# Parse secret # Parse secret
lighthouse_ip=$(echo "$cluster_secret" | cut -d: -f1) lighthouse_domain=$(echo "$cluster_secret" | cut -d: -f1)
nebula_port=$(echo "$cluster_secret" | cut -d: -f2) nebula_port=$(echo "$cluster_secret" | cut -d: -f2)
ca_cert_b64=$(echo "$cluster_secret" | cut -d: -f3-) ca_cert_b64=$(echo "$cluster_secret" | cut -d: -f3-)
# Ask if this node should be a lighthouse
read -p "Should this node be a lighthouse? [Y/n]: " is_lighthouse
is_lighthouse=${is_lighthouse:-Y}
if [[ "$is_lighthouse" =~ ^[Yy] ]]; then
am_lighthouse="true"
else
am_lighthouse="false"
fi
echo -e "${YELLOW}[+] Configuring Nebula (IP: ${my_ip})...${NC}" echo -e "${YELLOW}[+] Configuring Nebula (IP: ${my_ip})...${NC}"
# Decode and save CA certificate # Decode and save CA certificate
@ -271,14 +294,11 @@ pki:
cert: ${NEBULA_CONFIG}/${hostname}.crt cert: ${NEBULA_CONFIG}/${hostname}.crt
key: ${NEBULA_CONFIG}/${hostname}.key key: ${NEBULA_CONFIG}/${hostname}.key
static_host_map:
"192.168.100.1": ["${lighthouse_ip}:${nebula_port}"]
lighthouse: lighthouse:
am_lighthouse: false am_lighthouse: ${am_lighthouse}
interval: 60 interval: 60
hosts: hosts:
- "192.168.100.1" - "${lighthouse_domain}:${nebula_port}"
listen: listen:
host: 0.0.0.0 host: 0.0.0.0
@ -333,23 +353,23 @@ EOF
echo -e "${YELLOW}[+] Waiting for Nebula connection...${NC}" echo -e "${YELLOW}[+] Waiting for Nebula connection...${NC}"
sleep 5 sleep 5
# Test connection to lighthouse # Test connection - try pinging the first node
if ! ping -c 1 -W 3 192.168.100.1 > /dev/null 2>&1; then echo -e "${YELLOW}[+] Testing Nebula connection...${NC}"
echo -e "${RED}Failed to connect to cluster via Nebula!${NC}" if ping -c 1 -W 3 192.168.100.1 > /dev/null 2>&1; then
echo "Please check the cluster secret and firewall settings." echo -e "${GREEN}[✓] Connected to node at 192.168.100.1${NC}"
exit 1 else
echo -e "${YELLOW}[!] Could not reach 192.168.100.1 - this may be normal if it's the first node${NC}"
fi fi
echo -e "${GREEN}[✓] Nebula connection established${NC}"
# Register with cluster # Register with cluster
echo "${my_ip} ${hostname} $(date)" >> "${NEBULA_CONFIG}/cluster-registry.txt" echo "${my_ip} ${hostname} $(date)" >> "${NEBULA_CONFIG}/cluster-registry.txt"
# Join GlusterFS cluster # Join GlusterFS cluster
echo -e "${YELLOW}[+] Joining GlusterFS cluster...${NC}" echo -e "${YELLOW}[+] Joining GlusterFS cluster...${NC}"
# Probe the lighthouse # Try to probe existing nodes
gluster peer probe 192.168.100.1 echo -e "${YELLOW}[+] Looking for existing GlusterFS peers...${NC}"
gluster peer probe 192.168.100.1 2>/dev/null || echo "Could not reach 192.168.100.1"
# Wait for peer to be connected # Wait for peer to be connected
sleep 3 sleep 3