Merge pull request #3151 from gravitl/NET-1672

NET-1672: Setup Internet Gateway network
gravitl · Oct 10, 2024 · 5dedaa8 · 5dedaa8
2 parents 5a3db93 + 961077f
commit 5dedaa8
Showing 1 changed file with 55 additions and 20 deletions.
diff --git a/scripts/nm-quick.sh b/scripts/nm-quick.sh
@@ -127,7 +127,7 @@ setup_netclient() {
 	./netclient install
 	echo "Register token: $TOKEN"
 	sleep 2
-	netclient register -t $TOKEN
+	netclient join -t $TOKEN
 
 	echo "waiting for netclient to become available"
 	local found=false
@@ -141,7 +141,7 @@ setup_netclient() {
 	done
 
 	if [ "$found" = false ]; then
-		echo "Error - $file not present"
+		echo "Error - $file state not matching"
 		exit 1
 	fi
 }
@@ -170,6 +170,18 @@ configure_netclient() {
 	#setup failOver
 	sleep 5
 	curl --location --request POST "https://api.${NETMAKER_BASE_DOMAIN}/api/v1/node/${NODE_ID}/failover" --header "Authorization: Bearer ${MASTER_KEY}"
+	sleep 2
+	# create network for internet access vpn
+	if [ "$INSTALL_TYPE" = "pro" ]; then
+		INET_NODE_ID=$(sudo cat /etc/netclient/nodes.json | jq -r '."internet-access-vpn".id')
+		nmctl node create_remote_access_gateway internet-access-vpn $INET_NODE_ID
+		out=$(nmctl node list -o json | jq -r '.[] | select(.id=='\"$INET_NODE_ID\"') | .ingressdns = "8.8.8.8"')
+		curl --location --request PUT "https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/internet-access-vpn/${INET_NODE_ID}" --data "$out" --header "Authorization: Bearer ${MASTER_KEY}"
+		out=$(nmctl node list -o json | jq -r '.[] | select(.id=='\"$INET_NODE_ID\"') | .metadata = "This host can be used for secure internet access"')
+		curl --location --request PUT "https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/internet-access-vpn/${INET_NODE_ID}" --data "$out" --header "Authorization: Bearer ${MASTER_KEY}"
+		curl --location --request POST "https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/internet-access-vpn/${INET_NODE_ID}/inet_gw" --data '{}' --header "Authorization: Bearer ${MASTER_KEY}"
+	fi
+
 	set -e
 }
 
@@ -733,32 +745,55 @@ test_connection() {
 setup_mesh() {
 
 	wait_seconds 5
-
-	local networkCount=$(nmctl network list -o json | jq '. | length')
-
-	# add a network if none present
-	if [ "$networkCount" -lt 1 ]; then
+	networks=$(nmctl network list -o json)
+	if [[ ${networks} != "null" ]]; then
+		netmakerNet=$(nmctl network list -o json | jq -r '.[] | .netid' | grep -w "netmaker")
+		inetNet=$(nmctl network list -o json | jq -r '.[] | .netid' | grep -w "internet-access-vpn")
+	fi
+	# create netmaker network
+	if [[ ${netmakerNet} = "" ]]; then
 		echo "Creating netmaker network (100.64.0.0/16)"
 		# TODO causes "Error Status: 400 Response: {"Code":400,"Message":"could not find any records"}"
 		nmctl network create --name netmaker --ipv4_addr 100.64.0.0/16
+	fi
+	# create enrollment key for netmaker network
+	local netmakerTag=$(nmctl enrollment_key list | jq -r '.[] | .tags[0]' | grep -w "netmaker")
+	if [[ ${netmakerTag} = "" ]]; then
+		nmctl enrollment_key create --tags netmaker --unlimited --networks netmaker
+	fi
+
+	# create internet-access-vpn
+	if [ "$INSTALL_TYPE" = "pro" ]; then
+		if [[ ${inetNet} = "" ]]; then
+			echo "Creating internet-access-vpn network (100.65.0.0/16)"
+			# TODO causes "Error Status: 400 Response: {"Code":400,"Message":"could not find any records"}"
+			nmctl network create --name internet-access-vpn --ipv4_addr 100.65.0.0/16
+		fi
 
-		wait_seconds 5
+		# create enrollment key for internet-access-vpn network
+		local inetTag=$(nmctl enrollment_key list | jq -r '.[] | .tags[0]' | grep -w "internet-access-vpn")
+		if [[ ${inetTag} = "" ]]; then
+			nmctl enrollment_key create --tags internet-access-vpn --unlimited --networks internet-access-vpn
+		fi
+
+		# create enrollment key for both networks
+		local netInetTag=$(nmctl enrollment_key list | jq -r '.[] | .tags[0]' | grep -w "netmaker-inet")
+		if [[ ${netInetTag} = "" ]]; then
+			nmctl enrollment_key create --tags netmaker-inet --unlimited --networks netmaker,internet-access-vpn
+		fi
 	fi
 
-	echo "Obtaining a netmaker enrollment key..."
-	local netmakerTag=$(nmctl enrollment_key list | jq -r '.[] | .tags[0]')
-	if [[ ${netmakerTag} = "netmaker" ]]; then
+	if [ "$INSTALL_TYPE" = "pro" ]; then
+		# create enrollment key for both setup networks
+		echo "Obtaining enrollment key..."
 		# key exists already, fetch token
-		TOKEN=$(nmctl enrollment_key list | jq -r '.[] | select(.tags[0]=="netmaker") | .token')
+		TOKEN=$(nmctl enrollment_key list | jq -r '.[] | select(.tags[0]=="netmaker-inet") | .token')
+
 	else
-		local tokenJson=$(nmctl enrollment_key create --tags netmaker --unlimited --networks netmaker)
-		TOKEN=$(jq -r '.token' <<<${tokenJson})
-		if test -z "$TOKEN"; then
-			echo "Error creating an enrollment key"
-			exit 1
-		else
-			echo "Enrollment key ready"
-		fi
+
+		echo "Obtaining enrollment key..."
+		# key exists already, fetch token
+		TOKEN=$(nmctl enrollment_key list | jq -r '.[] | select(.tags[0]=="netmaker") | .token')
 	fi
 
 	wait_seconds 3