diff --git a/CHANGELOG b/CHANGELOG index bb1e8448b..b28bc616a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed +- [SERVICES] [PF] Configuration generation timeout due to expensive dynamic calls ## [2.27.1] - 2025-06-13 diff --git a/vulture_os/services/config/pf.conf b/vulture_os/services/config/pf.conf index 6e5ca331a..56186ee6b 100755 --- a/vulture_os/services/config/pf.conf +++ b/vulture_os/services/config/pf.conf @@ -76,7 +76,7 @@ nat proto tcp from 127.0.0.5 to {{n.management_ip}} port 6379 -> {{node.manageme {% endif %} # Rsyslog forwarders -{% for proto, ip, port, route_ipv4, route_ipv6 in node.get_forwarders_enabled %} +{% for proto, ip, port, route_ipv4, route_ipv6 in forwarders_enabled %} {%- if route_ipv6 %} nat proto {{proto}} from fd00::204 to {{ip}} port {{port}} -> {{route_ipv6}} {%- endif %} @@ -85,7 +85,7 @@ nat proto {{proto}} from 127.0.0.4 to {{ip}} port {{port}} -> {{route_ipv4}} {%- endif %} {% endfor %} # HAProxy backends -{% for proto, ip, port, route_ipv4, route_ipv6 in node.get_backends_enabled %} +{% for proto, ip, port, route_ipv4, route_ipv6 in backends_enabled %} {%- if route_ipv6 %} nat proto {{proto}} from { fd00::205, fd00::206, fd00::207 } to {{ip}} port {{port}} -> {{route_ipv6}} {%- endif %} @@ -160,7 +160,7 @@ rdr log proto tcp from { {{global_config.pf_admin_restrict}} } to {{ node.manag ############################### # Incoming redirection rules for Listeners -{% for source,destination,port,nat_port,proto,family,max_src,max_rate in node.get_listeners_enabled -%} +{% for source,destination,port,nat_port,proto,family,max_src,max_rate in listeners_enabled -%} {% if "tcp" in proto -%} rdr proto tcp from { {{source}} } to {{destination}} port {{port}} -> {{jail_addresses['haproxy'][family]}} port {{nat_port}} {% endif %} @@ -264,7 +264,7 @@ pass quick proto tcp from {{n.management_ip}} to 127.0.0.7 port { 9000 } ######################### # Listeners configuration -{% for source,destination,port,nat_port,proto,family,max_src,max_rate in node.get_listeners_enabled %} +{% for source,destination,port,nat_port,proto,family,max_src,max_rate in listeners_enabled %} {%- if "tcp" in proto %} pass quick {{family}} proto tcp from { {{source}} } to {{jail_addresses['haproxy'][family]}} port {{nat_port}} keep state \ {% if max_src != 0 or max_rate != 0 %}({% if max_src != 0 %}max-src-conn {{max_src}},{% endif %} {% if max_rate != 0 %}max-src-conn-rate {{max_rate}}/1,{% endif %} overload flush global){% endif %} diff --git a/vulture_os/services/service.py b/vulture_os/services/service.py index e80fc7179..f1d9a9fbf 100644 --- a/vulture_os/services/service.py +++ b/vulture_os/services/service.py @@ -318,8 +318,13 @@ def get_conf(self, **kwargs): template = jinja2_env.get_template(self.jinja_template['tpl_name']) + node = Cluster.get_current_node() + return template.render({ - 'node': Cluster.get_current_node(), + 'node': node, + 'listeners_enabled': node.get_listeners_enabled, + 'forwarders_enabled': node.get_forwarders_enabled, + 'backends_enabled': node.get_backends_enabled, **self.get_dict_conf(), **kwargs }) diff --git a/vulture_os/system/cluster/api.py b/vulture_os/system/cluster/api.py index fbc86a65a..6d457f8bf 100644 --- a/vulture_os/system/cluster/api.py +++ b/vulture_os/system/cluster/api.py @@ -117,7 +117,7 @@ def cluster_add(request): 'status': False, 'message': 'Error during repl_add. Check logs' }) - action_result, message = pf_conf_generated.await_result() + action_result, message = pf_conf_generated.await_result(tries=20) if not action_result: logger.error(f"Could not regenerate pf configuration : {message}") return JsonResponse({ diff --git a/vulture_os/system/cluster/models.py b/vulture_os/system/cluster/models.py index a7ab2f5d8..ea6c93483 100644 --- a/vulture_os/system/cluster/models.py +++ b/vulture_os/system/cluster/models.py @@ -345,7 +345,6 @@ def parsed_static_routes(self): if matched: yield matched.group(1), matched.group(3) - def addresses(self, nic=None): """ Return the list of network addresses on the current node, or node/nic