tinc puppet module to create a L2 mesh

Guus Sliepen guus at tinc-vpn.org
Tue Sep 18 16:09:04 CEST 2012


On Tue, Sep 18, 2012 at 03:20:56PM +0200, Loic Dachary wrote:

> I wrote a draft puppet module to maintain a L2 mesh based on tinc [1]. I tried to explain what it is about so that it makes sense even to people who know nothing about tinc [2]. Before polishing it so that it can be useful to the general public instead of just myself, I would very much appreciate your comments. This is my first experience with tinc and I would like to improve :-)
> 
> Thanks for your work on tinc !
> 
> [1] the core of the puppet module http://redmine.the.re/projects/l2mesh/repository/revisions/master/entry/manifests/init.pp
> [2] formatted README.md http://redmine.the.re/l2mesh/l2mesh.html

I have never used puppet myself, but it looks very nice! Some remarks:

- In init.pp, there is a paragraph about race conditions when starting the init
  script multiple times in parallel. However, that is not a problem; tinc uses
  a lock on its PID file to ensure two tincds with the same netname are never
  started simultaneously.

- You mention "bintointerface" in the README; I would omit that because it is
  not required, and could cause tinc to not work properly for some people. If
  it is optional, then perhaps it is better to list the optional variables
  separately.

- In tinc_keygen.rb, instead of grepping the output of tincd --generate-keys
  for "Generating .* bits keys", it is better to just check the exit code of
  the tincd process.  That will catch all possible errors.

- I would assume people do want to give the mesh interface some IP address. How
  would you do that in puppet? I would think you would have to generate tinc-up
  files for the nodes, but there may be other possibilities.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120918/910c4fb6/attachment.pgp>


More information about the tinc mailing list