tinc puppet module to create a L2 mesh

Loic Dachary loic at dachary.org
Fri Sep 21 12:23:51 CEST 2012 

Hi,

Thanks a lot for your suggestions, they are very helpful :-)

Would you consider adding a link to l2mesh in http://www.tinc-vpn.org/examples/ ?

<li><a href="http://redmine.the.re/projects/l2mesh" class="mapitem">l2mesh is a tinc <http://www.tinc-vpn.org/> based virtual switch, implemented as a puppet module.</a></li>

When looking for a solution, I browsed the FAQ http://www.tinc-vpn.org/faq/ expecting information about puppet. I would have liked to find something like:

Deployment <http://www.tinc-vpn.org/faq/#index4h2>
  Puppet module to manage tinc https://github.com/duritong/puppet-tinc
  tinc <http://www.tinc-vpn.org/> based virtual switch, implemented as a puppet module http://redmine.the.re/projects/l2mesh


>- In init.pp, there is a paragraph about race conditions when starting the init
>  script multiple times in parallel. However, that is not a problem; tinc uses
>  a lock on its PID file to ensure two tincds with the same netname are never
>  started simultaneously.

I'm glad this is not a concern.
http://redmine.the.re/projects/l2mesh/repository/revisions/72c3b353590efff7f5bb7346e51f3bffd6b4b539

> - You mention "bintointerface" in the README; I would omit that because it is
>   not required, and could cause tinc to not work properly for some people. If
>   it is optional, then perhaps it is better to list the optional variables
>   separately.

I removed it entirely. There is a larger issue : how to customize the configuration of tinc.conf ( compression etc. ). I'm not sure how to do that yet.

http://redmine.the.re/issues/4#note-1

>- In tinc_keygen.rb, instead of grepping the output of tincd --generate-keys
>  for "Generating .* bits keys", it is better to just check the exit code of
>  the tincd process.  That will catch all possible errors.

The Puppet::Util.execute function will raise an exception if the exit code is not zero, this is covered as well.
http://rubydoc.info:8080/github/puppetlabs/puppet/master/Puppet/Util#execute-instance_method

>- I would assume people do want to give the mesh interface some IP address. How
>  would you do that in puppet? I would think you would have to generate tinc-up
>  files for the nodes, but there may be other possibilities.

Good point : it deserves an example.

http://redmine.the.re/projects/l2mesh/repository/revisions/a65b8b8f7070f2f78a1d2926f6667135107db38d/diff
http://redmine.the.re/l2mesh/l2mesh.html

Cheers


-------------- next part --------------
A non-text attachment was scrubbed...
Name: loic.vcf
Type: text/x-vcard
Size: 341 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120921/37b2fbc9/attachment.vcf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120921/37b2fbc9/attachment.pgp>

More information about the tinc mailing list