Replica enable/disable #5

New Issue

Open

opened 2021-06-09 10:53:21 +00:00 by lauri · 0 comments

lauri commented 2021-06-09 10:53:21 +00:00

Owner

Copy Link

Allow temporarily disabling replica eg for maintenance:

• Set dns.disabled attribute to current timestamp
• Make sure GoreDNS does not return those A, AAAA records anymore; including when querying the dns.san value
• Update iptables rules so admin-prohibited is returned for new incoming VPN connections. Test that returned message makes client TCP/IP stack fall back to other nodes.
• Kick clients connected to this replica's OpenVPN, IPSec endpoints. Possibly spread it over some time (10min?)

Allow temporarily disabling replica eg for maintenance: * Set `dns.disabled` attribute to current timestamp * Make sure GoreDNS does not return those A, AAAA records anymore; including when querying the `dns.san` value * Update `iptables` rules so [admin-prohibited](https://wiki.nftables.org/wiki-nftables/index.php/Rejecting_traffic) is returned for *new* incoming VPN connections. Test that returned message makes client TCP/IP stack fall back to other nodes. * [Kick clients](https://git.k-space.ee/pinecrypt/server/issues/2) connected to this replica's OpenVPN, IPSec endpoints. Possibly spread it over some time (10min?)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

dev

No results found.

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: pinecrypt/pinecrypt-gateway-backend#5

No description provided.