Home
DevCentral
Search
Configure Global Search
Log In
Transactions
D3004
Change Details
Change Details
Old
New
Diff
Currently, `node.resolve_network()` gives the "most public" IP address available on a node. For tasks like T1826 or T1829, we need to know the "most private" IP address to allow servers like SSH or Alkane to listen there, restricting those services for internal use. For example, this allows to pass the following Jinja template expression to any configuration needing a private IP address to listen to: `{{ network["private_ipv4_address"] | default("localhost") }}` By heuristics, the method will recommend through `is_private_network_stable` if the private network is stable, ie suitable to listen to critical services like SSH. A network is currently unstable if it needs a GRE tunnel to connect to the private netwwork. The goal is to avoid to be locked outside a machine if the tunnel is broken: a SSH connection is useful to debug it. In the future, we can declare stable the nodes with a KVM, and documented procedure to relink quickly to the private network.
Currently, `node.resolve_network()` gives the "most public" IP address available on a node. For tasks like T1826 or T1829, we need to know the "most private" IP address to allow servers like SSH or Alkane to listen there, restricting those services for internal use. For example, this allows to pass the following Jinja template expression to any configuration needing a private IP address to listen to: `{{ network["private_ipv4_address"] | default("localhost") }}` By heuristics, the method will recommend through `is_private_network_stable` if the private network is stable, i.e. suitable to listen to critical services like SSH. A network is currently unstable if it needs a GRE tunnel to connect to the private network. The goal is to avoid to be locked outside a machine if the tunnel is broken: a SSH connection is useful to debug it. In the future, we can declare stable the nodes with a KVM, and documented procedure to relink quickly to the private network. Ref T1829
Currently, `node.resolve_network()` gives the "most public" IP address available on a node. For tasks like T1826 or T1829, we need to know the "most private" IP address to allow servers like SSH or Alkane to listen there, restricting those services for internal use. For example, this allows to pass the following Jinja template expression to any configuration needing a private IP address to listen to: `{{ network["private_ipv4_address"] | default("localhost") }}` By heuristics, the method will recommend through `is_private_network_stable` if the private network is stable,
ie
i.e.
suitable to listen to critical services like SSH. A network is currently unstable if it needs a GRE tunnel to connect to the private netw
w
ork. The goal is to avoid to be locked outside a machine if the tunnel is broken: a SSH connection is useful to debug it. In the future, we can declare stable the nodes with a KVM, and documented procedure to relink quickly to the private network.
Ref T1829
Continue