Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Controller: auto-discover server after nethsecurity-controller restoration #978

Closed
stephdl opened this issue Dec 13, 2024 · 3 comments
Closed
Labels
verified All test cases were verified successfully

Comments

@stephdl
Copy link
Contributor

stephdl commented Dec 13, 2024

Issue Description:

During a backup restoration process that involves replacing the nethsecurity-controller module, the connection between the controller and the nethsecurity instance is lost. This happens because the TCP ports differ between the old and new modules. Once the restoration is complete, the ns8 module operates normally, but the nethsecurity instance becomes unreachable and is not visible in the system.

To resolve this, manual intervention is currently required: you need to access the nethsecurity instance and manually restart the ns-plug service.

Proposed Improvement (NFR):

Develop a solution that ensures the connection between nethsecurity and the ns8 controller is automatically restored after a backup restoration, eliminating the need for manual intervention.

Steps to Reproduce:

  1. Install and configure a nethsecurity instance.
  2. Install and configure a nethsecurity-controller to link with the nethsecurity instance.
  3. Perform a backup of the setup.
  4. Restore the backup.
  5. Observe that the nethsecurity instance is not visible or online in the nethsecurity-controller.
  6. Manually restart the connection by navigating to the nethsecurity system > controller menu and restarting the ns-plug service.
  7. After restarting, the nethsecurity and ns8 controller can communicate successfully.

Proposed Solution:

The connection between the instances is established via an OpenVPN tunnel (tun-nsplug). When the tunnel goes down, a trigger could automatically restart the ns-plug service. The downside is that the service has a 60-second timeout period for attempts before it stops.

Alternative Solutions:

Implement a cron job that monitors the connection status. If the tunnel goes down due to a lack of connectivity, the job can automatically restart the ns-plug service.
This enhancement aims to make the restoration process more seamless and reliable.

@github-project-automation github-project-automation bot moved this to ToDo 🕐 in NethSecurity Dec 13, 2024
@stephdl stephdl self-assigned this Dec 13, 2024
@stephdl stephdl changed the title Controller: autodiscovery the server after a nethsecurity-controller restauration Controller: Auto-Discover Server After NethSecurity-Controller Restoration Dec 13, 2024
@stephdl stephdl changed the title Controller: Auto-Discover Server After NethSecurity-Controller Restoration Controller: auto-discover server after nethsecurity-controller restoration Dec 13, 2024
@stephdl stephdl added the controller The issue is related to the controller label Dec 13, 2024
@gsanchietti gsanchietti removed the controller The issue is related to the controller label Jan 8, 2025
@gsanchietti gsanchietti added this to the NethSecurity 8.5 milestone Jan 9, 2025
@gsanchietti gsanchietti moved this from ToDo 🕐 to In Progress 🛠 in NethSecurity Jan 9, 2025
gsanchietti pushed a commit that referenced this issue Jan 10, 2025
Make sure that ns-plug always try to connect to the controller.
This fix will allow automatica re-connection in case
of disaster recovery of the remote controller.

#978
@gsanchietti
Copy link
Member

Test case 1

  • Install and configure a NethSecurity machine
  • Install and configure a Controller to link with the NethSecurity machine
  • Connect the firewall to the controller
  • Perform a backup of the controller instance
  • Destroy the original controller instance and restore a new one from backup
  • Check if the NethSecurity instance is visible and online in the controller without manual intervention, this could take a couple of minutes

Test case 2

  • After test case 1
  • Disconnect the firewall from controller
  • Verify the ns-plug service is stopped

@gsanchietti gsanchietti added the testing Packages are available from testing repositories label Jan 10, 2025
@nethbot nethbot moved this from In Progress 🛠 to Testing in NethSecurity Jan 10, 2025
Copy link
Contributor

Testing image version: 8-23.05.5-ns.1.4.1-22-g15229b475

@gsanchietti gsanchietti assigned gsanchietti and unassigned stephdl Jan 10, 2025
@gsanchietti
Copy link
Member

Both test cases have been verified.

@gsanchietti gsanchietti added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Jan 16, 2025
@gsanchietti gsanchietti removed their assignment Jan 16, 2025
@nethbot nethbot moved this from Testing to Verified in NethSecurity Jan 16, 2025
@Tbaile Tbaile closed this as completed Jan 20, 2025
@github-project-automation github-project-automation bot moved this from Verified to Done ✅ in NethSecurity Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
verified All test cases were verified successfully
Projects
Status: Done ✅
Development

No branches or pull requests

3 participants