constellation

package
v0.22.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 26, 2026 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CachedDeviceNames = map[string]string{}
View Source 
var CachedDevices = map[string]utils.ConstellationDevice{}
View Source 
var DNSBlacklist = map[string]bool{}
View Source 
var DNSStarted = false
View Source 
var NATSClientTopic = ""
View Source 
var NATSStarted = false
View Source 
var NebulaDefaultConfig utils.NebulaConfig
View Source 
var NebulaHasStarted = false
View Source 
var NebulaStarted = false
View Source 
var (
	ProcessMux sync.Mutex
)

Functions

func API_ConnectToExisting 

func API_ConnectToExisting(w http.ResponseWriter, req *http.Request)

API_ConnectToExisting godoc @Summary Connect this node to an existing Constellation VPN network @Tags constellation @Accept application/x-yaml @Produce json @Param body body string true "Nebula YAML configuration" @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/connect [post]

func API_GetConfig 

func API_GetConfig(w http.ResponseWriter, req *http.Request)

API_GetConfig godoc @Summary Get the current Nebula configuration @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/config [get]

func API_GetLogs 

func API_GetLogs(w http.ResponseWriter, req *http.Request)

API_GetLogs godoc @Summary Get Nebula VPN service logs @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/logs [get]

func API_GetNextIP added in v0.21.0 

func API_GetNextIP(w http.ResponseWriter, req *http.Request)

API_GetNextIP godoc @Summary Get the next available IP address in the Constellation CIDR range @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/get-next-ip [get]

func API_NewConstellation added in v0.21.0 

func API_NewConstellation(w http.ResponseWriter, req *http.Request)

API_NewConstellation godoc @Summary Create a new Constellation VPN network @Tags constellation @Accept json @Produce json @Param body body object true "Constellation creation payload (deviceName, isLighthouse, hostname, ipRange)" @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 400 {object} utils.HTTPErrorResult @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/create [post]

func API_Ping added in v0.16.0 

func API_Ping(w http.ResponseWriter, req *http.Request)

API_Ping godoc @Summary Check if the NATS client connection is alive @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Router /api/constellation/ping [get]

func API_Reset 

func API_Reset(w http.ResponseWriter, req *http.Request)

API_Reset godoc @Summary Reset the Nebula VPN configuration @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Router /api/constellation/reset [get]

func API_Restart 

func API_Restart(w http.ResponseWriter, req *http.Request)

API_Restart godoc @Summary Restart the Nebula VPN service and HTTP server @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Router /api/constellation/restart [get]

func AdjustDNS added in v0.19.0 

func AdjustDNS(logBuffer *lumberjack.Logger) error

func CheckConstellationToken added in v0.16.0 

func CheckConstellationToken(req *http.Request) error

TODO: Cache this

func ClientConnectToJS added in v0.21.0 

func ClientConnectToJS() error

func ClientHeartbeatInit added in v0.21.0 

func ClientHeartbeatInit()

func CloseNATSClient added in v0.16.0 

func CloseNATSClient()

func ConnectToExisting added in v0.22.0 

func ConnectToExisting(yamlBody []byte, config utils.Config) (utils.Config, error)

ConnectToExisting applies a Nebula YAML config to connect this node to an existing Constellation network. It returns the updated config. The caller is responsible for persisting the config and restarting Nebula.

func ConstellationAPIDevices 

func ConstellationAPIDevices(w http.ResponseWriter, req *http.Request)

func ConstellationConnected added in v0.21.0 

func ConstellationConnected() bool

func DNSEntriesIdRoute added in v0.22.0 

func DNSEntriesIdRoute(w http.ResponseWriter, req *http.Request)

func DNSEntriesRoute added in v0.22.0 

func DNSEntriesRoute(w http.ResponseWriter, req *http.Request)

func DeploymentsHealthRoute added in v0.22.19 

func DeploymentsHealthRoute(w http.ResponseWriter, req *http.Request)

func DeploymentsIdRoute added in v0.22.11 

func DeploymentsIdRoute(w http.ResponseWriter, req *http.Request)

func DeploymentsRoute added in v0.22.11 

func DeploymentsRoute(w http.ResponseWriter, req *http.Request)

func DeploymentsUnbrokeRoute added in v0.22.19 

func DeploymentsUnbrokeRoute(w http.ResponseWriter, req *http.Request)

func DeviceBlock 

func DeviceBlock(w http.ResponseWriter, req *http.Request)

DeviceBlock godoc @Summary Block or unblock a Constellation device @Tags constellation @Accept json @Produce json @Param body body DeviceBlockRequestJSON true "Device block/unblock payload" @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/block [post]

func DeviceCreate_API added in v0.21.0 

func DeviceCreate_API(w http.ResponseWriter, req *http.Request)

DeviceCreate_API godoc @Summary Create a new Constellation device and generate its certificates @Tags constellation @Accept json @Produce json @Param body body DeviceCreateRequestJSON true "Device creation payload" @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/devices [post]

func DeviceEdit_API added in v0.21.0 

func DeviceEdit_API(w http.ResponseWriter, req *http.Request)

DeviceEdit_API godoc @Summary Edit the current Constellation device properties @Tags constellation @Accept json @Produce json @Param body body DeviceEditRequestJSON true "Device edit payload" @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/edit-device [post]

func DeviceList 

func DeviceList(w http.ResponseWriter, req *http.Request)

DeviceList godoc @Summary List Constellation devices for the current user (or all if admin) @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/devices [get]

func DevicePing added in v0.19.0 

func DevicePing(w http.ResponseWriter, req *http.Request)

DevicePing godoc @Summary Ping a Constellation device to check reachability @Tags constellation @Produce json @Param id path string true "Device name/ID" @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 400 {object} utils.HTTPErrorResult @Failure 403 {object} utils.HTTPErrorResult @Failure 404 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/devices/{id}/ping [get]

func DevicePublicList added in v0.19.0 

func DevicePublicList(w http.ResponseWriter, req *http.Request)

DevicePublicList godoc @Summary List public information about all non-blocked Constellation devices @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 401 {object} utils.HTTPErrorResult @Failure 500 {object} utils.HTTPErrorResult @Router /api/constellation/public-devices [get]

func ExportDefaultConfigToYAML added in v0.21.0 

func ExportDefaultConfigToYAML(outputPath string) error

func ExportLighthouseFromDB added in v0.21.0 

func ExportLighthouseFromDB() error

func GetAllDevices added in v0.21.0 

func GetAllDevices() ([]utils.ConstellationDevice, error)

func GetAllDevicesEvenBlocked added in v0.21.0 

func GetAllDevicesEvenBlocked() ([]utils.ConstellationDevice, error)

func GetAllLightHouses 

func GetAllLightHouses() ([]utils.ConstellationDevice, error)

func GetAllLighthouseIPFromTempConfig added in v0.21.0 

func GetAllLighthouseIPFromTempConfig() ([]string, error)

func GetAllTunneledRoutes added in v0.21.0 

func GetAllTunneledRoutes() []utils.ProxyRouteConfig

func GetCertFingerprint 

func GetCertFingerprint(certPath string) (string, error)

func GetClusterIPs added in v0.21.0 

func GetClusterIPs() ([]*url.URL, error)

func GetConfigAttribute added in v0.18.0 

func GetConfigAttribute(configPath string, attr string) (string, error)

func GetConstellationFromIP added in v0.22.19 

func GetConstellationFromIP(ip string) *utils.ConstellationDevice

func GetCurrentDevice added in v0.21.0 

func GetCurrentDevice() (utils.ConstellationDevice, error)

func GetCurrentDeviceAPIKey added in v0.21.0 

func GetCurrentDeviceAPIKey() (string, error)

func GetCurrentDeviceHostname added in v0.21.0 

func GetCurrentDeviceHostname() (string, error)

func GetCurrentDeviceIP added in v0.21.0 

func GetCurrentDeviceIP() (string, error)

func GetCurrentDeviceIsExitNode added in v0.21.0 

func GetCurrentDeviceIsExitNode() (bool, error)

func GetCurrentDeviceIsLoadbalancer added in v0.21.0 

func GetCurrentDeviceIsLoadbalancer() (bool, error)

func GetCurrentDeviceIsRelay added in v0.21.0 

func GetCurrentDeviceIsRelay() (bool, error)

func GetCurrentDeviceName added in v0.21.0 

func GetCurrentDeviceName() (string, error)

func GetCurrentLeaderName added in v0.22.19 

func GetCurrentLeaderName() string

GetCurrentLeaderName returns the sanitized device name of the current scheduler leader, or "" when it cannot be determined (no cluster, NATS not connected, or no leader elected yet). Best-effort — never errors — so it is safe to call from request handlers regardless of cluster state. The name is returned exactly as stored (sanitized via sanitizeNATSUsername); callers match it client-side rather than reversing the sanitization.

func GetDefaultHostnames added in v0.21.0 

func GetDefaultHostnames() []string

func GetDeviceIp added in v0.16.0 

func GetDeviceIp(device string) string

func GetLocalTunnelCache added in v0.21.0 

func GetLocalTunnelCache() []utils.ConstellationTunnel

func GetNATSCredentials added in v0.16.0 

func GetNATSCredentials() (string, string, error)

func GetNextAvailableIP added in v0.21.0 

func GetNextAvailableIP(cidr string) string

GetNextAvailableIP fetches all used IPs from the database and returns the next available IP in the given CIDR range

func GetStickyTarget added in v0.22.0 

func GetStickyTarget(clientKey string) (string, bool)

func Init 

func Init()

func InitConfig 

func InitConfig()

func InitDNS 

func InitDNS()

func InitHostname added in v0.21.0 

func InitHostname()

func InitNATSClient added in v0.16.0 

func InitNATSClient() error

func InitPingLighthouses added in v0.19.0 

func InitPingLighthouses()

func IsClientConnected added in v0.16.0 

func IsClientConnected() bool

func IsConstellationIP added in v0.21.0 

func IsConstellationIP(ip string) bool

func IsConstellationStandalone added in v0.22.10 

func IsConstellationStandalone() bool

IsConstellationStandalone reports whether this server has no Cosmos peers to talk to over NATS — neither peer lighthouses to cluster with nor non- lighthouse Cosmos servers that would connect to this node as clients. Plain Nebula client devices (CosmosNode == 0) don't run NATS so they don't count. When true, all NATS-adjacent activity must be skipped.

func IsTunneled added in v0.21.0 

func IsTunneled(route utils.ProxyRouteConfig) bool

func MakeSyncPayload added in v0.16.0 

func MakeSyncPayload(rawPayload string) string

func MasterNATSClientRouter added in v0.16.0 

func MasterNATSClientRouter()

func NodesUnbrokeRoute added in v0.22.19 

func NodesUnbrokeRoute(w http.ResponseWriter, req *http.Request)

func PingLighthouses added in v0.19.0 

func PingLighthouses()

func PingNATSClient added in v0.16.0 

func PingNATSClient() bool

func PublicDeviceListNATS added in v0.21.0 

func PublicDeviceListNATS(m *nats.Msg)

func PublishNATSMessage added in v0.16.0 

func PublishNATSMessage(topic string, payload string) error

func ReceiveSyncPayload added in v0.16.0 

func ReceiveSyncPayload(rawPayload string) bool

func ResetNebula 

func ResetNebula() error

func RestartNebula 

func RestartNebula()

func SendNATSMessage added in v0.16.0 

func SendNATSMessage(topic string, payload string) (string, error)

func SendNATSMessageAllReply added in v0.21.0 

func SendNATSMessageAllReply(topic string, payload string, timeout time.Duration, callback func(response string)) error

func SendNewDBSyncMessage added in v0.21.0 

func SendNewDBSyncMessage()

func SendRequestSyncMessage added in v0.21.0 

func SendRequestSyncMessage()

func SetStickyTarget added in v0.22.0 

func SetStickyTarget(clientKey string, deviceName string)

func StartNATS added in v0.16.0 

func StartNATS()

func StartSchedulerInConstellation added in v0.22.11 

func StartSchedulerInConstellation()

StartSchedulerInConstellation is the thin bridge that wires pro.StartScheduler into the constellation lifecycle. It exists here (not inline at the call site) so the `pro` package stays independent of `constellation` — the same pattern used by `api_deployments.go` for the HTTP handlers.

This must be called AFTER the NATS client is connected (nc, js are non-nil) AND after pro.ClientHeartbeatInit has had a chance to create/attach the constellation-deployments KV. `ClientHeartbeatInit` in tunnels.go is the right place.

func StopHeartbeat added in v0.21.0 

func StopHeartbeat()

func StopNATS added in v0.16.0 

func StopNATS()

func StopSchedulerInConstellation added in v0.22.11 

func StopSchedulerInConstellation()

StopSchedulerInConstellation halts the scheduler. Called from StopHeartbeat and CloseNATSClient so the scheduler shuts down cleanly when the constellation client disconnects.

func SyncNATSClientRouter added in v0.21.0 

func SyncNATSClientRouter(nc *nats.Conn)

func TunnelList added in v0.21.0 

func TunnelList(w http.ResponseWriter, req *http.Request)

TunnelList godoc @Summary List all active Constellation tunnels @Tags constellation @Produce json @Security BearerAuth @Success 200 {object} utils.APIResponse @Failure 403 {object} utils.HTTPErrorResult @Router /api/constellation/tunnels [get]

func UpdateFirewallBlockedClients added in v0.19.0 

func UpdateFirewallBlockedClients() error

func UpdateLocalTunnelCache added in v0.21.0 

func UpdateLocalTunnelCache()

func ValidateStaticHosts added in v0.19.0 

func ValidateStaticHosts(logBuffer *lumberjack.Logger) error

Types

type DeviceBlockRequestJSON 

type DeviceBlockRequestJSON struct {
	Nickname   string `json:"nickname" validate:"required,min=3,max=32"`
	DeviceName string `json:"deviceName" validate:"required,min=3,max=32"`
	Block      bool   `json:"block,omitempty"`
}

type DeviceCreateRequestJSON 

type DeviceCreateRequestJSON struct {
	DeviceName string `json:"deviceName" validate:"required,min=3,max=32"`
	IP         string `json:"ip" validate:"required,ipv4"`
	PublicKey  string `json:"publicKey,omitempty"`

	// for devices only
	Nickname  string `json:"nickname,omitempty" validate:"omitempty,max=32"`
	Invisible bool   `json:"invisible,omitempty"`

	// for lighthouse only
	IsLighthouse   bool   `json:"isLighthouse,omitempty"`
	CosmosNode     int    `json:"cosmosNode,omitempty"`
	IsRelay        bool   `json:"isRelay,omitempty"`
	IsLoadBalancer bool   `json:"isLoadBalancer,omitempty"`
	IsExitNode     bool   `json:"isExitNode,omitempty"`
	PublicHostname string `json:"PublicHostname,omitempty"`
	Port           string `json:"port,omitempty"`

	// internal
	APIKey string `json:"-"`
}

func DeviceCreate 

func DeviceCreate(request DeviceCreateRequestJSON) (string, string, string, DeviceCreateRequestJSON, error)

type DeviceEditRequestJSON added in v0.21.0 

type DeviceEditRequestJSON struct {
	IsLighthouse   bool     `json:"isLighthouse"`
	IsRelay        bool     `json:"isRelay"`
	IsExitNode     bool     `json:"isExitNode"`
	IsLoadBalancer bool     `json:"isLoadBalancer"`
	Tags           []string `json:"tags" validate:"omitempty,dive,min=1,max=64"`
}

type NodeHeartbeat added in v0.21.0 

type NodeHeartbeat struct {
	DeviceName   string
	IP           string
	IsRelay      bool
	IsLighthouse bool
	IsExitNode   bool
	CosmosNode   int
	Tunnels      []utils.ProxyRouteConfig
	// RunningDeployments is the list of scheduler-managed deployment names
	// currently running on this node, derived from docker containers carrying
	// the `cosmos-deployment` label. Populated from docker at heartbeat time;
	// see UpdateLocalTunnelCache / heartbeat goroutine in tunnels.go.
	RunningDeployments []string `json:"runningDeployments"`
	// RunningDeploymentVersions maps each running deployment name to the spec
	// version its containers were created from (the cosmos-deployment-version
	// label). The scheduler diffs this against the desired Deployment.Version to
	// detect a node running a stale spec and trigger a rolling re-apply. Built
	// from docker alongside RunningDeployments each heartbeat.
	RunningDeploymentVersions map[string]int `json:"runningDeploymentVersions,omitempty"`
	// CPUPercent and RAMPercent are the node's latest resource-usage sample,
	// populated from pro.GetCurrentResources() on each heartbeat tick. Used by
	// the LeastBusyPlacement strategy. Zero when MonitoringOn is false.
	CPUPercent float64 `json:"cpuPercent,omitempty"`
	RAMPercent float64 `json:"ramPercent,omitempty"`
	// MonitoringOn signals whether CPU/RAM numbers are trustworthy. False when
	// the operator disabled monitoring (MonitoringDisabled config flag) or
	// when the sampler hasn't produced a reading yet.
	MonitoringOn bool `json:"monitoringOn"`
	// Tags mirror ConstellationDevice.Tags so the leader can filter eligible
	// placement targets by deployment affinity without an extra DB round-trip.
	Tags []string `json:"tags,omitempty"`
}

type PublicDeviceInfo added in v0.19.0 

type PublicDeviceInfo struct {
	DeviceID       string `json:"id"`
	DeviceName     string `json:"name"`
	User           string `json:"user"`
	IP             string `json:"ip"`
	IsLighthouse   bool   `json:"isLighthouse"`
	CosmosNode     int    `json:"cosmosNode"`
	IsRelay        bool   `json:"isRelay"`
	IsExitNode     bool   `json:"isExitNode"`
	PublicHostname string `json:"publicHostname"`
	Port           string `json:"port"`
}

PublicDeviceInfo represents the limited device information exposed to the public API

type SyncConfigPayload added in v0.22.0 

type SyncConfigPayload struct {
	APITokens map[string]utils.APITokenConfig `json:"apiTokens,omitempty"`
	Roles     map[utils.Role]utils.RoleConfig `json:"roles,omitempty"`
}

type SyncDNSPayload added in v0.21.0 

type SyncDNSPayload struct {
	DNSPort                 string                        `json:"dnsPort"`
	DNSFallback             string                        `json:"dnsFallback"`
	DNSBlockBlacklist       bool                          `json:"dnsBlockBlacklist"`
	DNSAdditionalBlocklists []string                      `json:"dnsAdditionalBlocklists"`
	CustomDNSEntries        []utils.ConstellationDNSEntry `json:"customDNSEntries"`
}

type SyncPayload added in v0.16.0 

type SyncPayload struct {
	Database       string            `json:"database"`
	AuthPrivateKey string            `json:"authPrivateKey"`
	AuthPublicKey  string            `json:"authPublicKey"`
	CART           string            `json:"caCrt"`
	CAKey          string            `json:"caKey"`
	DNS            SyncDNSPayload    `json:"dns"`
	RcloneConfig   string            `json:"rcloneConfig"`
	ConfigData     SyncConfigPayload `json:"configData"`
	LastEdited     int64             `json:"lastEdited"`
}

type SyncRequestPayload added in v0.21.0 

type SyncRequestPayload struct {
	EditedAt int64 `json:"editedAt"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.