feat(ns-ha): configure backup node network

Since keeping the network configuration in sync is hard,
the add-interface API takes care to replicate
the configuration on the backup node.

Author: gsanchietti

packages/ns-api/files/ns.ha

@@ -156,8 +156,56 @@ def execute_remote_command(command):
     error = stderr.read().decode()
     return output, error
 
+def find_device_config(uci, device, config=None):
+    if config is None:
+        config = []
+    # Find the device configuration in UCI
+    for n in utils.get_all_by_type(uci, 'network', 'device'):
+        if uci.get('network', n, 'name', default=None) == device:
+            device_config = uci.get_all('network', n)
+            device_config['record_type'] = 'device'
+            device_config['record_id'] = n
+            
+            if device_config.get('type') == 'bridge':
+                # List all ports of the bridge
+                for port in device_config.get('ports', []):
+                    config = config + find_device_config(uci, port, config)
+            elif device_config.get('type', '').startswith('802'):
+                ifname = device_config.get('ifname')
+                if not ifname:
+                    continue
+                # Get the underlying device of the 802.1q interface
+                for underlying_device in utils.get_all_by_type(uci, 'network', 'device'):
+                    if uci.get('network', underlying_device, 'name', default=None) == ifname:
+                        config = config + find_device_config(uci, ifname, config)
+                        break
+            config.append(device_config)
+ 
+    return config
+
 ### API functions
 
+def import_network_config(configs):
+    # config is a dictionary with the network configuration
+    uci = EUci()
+
+    for config in configs:
+        subprocess.run(["logger", "-t", "ns-ha", f"Importing network configuration: {json.dumps(config)}"], check=True)
+
+    for config in configs:
+        if config.get('record_type') == 'device':
+            # Remove existing devices for the same name
+            for n in utils.get_all_by_type(uci, 'network', 'device'):
+                if uci.get('network', n, 'name', default=None) == config['name']:
+                    uci.delete('network', n)
+        # Create the configuration
+        uci.set('network', config['record_id'], config['record_type'])
+        for k, v in config.items():
+            if k not in ['record_id', 'record_type']:
+                uci.set('network', config['record_id'], k, v)
+    uci.commit('network')
+
+
 def add_interface(role, interface, virtual_ip, gateway):
     # Add a new interface to the keepalived configuration:
     # 1. find a fake unused address inside the fake network 169.254.0.0/16 (reserved for documentation by RFC)
@@ -171,10 +219,38 @@ def add_interface(role, interface, virtual_ip, gateway):
         raise utils.ValidationError('interface', 'interface_not_found_on_main_node')
 
     if role == 'main':
-        _, error = execute_remote_command(f"uci get network.{interface}")
+        # Before adding the interface, configure interface and device on the backup node:
+        # 1. get the device configuration from the main node and send it to the backup node
+        # 2. create the interface on the backup node
+        network_config = []
+        device = u.get('network', interface, 'device', default=None)
+        device_config = find_device_config(u, device)
+        # Please note that device_config could be emptry for a WAN on a clean machine
+        network_config = network_config + device_config
+        
+        interface_config = u.get_all('network', interface)
+        interface_config['record_type'] = 'interface'
+        interface_config['record_id'] = interface
+        # Check if the interface is a bonding interface
+        if interface_config.get('device').startswith('bond-'):
+            # List all the slaves of the bonding interface, strip the prefix 'bond-'
+            try:
+                bond_config = u.get_all('network', interface_config.get('device')[5:])
+                bond_config['record_type'] = 'interface'
+                bond_config['record_id'] = interface_config.get('device')[5:]
+                network_config = network_config + [bond_config]
+            except:
+                return utils.generic_error("bonding_interface_not_found")
+            # Send the slaves to the backup node
+            for slave in bond_config.get('slaves', []):
+                network_config = network_config + find_device_config(u, slave)
+        network_config = network_config + [interface_config]
+
+        # Send the interface configuration to the backup node
+        output, error = execute_remote_command(f"echo '{json.dumps(network_config)}' | /usr/libexec/rpcd/ns.ha call import-network-config")
         if error:
-            raise utils.ValidationError('interface', 'interface_not_found_on_backup_node')
-
+            return utils.generic_error("error_adding_interface_on_backup_node")
+            
     # Get the fake IP address
     main_ip, backup_ip = allocate_fake_ips(u)
 
@@ -241,9 +317,6 @@ def add_interface(role, interface, virtual_ip, gateway):
         })
 
         output, error = execute_remote_command(f"echo '{command}' | /usr/libexec/rpcd/ns.ha call add-interface")
-        print(output)
-        print(error)
-
         if error:
             return utils.generic_error("error_executing_add_interface_on_backup_node")
 
@@ -524,6 +597,15 @@ def check_remote(backup_node_ip, ssh_password):
     ssh.close()
     return result
 
+def list_interfaces():
+    u = EUci()
+    interfaces = []
+    for n in utils.get_all_by_type(u, 'network', 'interface'):
+        if n == 'loopback':
+            continue
+        if u.get('network', n, 'device', default=None):
+            interfaces.append(n)
+    return { "interfaces": interfaces }
 
 cmd = sys.argv[1]
 
@@ -546,12 +628,16 @@ if cmd == 'list':
         },
         "validate-requirements": { "role": "main" },
         "add-interface": {  "role": "main", "interface": "wan", "virtual_ip": "1.2.3.4/24", "gateway": "1.2.3.5" },
-        "status": {}
+        "import-network-config": { [ { "type": "device", "id": "wan", "name": "wan", "device": "eth0.2", "proto": "static", "ipaddr": ""} ] },
+        "status": {},
+        "list-interfaces": {}
         }))
 else:
     action = sys.argv[2]
     if action == "status":
         ret = status()
+    elif action == "list-interfaces":
+        ret = list_interfaces()
     else:
         # Paramaters:
         args = json.loads(sys.stdin.read())
@@ -565,5 +651,7 @@ else:
             ret = check_remote(args.get('backup_node_ip'), args.get('ssh_password'))
         elif action == "validate-requirements":
             ret = validate_requirements(args.get('role'))
+        elif action == "import-network-config":
+            ret = import_network_config(args)
 
     print(json.dumps(ret))

packages/ns-ha/README.md

@@ -12,6 +12,7 @@ Limitations:
 
 - Aliases are not supported
 - IPv4 only
+- VLANs are supported only on physical interfaces
 - Extra packages such as NUT are not supported
 - rsyslog configuration is not synced: if you need to send logs to a remote server, you must use the controller
 - Hotspot is not supported since it requires a new registration when the main node goes down because the MAC address associated with the hotspot interface will be different
@@ -172,13 +173,12 @@ ns-ha-config add-interface <interface> <virtual_ip_address> <gateway>
 
 Make sure to:
 
-- the interface already exists on both nodes
 - enter the virtual IP address in CIDR notation
 - enter the gateway IP address of the WAN interface
 
 The script will:
 
-- check if the interface exists on both nodes
+- create the network interface and devices in the backup node
 - configure the interface on both nodes by using fake IP addresses from the fake network 169.254.0.0/16
 - configure the virtual IP address on both nodes
 
@@ -188,6 +188,16 @@ Example:
 ns-ha-config add-interface wan 192.168.122.49/24 192.168.122.1
 ```
 
+### Configure extra interfaces
+
+You can add extra interfaces using the same command:
+```
+ns-ha-config add-interface <interface> <virtual_ip_address> [<gateway>]
+```
+
+As the WAN interface, you must enter the virtual IP address in CIDR notation.
+Usually, on non-WAN interfaces, the gateway is not required.
+
 ### Check the status
 
 You can check the status of the HA cluster at any time.
@@ -216,7 +226,6 @@ Last Sync Time: Fri Apr 18 13:09:08 UTC 2025
 ```
 
 
-
 ## How it works
 
 The HA cluster consists of two nodes: one is the main and the other is the backup.