fix: Enhance default route handling in locals.tf for improved reliability

mysticaltech · mysticaltech · commit 5d8d321aafe6 · 2025-10-23T18:27:58.000+02:00
This commit updates the logic in locals.tf to enhance the handling of default routes for the private interface. The changes include a more robust method for checking existing routes and modifying them based on the current metric, ensuring that the configuration adapts to varying network conditions. This improvement addresses potential issues with route persistence and error handling, contributing to a more stable network setup in response to recent DHCP behavior changes.
diff --git a/locals.tf b/locals.tf
@@ -100,7 +100,7 @@ locals {
       join("\n", [
         "# Ensure persistent private-network default route (Hetzner DHCP change Aug 11, 2025)",
         "set +e  # Allow idempotent network adjustments",
-        "METRIC=512",
+        "METRIC=30000",
         "",
         "# Determine the private interface dynamically (no hardcoded eth1)",
         "PRIV_IF=$(ip -4 route show ${var.network_ipv4_cidr} 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i==\"dev\"){print $(i+1); exit}}' | head -n 1)",
@@ -116,8 +116,19 @@ locals {
         "    if [ -n \"$NM_CONN\" ]; then",
         "      # Persist a default route via the private gateway with higher metric than public NICs",
         "      ROUTE_READY=0",
-        "      if nmcli -g ipv4.routes connection show \"$NM_CONN\" | grep -qE \"^0\\.0\\.0\\.0/0[[:space:]]+${local.network_gw_ipv4}([[:space:]]|$)\"; then",
-        "        ROUTE_READY=1",
+        "      ROUTE_LINE=$(nmcli -g ipv4.routes connection show \"$NM_CONN\" | tr ',' '\\n' | awk '$1==\"0.0.0.0/0\" && $2==\"${local.network_gw_ipv4}\"{print $0; exit}')",
+        "      if [ -n \"$ROUTE_LINE\" ]; then",
+        "        CUR_ROUTE_METRIC=$(echo \"$ROUTE_LINE\" | awk '{print $3}')",
+        "        if [ -z \"$CUR_ROUTE_METRIC\" ] || [ \"$CUR_ROUTE_METRIC\" != \"$METRIC\" ]; then",
+        "          nmcli connection modify \"$NM_CONN\" -ipv4.routes \"$ROUTE_LINE\" >/dev/null 2>&1 || true",
+        "          if nmcli connection modify \"$NM_CONN\" +ipv4.routes \"0.0.0.0/0 ${local.network_gw_ipv4} $METRIC\" >/dev/null 2>&1; then",
+        "            ROUTE_READY=1",
+        "          else",
+        "            echo \"Warning: Failed to update default route metric on $PRIV_IF. Node may be affected by Hetzner DHCP changes.\" >&2",
+        "          fi",
+        "        else",
+        "          ROUTE_READY=1",
+        "        fi",
         "      else",
         "        if nmcli connection modify \"$NM_CONN\" +ipv4.routes \"0.0.0.0/0 ${local.network_gw_ipv4} $METRIC\" >/dev/null 2>&1; then",
         "          ROUTE_READY=1",
@@ -134,7 +145,13 @@ locals {
         "    fi",
         "  fi",
         "  # Runtime guard to cover current leases before dispatcher hooks fire",
-        "  if ! ip -4 route show default | grep -qE \" via ${local.network_gw_ipv4} dev $PRIV_IF([[:space:]]|$)\" ; then",
+        "  EXISTING_RT=$(ip -4 route show default dev \"$PRIV_IF\" | awk '$3==\"${local.network_gw_ipv4}\"{print $0; exit}')",
+        "  if [ -n \"$EXISTING_RT\" ]; then",
+        "    CUR_RT_METRIC=$(echo \"$EXISTING_RT\" | awk 'match($0,/metric ([0-9]+)/,m){print m[1]}')",
+        "    if [ -z \"$CUR_RT_METRIC\" ] || [ \"$CUR_RT_METRIC\" != \"$METRIC\" ]; then",
+        "      ip -4 route change default via ${local.network_gw_ipv4} dev \"$PRIV_IF\" metric $METRIC 2>/dev/null || true",
+        "    fi",
+        "  else",
         "    ip -4 route add default via ${local.network_gw_ipv4} dev \"$PRIV_IF\" metric $METRIC 2>/dev/null || true",
         "  fi",
         "else",
