juanfont/headscale v0.23.0-alpha4

on GitHub

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure is now considered deprecated and will be removed in the future.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• Add support for deleting api keys #1702

Commits

• 00e7550 Add assert func for verifying status, netmap and netcheck (#1723)
• e3553aa Allow when user has only a subnet route (#1734)
• 0333e97 Build docker images with ko (goreleaser) (#1716)
• 82c64f6 Docs: fix path to nologin shell (#1610)
• 4ea12f4 Fix failover to disabled route #1706 (#1707)
• cbf57e2 Login with OIDC after having been logged out (#1719)
• 68a8ece Prepare notify channel before sending first update (#1730)
• 83769ba Replace database locks with transactions (#1701)
• 94b30ab Restructure database config (#1700)
• 7afc2fd TLS documentation updates (#1733)
• b4210e2 Trim client secret after reading from file (#1697)
• 91bb85e Update bug_report.md (#1672)
• 3f2b238 Upgrade to Go 1.22 and update deps (#1728)
• c3257e2 docs(windows-client): add Windows registry command (#1658)
• c4beb0b document setting oidc client secret cia env (#1649)
• c42f25b fix ko dockerhub builds (#1751)
• a369d57 fix node expire error due to type in gorm model Update (#1692)
• 5109af9 login to docker registries (#1744)
• 905fdaa remove quotes from command (#1742)
• 4740593 ✨ feat(apikey): adds command to delete api keys (#1702)
• 9047c09 ✨ feat: add pqsql configs for open and idle connections (#1583)