Changelog
This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.
Please remember to always back up your database between versions
Here is a short summary of the broad topics of changes:
Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.
The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.
The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.
Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.
While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.
There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.
BREAKING
- Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
- Change the structure of database configuration, see config-example.yaml for the new structure. #1700
- Old structure has been remove and the configuration must be converted.
- Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
- API: Machine is now Node #1553
- Remove support for older Tailscale clients #1611
- The latest supported client is 1.38
- Headscale checks that at least one DERP is defined at start #1564
- If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
- Embedded DERP server requires a private key #1611
- Add a filepath entry to
derp.server.private_key_path
- Add a filepath entry to
- Docker images are now built with goreleaser (ko) #1716 #1763
- Entrypoint of container image has changed from shell to headscale, require change from
headscale servetoserve /var/lib/headscaleand/var/run/headscaleis no longer created automatically, see container docs
- Entrypoint of container image has changed from shell to headscale, require change from
- Prefixes are now defined per v4 and v6 range. #1756
ip_prefixesoption is nowprefixes.v4andprefixes.v6prefixes.allocationcan be set to assign IPs atsequentialorrandom. #1869
Changes
- Use versioned migrations #1644
- Make the OIDC callback page better #1484
- SSH support #1487
- State management has been improved #1492
- Use error group handling to ensure tests actually pass #1535 based on #1460
- Fix hang on SIGTERM #1492 taken from #1480
- Send logs to stderr by default #1524
- Fix TS-2023-006 security UPnP issue #1563
- Turn off gRPC logging #1640 fixes #1259
- Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
- Add support for deleting api keys #1702
- Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
Commits
- 2fb7428 Add FAQ question about using the same machine as server and client
- 2858ab4 Add new shasum for flake.nix
- c1d4fef Downgrade update sent to debug (#1843)
- a244eab Ephemeral keys can now be reusable and non-reusable
- 785b150 Fix typo in docs - DB file path (#1546)
- 4d90210 Fix/improve documentation formatting (#1575)
- 2ce23df Migrate IP fields in database to dedicated columns (#1869)
- 0fcfd64 More concise
- 58c94d2 Rework map session
- 84de185 Run prettier
- bdf54e8 Update answer based on comment
- b477e5f Update docker related doc (#1421)
- 6efc507 Update docs/faq.md
- dbe3282 Update docs/faq.md
- 1d3eae8 Update flake.lock (#1657)
- 7bea885 Updated dependencies, fixing segfault for OpenBSD Fixes #1857
- 8a8e25a [docs] Use modern Apt command to install package (#1420)
- bf4fd07 clean up use of log.Error where errors could be wrapped
- 20bf377 docs(README): update contributors (#1834)
- 95004de docs/reverse-proxy: use standard map, correct X-Forwarded-Proto variable for nginx (#1790)
- c9966ba fix postgres migration (#1802)
- c29eddd flake.lock: Update (#1833)
- dd693c4 flake.lock: Update (#1848)
- 1704977 improve testing of route failover logic
- 60f0cf9 more log.Error -> fmt.Errorf cleanup
- 7d62e9f move "embedded derp" settings into With options for integration tests (#1872)
- e15a083 simplify integration testing with matrix jobs (#1799)
- 74ff14e update docs workflow (#1832)
- ef26f58 update gh workflow actions (#1809)
- 85cef84 use newer fork of termcolor (#1842)
- d4af0c3 Log available update as warning (#1877)
- 4095372 fix ip migration
- c4c8cfe Fix crash when a prefix family was empty