320da3885a
Here, we are fixing tunnel creation anomalies regarding pre created Nics. The current production experience is not impacted by non of these bugs. However, they might come up in development or in future when we make Nics a separate customer managed product. Main issue is that, we might create Nics without VMs. In that case, the whole rekeying logic fails because we try to operate on these Nics as well. The reason is that we create tunnels very early on. That's true even for Nics that have no VM attached. This may cause double tunnelling, or different variety of failures in rekeying for other Nics as well, which are at the destination side of the tunnel. To fix this, we do bunch of changes; 1. Adding a new constraint to IpsecTunnel to not allow multiple tunnels in between the same Nics. 2. Moving the tunnel creation to the point where Nic is added to the subnet (SubnetNexus::add_new_nics). 3. Checking the tunnel existence before creating the new entity.
10 lines
170 B
Ruby
10 lines
170 B
Ruby
# frozen_string_literal: true
|
|
|
|
Sequel.migration do
|
|
change do
|
|
alter_table(:ipsec_tunnel) do
|
|
add_unique_constraint [:src_nic_id, :dst_nic_id]
|
|
end
|
|
end
|
|
end
|