So I selfhost a Zerotier controller, which is deployed using Saltstack as a means of constructing a VM.
I have a requirement to server a set of internal services (which requires broadcasting) to a subnet which will need to be torn down and reset on a regular basis, and i’d like to have as little (read none) hands on configuration as possible.
That is the premise of the issue atleast.
Zerotier is a wonderful solution, albeit it does alot of random stuff, (ip addresses, network interfaces, IDs etc.)
The issue that i am having is that once the services are connected to the Zerotier network, they get random addresses from the pool, and from there on it works with connecting and everything else.
But what i would like to achieve is that the servers either gets assigned, or assign them self a static/fixed ip that all the clients can connect to.
The problem that rises is the chicken and egg!
The controller dont know what the “future” connecting IDs are to assign addresses
The clients cant seem to set their own IP using the zerotier-cli interface through assignedAddresses
The clients dont know the randomized interface name
So the solution that i am looking for is if there is any way for a cliient to use a “fixed” ID/set its own ID that the controller can reference
Or if the client can set its own IP through Zerotier CLI
the solution that i have at the moment is
service joins
list full json info and take the .[0].portDeviceName
The controller dont know what the “future” connecting IDs are to assign addresses
It’s possible to pre-generate identities via zerotier-idtool generate idenity.secret idenity.public. You’ll have to figure out a way to distribute these identities to the individual machines before starting zerotier.
The clients cant seem to set their own IP using the zerotier-cli interface through assignedAddresses
Correct. IP addresses are managed by the network controller, and configured via the network controller. You mentioned salt stack & a self hosted controller. We don’t have anything to help you there, but if you were using https://my.zerotier.com and Terraform, we have a terraform module that would help with this. Also see our Quickstart Guide for Terraform & ZeroTier.
The clients dont know the randomized interface name.
The interface name on Linux is derived from the network ID and is the same on each Linux client for a given network ID.
Awesome, thanks for the reply!
Regarding distributing the IDs, that shouldn’t be a problem as you could use a “shared” space on the salt-master called “Mine”, but if there’s any documentation on how to do that, and set a static IP for an ID I’d really appreciate that. haven’t found anything regarding that yet!
I’ll have a look at the terraform module! i assume that it involves something of distributing the token to the client and make an API request to set the IP for “local” ID?`
I selfhost it as i have more than 50 clients, and i have the capacity in my homelab to do so, so might as well use it!
The Terraform module only supports networks hosted at https://my.zerotier.com at this time, and not the self hosted controllers.
You can use the service API to assign IPs & pre-authorize member IDs. The IDs do not have to join the network first. You can set these up on the controller beforehand via the API.
yeah create and pre-auth members (though its a “public” ZT-net) should absolutly be doable, although i cant find any doc/api-call to assign IP to an ID in the docs? while still using a IP Pool
Looks like there’s a few things missing from the Open API spec, but it is possible to POST to the members. Other docs for the controller API can be found here