Bug 244862 - net/wireguard: Support graceful reload
Summary: net/wireguard: Support graceful reload
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Bernhard Froehlich
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-17 15:49 UTC by david
Modified: 2020-03-30 19:56 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (decke)


Attachments
Proposed patch to add reload functionality to wireguard rc.d script (722 bytes, patch)
2020-03-18 09:04 UTC, david
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description david 2020-03-17 15:49:10 UTC
The rc.d script for wireguard currently only supports stop and start. This means that when we deploy a new configuration for our wireguard server from Ansible, the interface is brought down and recreated, causing a small interruption in traffic for all clients.

'wg syncconf' provides an interface to apply only the needed changes, and should be called on reload. However, it does not allow an Address= line under the [Interface] section. The rc.d script must be changed to set the address itself, after wg-quick creates the interface.

I have a fix for this working on our server but it's not mergeable as-is as it depends on bash. It would be great to see a solution for this upstream.
Comment 1 david 2020-03-18 09:04:01 UTC
Created attachment 212491 [details]
Proposed patch to add reload functionality to wireguard rc.d script

Adding a patch to address this. This is tested working in our setup.

This will use the 'wg syncconf' functionality to reload all peer and key settings, but will skip the interface address configuration and other wg-quick specific stuff. So changing the interface address will still require a restart.
Comment 2 Bernhard Froehlich freebsd_committer 2020-03-30 19:23:17 UTC
Committed in r529909. Thanks!
Comment 3 commit-hook freebsd_committer 2020-03-30 19:56:09 UTC
A commit references this bug:

Author: decke
Date: Mon Mar 30 19:18:04 UTC 2020
New revision: 529909
URL: https://svnweb.freebsd.org/changeset/ports/529909

Log:
  net/wireguard: Implement reload command in rc.d script to reload all peer
  and key settings without restarting the daemon to avoid interface up/down
  and loosing traffic. This does not work if you change the Address= line in
  the [Interface] section which needs a real restart.

  PR:		244862
  Submitted by:	david@isnic.is

Changes:
  head/net/wireguard/Makefile
  head/net/wireguard/files/wireguard.in