[Documentation] Nebula without lighthouses?

[nh2]

I would like the documentation to clarify:

• If all involved nodes have fixed IPs and there are no firewalls involved, can Nebula be run without lighthouses?

That is, is it a legitimate/supported config to just list all nodes in all configs' static_host_map?

Is there be any drawback from such a setup?

Thanks!

[rawdigits]

Yes, you could statically list everything in the static_host_map. The only drawback is the obvious - you cannot roam easily, and all nodes will require a full list of other hosts. it is a bit like using /etc/hosts exclusively instead of DNS

[nh2]

That sounds great. The startup warning already hints it's possible:

WARN[0000] No lighthouses.hosts configured, this host will only be able to initiate tunnels with static_host_map entries

It would be great if this could be generally explained in the docs.

[michaelr524]

@nh2 Hello! Have you had success running with this setup? Does adding/removing entries requires downtime?

[brad-defined]

@michaelr524 The static_host_map is reloadable (with a HUP signal to the running Nebula process) starting with Nebula 1.6.0.

[michaelr524]

Thank you! @brad-defined

[johnmaguire]

Since it seems this question has been answered I am going to close the issue out. The Nebula docs repo is public if you'd like to submit a PR to explain this behavior: https://github.com/DefinedNet/nebula-docs

[nh2]

@michaelr524 I've been running without lighthouses since February, also on Nebula 1.4 without hot reloading.

When I change the host map, I just do a rolling restart of my hosts, and even though that stops the VPN momentarily, this doesn't cause any downtimes to the service I'm building on top.