From cb2a9dcd7b94209d12a1acb0fb5c86defb6eeacf Mon Sep 17 00:00:00 2001 From: Davide Principi Date: Thu, 15 Jan 2026 12:48:06 +0100 Subject: [PATCH 1/2] fix: manually run apply-vpn-routes A node reboot no longer runs apply-vpn-routes. A manual run is needed. --- vpn.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vpn.rst b/vpn.rst index c5744c5f..5a7a47e3 100644 --- a/vpn.rst +++ b/vpn.rst @@ -43,7 +43,7 @@ to change the port of worker node 2 to 55823: firewall-cmd --reload This procedure also works to change the listening port of the leader node. -However, to make it effective, all worker nodes must be rebooted or the -following command must be executed on each of them: :: +However, to make it effective, the following command must be executed on +each of them: :: apply-vpn-routes From 9294b87812886696ea0a4f78c977d48e5abdf446 Mon Sep 17 00:00:00 2001 From: Davide Principi Date: Thu, 15 Jan 2026 17:57:49 +0100 Subject: [PATCH 2/2] feat: document apply-vpn-routes usage on recovery After a worker offline period, a manual command may be necessary. --- cluster.rst | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/cluster.rst b/cluster.rst index 73782711..ab849a74 100644 --- a/cluster.rst +++ b/cluster.rst @@ -232,6 +232,32 @@ is incorrect, use the optional ``--endpoint`` parameter, for example: :: The VPN endpoint parameter consists of an address (name or IP) prefix and a UDP port number suffix, separated by a colon ``:``. +Recover an offline node +======================= + +If the leader node is offline, the cluster-admin interface is not +accessible and it is not possible to issue commands to worker nodes. If +there is no way to recover the leader, refer to +:ref:`node-promotion-section` to select a new leader. + +If a worker node is offline, the cluster can continue to operate. Cluster +operations such as adding or removing worker nodes and applications are +still possible. + +When an offline node is recovered, in some cases it may be necessary to +manually run the following command on the recovered node: :: + + apply-vpn-routes + +The above command is required if, during the offline period, one or more of +the following events occurred: + +- A node was added to or removed from the cluster. +- Samba was added to or removed from the cluster. + +The ``apply-vpn-routes`` command adjusts the current WireGuard runtime +settings and the system routing table, and persists the changes to reflect +the cluster configuration stored in the Redis database. .. _administrators-section: