Rename namespace to user in docs

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2023-01-17 19:03:40 +01:00 committed by Juan Font
parent bf0b85f382
commit fb3e2dcf10
8 changed files with 29 additions and 29 deletions

View file

@ -258,7 +258,7 @@ dns_config:
# Defines the base domain to create the hostnames for MagicDNS. # Defines the base domain to create the hostnames for MagicDNS.
# `base_domain` must be a FQDNs, without the trailing dot. # `base_domain` must be a FQDNs, without the trailing dot.
# The FQDN of the hosts will be # The FQDN of the hosts will be
# `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_). # `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
base_domain: example.com base_domain: example.com
# Unix socket used for the CLI to connect without authentication # Unix socket used for the CLI to connect without authentication
@ -301,9 +301,9 @@ unix_socket_permission: "0770"
# - alice@example.com # - alice@example.com
# #
# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
# This will transform `first-name.last-name@example.com` to the namespace `first-name.last-name` # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
# namespace: `first-name.last-name.example.com` # user: `first-name.last-name.example.com`
# #
# strip_email_domain: true # strip_email_domain: true

View file

@ -39,12 +39,12 @@ written by community members. It is _not_ verified by `headscale` developers.
Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment. Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.
For instance, instead of referring to users when defining groups you must For instance, instead of referring to users when defining groups you must
use namespaces (which are the equivalent to user/logins in Tailscale.com). use users (which are the equivalent to user/logins in Tailscale.com).
Please check https://tailscale.com/kb/1018/acls/, and `./tests/acls/` in this repo for working examples. Please check https://tailscale.com/kb/1018/acls/, and `./tests/acls/` in this repo for working examples.
When using ACL's the Namespace borders are no longer applied. All machines When using ACL's the User borders are no longer applied. All machines
whichever the Namespace have the ability to communicate with other hosts as whichever the User have the ability to communicate with other hosts as
long as the ACL's permits this exchange. long as the ACL's permits this exchange.
The [ACLs](acls.md) document should help understand a fictional case of setting The [ACLs](acls.md) document should help understand a fictional case of setting

View file

@ -29,17 +29,17 @@ servers.
## ACL setup ## ACL setup
Note: Namespaces will be created automatically when users authenticate with the Note: Users will be created automatically when users authenticate with the
Headscale server. Headscale server.
ACLs could be written either on [huJSON](https://github.com/tailscale/hujson) ACLs could be written either on [huJSON](https://github.com/tailscale/hujson)
or YAML. Check the [test ACLs](../tests/acls) for further information. or YAML. Check the [test ACLs](../tests/acls) for further information.
When registering the servers we will need to add the flag When registering the servers we will need to add the flag
`--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user (namespace) that is `--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user that is
registering the server should be allowed to do it. Since anyone can add tags to registering the server should be allowed to do it. Since anyone can add tags to
a server they can register, the check of the tags is done on headscale server a server they can register, the check of the tags is done on headscale server
and only valid tags are applied. A tag is valid if the namespace that is and only valid tags are applied. A tag is valid if the user that is
registering it is allowed to do it. registering it is allowed to do it.
Here are the ACL's to implement the same permissions as above: Here are the ACL's to implement the same permissions as above:
@ -164,8 +164,8 @@ Here are the ACL's to implement the same permissions as above:
"dst": ["tag:dev-app-servers:80,443"] "dst": ["tag:dev-app-servers:80,443"]
}, },
// We still have to allow internal namespaces communications since nothing guarantees that each user have // We still have to allow internal users communications since nothing guarantees that each user have
// their own namespaces. // their own users.
{ "action": "accept", "src": ["boss"], "dst": ["boss:*"] }, { "action": "accept", "src": ["boss"], "dst": ["boss:*"] },
{ "action": "accept", "src": ["dev1"], "dst": ["dev1:*"] }, { "action": "accept", "src": ["dev1"], "dst": ["dev1:*"] },
{ "action": "accept", "src": ["dev2"], "dst": ["dev2:*"] }, { "action": "accept", "src": ["dev2"], "dst": ["dev2:*"] },

View file

@ -1,6 +1,6 @@
# Glossary # Glossary
| Term | Description | | Term | Description |
| --------- | --------------------------------------------------------------------------------------------------------------------- | | --------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
| Machine | A machine is a single entity connected to `headscale`, typically an installation of Tailscale. Also known as **Node** | | Machine | A machine is a single entity connected to `headscale`, typically an installation of Tailscale. Also known as **Node** |
| Namespace | A namespace is a logical grouping of machines "owned" by the same entity, in Tailscale, this is typically a User | | Namespace | A namespace was a logical grouping of machines "owned" by the same entity, in Tailscale, this is typically a User (This is now called user) |

View file

@ -44,9 +44,9 @@ oidc:
- alice@example.com - alice@example.com
# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
# This will transform `first-name.last-name@example.com` to the namespace `first-name.last-name` # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
# namespace: `first-name.last-name.example.com` # user: `first-name.last-name.example.com`
strip_email_domain: true strip_email_domain: true
``` ```

View file

@ -101,11 +101,11 @@ Verify `headscale` is available:
curl http://127.0.0.1:9090/metrics curl http://127.0.0.1:9090/metrics
``` ```
6. Create a namespace ([tailnet](https://tailscale.com/kb/1136/tailnet/)): 6. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
```shell ```shell
docker exec headscale \ docker exec headscale \
headscale namespaces create myfirstnamespace headscale users create myfirstuser
``` ```
### Register a machine (normal login) ### Register a machine (normal login)
@ -120,7 +120,7 @@ To register a machine when running `headscale` in a container, take the headscal
```shell ```shell
docker exec headscale \ docker exec headscale \
headscale --namespace myfirstnamespace nodes register --key <YOU_+MACHINE_KEY> headscale --user myfirstuser nodes register --key <YOU_+MACHINE_KEY>
``` ```
### Register machine using a pre authenticated key ### Register machine using a pre authenticated key
@ -129,7 +129,7 @@ Generate a key using the command line:
```shell ```shell
docker exec headscale \ docker exec headscale \
headscale --namespace myfirstnamespace preauthkeys create --reusable --expiration 24h headscale --user myfirstuser preauthkeys create --reusable --expiration 24h
``` ```
This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command: This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:

View file

@ -78,10 +78,10 @@ Verify `headscale` is available:
curl http://127.0.0.1:9090/metrics curl http://127.0.0.1:9090/metrics
``` ```
8. Create a namespace ([tailnet](https://tailscale.com/kb/1136/tailnet/)): 8. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
```shell ```shell
headscale namespaces create myfirstnamespace headscale users create myfirstuser
``` ```
### Register a machine (normal login) ### Register a machine (normal login)
@ -95,7 +95,7 @@ tailscale up --login-server YOUR_HEADSCALE_URL
Register the machine: Register the machine:
```shell ```shell
headscale --namespace myfirstnamespace nodes register --key <YOU_+MACHINE_KEY> headscale --user myfirstuser nodes register --key <YOU_+MACHINE_KEY>
``` ```
### Register machine using a pre authenticated key ### Register machine using a pre authenticated key
@ -103,7 +103,7 @@ headscale --namespace myfirstnamespace nodes register --key <YOU_+MACHINE_KEY>
Generate a key using the command line: Generate a key using the command line:
```shell ```shell
headscale --namespace myfirstnamespace preauthkeys create --reusable --expiration 24h headscale --user myfirstuser preauthkeys create --reusable --expiration 24h
``` ```
This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command: This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:

View file

@ -116,10 +116,10 @@ Verify `headscale` is available:
curl http://127.0.0.1:9090/metrics curl http://127.0.0.1:9090/metrics
``` ```
6. Create a namespace ([tailnet](https://tailscale.com/kb/1136/tailnet/)): 6. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
```shell ```shell
headscale namespaces create myfirstnamespace headscale users create myfirstuser
``` ```
### Register a machine (normal login) ### Register a machine (normal login)
@ -133,7 +133,7 @@ tailscale up --login-server YOUR_HEADSCALE_URL
Register the machine: Register the machine:
```shell ```shell
headscale --namespace myfirstnamespace nodes register --key <YOU_+MACHINE_KEY> headscale --user myfirstuser nodes register --key <YOU_+MACHINE_KEY>
``` ```
### Register machine using a pre authenticated key ### Register machine using a pre authenticated key
@ -141,7 +141,7 @@ headscale --namespace myfirstnamespace nodes register --key <YOU_+MACHINE_KEY>
Generate a key using the command line: Generate a key using the command line:
```shell ```shell
headscale --namespace myfirstnamespace preauthkeys create --reusable --expiration 24h headscale --user myfirstuser preauthkeys create --reusable --expiration 24h
``` ```
This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command: This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command: