all: remove everything related to non-seamless key renewal

Seamless key renewal has been the default in all clients since 1.90. We retained the ability to disable it from the control plane as a precaution, but we haven't seen any issues that require us to disable it. We're now removing all the code for non-seamless key renewal, because we don't expect to turn it on again, and indeed it's been untested in the field for three releases so might contain latent bugs! Updates tailscale/corp#33042 Change-Id: I4b80bf07a3a50298d1c303743484169accc8844b Signed-off-by: Alex Chan <alexc@tailscale.com>
2026-05-09 23:54:32 -04:00 · 2026-04-14 18:15:27 +01:00
parent 40088602c9
commit bb91bb842c
5 changed files with 82 additions and 219 deletions
--- a/control/controlknobs/controlknobs.go
+++ b/control/controlknobs/controlknobs.go
@@ -62,12 +62,6 @@ type Knobs struct {
 	// netfiltering, unless overridden by the user.
 	LinuxForceNfTables atomic.Bool

-	// SeamlessKeyRenewal is whether to renew node keys without breaking connections.
-	// This is enabled by default in 1.90 and later, but we but we can remotely disable
-	// it from the control plane if there's a problem.
-	// http://go/seamless-key-renewal
-	SeamlessKeyRenewal atomic.Bool
-
 	// ProbeUDPLifetime is whether the node should probe UDP path lifetime on
 	// the tail end of an active direct connection in magicsock.
 	ProbeUDPLifetime atomic.Bool
@@ -142,8 +136,6 @@ func (k *Knobs) UpdateFromNodeAttributes(capMap tailcfg.NodeCapMap) {
 		silentDisco                          = has(tailcfg.NodeAttrSilentDisco)
 		forceIPTables                        = has(tailcfg.NodeAttrLinuxMustUseIPTables)
 		forceNfTables                        = has(tailcfg.NodeAttrLinuxMustUseNfTables)
-		seamlessKeyRenewal                   = has(tailcfg.NodeAttrSeamlessKeyRenewal)
-		disableSeamlessKeyRenewal            = has(tailcfg.NodeAttrDisableSeamlessKeyRenewal)
 		probeUDPLifetime                     = has(tailcfg.NodeAttrProbeUDPLifetime)
 		appCStoreRoutes                      = has(tailcfg.NodeAttrStoreAppCRoutes)
 		userDialUseRoutes                    = has(tailcfg.NodeAttrUserDialUseRoutes)
@@ -181,21 +173,6 @@ func (k *Knobs) UpdateFromNodeAttributes(capMap tailcfg.NodeCapMap) {
 	k.DisableSkipStatusQueue.Store(disableSkipStatusQueue)
 	k.DisableHostsFileUpdates.Store(disableHostsFileUpdates)
 	k.ForceRegisterMagicDNSIPv4Only.Store(forceRegisterMagicDNSIPv4Only)
-
-	// If both attributes are present, then "enable" should win.  This reflects
-	// the history of seamless key renewal.
-	//
-	// Before 1.90, seamless was a private alpha, opt-in feature.  Devices would
-	// only seamless do if customers opted in using the seamless renewal attr.
-	//
-	// In 1.90 and later, seamless is the default behaviour, and devices will use
-	// seamless unless explicitly told not to by control (e.g. if we discover
-	// a bug and want clients to use the prior behaviour).
-	//
-	// If a customer has opted in to the pre-1.90 seamless implementation, we
-	// don't want to switch it off for them -- we only want to switch it off for
-	// devices that haven't opted in.
-	k.SeamlessKeyRenewal.Store(seamlessKeyRenewal || !disableSeamlessKeyRenewal)
 }

 // AsDebugJSON returns k as something that can be marshalled with json.Marshal