redundant cloudflared instances

[hmoffatt]

Cloudflare now allows you to run multiple cloudflared instances for the same tunnel, which allows you to restart one without losing all your traffic. Explained here: https://blog.cloudflare.com/highly-available-and-highly-scalable-cloudflare-tunnels/

It would be handy if this role could allow you to configure multiple instances (via systemd) running the same configuration.

[hmoffatt]

You can actually just configure two tunnels with the same config and the same tunnel_id etc and it works. Just don't set the routes on the second one. Possibly there should be some more time allowed between restarting the first tunnel and restarting the second so that both are never down at once.

[papanito]

Mhh as the role iterates over each tunnel, you could add a delay at the end of https://github.com/papanito/ansible-role-cloudflared/blob/main/tasks/configure_tunnels.yml. Probably configurable, maybe even by tunnel with a default of 0 (or globally confgurable).

So if not defined, it will not wait. If you have tunnels which should wait longer, have an additional parameter delay (or whatever).

Good would also be to document this use case properly in the docu.

[hmoffatt]

It might be enough to set https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#grace-period so that cloudflared itself takes longer to wind down. As long as the systemd unit doesn't get impatient and kill it.

Although there might be some time between the new one starting and it being actually useful, potentially leaving a window where there is no working tunnel.

[hmoffatt]

Another issue with having two named tunnels referring to the same tunnel id is that the authentication file is rewritten every time due to the two different tunnel names. There doesn't seem to be any need to write the tunnel name to the authentication file - brand new tunnels created with cloudflare tunnel create don't have that parameter in there.