Documentation ¶
Index ¶
- Constants
- Variables
- func DebugSSHPortForIP(ip net.IP) (int, error)
- func DockerHandler(d *DockerPlugin, fn func(*DockerPlugin, http.ResponseWriter, *http.Request)) http.HandlerFunc
- func DumpIPTables() string
- func EqualNetSlice(slice1, slice2 []string) bool
- func Routing(action FwAction) error
- type APIError
- type Attrs
- type Bridge
- type CNContainerEvent
- type CNSsntpEvent
- type CnAPICtx
- type Cnci
- type CnciVnic
- type ComputeNode
- func (cn *ComputeNode) CreateCnciVnic(cfg *VnicConfig) (*CnciVnic, error)
- func (cn *ComputeNode) CreateVnic(cfg *VnicConfig) (*Vnic, *SsntpEventInfo, *ContainerInfo, error)
- func (cn *ComputeNode) DbRebuild(links []netlink.Link) error
- func (cn *ComputeNode) DestroyCnciVnic(cfg *VnicConfig) error
- func (cn *ComputeNode) DestroyVnic(cfg *VnicConfig) (*SsntpEventInfo, *ContainerInfo, error)
- func (cn *ComputeNode) Init() error
- func (cn *ComputeNode) ResetNetwork() error
- type ContainerInfo
- type DhcpEntry
- type Dnsmasq
- type DockerEpMap
- type DockerEpVal
- type DockerNwMap
- type DockerNwVal
- type DockerPlugin
- type FatalError
- type Firewall
- func (f *Firewall) ExtFwding(action FwAction, extDevice string, intDevice string) error
- func (f *Firewall) ExtPortAccess(action FwAction, protocol string, extDevice string, externalPort int, ...) error
- func (f *Firewall) PublicIPAccess(action FwAction, internalIP net.IP, publicIP net.IP, extInterface string) error
- func (f *Firewall) ShutdownFirewall() error
- type FwAction
- type GreTunEP
- type Network
- type NetworkConfig
- type NetworkMode
- type SsntpEventInfo
- type Vnic
- func (v *Vnic) Attach(dev interface{}) error
- func (v *Vnic) Create() error
- func (v *Vnic) Destroy() error
- func (v *Vnic) Detach(dev interface{}) error
- func (v *Vnic) Disable() error
- func (v *Vnic) Enable() error
- func (v *Vnic) GetDevice() error
- func (v *Vnic) GetDeviceByName(linkName string) error
- func (v *Vnic) InterfaceName() string
- func (v *Vnic) PeerName() string
- func (v *Vnic) SetHardwareAddr(addr net.HardwareAddr) error
- func (v *Vnic) SetMTU(mtu int) error
- type VnicAttrs
- type VnicConfig
- type VnicRole
Constants ¶
const (
CnAPITimeout = 6
)
CnAPITimeout default controls the API timeout
const (
MACPrefix = "02:00" //Prefix for all private MAC addresses
)
Various configuration options
Variables ¶
var CnMaxAPIConcurrency = 8
CnMaxAPIConcurrency default controls internal API concurrency. It determines how many API's are being actively processed. Can be over-ridden prior to init.
var DockerPluginCfg = struct { Name string Dir string Addr string DataDir string DbFile string Timeout time.Duration }{ Name: "ciao", Dir: "/etc/docker/plugins", Addr: "127.0.0.1:9999", DataDir: "/var/lib/ciao/networking", DbFile: "docker_plugin.db", Timeout: 1 * time.Second, }
DockerPluginCfg controls plugin attributes these may be overridden by the caller if needed
var Logger = clogger.CiaoLog(clogger.CiaoNullLogger{})
Logger is a global variable exported to be set by the package importing libsnnet package, in order to let it decide which logger it wants to use.
Functions ¶
func DebugSSHPortForIP ¶
DebugSSHPortForIP provides a utility routine that returns the ssh port on the tenant CNCI that can be used to reach a tenant instance with a given IP address
func DockerHandler ¶
func DockerHandler(d *DockerPlugin, fn func(*DockerPlugin, http.ResponseWriter, *http.Request)) http.HandlerFunc
DockerHandler is the default handler for unhandled events It returns error to the caller
func DumpIPTables ¶
func DumpIPTables() string
DumpIPTables provides a utility routine that returns the current state of the iptables
func EqualNetSlice ¶
EqualNetSlice compare 2 network slices
Types ¶
type APIError ¶
type APIError struct {
// contains filtered or unexported fields
}
APIError indicates that the networking call failed. However the system is still consistent and the networking layer has performed appropriate cleanup
type Attrs ¶
type Attrs struct { LinkName string // Locally unique device name TenantID string // UUID of the tenant the device belongs to // Auto generated. Combination of UUIDs and other params. // Typically assigned to the alias // It is both locally and globally unique // Fully qualifies the device and its role GlobalID string MACAddr *net.HardwareAddr }
Attrs contains fields common to all device types
type Bridge ¶
Bridge represents a ciao Bridge
func NewBridge ¶
NewBridge is used to initialize the bridge properties This has to be called prior to Create() or GetDevice()
type CNContainerEvent ¶
type CNContainerEvent int
CNContainerEvent to be generated when a Container VNIC is created
const ( //ContainerNetworkInfo Informative, no action needs to be taken by caller ContainerNetworkInfo CNContainerEvent = 0 //ContainerNetworkAdd Caller has to create the logical docker network before starting //a container with this VNIC ContainerNetworkAdd CNContainerEvent = 1 << iota //ContainerNetworkDel Caller is responsible for logical docker network deletion //The corresponding physical network no longer exists ContainerNetworkDel )
type CNSsntpEvent ¶
type CNSsntpEvent int
CNSsntpEvent to be generated in response to a VNIC creation This event is sent to the scheduler which will send it to the appropriate CNCI
const ( //SsntpNone : Non event SsntpNone CNSsntpEvent = 0 //SsntpTunAdd : Local tunnel added, remote tunnel add required SsntpTunAdd CNSsntpEvent = 1 << iota //SsntpTunDel : Local tunnel deleted, remote tunnel delete required SsntpTunDel )
type CnAPICtx ¶
type CnAPICtx struct {
CancelChan chan interface{}
}
CnAPICtx contains API level context used to control the behaviour of the API, for example, cancellation by invoking close(CancelChan)
type Cnci ¶
type Cnci struct { *NetworkConfig MgtAddr []netlink.Addr //TODO: Remove this and just use the link MgtLink []netlink.Link ComputeAddr []netlink.Addr //TODO: Remove this and just use the link ComputeLink []netlink.Link ID string // UUID of the concentrator generated by the Controller Tenant string // UUID of the tenant //APITimeout specifies the amount of time the API will wait for netlink //operations to complete. When multiple go routines invoke the API //simultaneously certain netlink calls suffer higher latencies APITimeout time.Duration // IPAddress of the concentrator that is routable // The UUID to IP mapping in this case has to be // performed using the datacenter DHCP IP net.IP // Public IPAddress this concentrator is assigned PublicIPs []net.IP PublicIPMap map[string]net.IP //Key is public IPNet // contains filtered or unexported fields }
Cnci represents a Concentrator for a single tenant All subnets belonging to this tenant that are handled by this concentrator. A separate bridge will be setup for each subnet with its own dnsmasq service. Traffic is routable between tenant bridges
func (*Cnci) AddRemoteSubnet ¶
AddRemoteSubnet attaches a remote subnet to a local bridge on the CNCI If the bridge and DHCP server does not exist it will be created. If the tunnel exists and the bridge does not exist the bridge is created The bridge name interface name is returned if the bridge is newly created
func (*Cnci) DelRemoteSubnet ¶
DelRemoteSubnet detaches a remote subnet from the local bridge The bridge and DHCP server is kept around as they impose minimal overhead and helps in the case where instances keep getting added and deleted constantly
func (*Cnci) Init ¶
Init sets the CNCI configuration Discovers the physical interfaces and classifies them as management or compute Performs any node specific networking setup.
func (*Cnci) RebuildTopology ¶
RebuildTopology CNCI network database using the information contained in the aliases. It can be called if the agent using the library crashes and loses network topology information. It can also be called, to rebuild the network topology on demand. TODO: Restarting the DNS Masq here - Define a re-attach method TODO: Log failures when making best effort progress
type CnciVnic ¶
CnciVnic represents a ciao CNCI VNIC This is used to connect a CNCI instance to the network A CNCI VNIC will be directly attached to the data center network Currently we use MacVtap in VEPA mode. We can also use MacVtap in Bridge Mode
type ComputeNode ¶
type ComputeNode struct { ID string //UUID of CN *NetworkConfig MgtAddr []netlink.Addr MgtLink []netlink.Link ComputeAddr []netlink.Addr ComputeLink []netlink.Link //APITimeout specifies the amount of time the API will wait for netlink //operations to complete. When multiple go routines invoke the API //simultaneously certain netlink calls suffer higher latencies APITimeout time.Duration *iptables.IPTables // contains filtered or unexported fields }
ComputeNode describes the high level networking setup of a compute node. The design allows for multiple links, however in phase 0 only the first link is chosen. The remaining are ignored. In the future this allows for backup links or link aggregation or failover
func (*ComputeNode) CreateCnciVnic ¶
func (cn *ComputeNode) CreateCnciVnic(cfg *VnicConfig) (*CnciVnic, error)
CreateCnciVnic creates a Cnci VNIC and sets all the underlying framework to ensure that the Vnic is active. The Cnci VNIC will bind to the first compute network interface.
func (*ComputeNode) CreateVnic ¶
func (cn *ComputeNode) CreateVnic(cfg *VnicConfig) (*Vnic, *SsntpEventInfo, *ContainerInfo, error)
CreateVnic creates a tenant VNIC that can be used by containers or VMs This will replace CreateVnic
If this is the first instance of a container Vnic belonging to the tenant on this subnet will provide the ContainerInfo which should be used by the caller of this API to logically create the Network in the Docker network database This is typically done using the command line or API equivalen of docker docker network create -d=ciao --ipam-driver=ciao --subnet=<ContainerInfo.Subnet> --gateway=<ContainerInfo.Gateway> --opt "bridge"=<ContainerInfo.Bridge> ContainerInfo.SubnetID
If this is the first instance of a Vnic belonging to the tenant, will provide a SSNTP message to be sent to the Scheduler to notify the CNCI of this instantiation. This message is processed by the CNCI which will setup the far side of the tunnel which is required to connect this CN tenant bridge to the tenant Subnet
Note: The caller of this function is responsible to send the message to the scheduler
func (*ComputeNode) DbRebuild ¶
func (cn *ComputeNode) DbRebuild(links []netlink.Link) error
DbRebuild the CN network database using the information contained in the aliases. It can be called if the agent using the library crashes and loses network topology information. It can also be called, to rebuild the network topology on demand.
func (*ComputeNode) DestroyCnciVnic ¶
func (cn *ComputeNode) DestroyCnciVnic(cfg *VnicConfig) error
DestroyCnciVnic destroys a Cnci VNIC.
func (*ComputeNode) DestroyVnic ¶
func (cn *ComputeNode) DestroyVnic(cfg *VnicConfig) (*SsntpEventInfo, *ContainerInfo, error)
DestroyVnic destroys a tenant VNIC. If this happens to be the last VNIC for this tenant subnet on this CN, the bridge and GRE tunnel will also be destroyed and SSNTP message generated.
This will replace the DestroyVnic method ¶
This message needs to be sent to the CNCI which will teardown the tunnel. Note: The caller of this function is responsible to send the message to the scheduler or CNCI If the ContainerInfo is set, the container logical network has to be deleted using the command line or API equivalent of docker network rm ContainerInfo.SubnetID>
func (*ComputeNode) Init ¶
func (cn *ComputeNode) Init() error
Init sets the CN node configuration Discovers the physical interfaces and classifies them as management or compute Performs any node specific networking setup.
func (*ComputeNode) ResetNetwork ¶
func (cn *ComputeNode) ResetNetwork() error
ResetNetwork will attempt to clean up all network interfaces created. It will not clean up any interfaces created manually
type ContainerInfo ¶
type ContainerInfo struct { CNContainerEvent SubnetID string Subnet net.IPNet Gateway net.IP Bridge string }
ContainerInfo provides details that needed by docker to create the container associated with this VNIC. This event is used by the launcher to instantiate a logical docker network. This event is used synchronize the network state with the state maintained by docker
type DhcpEntry ¶
type DhcpEntry struct { MACAddr net.HardwareAddr IPAddr net.IP Hostname string // Optional }
DhcpEntry is the fully qualified MAC address to IP mapping
type Dnsmasq ¶
type Dnsmasq struct { SubnetID string // UUID of the Tenant Subnet to which the dnsmasq supports CNCIId string // UUID of the CNCI instance TenantID string // UUID of the Tenant to which the CNCI belongs to TenantNet net.IPNet // The tenant subnet served by this dnsmasq, has to be /29 or larger ReservedIPs int // Reserve IP at the start of subnet ConcIP net.IP // IP Address of the CNCI IPMap map[string]*DhcpEntry // Static mac to IP map, key is macaddress Dev *Bridge // The bridge on which dnsmasq will attach MTU int // MTU that takes into account the tunnel overhead DomainName string // Domain Name to be assigned to the subnet // contains filtered or unexported fields }
Dnsmasq contains all the information required to spawn a dnsmasq process on behalf of a tenant on a concentrator
type DockerEpMap ¶
DockerEpMap maintains the Endpoint UUID to ciao VNIC mapping
func (*DockerEpMap) Add ¶
func (d *DockerEpMap) Add(k string, v interface{}) error
Add adds a value to the map with the specified key
func (*DockerEpMap) NewElement ¶
func (d *DockerEpMap) NewElement() interface{}
NewElement allocates and returns an endpoint value
type DockerEpVal ¶
DockerEpVal stores ciao VNIC info for a particular docker endpoint
type DockerNwMap ¶
DockerNwMap maintains the Docker Network UUID to ciao Network mappings
func (*DockerNwMap) Add ¶
func (d *DockerNwMap) Add(k string, v interface{}) error
Add adds a value to the map with the specified key
func (*DockerNwMap) NewElement ¶
func (d *DockerNwMap) NewElement() interface{}
NewElement allocates and returns an network value
type DockerNwVal ¶
DockerNwVal stores ciao CN tenant bridge mapping
type DockerPlugin ¶
type DockerPlugin struct { database.DbProvider //Database used to persist the Docker to ciao Mapping //This is needed as the Docker Daemon and ciao have //different life cycles and UUIDs *mux.Router *http.Server DockerEpMap DockerNwMap // contains filtered or unexported fields }
DockerPlugin describes a single instance of a docker plugin In the current design the plugin acts as an IPAM and Network Plugin
func NewDockerPlugin ¶
func NewDockerPlugin() *DockerPlugin
NewDockerPlugin instantiates a new Docker Plugin instance
func (*DockerPlugin) Close ¶
func (d *DockerPlugin) Close() error
Close the DockerPlugin This has to be called if the caller has ever performed an Init() failing to close may lead to database corruption
func (*DockerPlugin) Init ¶
func (d *DockerPlugin) Init() error
Init initializes the docker Plugin. Has to be called after init, but before start.
func (*DockerPlugin) Start ¶
func (d *DockerPlugin) Start() error
Start the DockerPlugin. This activates the HTTP/HTTPS server The DockerPlugin has to be started prior to the launch of the Docker Daemon
func (*DockerPlugin) Stop ¶
func (d *DockerPlugin) Stop() error
Stop the DockerPlugin The DockerPlugin has to be stopped after the Docker Daemon has been stopped. If the plugin is stopped when the docker daemon is still active the docker daemon has a timeout and retry mechanism. Hence if the docker plugin is restarted within the retry windows, the docker APIs will still succeed
type FatalError ¶
type FatalError struct {
// contains filtered or unexported fields
}
FatalError indicates that the system may be in an inconsistent state due to the error. The caller needs to initiate some sort of recovery. No new workloads should be scheduled on this node until the error is resolved
func NewFatalError ¶
func NewFatalError(s string) FatalError
NewFatalError is a non recoverable error
func (FatalError) Error ¶
func (e FatalError) Error() string
type Firewall ¶
Firewall defines a single firewall instance
func InitFirewall ¶
InitFirewall Enables routing on the node and NAT on all external facing interfaces. Enable NAT right away to prevent tenant traffic escape TODO: Only enable external routing. Internal routing should always be enabled
func (*Firewall) ExtFwding ¶
ExtFwding enables or disables fwding between an externally connected interface and a tenant bridge (hence a tenant subnet) Each tenant subnet created needs explicit enabling/disabling
func (*Firewall) ExtPortAccess ¶
func (f *Firewall) ExtPortAccess(action FwAction, protocol string, extDevice string, externalPort int, internalIP net.IP, internalPort int) error
ExtPortAccess Enables/Disables port access via external device and port to an internal IP address and port for the specified protocol
func (*Firewall) PublicIPAccess ¶
func (f *Firewall) PublicIPAccess(action FwAction, internalIP net.IP, publicIP net.IP, extInterface string) error
PublicIPAccess Enables/Disables public access to an internal IP
func (*Firewall) ShutdownFirewall ¶
ShutdownFirewall Disables routing and NAT TODO: Only external routing should be disabled.
type GreTunEP ¶
type GreTunEP struct { Attrs Link *netlink.Gretap Key uint32 LocalIP net.IP RemoteIP net.IP CNCIId string // UUID of the CNCI CNId string // UUID of the CN }
GreTunEP ciao GRE Tunnel representation This represents one end of the tunnel
type Network ¶
type Network struct { ManagementNet []net.IPNet // Enumerates all possible management subnets ComputeNet []net.IPNet // Enumerates all possible compute subnets FloatingPool []net.IP // Available floating IPs PublicGw net.IP // Public IP Gateway to reach the internet Mode NetworkMode }
Network describes the configuration of the data center network. This is the physical configuration of the data center. The Management Networks carry management/control SSNTP traffic The Compute Network carries tenant traffic. In a simplistic configuration the management network and the compute networks may be one and the same.
type NetworkConfig ¶
type NetworkConfig struct { ManagementNet []net.IPNet // Enumerates all possible management subnets ComputeNet []net.IPNet // Enumerates all possible compute subnets Mode NetworkMode //The data center networking mode }
NetworkConfig from YAML. This is a subset of the top level data center configuration. Tenant Traffic is carried over the Compute Network. Management Traffic is carried over the Management Network. Both tenant and management traffic can also be carried over the same network if it is not possible to have separate management and compute networks.
type NetworkMode ¶
type NetworkMode int
NetworkMode describes the networking configuration of the data center
const ( // Routed means all traffic is routed with no tenant isolation except through firewall rules Routed NetworkMode = iota // GreTunnel means tenant instances interlinked using GRE tunnels. Full tenant isolation GreTunnel )
type SsntpEventInfo ¶
type SsntpEventInfo struct { Event CNSsntpEvent // TYPE: SSNTP Type CnciIP string // TO: IP Address of the concentrator CnIP string // FROM: Compute Network IP for this node Subnet string // Tenant Subnet TenantID string // Tenant UUID SubnetID string // Tenant Subnet UUID ConcID string // CNCI UUID CnID string // CN UUID SubnetKey int // contains filtered or unexported fields }
SsntpEventInfo contains the event info that needs to be converted to YAML payload and sent to the CNCI via the scheduler
type Vnic ¶
type Vnic struct { VnicAttrs Link netlink.Link // TODO: Enhance netlink library to add specific tap type to libnetlink }
Vnic represents a ciao VNIC (typically a tap or veth interface)
func NewContainerVnic ¶
NewContainerVnic is used to initialize a container Vnic properties This has to be called prior to Create() or GetDevice()
func NewVnic ¶
NewVnic is used to initialize the Vnic properties This has to be called prior to Create() or GetDevice()
func (*Vnic) Attach ¶
Attach the VNIC to a bridge or a switch. Will return error if the VNIC incapable of binding to the specified device
func (*Vnic) GetDevice ¶
GetDevice is used to associate with an existing VNIC provided it satisfies the needs of a Vnic. Returns error if the VNIC does not exist
func (*Vnic) GetDeviceByName ¶
GetDeviceByName is used to associate with an existing VNIC relying on its link name instead of its alias. Returns error if the VNIC does not exist
func (*Vnic) InterfaceName ¶
InterfaceName is used to retrieve the name of the physical interface to which the VM or the container needs to be connected to Returns "" if the link is not setup
func (*Vnic) PeerName ¶
PeerName is used to retrieve the peer name Returns "" if the link is not setup or if the link has no peer
func (*Vnic) SetHardwareAddr ¶
func (v *Vnic) SetHardwareAddr(addr net.HardwareAddr) error
SetHardwareAddr of the interface
type VnicAttrs ¶
type VnicAttrs struct { Attrs Role VnicRole InstanceID string // UUID of the instance to which it will attach BridgeID string // ID of bridge it has attached to IPAddr *net.IP MTU int }
VnicAttrs represent common Vnic attributes
type VnicConfig ¶
type VnicConfig struct { // Per API Context // TODO: Move this outside of the VNIC Cfg. // Currently placed within the VnicConfig for API backward compatibility CnAPICtx VnicRole VnicIP net.IP ConcIP net.IP VnicMAC net.HardwareAddr MTU int SubnetKey int //optional: Currently set to SubnetIP Subnet net.IPNet VnicID string // UUID InstanceID string // UUID TenantID string // UUID SubnetID string // UUID ConcID string // UUID }
VnicConfig from YAML All these fields originate from the Controller These fields fully qualify a VNIC to be created on the NN or CN
type VnicRole ¶
type VnicRole int
VnicRole specifies the role of the VNIC
const ( //TenantVM role is assigned to tenant VM TenantVM VnicRole = iota //Attached to a VM in the tenant network //TenantContainer role is assigned to a tenant container TenantContainer //Attach to a container in the tenant network //DataCenter role is assigned to resources owned by the data center DataCenter //Attached to the data center network )