agent

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 12, 2017 License: Apache-2.0 Imports: 30 Imported by: 0

README

#Romana Agent

How to read

+---------------------+       +-------------------+
| main.go#main        |       | agent.go#NewAgent |
|                     |       |                   |
++--------------------+       +^------------------+
 |                             |
 |                             |
 |   +---------------------+   |
 +--->  init.go#Init       +---+
 |   |                     |
 |   +---------------------+
 |
 |   +---------------------+
 +--->  serve-api.go#Serve |
     |                     |
     +-----+---------------+
           |
           |http serve
           |
        +--v-----------------------------+
        |  serve-api.go#interfaceHandler |
        |                                |
        +------+-------------------------+
               |
               |goroutine (aka thread)
               |
            +--v-------------------------+
            |  agent.go#interfaceHandle  |
            |                            |
            +----------------------------+

Tests

You can run tests as follows:

git clone https://github.com/romana/core
cd core
make test

Documentation

Overview

Package agent is a Romana service which provides networking functions on the host.

package agent's this file contains all the necessary functions to bring up romana gateway, update necessary kernel parameters and then finally update routes needed by romana to successfully communicate between nodes in romana cluster.

store.go contains functionality for agent's backend store.

Index

Constants

View Source 
const (
	EcodeDefault = iota + 100
	EcodeShelloutFailed
	EcodeRequestParsingFailed
	EcodeCreateRouteFailed
)

Error codes.

View Source 
const CacheSyncPeriod time.Duration = time.Duration(1 * time.Second)
View Source 
const FullSyncPeriod time.Duration = time.Duration(3 * time.Minute)

Variables

View Source 
var ErrorMessages = map[int]string{
	EcodeDefault:              "Unspecified error",
	EcodeShelloutFailed:       "External command unsuccessful",
	EcodeRequestParsingFailed: "Garbage in the request",
	EcodeCreateRouteFailed:    "Can't create IP route",
}

ErrorMessages provides description for error codes ErrorMessages[Ecode]string.

View Source 
var KubeSaveRestoreRules = RuleSet{
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment DefaultDrop -j DROP",
		Position:  BottomPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state ESTABLISHED -j ACCEPT",
		Position:  TopPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment Outgoing -j RETURN",
		Position:  TopPosition,
		Direction: EgressGlobalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state RELATED,ESTABLISHED -j ACCEPT",
		Position:  TopPosition,
		Direction: IngressGlobalDirection,
	},
}

KubeSaveRestoreRules is a set of rules to be applied for kubernetes with IPTsaveProvider firewall.

View Source 
var KubeShellXRules = RuleSet{
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment DefaultDrop -j DROP",
		Position:  DefaultPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state ESTABLISHED -j ACCEPT",
		Position:  DefaultPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment Outgoing -j RETURN",
		Position:  DefaultPosition,
		Direction: EgressGlobalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state RELATED,ESTABLISHED -j ACCEPT",
		Position:  DefaultPosition,
		Direction: IngressGlobalDirection,
	},
}

KubeShellXRules is a set of rules to be applied for kubernetes with ShellexProvider firewall.

View Source 
var OpenStackSaveRestoreRules = RuleSet{
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment DefaultDrop -j DROP",
		Position:  BottomPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state ESTABLISHED -j ACCEPT",
		Position:  TopPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment Outgoing -j RETURN",
		Position:  BottomPosition,
		Direction: EgressGlobalDirection,
	},
	Rule{
		Format:    FormatChainHostU32TenantSegment,
		Body:      "%s ! -s %s -m u32 --u32 %s -j ACCEPT",
		Position:  TopPosition,
		Direction: IngressGlobalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state RELATED,ESTABLISHED -j ACCEPT",
		Position:  TopPosition,
		Direction: IngressGlobalDirection,
	},
}

OpenStackSaveRestoreRules is a set of rules to be applied for OpenStack with IPTsaveProvider firewall.

View Source 
var OpenStackShellRules = RuleSet{
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment DefaultDrop -j DROP",
		Position:  DefaultPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state ESTABLISHED -j ACCEPT",
		Position:  DefaultPosition,
		Direction: EgressLocalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m comment --comment Outgoing -j RETURN",
		Position:  DefaultPosition,
		Direction: EgressGlobalDirection,
	},
	Rule{
		Format:    FormatChainHostU32TenantSegment,
		Body:      "%s ! -s %s -m u32 --u32 %s -j ACCEPT",
		Position:  DefaultPosition,
		Direction: IngressGlobalDirection,
	},
	Rule{
		Format:    FormatChain,
		Body:      "%s -m state --state RELATED,ESTABLISHED -j ACCEPT",
		Position:  DefaultPosition,
		Direction: IngressGlobalDirection,
	},
}

OpenStackShellRules is a set of rules to be applied for OpenStack with ShellexProvider firewall.

Functions

func GetFirstIPinCIDR 

func GetFirstIPinCIDR(ipnet *net.IPNet) (*net.IPNet, error)

func IpToNet added in v1.5.0 

func IpToNet(ip net.IP) (*net.IPNet, error)

IpToNet is a convinience function that transforms net.IP into net.IPNet/32

func ListIpamEndpoints added in v1.5.0 

func ListIpamEndpoints(client *common.RestClient) ([]common.IPAMEndpoint, error)

ListIpamEndpoints returns list of ipam endpoints.

func NewStore 

func NewStore(config common.ServiceConfig) (*agentStore, error)

NewStore returns initialized agentStore.

func ParseRoutePublisherConfig added in v1.5.0 

func ParseRoutePublisherConfig(incoming interface{}) (map[string]string, error)

ParseRoutePublisherConfig attempts to parse configuration value of `route_publisher_config` variable. Config will pass the variable as intrface{} and we need to ensure it's a valid map[string]string.

func PublishRoutesTo added in v1.5.0 

func PublishRoutesTo(provider string, config map[string]string, client *common.RestClient, networkConfig *NetworkConfig) chan net.IPNet

Types

type Agent 

type Agent struct {

	// Helper here is a type that organizes swappable interfaces for 3rd
	// party libraries (e.g. os.exec), and some functions that are using
	// those interfaces directly. Main purpose is to support unit testing.
	// Choice of having Helper as a field of an Agent is made to
	// support multiple instances of an Agent running at same time.
	// We like this approach, since it gives us flexibility as the agent evolves in the future.
	// Should this flexibility not be required, a suitable alternative is to re-implement the
	// Agent structure as a set of global variables.
	Helper *Helper

	// Whether this is running in test mode.
	TestMode bool
	// contains filtered or unexported fields
}

Agent provides access to configuration and helper functions, shared across all the threads. Types Config, Leasefile and Firewall are designed to be loosely coupled so they could later be separated into packages and used independently.

func (*Agent) CreateSchema 

func (a *Agent) CreateSchema(overwrite bool) error

CreateSchema creates database schema.

func (*Agent) Initialize 

func (a *Agent) Initialize(client *common.RestClient) error

Initialize implements the Initialize method of common.Service interface.

func (*Agent) Name 

func (a *Agent) Name() string

Name implements method of Service interface.

func (*Agent) Routes 

func (a *Agent) Routes() common.Routes

Routes implements Routes function of Service interface.

func (*Agent) SetConfig 

func (a *Agent) SetConfig(config common.ServiceConfig) error

SetConfig implements SetConfig function of the Service interface.

type Error 

type Error struct {
	ErrorCode int
	Message   string
	Cause     string
}

Error is a structure that represents an error.

func NewError 

func NewError(ecode int, cause string) Error

NewError helps to construct new Error structure.

func (Error) Error 

func (e Error) Error() string

Error is a method to satisfy error interface and returns a string representation of the error.

type ExternalIP added in v1.1.0 

type ExternalIP struct {
	IP string `json:"ip" form:"ip"`
}

type Helper 

type Helper struct {
	Executor utilexec.Executable
	OS       utilos.OS
	Agent    *Agent //access field for Agent
	// contains filtered or unexported fields
}

Helper groups testable implementations of standard library functions.

func NewAgentHelper 

func NewAgentHelper(agent *Agent) Helper

NewAgentHelper returns Helper with initialized default implementations for all interfaces.

func (Helper) DhcpPid 

func (h Helper) DhcpPid() (int, error)

DhcpPid function checks if dnsmasq is running, it returns pid on succes or error otherwise. TODO Only works with single daemon, maybe implement support for more.

type IP 

type IP struct {
	net.IP
}

IP structure is basically net.IP, but we redefine it so we can implement Valuer and Scanner interfaces on it for storage.

func (*IP) Scan 

func (i *IP) Scan(src interface{}) error

Scan implements driver.Scanner interface on IP

func (IP) Value 

func (i IP) Value() (driver.Value, error)

Value implements driver.Valuer interface on IP

type IpamCache added in v1.5.0 

type IpamCache struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func NewIpamCache added in v1.5.0 

func NewIpamCache() IpamCache

func (*IpamCache) Add added in v1.5.0 

func (i *IpamCache) Add(network net.IPNet)

func (*IpamCache) ListIfClean added in v1.5.0 

func (i *IpamCache) ListIfClean() ([]net.IPNet, bool)

ListIfClean returns contents of a the cache only if it's dirty otherwise returns empty list.

func (*IpamCache) Remove added in v1.5.0 

func (i *IpamCache) Remove(network net.IPNet)

func (*IpamCache) Replace added in v1.5.0 

func (i *IpamCache) Replace(networks []net.IPNet)

type LeaseFile 

type LeaseFile struct {
	Path  string
	Agent *Agent
}

LeaseFile is a structure that manages DHCP leases in file and notifyies DHCP server when leases are updated.

func NewLeaseFile 

func NewLeaseFile(path string, agent *Agent) LeaseFile

NewLeaseFile returns fully initialized LeaseFile struct.

type NetIf 

type NetIf struct {
	Name string `form:"interface_name" sql:"unique"`
	Mac  string `form:"mac_address" gorm:"primary_key"`
	IP   IP     `form:"ip_address" sql:"TYPE:varchar"`
}

NetIf is a structure that represents network interface and its IP configuration together with basic methods operating on this structure.

func NewNetIf 

func NewNetIf(ifname string, mac string, ip string) NetIf

NewNetIf is a simple constructor for NetIf

func (NetIf) GetIP 

func (i NetIf) GetIP() net.IP

GetIP implements firewall.FirewallEndpoint

func (NetIf) GetMac 

func (i NetIf) GetMac() string

GetMac implements firewall.FirewallEndpoint

func (NetIf) GetName 

func (i NetIf) GetName() string

GetName implements firewall.FirewallEndpoint

func (NetIf) MarshalJSON 

func (n NetIf) MarshalJSON() ([]byte, error)

MarshalJSON properly marshals NetIf structure.

func (*NetIf) SetIP 

func (netif *NetIf) SetIP(ip string) error

SetIP parses and sets the IP address of the interface.

func (*NetIf) UnmarshalJSON 

func (netif *NetIf) UnmarshalJSON(data []byte) error

UnmarshalJSON results in having NetIf implement Unmarshaler interface from encoding/json. This is needed because we use a type like net.IP here, not a simple type, and so a call to net.ParseIP is required to unmarshal this properly.

type NetworkConfig 

type NetworkConfig struct {
	// Current host network configuration
	sync.Mutex
	// contains filtered or unexported fields
}

NetworkConfig holds the agent's current configuration. This consists of data parsed from the config file as well as runtime or discovered configuration, such as the network config of the current host. NetworkConfig public methods are used to implement firewall.NetConfig interface.

func (*NetworkConfig) EndpointBits 

func (c *NetworkConfig) EndpointBits() uint

EndpointBits returns endpoint bits value from POC config.

func (*NetworkConfig) EndpointNetmaskSize 

func (c *NetworkConfig) EndpointNetmaskSize() uint64

EndpointNetmaskSize returns integer value (aka size) of endpoint netmask.

func (*NetworkConfig) PNetCIDR 

func (c *NetworkConfig) PNetCIDR() (cidr *net.IPNet, err error)

PNetCIDR returns pseudo net cidr in net.IPNet format.

func (*NetworkConfig) PortBits 

func (c *NetworkConfig) PortBits() uint

PortBits returns tenant bits value from POC config.

func (*NetworkConfig) PrefixBits 

func (c *NetworkConfig) PrefixBits() uint

PrefixBits returns tenant bits value from POC config.

func (*NetworkConfig) RomanaGW 

func (c *NetworkConfig) RomanaGW() net.IP

RomanaGW returns current romana gateway.

func (*NetworkConfig) RomanaGWMask 

func (c *NetworkConfig) RomanaGWMask() net.IPMask

RomanaGWMask returns current romana gateway mask.

func (*NetworkConfig) SegmentBits 

func (c *NetworkConfig) SegmentBits() uint

SegmentBits returns segment bits value from POC config.

func (*NetworkConfig) TenantBits 

func (c *NetworkConfig) TenantBits() uint

TenantBits returns tenant bits value from POC config.

type NetworkRequest 

type NetworkRequest struct {
	NetIf NetIf `json:"net_if,omitempty"`
	// TODO we should not need this tag
	Options map[string]string `json:"options,omitempty"`
}

NetworkRequest specifies messages sent to the agent containing information on how to configure network on its host.

type Route 

type Route struct {
	ID     uint64 `sql:"AUTO_INCREMENT"`
	IP     string
	Mask   string
	Kind   targetKind
	Spec   string
	Status string
}

Route is a model to store managed routes

type Rule 

type Rule struct {
	// Text representation of the rule may contain
	// dynamic tokens (%s), this flag tells how to
	// expand such tokens.
	Format RuleFormat

	// Text representation of the rule.
	Body string

	// Specifies what position rule must occupy.
	// Provides a hint for firewall on how to
	// install this rule in relation to other rules.
	// e.g. top, bottom, after/before something.
	Position RulePosition

	// Specifies traffic direction the rule must be applied to.
	// Provides a hint for firewall on rule placement,
	// different firewall implementations might interpret it
	// differently.
	Direction RuleDirection
}

Rule type in romana agent represents a firewall rule along with information about how this rule should be provisioned in firewall.

type RuleDirection 

type RuleDirection int

RuleDirection indicates that rule should be applied to the traffic going in a specific direction. 

const (
	// List of rules matching traffic from endpoints to the host.
	EgressLocalDirection RuleDirection = iota

	// List of rules matching traffic from endpoints to the rest
	// of the world.
	EgressGlobalDirection

	// List of rules matching traffic from the host to the endpoints.
	IngressLocalDirection

	// List of rules matching traffic from the world to the endpoints.
	IngressGlobalDirection
)

type RuleFormat 

type RuleFormat int

RuleFormat indicates that Rule.Body contains a specific number of tokens that should be replaced with specific information. 

const (
	NoFormatNeeded RuleFormat = iota

	// There is one token in the rule which
	// must be replaced with a chain iptables
	// chain name.
	FormatChain

	// There are 3 tokens in the rule
	// first one must be replaced with iptables
	// chain name, second one must be replaced
	// with localhost ip address (e.g. 10.1.0.1)
	// and a last one with u32 mask that
	// matches romana tenant and segment.
	FormatChainHostU32TenantSegment
)

type RulePosition 

type RulePosition int

RulePosition indicates that firewall implementation should render the rule at specific place of the ruleset e.g. in iptables chain. 

const (
	// Firewall implementation uses default
	// position for the rule.
	DefaultPosition RulePosition = iota

	// Firewall implementation should put
	// this rule at the top of the chain/list.
	TopPosition

	// Firewall implementation should put
	// this rule at the bottom of the chain/list.
	BottomPosition
)

type RuleSet 

type RuleSet []Rule

RuleSet is a collection of agent rules.

type Status 

type Status struct {
	Rules      []firewall.IPtablesRule `json:"rules"`
	Interfaces []NetIf                 `json:"interfaces"`
}

Status is a structure containing statistics returned by statusHandler

Source Files

View all Source files

Directories

Path Synopsis
router
bird
The package advertises list of networks by rerendering bird config file and optionally sending SIGHUP to the bird.
 The package advertises list of networks by rerendering bird config file and optionally sending SIGHUP to the bird.
publisher
Package defines interface for publishing networks via dynamic routing protocols.
 Package defines interface for publishing networks via dynamic routing protocols.
quagga
The package advertises list of networks by connecting to the instance of bgpd and executing `networl A.B.C.D/E` command for every network in a list.
 The package advertises list of networks by connecting to the instance of bgpd and executing `networl A.B.C.D/E` command for every network in a list.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.