Support for loading IP addresses from DiploNAT autodiscovery
This commit is contained in:
parent
aaff9b7d4a
commit
0ed9edefee
6 changed files with 187 additions and 72 deletions
1
Cargo.lock
generated
1
Cargo.lock
generated
|
@ -106,6 +106,7 @@ dependencies = [
|
|||
"futures",
|
||||
"reqwest",
|
||||
"serde",
|
||||
"serde_json",
|
||||
"structopt",
|
||||
"tokio",
|
||||
"tracing",
|
||||
|
|
13
Cargo.nix
13
Cargo.nix
|
@ -23,7 +23,7 @@ args@{
|
|||
ignoreLockHash,
|
||||
}:
|
||||
let
|
||||
nixifiedLockHash = "66706604b5c3f270cb3a6b72cb23bf3abba94b9d03fed4048584d92e89851d54";
|
||||
nixifiedLockHash = "f8fd87706eb1709f2cf3a695f4400e1a5e130e3c599cdfebc00bba51c80f494f";
|
||||
workspaceSrc = if args.workspaceSrc == null then ./. else args.workspaceSrc;
|
||||
currentLockHash = builtins.hashFile "sha256" (workspaceSrc + /Cargo.lock);
|
||||
lockHashIgnored = if ignoreLockHash
|
||||
|
@ -188,10 +188,11 @@ in
|
|||
dependencies = {
|
||||
anyhow = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".anyhow."1.0.66" { inherit profileName; }).out;
|
||||
async_trait = (buildRustPackages."registry+https://github.com/rust-lang/crates.io-index".async-trait."0.1.59" { profileName = "__noProfile"; }).out;
|
||||
df_consul = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".df-consul."0.2.0" { inherit profileName; }).out;
|
||||
df_consul = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".df-consul."0.3.3" { inherit profileName; }).out;
|
||||
futures = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures."0.3.25" { inherit profileName; }).out;
|
||||
reqwest = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".reqwest."0.11.13" { inherit profileName; }).out;
|
||||
serde = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde."1.0.149" { inherit profileName; }).out;
|
||||
serde_json = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde_json."1.0.89" { inherit profileName; }).out;
|
||||
structopt = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".structopt."0.3.26" { inherit profileName; }).out;
|
||||
tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.23.0" { inherit profileName; }).out;
|
||||
tracing = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tracing."0.1.37" { inherit profileName; }).out;
|
||||
|
@ -199,17 +200,19 @@ in
|
|||
};
|
||||
});
|
||||
|
||||
"registry+https://github.com/rust-lang/crates.io-index".df-consul."0.2.0" = overridableMkRustCrate (profileName: rec {
|
||||
"registry+https://github.com/rust-lang/crates.io-index".df-consul."0.3.3" = overridableMkRustCrate (profileName: rec {
|
||||
name = "df-consul";
|
||||
version = "0.2.0";
|
||||
version = "0.3.3";
|
||||
registry = "registry+https://github.com/rust-lang/crates.io-index";
|
||||
src = fetchCratesIo { inherit name version; sha256 = "a351d00f138e768845cdefb9ae27b79aeed97c698745c73bb2805cad1167aa81"; };
|
||||
src = fetchCratesIo { inherit name version; sha256 = "0e38cfbab431b53dfd2d09f2a9902510c636d3d7397645bac5cf1959cfde2999"; };
|
||||
dependencies = {
|
||||
anyhow = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".anyhow."1.0.66" { inherit profileName; }).out;
|
||||
bytes = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".bytes."1.3.0" { inherit profileName; }).out;
|
||||
futures = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".futures."0.3.25" { inherit profileName; }).out;
|
||||
log = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".log."0.4.17" { inherit profileName; }).out;
|
||||
reqwest = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".reqwest."0.11.13" { inherit profileName; }).out;
|
||||
serde = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde."1.0.149" { inherit profileName; }).out;
|
||||
tokio = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".tokio."1.23.0" { inherit profileName; }).out;
|
||||
};
|
||||
});
|
||||
|
||||
|
|
|
@ -16,5 +16,6 @@ structopt = "0.3"
|
|||
tokio = { version = "1.22", default-features = false, features = ["rt", "rt-multi-thread", "io-util", "net", "time", "macros", "sync", "signal", "fs"] }
|
||||
reqwest = { version = "0.11", default-features = false, features = ["json", "rustls-tls-webpki-roots" ] }
|
||||
serde = { version = "1.0.107", features = ["derive"] }
|
||||
serde_json = "1.0"
|
||||
|
||||
df-consul = "0.3.3"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
RUST_LOG=d53=info cargo run \
|
||||
RUST_LOG=d53=debug cargo run \
|
||||
-- \
|
||||
--consul-addr http://localhost:8500 \
|
||||
--providers deuxfleurs.org:gandi \
|
||||
|
|
|
@ -1,17 +1,21 @@
|
|||
use std::collections::{HashMap, HashSet};
|
||||
use std::fmt;
|
||||
use std::net::{Ipv4Addr, Ipv6Addr};
|
||||
use std::sync::Arc;
|
||||
use std::time::Duration;
|
||||
use std::time::{Duration, SystemTime};
|
||||
|
||||
use anyhow::Result;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use tokio::{select, sync::watch};
|
||||
use tracing::*;
|
||||
|
||||
use df_consul::*;
|
||||
|
||||
const IPV4_TARGET_METADATA_TAG: &str = "public_ipv4";
|
||||
const IPV6_TARGET_METADATA_TAG: &str = "public_ipv6";
|
||||
const IP_TARGET_METADATA_TAG_PREFIX: &str = "public_";
|
||||
const CNAME_TARGET_METADATA_TAG: &str = "cname_target";
|
||||
|
||||
const AUTODISCOVERY_CACHE_DURATION: u64 = 600; // 10 minutes
|
||||
|
||||
// ---- Extract DNS config from Consul catalog ----
|
||||
|
||||
#[derive(Debug, Eq, PartialEq, Default)]
|
||||
|
@ -54,25 +58,99 @@ impl DnsConfig {
|
|||
}
|
||||
}
|
||||
|
||||
fn parse_d53_tag(tag: &str, node: &catalog::Node) -> Option<(DnsEntryKey, DnsEntryValue)> {
|
||||
// ---- fetcher and autodiscovery cache ----
|
||||
|
||||
pub fn spawn_dns_config_task(
|
||||
consul: Consul,
|
||||
must_exit: watch::Receiver<bool>,
|
||||
) -> watch::Receiver<Arc<DnsConfig>> {
|
||||
let (tx, rx) = watch::channel(Arc::new(DnsConfig::new()));
|
||||
|
||||
let fetcher = DnsConfigFetcher {
|
||||
consul,
|
||||
node_ipv4_cache: HashMap::new(),
|
||||
node_ipv6_cache: HashMap::new(),
|
||||
};
|
||||
|
||||
tokio::spawn(fetcher.task(tx, must_exit));
|
||||
|
||||
rx
|
||||
}
|
||||
|
||||
struct DnsConfigFetcher {
|
||||
consul: Consul,
|
||||
node_ipv4_cache: HashMap<String, (u64, Option<Ipv4Addr>)>,
|
||||
node_ipv6_cache: HashMap<String, (u64, Option<Ipv6Addr>)>,
|
||||
}
|
||||
|
||||
impl DnsConfigFetcher {
|
||||
async fn task(
|
||||
mut self,
|
||||
tx: watch::Sender<Arc<DnsConfig>>,
|
||||
mut must_exit: watch::Receiver<bool>,
|
||||
) {
|
||||
let mut catalog_rx = self
|
||||
.consul
|
||||
.watch_all_service_health(Duration::from_secs(60));
|
||||
|
||||
while !*must_exit.borrow() {
|
||||
select! {
|
||||
_ = catalog_rx.changed() => (),
|
||||
_ = must_exit.changed() => continue,
|
||||
};
|
||||
|
||||
let services = catalog_rx.borrow_and_update().clone();
|
||||
match self.parse_catalog(&services).await {
|
||||
Ok(dns_config) => tx.send(Arc::new(dns_config)).expect("Internal error"),
|
||||
Err(e) => {
|
||||
error!("Error when parsing tags: {}", e);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
async fn parse_catalog(&mut self, services: &catalog::AllServiceHealth) -> Result<DnsConfig> {
|
||||
let mut dns_config = DnsConfig::new();
|
||||
for (_svc, nodes) in services.iter() {
|
||||
for node in nodes.iter() {
|
||||
// Do not take into account backends if any have status critical
|
||||
if node.checks.iter().any(|x| x.status == "critical") {
|
||||
continue;
|
||||
}
|
||||
for tag in node.service.tags.iter() {
|
||||
if let Some((k, v)) = self.parse_d53_tag(tag, &node.node).await? {
|
||||
dns_config.add(k, v);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Ok(dns_config)
|
||||
}
|
||||
|
||||
async fn parse_d53_tag(
|
||||
&mut self,
|
||||
tag: &str,
|
||||
node: &catalog::Node,
|
||||
) -> Result<Option<(DnsEntryKey, DnsEntryValue)>> {
|
||||
let splits = tag.split(' ').collect::<Vec<_>>();
|
||||
if splits.len() != 2 {
|
||||
return None;
|
||||
return Ok(None);
|
||||
}
|
||||
|
||||
let (record_type, targets) = match splits[0] {
|
||||
"d53-a" => match node.meta.get(IPV4_TARGET_METADATA_TAG) {
|
||||
"d53-a" => match self.get_node_ipv4(&node).await? {
|
||||
Some(tgt) => (DnsRecordType::A, [tgt.to_string()].into_iter().collect()),
|
||||
None => {
|
||||
warn!("Got d53-a tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, IPV4_TARGET_METADATA_TAG);
|
||||
return None;
|
||||
warn!("Got d53-a tag `{}` but node {} does not appear to have a known public IPv4 address. Tag is ignored.", tag, node.node);
|
||||
return Ok(None);
|
||||
}
|
||||
},
|
||||
"d53-aaaa" => match node.meta.get(IPV6_TARGET_METADATA_TAG) {
|
||||
"d53-aaaa" => match self.get_node_ipv6(&node).await? {
|
||||
Some(tgt) => (DnsRecordType::AAAA, [tgt.to_string()].into_iter().collect()),
|
||||
None => {
|
||||
warn!("Got d53-aaaa tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, IPV6_TARGET_METADATA_TAG);
|
||||
return None;
|
||||
warn!("Got d53-aaaa tag `{}` but node {} does not appear to have a known public IPv6 address. Tag is ignored.", tag, node.node);
|
||||
return Ok(None);
|
||||
}
|
||||
},
|
||||
"d53-cname" => match node.meta.get(CNAME_TARGET_METADATA_TAG) {
|
||||
|
@ -82,58 +160,90 @@ fn parse_d53_tag(tag: &str, node: &catalog::Node) -> Option<(DnsEntryKey, DnsEnt
|
|||
),
|
||||
None => {
|
||||
warn!("Got d53-cname tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, CNAME_TARGET_METADATA_TAG);
|
||||
return None;
|
||||
return Ok(None);
|
||||
}
|
||||
},
|
||||
_ => return None,
|
||||
_ => return Ok(None),
|
||||
};
|
||||
|
||||
Some((
|
||||
Ok(Some((
|
||||
DnsEntryKey {
|
||||
dns_path: splits[1].to_string(),
|
||||
record_type,
|
||||
},
|
||||
DnsEntryValue { targets },
|
||||
))
|
||||
)))
|
||||
}
|
||||
|
||||
async fn get_node_ipv4(&mut self, node: &catalog::Node) -> Result<Option<Ipv4Addr>> {
|
||||
Self::get_node_ip(&self.consul, "ipv4", &mut self.node_ipv4_cache, node).await
|
||||
}
|
||||
|
||||
async fn get_node_ipv6(&mut self, node: &catalog::Node) -> Result<Option<Ipv6Addr>> {
|
||||
Self::get_node_ip(&self.consul, "ipv6", &mut self.node_ipv6_cache, node).await
|
||||
}
|
||||
|
||||
async fn get_node_ip<A>(
|
||||
consul: &Consul,
|
||||
family: &str,
|
||||
cache: &mut HashMap<String, (u64, Option<A>)>,
|
||||
node: &catalog::Node,
|
||||
) -> Result<Option<A>>
|
||||
where
|
||||
A: Serialize + for<'de> Deserialize<'de> + std::fmt::Debug + std::str::FromStr + Copy + Eq,
|
||||
<A as std::str::FromStr>::Err: Send + Sync + std::error::Error + 'static,
|
||||
{
|
||||
match cache.get(&node.node) {
|
||||
Some((t, a)) if timestamp() <= t + AUTODISCOVERY_CACHE_DURATION => Ok(*a),
|
||||
_ => {
|
||||
let kv_key = format!("diplonat/autodiscovery/{}/{}", family, node.node);
|
||||
let autodiscovery = consul.kv_get(&kv_key).await?;
|
||||
|
||||
if let Some(json) = autodiscovery {
|
||||
let a = serde_json::from_slice::<DiplonatAutodiscoveryResult<A>>(&json)?;
|
||||
if timestamp() <= a.timestamp + AUTODISCOVERY_CACHE_DURATION {
|
||||
if cache.get(&node.node).map(|x| x.1) != Some(a.address) {
|
||||
info!(
|
||||
"Got {} address for {} from diplonat autodiscovery: {:?}",
|
||||
family, node.node, a.address
|
||||
);
|
||||
}
|
||||
cache.insert(node.node.clone(), (a.timestamp, a.address));
|
||||
return Ok(a.address);
|
||||
} else {
|
||||
warn!("{} address for {} from diplonat autodiscovery is outdated (value: {:?}), falling back on value from Consul node meta", family, node.node, a.address);
|
||||
}
|
||||
}
|
||||
|
||||
let meta_tag = format!("{}{}", IP_TARGET_METADATA_TAG_PREFIX, family);
|
||||
let a = node.meta.get(&meta_tag).map(|x| x.parse()).transpose()?;
|
||||
|
||||
if cache.get(&node.node).map(|x| x.1) != Some(a) {
|
||||
info!(
|
||||
"Got {} address for {} from Consul node meta: {:?}",
|
||||
family, node.node, a
|
||||
);
|
||||
}
|
||||
cache.insert(node.node.clone(), (timestamp(), a));
|
||||
Ok(a)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn spawn_dns_config_task(
|
||||
consul: &Consul,
|
||||
mut must_exit: watch::Receiver<bool>,
|
||||
) -> watch::Receiver<Arc<DnsConfig>> {
|
||||
let (tx, rx) = watch::channel(Arc::new(DnsConfig::new()));
|
||||
// ---- util for interaction with diplonat ----
|
||||
|
||||
let mut catalog_rx = consul.watch_all_service_health(Duration::from_secs(60));
|
||||
#[derive(Serialize, Deserialize, Debug)]
|
||||
pub struct DiplonatAutodiscoveryResult<A> {
|
||||
pub timestamp: u64,
|
||||
pub address: Option<A>,
|
||||
}
|
||||
|
||||
tokio::spawn(async move {
|
||||
while !*must_exit.borrow() {
|
||||
select! {
|
||||
_ = catalog_rx.changed() => (),
|
||||
_ = must_exit.changed() => continue,
|
||||
};
|
||||
|
||||
let services = catalog_rx.borrow_and_update();
|
||||
|
||||
let mut dns_config = DnsConfig::new();
|
||||
for (_svc, nodes) in services.iter() {
|
||||
for node in nodes.iter() {
|
||||
// Do not take into account backends if any have status critical
|
||||
if node.checks.iter().any(|x| x.status == "critical") {
|
||||
continue;
|
||||
}
|
||||
for tag in node.service.tags.iter() {
|
||||
if let Some((k, v)) = parse_d53_tag(tag, &node.node) {
|
||||
dns_config.add(k, v);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
tx.send(Arc::new(dns_config)).expect("Internal error");
|
||||
}
|
||||
});
|
||||
|
||||
rx
|
||||
fn timestamp() -> u64 {
|
||||
SystemTime::now()
|
||||
.duration_since(SystemTime::UNIX_EPOCH)
|
||||
.expect("clock error")
|
||||
.as_secs()
|
||||
}
|
||||
|
||||
// ---- Display impls ----
|
||||
|
|
|
@ -111,7 +111,7 @@ async fn main() {
|
|||
.map(ToString::to_string)
|
||||
.collect::<Vec<_>>();
|
||||
|
||||
let rx_dns_config = dns_config::spawn_dns_config_task(&consul, exit_signal.clone());
|
||||
let rx_dns_config = dns_config::spawn_dns_config_task(consul, exit_signal.clone());
|
||||
|
||||
let updater_task = tokio::spawn(dns_updater::dns_updater_task(
|
||||
rx_dns_config.clone(),
|
||||
|
|
Loading…
Reference in a new issue