diplonat helps you exposing your public services in a dynamic environment
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Quentin 862e8ce876
Add license in the readme
2 months ago
src repaired test, now that private IP is an Option 6 months ago
.dockerignore Dockerize app 2 years ago
.drone.yml Use the official rust image 9 months ago
.gitignore environment.rs successfully replaced with new config/ configuration loader. No API changes, more tests, cleaner code: life is swell. 11 months ago
.rustfmt.toml Stricter Rust formating rules and build in the CI 10 months ago
CONTRIBUTING.md Fix the CONTRIBUTING doc for the new formatting 10 months ago
Cargo.lock Allow Diplonat to automatically detect it's private IP 6 months ago
Cargo.toml Allow Diplonat to automatically detect it's private IP 6 months ago
Dockerfile update README & Dockerfile 2 years ago
LICENSE Add the AGPLv3 license 2 months ago
README.md Add license in the readme 2 months ago
docker-compose.yml change image name 2 years ago

README.md

Diplonat

Feature set

  • (Re)Configure NAT via UPNP/IGD (prio: high)
  • (Re)Configure iptables (prio: low)
  • (Re)Configure DNS via ??? (prio: low)

Understand scope

  • Reconfigure local environment when provisionning a cluster service
    • Reconfigure host on demand according to service needs (Firewall)
    • Reconfigure host local network according to service needs (Router NAT)
  • Operate a global reconfiguration that associate the tuple (local environment information, a cluster service)
    • Reconfigure an external service with local info (DNS with public IP returned by the router via IGD)

Dependencies

The reqwest crate "will make use of system-native transport layer security to connect to HTTPS destinations". See reqwest's documentation for more information.

Operate

You need to add the following to your nomad config file :

client {
  [...]

  options {
    docker.privileged.enabled = "true"
  } 
}
cargo build
consul agent -dev # in a separate terminal

# adapt following values to your configuration
export DIPLONAT_PRIVATE_IP="192.168.0.18"
export DIPLONAT_REFRESH_TIME="60"
export DIPLONAT_EXPIRATION_TIME="300"
export DIPLONAT_CONSUL_NODE_NAME="lheureduthe"
export RUST_LOG=debug
cargo run

Contributing

Refer to CONTRIBUTING.md.

Design Guidelines

Diplonat is made of a set of Components. Components communicate between them thanks to tokio::sync::watch transferring copiable messages. Each message must contain the whole state (and not a transition) as messages can be lost if a more recent message is received. This choice has been made to limit bugs. If you need to watch two actors and merge their content, you may use tokio::sync::select. When you read a value from source 1, you must cache it to be able to merge it later when you read from source 2.

About Consul Catalog

  • We query the /v1/catalog/node/<node> endpoint
  • We can watch it thanks to Blocking Queries

eg:

curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe
# returns X-Consul-Index: 15
curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe?index=15

Each time you do the request, the whole list of services bound to the node is returned.

To test the Consul Catalog part, you can do:

consul agent -dev #in a separate terminal, if not already running
consul services register -name=fake_leet -tag="(diplonat (tcp_port 1337) (tcp_port 1338 1339))"
consul services register -name=fake_dns  -tag="(diplonat (udp_port 53) (tcp_port 53))"
consul services register -name=fake_irc  -tag="(diplonat (udp_port 6667 6666))"
consul services -id=example

License

This software is published under the AGPLv3 license.