diplonat helps you exposing your public services in a dynamic environment
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Quentin fd3a153103
Fix the CONTRIBUTING doc for the new formatting
9 months ago
src Stricter Rust formating rules and build in the CI 9 months ago
.dockerignore Dockerize app 2 years ago
.drone.yml Stricter Rust formating rules and build in the CI 9 months ago
.gitignore environment.rs successfully replaced with new config/ configuration loader. No API changes, more tests, cleaner code: life is swell. 11 months ago
.rustfmt.toml Stricter Rust formating rules and build in the CI 9 months ago
CONTRIBUTING.md Fix the CONTRIBUTING doc for the new formatting 9 months ago
Cargo.lock New configuration parsing using envy. Added minimal functionnality for 11 months ago
Cargo.toml New configuration parsing using envy. Added minimal functionnality for 11 months ago
Dockerfile update README & Dockerfile 2 years ago
README.md added rustfmt: a rustfmt.toml file diescribing syntax (soft tabs of 2 spaces), a CONTRIBUTING.md file to explain how to use rustfmt, a .drone.yml file to add code style checks in CI, 2 lines in README.md to present CONTRIBUTING.md, and applied rustfmt on the source 10 months ago
docker-compose.yml change image name 2 years ago

README.md

Diplonat

Feature set

  • (Re)Configure NAT via UPNP/IGD (prio: high)
  • (Re)Configure iptables (prio: low)
  • (Re)Configure DNS via ??? (prio: low)

Understand scope

  • Reconfigure local environment when provisionning a cluster service
    • Reconfigure host on demand according to service needs (Firewall)
    • Reconfigure host local network according to service needs (Router NAT)
  • Operate a global reconfiguration that associate the tuple (local environment information, a cluster service)
    • Reconfigure an external service with local info (DNS with public IP returned by the router via IGD)

Dependencies

The reqwest crate "will make use of system-native transport layer security to connect to HTTPS destinations". See reqwest's documentation for more information.

Operate

You need to add the following to your nomad config file :

client {
  [...]

  options {
    docker.privileged.enabled = "true"
  } 
}
cargo build
consul agent -dev # in a separate terminal

# adapt following values to your configuration
export DIPLONAT_PRIVATE_IP="192.168.0.18"
export DIPLONAT_REFRESH_TIME="60"
export DIPLONAT_EXPIRATION_TIME="300"
export DIPLONAT_CONSUL_NODE_NAME="lheureduthe"
export RUST_LOG=debug
cargo run

Contributing

Refer to CONTRIBUTING.md.

Design Guidelines

Diplonat is made of a set of Components. Components communicate between them thanks to tokio::sync::watch transferring copiable messages. Each message must contain the whole state (and not a transition) as messages can be lost if a more recent message is received. This choice has been made to limit bugs. If you need to watch two actors and merge their content, you may use tokio::sync::select. When you read a value from source 1, you must cache it to be able to merge it later when you read from source 2.

About Consul Catalog

  • We query the /v1/catalog/node/<node> endpoint
  • We can watch it thanks to Blocking Queries

eg:

curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe
# returns X-Consul-Index: 15
curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe?index=15

Each time you do the request, the whole list of services bound to the node is returned.

To test the Consul Catalog part, you can do:

consul agent -dev #in a separate terminal, if not already running
consul services register -name=fake_leet -tag="(diplonat (tcp_port 1337) (tcp_port 1338 1339))"
consul services register -name=fake_dns  -tag="(diplonat (udp_port 53) (tcp_port 53))"
consul services register -name=fake_irc  -tag="(diplonat (udp_port 6667 6666))"
consul services -id=example