diplonat helps you exposing your public services in a dynamic environment
Find a file
Quentin Dufour ffab1f6c4b
All checks were successful
continuous-integration/drone/pr Build is passing
Fix code style
2021-09-20 12:08:10 +02:00
src Fix code style 2021-09-20 12:08:10 +02:00
.dockerignore Dockerize app 2020-05-23 16:29:02 +02:00
.drone.yml added a line to CI to actually install rustfmt on the runner 2021-09-11 16:38:09 +02:00
.gitignore environment.rs successfully replaced with new config/ configuration loader. No API changes, more tests, cleaner code: life is swell. 2021-08-16 11:19:16 +02:00
.rustfmt.toml Local code formatting 2021-09-20 11:30:00 +02:00
Cargo.lock New configuration parsing using envy. Added minimal functionnality for 2021-08-16 10:26:06 +02:00
Cargo.toml New configuration parsing using envy. Added minimal functionnality for 2021-08-16 10:26:06 +02:00
CONTRIBUTING.md added rustfmt: a rustfmt.toml file diescribing syntax (soft tabs of 2 spaces), a CONTRIBUTING.md file to explain how to use rustfmt, a .drone.yml file to add code style checks in CI, 2 lines in README.md to present CONTRIBUTING.md, and applied rustfmt on the source 2021-09-11 16:34:03 +02:00
docker-compose.yml Rewrote the configuration options to make Diplonat modular: IGD and Firewall modules will only be enabled if correponding DIPLONAT_*_ENABLE is set. (Breaking changes!) 2021-08-26 16:05:39 +02:00
Dockerfile update README & Dockerfile 2020-06-28 17:01:12 +02:00
README.md Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/diplonat into feature/modular-config 2021-09-20 11:58:03 +02:00

Diplonat

Feature set

  • (Re)Configure NAT via UPNP/IGD (prio: high)
  • (Re)Configure iptables (prio: low)
  • (Re)Configure DNS via ??? (prio: low)

Understand scope

  • Reconfigure local environment when provisionning a cluster service
    • Reconfigure host on demand according to service needs (Firewall)
    • Reconfigure host local network according to service needs (Router NAT)
  • Operate a global reconfiguration that associate the tuple (local environment information, a cluster service)
    • Reconfigure an external service with local info (DNS with public IP returned by the router via IGD)

Dependencies

The reqwest crate "will make use of system-native transport layer security to connect to HTTPS destinations". See reqwest's documentation for more information.

Operate

You need to add the following to your nomad config file :

client {
  [...]

  options {
    docker.privileged.enabled = "true"
  } 
}
cargo build
consul agent -dev # in a separate terminal

# adapt following values to your configuration
export DIPLONAT_CONSUL_NODE_NAME="lheureduthe"
export DIPLONAT_FIREWALL_ENABLE="true"
export DIPLONAT_FIREWALL_REFRESH_TIME="300"
export DIPLONAT_IGD_ENABLE="true"
export DIPLONAT_IGD_PRIVATE_IP="192.168.0.18"
export DIPLONAT_IGD_REFRESH_TIME="60"
export DIPLONAT_IGD_EXPIRATION_TIME="300"
export RUST_LOG=debug
cargo run

Contributing

Refer to CONTRIBUTING.md.

Design Guidelines

Diplonat is made of a set of Components. Components communicate between them thanks to tokio::sync::watch transferring copiable messages. Each message must contain the whole state (and not a transition) as messages can be lost if a more recent message is received. This choice has been made to limit bugs. If you need to watch two actors and merge their content, you may use tokio::sync::select. When you read a value from source 1, you must cache it to be able to merge it later when you read from source 2.

About Consul Catalog

  • We query the /v1/catalog/node/<node> endpoint
  • We can watch it thanks to Blocking Queries

eg:

curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe
# returns X-Consul-Index: 15
curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe?index=15

Each time you do the request, the whole list of services bound to the node is returned.

To test the Consul Catalog part, you can do:

consul agent -dev #in a separate terminal, if not already running
consul services register -name=fake_leet -tag="(diplonat (tcp_port 1337) (tcp_port 1338 1339))"
consul services register -name=fake_dns  -tag="(diplonat (udp_port 53) (tcp_port 53))"
consul services register -name=fake_irc  -tag="(diplonat (udp_port 6667 6666))"
consul services -id=example