2020-05-08 10:57:10 +02:00
Diplonat
========
2020-05-09 16:56:39 +02:00
## Feature set
2020-05-23 16:29:02 +02:00
* [X] (Re)Configure NAT via UPNP/IGD (prio: high)
2020-06-28 17:01:12 +02:00
* [X] (Re)Configure iptables (prio: low)
2020-05-09 16:57:33 +02:00
* [ ] (Re)Configure DNS via ??? (prio: low)
2020-05-09 16:56:39 +02:00
2020-05-22 11:34:12 +02:00
## Understand scope
* Reconfigure __local__ environment when provisionning a __cluster__ service
* Reconfigure host on demand according to service needs (Firewall)
* Reconfigure host local network according to service needs (Router NAT)
* Operate a global reconfiguration that associate the tuple (__local__ environment information, a __cluster__ service)
* Reconfigure an external service with local info (DNS with public IP returned by the router via IGD)
2021-08-14 18:08:48 +02:00
## Dependencies
The `reqwest` crate "will make use of system-native transport layer security to connect to HTTPS destinations". See [`reqwest`'s documentation ](https://docs.rs/reqwest/0.9.18/reqwest/#tls ) for more information.
2020-05-09 16:56:39 +02:00
## Operate
2020-06-28 17:01:12 +02:00
You need to add the following to your nomad config file :
```
client {
[...]
options {
docker.privileged.enabled = "true"
}
}
```
2020-05-08 10:57:10 +02:00
```bash
cargo build
2020-05-08 10:58:04 +02:00
consul agent -dev # in a separate terminal
2020-05-08 10:57:10 +02:00
2020-06-28 17:01:12 +02:00
# adapt following values to your configuration
2020-05-08 10:57:10 +02:00
export DIPLONAT_PRIVATE_IP="192.168.0.18"
export DIPLONAT_REFRESH_TIME="60"
export DIPLONAT_EXPIRATION_TIME="300"
export DIPLONAT_CONSUL_NODE_NAME="lheureduthe"
2020-05-21 17:51:30 +02:00
export RUST_LOG=debug
2020-05-08 10:57:10 +02:00
cargo run
```
2020-05-21 22:25:33 +02:00
2021-09-11 16:34:03 +02:00
## Contributing
Refer to [CONTRIBUTING.md ](./CONTRIBUTING.md ).
2020-05-22 11:06:26 +02:00
## Design Guidelines
Diplonat is made of a set of Components.
Components communicate between them thanks to [tokio::sync::watch ](https://docs.rs/tokio/0.2.21/tokio/sync/index.html#watch-channel ) transferring copiable messages.
Each message must contain the whole state (and not a transition) as messages can be lost if a more recent message is received.
This choice has been made to limit bugs.
If you need to watch two actors and merge their content, you may use [tokio::sync::select ](https://docs.rs/tokio/0.2.21/tokio/macro.select.html ).
When you read a value from source 1, you must cache it to be able to merge it later when you read from source 2.
2020-05-21 22:25:33 +02:00
## About Consul Catalog
* We query the `/v1/catalog/node/<node>` endpoint
* We can watch it thanks to [Blocking Queries ](https://www.consul.io/api/features/blocking.html )
eg:
```bash
curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe
# returns X-Consul-Index: 15
curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe?index=15
```
Each time you do the request, the whole list of services bound to the node is returned.
To test the Consul Catalog part, you can do:
```bash
consul agent -dev #in a separate terminal, if not already running
2020-05-22 16:27:43 +02:00
consul services register -name=fake_leet -tag="(diplonat (tcp_port 1337) (tcp_port 1338 1339))"
consul services register -name=fake_dns -tag="(diplonat (udp_port 53) (tcp_port 53))"
consul services register -name=fake_irc -tag="(diplonat (udp_port 6667 6666))"
2020-05-21 22:25:33 +02:00
consul services -id=example
```
2022-04-23 11:58:34 +02:00
## License
This software is published under the AGPLv3 license.