diplonat helps you exposing your public services in a dynamic environment
Find a file
2021-09-22 17:02:25 +02:00
src WIP: looks better, but the Diplonat new function is still full of shit - I'll investigate 2021-09-22 17:02:25 +02:00
.dockerignore Dockerize app 2020-05-23 16:29:02 +02:00
.drone.yml Use the official rust image 2021-09-20 16:01:42 +02:00
.gitignore environment.rs successfully replaced with new config/ configuration loader. No API changes, more tests, cleaner code: life is swell. 2021-08-16 11:19:16 +02:00
.rustfmt.toml Use the new formatting rules 2021-09-20 16:07:58 +02:00
Cargo.lock New configuration parsing using envy. Added minimal functionnality for 2021-08-16 10:26:06 +02:00
Cargo.toml New configuration parsing using envy. Added minimal functionnality for 2021-08-16 10:26:06 +02:00
CONTRIBUTING.md Fix the CONTRIBUTING doc for the new formatting 2021-09-20 15:18:49 +02:00
docker-compose.yml Rewrote the configuration options to make Diplonat modular: IGD and Firewall modules will only be enabled if correponding DIPLONAT_*_ENABLE is set. (Breaking changes!) 2021-08-26 16:05:39 +02:00
Dockerfile update README & Dockerfile 2020-06-28 17:01:12 +02:00
README.md Merge branch 'main' of git.deuxfleurs.fr:Deuxfleurs/diplonat into feature/modular-config 2021-09-20 11:58:03 +02:00

Diplonat

Feature set

  • (Re)Configure NAT via UPNP/IGD (prio: high)
  • (Re)Configure iptables (prio: low)
  • (Re)Configure DNS via ??? (prio: low)

Understand scope

  • Reconfigure local environment when provisionning a cluster service
    • Reconfigure host on demand according to service needs (Firewall)
    • Reconfigure host local network according to service needs (Router NAT)
  • Operate a global reconfiguration that associate the tuple (local environment information, a cluster service)
    • Reconfigure an external service with local info (DNS with public IP returned by the router via IGD)

Dependencies

The reqwest crate "will make use of system-native transport layer security to connect to HTTPS destinations". See reqwest's documentation for more information.

Operate

You need to add the following to your nomad config file :

client {
  [...]

  options {
    docker.privileged.enabled = "true"
  } 
}
cargo build
consul agent -dev # in a separate terminal

# adapt following values to your configuration
export DIPLONAT_CONSUL_NODE_NAME="lheureduthe"
export DIPLONAT_FIREWALL_ENABLE="true"
export DIPLONAT_FIREWALL_REFRESH_TIME="300"
export DIPLONAT_IGD_ENABLE="true"
export DIPLONAT_IGD_PRIVATE_IP="192.168.0.18"
export DIPLONAT_IGD_REFRESH_TIME="60"
export DIPLONAT_IGD_EXPIRATION_TIME="300"
export RUST_LOG=debug
cargo run

Contributing

Refer to CONTRIBUTING.md.

Design Guidelines

Diplonat is made of a set of Components. Components communicate between them thanks to tokio::sync::watch transferring copiable messages. Each message must contain the whole state (and not a transition) as messages can be lost if a more recent message is received. This choice has been made to limit bugs. If you need to watch two actors and merge their content, you may use tokio::sync::select. When you read a value from source 1, you must cache it to be able to merge it later when you read from source 2.

About Consul Catalog

  • We query the /v1/catalog/node/<node> endpoint
  • We can watch it thanks to Blocking Queries

eg:

curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe
# returns X-Consul-Index: 15
curl -vvv http://127.0.0.1:8500/v1/catalog/node/lheureduthe?index=15

Each time you do the request, the whole list of services bound to the node is returned.

To test the Consul Catalog part, you can do:

consul agent -dev #in a separate terminal, if not already running
consul services register -name=fake_leet -tag="(diplonat (tcp_port 1337) (tcp_port 1338 1339))"
consul services register -name=fake_dns  -tag="(diplonat (udp_port 53) (tcp_port 53))"
consul services register -name=fake_irc  -tag="(diplonat (udp_port 6667 6666))"
consul services -id=example