From d18b11ebd429c55220e803a58055d0779bedb2ac Mon Sep 17 00:00:00 2001 From: "Jonathan Leibiusky @xetorthio" Date: Tue, 11 Jul 2017 15:05:21 -0300 Subject: [PATCH] Add l2 implementation --- Dockerfile.l2 | 30 ++++++++++ api.go | 2 - config/config.go | 8 ++- router/l2/l2.go | 136 +++++++++++++++++++++++++++++++++++++++++++ router/l2/l2_test.go | 47 +++++++++++++++ router/router.go | 7 +++ 6 files changed, 226 insertions(+), 4 deletions(-) create mode 100644 Dockerfile.l2 create mode 100644 router/l2/l2.go create mode 100644 router/l2/l2_test.go diff --git a/Dockerfile.l2 b/Dockerfile.l2 new file mode 100644 index 0000000..372634e --- /dev/null +++ b/Dockerfile.l2 @@ -0,0 +1,30 @@ +FROM golang:1.8 + +# Copy the runtime dockerfile into the context as Dockerfile +COPY . /go/src/github.com/play-with-docker/play-with-docker + +WORKDIR /go/src/github.com/play-with-docker/play-with-docker + +RUN go get -v -d ./... + +RUN ssh-keygen -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key >/dev/null + +WORKDIR /go/src/github.com/play-with-docker/play-with-docker/router/l2 + +RUN CGO_ENABLED=0 go build -a -installsuffix nocgo -o /go/bin/play-with-docker-l2 . + + +FROM alpine + +RUN apk --update add ca-certificates +RUN mkdir /app + +COPY --from=0 /go/bin/play-with-docker-l2 /app/play-with-docker-l2 +COPY --from=0 /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key + +WORKDIR /app +CMD ["./play-with-docker-l2", "-ssh_key_path", "/etc/ssh/ssh_host_rsa_key"] + +EXPOSE 22 +EXPOSE 53 +EXPOSE 443 diff --git a/api.go b/api.go index fdcb8bc..9a69667 100644 --- a/api.go +++ b/api.go @@ -76,8 +76,6 @@ func main() { ReadHeaderTimeout: 5 * time.Second, } - go handlers.ListenSSHProxy("0.0.0.0:1022") - log.Println("Listening on port " + config.PortNumber) log.Fatal(httpServer.ListenAndServe()) } diff --git a/config/config.go b/config/config.go index b165620..bbeecdd 100644 --- a/config/config.go +++ b/config/config.go @@ -2,6 +2,7 @@ package config import ( "flag" + "log" "os" "regexp" "time" @@ -13,14 +14,14 @@ const ( AliasnameRegex = "[0-9|a-z|A-Z|-]*" AliasSessionRegex = "[0-9|a-z|A-Z]{8}" AliasGroupRegex = "(" + AliasnameRegex + ")-(" + AliasSessionRegex + ")" - PWDHostPortGroupRegex = "^.*pwd(" + PWDHostnameRegex + ")(?:-?(" + PortRegex + "))?\\..*$" + PWDHostPortGroupRegex = "^.*ip(" + PWDHostnameRegex + ")(?:-?(" + PortRegex + "))?(?:\\..*)?$" AliasPortGroupRegex = "^.*pwd" + AliasGroupRegex + "(?:-?(" + PortRegex + "))?\\..*$" ) var NameFilter = regexp.MustCompile(PWDHostPortGroupRegex) var AliasFilter = regexp.MustCompile(AliasPortGroupRegex) -var SSLPortNumber, PortNumber, Key, Cert, SessionsFile, PWDContainerName, PWDCName, HashKey string +var SSLPortNumber, PortNumber, Key, Cert, SessionsFile, PWDContainerName, PWDCName, HashKey, SSHKeyPath string var MaxLoadAvg float64 func ParseFlags() { @@ -33,7 +34,10 @@ func ParseFlags() { flag.StringVar(&PWDCName, "cname", "host1", "CNAME given to this host") flag.StringVar(&HashKey, "hash_key", "salmonrosado", "Hash key to use for cookies") flag.Float64Var(&MaxLoadAvg, "maxload", 100, "Maximum allowed load average before failing ping requests") + flag.StringVar(&SSHKeyPath, "ssh_key_path", "", "SSH Private Key to use") flag.Parse() + + log.Println("*****************************", SSHKeyPath) } func GetDindImageName() string { dindImage := os.Getenv("DIND_IMAGE") diff --git a/router/l2/l2.go b/router/l2/l2.go new file mode 100644 index 0000000..4055294 --- /dev/null +++ b/router/l2/l2.go @@ -0,0 +1,136 @@ +package main + +import ( + "context" + "encoding/json" + "fmt" + "log" + "net" + "os" + "strings" + + "github.com/docker/docker/api/types" + "github.com/docker/docker/api/types/filters" + "github.com/docker/docker/api/types/network" + "github.com/docker/docker/client" + "github.com/play-with-docker/play-with-docker/config" + "github.com/play-with-docker/play-with-docker/router" +) + +func director(host string) (*net.TCPAddr, error) { + chunks := strings.Split(host, ":") + matches := config.NameFilter.FindStringSubmatch(chunks[0]) + + var rawHost, port string + + if len(matches) == 3 { + rawHost = matches[1] + port = matches[2] + } else if len(matches) == 2 { + rawHost = matches[1] + } else { + return nil, fmt.Errorf("Couldn't find host in string") + } + + if port == "" { + if len(chunks) == 2 { + port = chunks[1] + } else { + port = "80" + } + } + + dstHost := strings.Replace(rawHost, "-", ".", -1) + + t, err := net.ResolveTCPAddr("tcp4", fmt.Sprintf("%s:%s", dstHost, port)) + if err != nil { + return nil, err + } + return t, nil +} + +func connectNetworks() error { + ctx := context.Background() + c, err := client.NewEnvClient() + if err != nil { + log.Fatal(err) + } + + defer c.Close() + + f, err := os.Open(config.SessionsFile) + if err != nil { + return err + } + defer f.Close() + + networks := map[string]*network.EndpointSettings{} + + err = json.NewDecoder(f).Decode(&networks) + if err != nil { + return err + } + + for netId, opts := range networks { + settings := &network.EndpointSettings{} + settings.IPAddress = opts.IPAddress + log.Printf("Connected to network [%s] with ip [%s]\n", netId, opts.IPAddress) + c.NetworkConnect(ctx, netId, config.PWDContainerName, settings) + } + + return nil +} + +func monitorNetworks() { + c, err := client.NewEnvClient() + if err != nil { + log.Fatal(err) + } + + defer c.Close() + + ctx := context.Background() + + args := filters.NewArgs() + + cmsg, _ := c.Events(ctx, types.EventsOptions{Filters: args}) + for { + select { + case m := <-cmsg: + if m.Type == "network" { + // Router has been connected to a new network. Let's get all connections and store them in case of restart. + container, err := c.ContainerInspect(ctx, config.PWDContainerName) + if err != nil { + log.Println(err) + return + } + + f, err := os.Create(config.SessionsFile) + if err != nil { + log.Println(err) + return + } + err = json.NewEncoder(f).Encode(container.NetworkSettings.Networks) + if err != nil { + log.Println(err) + return + } + log.Println("Saved networks") + } + } + } +} + +func main() { + config.ParseFlags() + + err := connectNetworks() + if err != nil && !os.IsNotExist(err) { + log.Fatal("connect networks:", err) + } + go monitorNetworks() + + r := router.NewRouter(director, config.SSHKeyPath) + r.Listen(":443", ":53", ":22") + defer r.Close() +} diff --git a/router/l2/l2_test.go b/router/l2/l2_test.go new file mode 100644 index 0000000..70f3fcf --- /dev/null +++ b/router/l2/l2_test.go @@ -0,0 +1,47 @@ +package main + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestDirector(t *testing.T) { + addr, err := director("ip10-0-0-1-8080.foo.bar") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:8080", addr.String()) + + addr, err = director("ip10-0-0-1.foo.bar") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:80", addr.String()) + + addr, err = director("ip10-0-0-1.foo.bar:9090") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:9090", addr.String()) + + addr, err = director("ip10-0-0-1-2222.foo.bar:9090") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:2222", addr.String()) + + addr, err = director("lala.ip10-0-0-1-2222.foo.bar") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:2222", addr.String()) + + addr, err = director("lala.ip10-0-0-1-2222") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:2222", addr.String()) + + addr, err = director("ip10-0-0-1-2222") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:2222", addr.String()) + + addr, err = director("ip10-0-0-1") + assert.Nil(t, err) + assert.Equal(t, "10.0.0.1:80", addr.String()) + + _, err = director("lala10-0-0-1.foo.bar") + assert.NotNil(t, err) + + _, err = director("ip10-0-0-1-10-20") + assert.NotNil(t, err) +} diff --git a/router/router.go b/router/router.go index b46a986..04a3094 100644 --- a/router/router.go +++ b/router/router.go @@ -33,11 +33,14 @@ type proxyRouter struct { } func (r *proxyRouter) Listen(httpAddr, dnsAddr, sshAddr string) { + listenWG := sync.WaitGroup{} + l, err := net.Listen("tcp", httpAddr) if err != nil { log.Fatal(err) } r.httpListener = l + listenWG.Add(1) go func() { for !r.closed { conn, err := r.httpListener.Accept() @@ -46,6 +49,7 @@ func (r *proxyRouter) Listen(httpAddr, dnsAddr, sshAddr string) { } go r.handleConnection(conn) } + listenWG.Done() }() dnsMux := dns.NewServeMux() @@ -71,6 +75,7 @@ func (r *proxyRouter) Listen(httpAddr, dnsAddr, sshAddr string) { log.Fatal("failed to listen for connection: ", err) } r.sshListener = lssh + listenWG.Add(1) go func() { for { nConn, err := lssh.Accept() @@ -80,7 +85,9 @@ func (r *proxyRouter) Listen(httpAddr, dnsAddr, sshAddr string) { go r.sshHandle(nConn) } + listenWG.Done() }() + listenWG.Wait() } func (r *proxyRouter) sshHandle(nConn net.Conn) {