diff --git a/Makefile b/Makefile index 8497f6e..d68ccae 100755 --- a/Makefile +++ b/Makefile @@ -38,8 +38,15 @@ bin: linux windows darwin ## build all platform binary ## docker run --network host --privileged \ ## -v /var/run:/var/run -v /etc/openlan/switch:/etc/openlan/switch \ ## openlan-switch:5.8.13 -docker: pkg - docker build -t openlan-switch:$(VER) --build-arg BIN=$(LINUX_DIR).bin -f ./dist/openlan-switch.docker . +docker: docker-switch docker-confd + +docker-switch: pkg + cp $(SD)/docker/openlan-switch.docker $(BD) + cd $(BD) && docker build -t openlan-switch:$(VER) --build-arg BIN=$(LINUX_DIR).bin -f openlan-switch.docker . + +docker-confd: pkg + cp $(SD)/docker/openlan-confd.docker $(BD) + cd $(BD) && docker build -t openlan-confd:$(VER) --build-arg BIN=$(LINUX_DIR).bin -f openlan-confd.docker . clean: ## clean cache rm -rvf ./build @@ -131,6 +138,7 @@ install: env linux ## install packages @mkdir -p $(LINUX_DIR)/var/openlan/point @mkdir -p $(LINUX_DIR)/var/openlan/openvpn @mkdir -p $(LINUX_DIR)/var/openlan/dhcp + @mkdir -p $(LINUX_DIR)/var/openlan/confd @mkdir -p $(LINUX_DIR)/etc/sysconfig/openlan @cp -rf $(SD)/dist/resource/point.cfg $(LINUX_DIR)/etc/sysconfig/openlan @cp -rf $(SD)/dist/resource/proxy.cfg $(LINUX_DIR)/etc/sysconfig/openlan diff --git a/README.md b/README.md index 91e0f7e..2930190 100755 --- a/README.md +++ b/README.md @@ -9,20 +9,20 @@ [![Releases](https://img.shields.io/github/release/luscis/openlan/all.svg?style=flat-square)](https://github.com/luscis/openlan/releases) [![GPL 3.0 License](https://img.shields.io/badge/License-GPL%203.0-blue.svg)](LICENSE) -# 什么是OpenLAN? +## 什么是OpenLAN? OpenLAN提供一种局域网数据报文在广域网的传输实现,并能够建立多个用户空间的虚拟以太网络。 ## 为什么是OpenLAN? -如果你有更加灵活的VPN业务需求,需要使用VPN访问企业内部,或者借用公网云主机等进行网络代理、网络穿透等,可以试试OpenLAN,可以做的更简单。 +如果你有更加灵活的VPN业务需求,需要使用VPN访问企业内部,或者借用公网云主机等进行网络代理、网络穿透等,可以试试OpenLAN,它能让部署变得更简单。 -## OpenLAN支持什么功能? +## OpenLAN有什么功能? * 用户可以使用OpenLAN划分多个网络空间,为不同的业务提供逻辑网络隔离; * 多个OpenLAN Switch之间可以使用OpenLAN协议在二层上互联互通,在二层网络上可以添加SNAT路由轻松的访问企业内部网络; * 用户可以使用OpenVPN接入OpenLAN网络,OpenVPN支持多平台如Android/MacOS/Windows等; -* 多个OpenLAN Switch之间也可以使用PSec隧道网络,并且支持在该网络上进一步划分VxLAN/STT的租户网络; +* 多个OpenLAN Switch之间也可以使用IPSec隧道网络,并且支持在该网络上进一步划分VxLAN/STT的租户网络; * 使用简单的用户名密码的作为接入认证方式,并且可以设置预共享密钥对数据报文进行加密; * OpenLAN协议可以工作在TCP/TLS/UDP/KCP/WS/WSS等多种传输协议上,TCP具有较高的性能,TLS/WSS能够提供更好的加密安全; * OpenLAN也提供了简单的HTTP/HTTPS/SOCKS5等HTTP的正向代理技术,用户可以根据需要灵活配置代理进行网络穿透; @@ -31,7 +31,7 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现,并能够 ## OpenLAN的工作场景? ### 分支中心接入 - OLSW(企业中心) - 10.16.1.10/24 + OpenLan Switch(企业中心) - 10.16.1.10/24 ^ | Wifi(DNAT) @@ -42,30 +42,30 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现,并能够 | | | 分支1 分支2 分支3 | | | - OLAP OLAP OLAP - 10.16.1.11/24 10.16.1.12/24 10.16.1.13/24 + OpenLAN OpenLAN OpenLAN + 10.16.1.11/24 10.16.1.12/24 10.16.1.13/24 ### 多区域互联 - 192.168.1.20/24 192.168.1.21/24 - | | - OLAP -- 酒店 Wifi --> OLSW(南京) <--- 其他 Wifi --- OLAP - | - | + 192.168.1.20/24 192.168.1.21/24 + | | + OpenLAN -- 酒店 Wifi --> OpenLAN Switch(南京) <--- 其他 Wifi --- OpenLAN + | + | 互联网 - | - | - OLSW(上海) - 192.168.1.10/24 - | - | - ------------------------------------------------------ - ^ ^ ^ - | | | + | + | + OpenLAN Switch(上海) - 192.168.1.10/24 + | + | + ------------------------------------------------------ + ^ ^ ^ + | | | 办公 Wifi 家庭 Wifi 酒店 Wifi - | | | - OLAP OLAP OLAP - 192.168.1.11/24 192.168.1.12/24 192.168.1.13/24 + | | | + OpenLAN OpenLAN OpenLAN + 192.168.1.11/24 192.168.1.12/24 192.168.1.13/24 ### 数据中心全互联网络 diff --git a/cmd/api/app.go b/cmd/api/app.go index fd9f9b7..ba2d8da 100755 --- a/cmd/api/app.go +++ b/cmd/api/app.go @@ -6,7 +6,7 @@ import ( ) const ( - ConfSockFile = "unix:/var/openlan/confd.sock" + ConfSockFile = "unix:/var/openlan/confd/confd.sock" ConfDatabase = "OpenLAN_Switch" AdminTokenFile = "/etc/openlan/switch/token" ) diff --git a/dist/openlan.spec.in b/dist/openlan.spec.in index d89178c..9c4239c 100755 --- a/dist/openlan.spec.in +++ b/dist/openlan.spec.in @@ -39,10 +39,10 @@ make install LINUX_DIR=%{buildroot} [ -e "/etc/openlan/switch/confd.db" ] || { /usr/bin/ovsdb-tool create /etc/openlan/switch/confd.db /etc/openlan/switch/confd.schema.json } -[ -e "/var/openlan/confd.sock" ] && { - /usr/bin/ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json +[ ! -e "/var/openlan/confd/confd.sock" ] || { + /usr/bin/ovsdb-client convert unix:///var/openlan/confd/confd.sock /etc/openlan/switch/confd.schema.json } -[ -e "/etc/sysctl.d/90-openlan.conf" ] && { +[ ! -e "/etc/sysctl.d/90-openlan.conf" ] || { /usr/sbin/sysctl -p /etc/sysctl.d/90-openlan.conf || : } [ -e "/etc/openlan/switch/network/ipsec.json" ] || { diff --git a/dist/resource/openlan-confd.service b/dist/resource/openlan-confd.service index be2b94f..0bbf3c9 100755 --- a/dist/resource/openlan-confd.service +++ b/dist/resource/openlan-confd.service @@ -5,11 +5,11 @@ Before=network.target network.service [Service] Type=forking -PIDFile=/var/openlan/confd.pid +PIDFile=/var/openlan/confd/confd.pid Restart=on-failure EnvironmentFile=-/etc/sysconfig/openlan/confd -ExecStart=/var/openlan/script/confd start +ExecStart=/var/openlan/script/confd start --detach ExecStop=/var/openlan/script/confd stop [Install] diff --git a/dist/script/confd b/dist/script/confd index 3ca9d69..efb800d 100755 --- a/dist/script/confd +++ b/dist/script/confd @@ -2,13 +2,16 @@ set -e -command=$1 +command=$1; shift +options=$@; + +dir=$(dirname $0) OVSDB_SERVER_BIN="/usr/bin/env ovsdb-server" [ "$OVSDB_DATABASE" == "" ] && OVSDB_DATABASE="/etc/openlan/switch/confd.db" -[ "$OVSDB_LOG_FILE" == "" ] && OVSDB_LOG_FILE="/var/openlan/confd.log" -[ "$OVSDB_SOCK" == "" ] && OVSDB_SOCK="/var/openlan/confd.sock" -[ "$OVSDB_PID_FILE" == "" ] && OVSDB_PID_FILE="/var/openlan/confd.pid" +[ "$OVSDB_LOG_FILE" == "" ] && OVSDB_LOG_FILE="/var/openlan/confd/confd.log" +[ "$OVSDB_SOCK" == "" ] && OVSDB_SOCK="/var/openlan/confd/confd.sock" +[ "$OVSDB_PID_FILE" == "" ] && OVSDB_PID_FILE="/var/openlan/confd/confd.pid" function stop() { [ -e "$OVSDB_PID_FILE" ] && kill "$(cat $OVSDB_PID_FILE)" @@ -21,8 +24,10 @@ function start() { set "$@" --log-file="$OVSDB_LOG_FILE" set "$@" --pidfile="$OVSDB_PID_FILE" [ "$OVSDB_OPTIONS" != "" ] && set "$@" $OVSDB_OPTIONS - set "$@" --detach - OVS_RUNDIR="/var/openlan" "$@" + for opt in $options; do + set "$@" $opt + done + OVS_RUNDIR="/var/openlan/confd" "$@" } case $command in diff --git a/dist/script/install.sh b/dist/script/install.sh index 673bb04..c155e9a 100755 --- a/dist/script/install.sh +++ b/dist/script/install.sh @@ -17,7 +17,7 @@ function requires() { elif type apt > /dev/null; then apt-get install -y net-tools iptables iproute2 openvpn openvswitch-switch dnsmasq else - echo "We didn't find yum and apt." + echo "We didn't find any packet tool: yum or apt." fi } @@ -45,8 +45,8 @@ function post() { [ -e "/etc/openlan/switch/confd.db" ] || { /usr/bin/ovsdb-tool create /etc/openlan/switch/confd.db /etc/openlan/switch/confd.schema.json } - [ ! -e "/var/openlan/confd.sock" ] || { - /usr/bin/ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json + [ ! -e "/var/openlan/confd/confd.sock" ] || { + /usr/bin/ovsdb-client convert unix:///var/openlan/confd/confd.sock /etc/openlan/switch/confd.schema.json } } diff --git a/dist/script/setup.sh b/dist/script/setup.sh index f2766d7..da98f40 100755 --- a/dist/script/setup.sh +++ b/dist/script/setup.sh @@ -13,4 +13,3 @@ set -x /usr/bin/env find /var/openlan/openvpn -name '*.status' -delete # upgrade database. -# ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json diff --git a/dist/script/update.sh b/dist/script/update.sh index 1a4eed6..47b4097 100755 --- a/dist/script/update.sh +++ b/dist/script/update.sh @@ -3,7 +3,7 @@ set -ex ## Upgrade ovsdb -# ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json +# ovsdb-client convert unix:///var/openlan/confd/confd.sock /etc/openlan/switch/confd.schema.json ## Enable check for DDNS # [root@centos ~]# crontab -l diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 0000000..48bc743 --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,16 @@ +version: "2.3" +services: + confd: + image: "openlan-confd:latest" + volumes: + - /opt/openlan/confd:/var/openlan/confd + switch: + image: "openlan-switch:latest" + privileged: true + ports: + - 10000:10000 + - 10002:10002 + volumes: + - /opt/openlan/confd:/var/openlan/confd + depends_on: + - confd diff --git a/docker/openlan-confd.docker b/docker/openlan-confd.docker new file mode 100755 index 0000000..cadce1a --- /dev/null +++ b/docker/openlan-confd.docker @@ -0,0 +1,18 @@ +FROM centos:7 + +ARG BIN + +WORKDIR /root + +ADD ${BIN} /tmp + +RUN yum install -y epel-release centos-release-openstack-train \ + && yum install -y rdma-core libibverbs +RUN DOCKER=yes /tmp/${BIN} + +RUN rm -rf /tmp/* && rm -rf /var/cache/yum/* + +LABEL application="OpenLAN Switch Application" +LABEL maintainer="danieldin95@163.com" + +CMD ["/var/openlan/script/confd", "start"] diff --git a/dist/openlan-switch.docker b/docker/openlan-switch.docker similarity index 93% rename from dist/openlan-switch.docker rename to docker/openlan-switch.docker index 34049f3..cd40a6a 100755 --- a/dist/openlan-switch.docker +++ b/docker/openlan-switch.docker @@ -1,11 +1,10 @@ - FROM centos:7 ARG BIN WORKDIR /root -ADD build/${BIN} /tmp +ADD ${BIN} /tmp RUN yum install -y epel-release centos-release-openstack-train \ && yum install -y rdma-core libibverbs @@ -19,5 +18,6 @@ LABEL maintainer="danieldin95@163.com" EXPOSE 10000/tcp EXPOSE 10002/tcp EXPOSE 10002/udp +EXPOSE 4500/udp CMD ["/usr/bin/openlan-switch", "-conf:dir", "/etc/openlan/switch", "-log:level", "20"] diff --git a/docs/install.md b/docs/install.md index 64b4950..f2d8f78 100755 --- a/docs/install.md +++ b/docs/install.md @@ -52,7 +52,7 @@ openlan软件包含下面部分: "bridge": { "address": "172.32.10.10/24" ## 本地地址 }, - "subnet": { ## example网络的子网配置 + "subnet": { ## 网络的子网配置,如果没有动态地址分配可以忽略 "start": "172.32.10.100", ## 用于动态分配给point的起始地址 "end": "172.32.10.150", ## 截止地址 "netmask": "255.255.255.0" ## 子网掩码 diff --git a/pkg/network/firewall.go b/pkg/network/firewall.go index ee6d8e8..6e83859 100755 --- a/pkg/network/firewall.go +++ b/pkg/network/firewall.go @@ -83,7 +83,7 @@ func (f *FireWall) jumpOLC() { } func (f *FireWall) Initialize() { - IpInit() + IptInit() // Init chains f.addOLC() f.jumpOLC() diff --git a/pkg/network/iptables.go b/pkg/network/iptables.go index 94e1e96..5b6b7d2 100755 --- a/pkg/network/iptables.go +++ b/pkg/network/iptables.go @@ -240,12 +240,12 @@ func (chains IpChains) Pop(obj IpChain) IpChains { var __iptablesInit__ = false -func IpInit() { +func IptInit() { if __iptablesInit__ { return } __iptablesInit__ = true if err := iptables.FirewalldInit(); err != nil { - libol.Error("IpInit %s", err) + libol.Info("IptInit %s", err) } }