apps/openlan
1
0
Fork 0
mirror of https://github.com/luscis/openlan.git synced 2025-10-09 02:20:11 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

docker: compose support

Browse Source
This commit is contained in:
Daniel Ding
2023-04-04 07:02:05 +08:00
parent d8a6cdb855
commit eec45c75fa
15 changed files with 94 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
View File

@@ -38,8 +38,15 @@ bin: linux windows darwin ## build all platform binary
## docker run --network host --privileged \
## -v /var/run:/var/run -v /etc/openlan/switch:/etc/openlan/switch \
## openlan-switch:5.8.13
docker: pkg
docker build -t openlan-switch:$(VER) --build-arg BIN=$(LINUX_DIR).bin -f ./dist/openlan-switch.docker .
docker: docker-switch docker-confd
docker-switch: pkg
cp $(SD)/docker/openlan-switch.docker $(BD)
cd $(BD) && docker build -t openlan-switch:$(VER) --build-arg BIN=$(LINUX_DIR).bin -f openlan-switch.docker .
docker-confd: pkg
cp $(SD)/docker/openlan-confd.docker $(BD)
cd $(BD) && docker build -t openlan-confd:$(VER) --build-arg BIN=$(LINUX_DIR).bin -f openlan-confd.docker .
clean: ## clean cache
rm -rvf ./build
@@ -131,6 +138,7 @@ install: env linux ## install packages
@mkdir -p $(LINUX_DIR)/var/openlan/point
@mkdir -p $(LINUX_DIR)/var/openlan/openvpn
@mkdir -p $(LINUX_DIR)/var/openlan/dhcp
@mkdir -p $(LINUX_DIR)/var/openlan/confd
@mkdir -p $(LINUX_DIR)/etc/sysconfig/openlan
@cp -rf $(SD)/dist/resource/point.cfg $(LINUX_DIR)/etc/sysconfig/openlan
@cp -rf $(SD)/dist/resource/proxy.cfg $(LINUX_DIR)/etc/sysconfig/openlan

18
README.md
View File

@@ -9,20 +9,20 @@
[![Releases](https://img.shields.io/github/release/luscis/openlan/all.svg?style=flat-square)](https://github.com/luscis/openlan/releases)
[![GPL 3.0 License](https://img.shields.io/badge/License-GPL%203.0-blue.svg)](LICENSE)
# 什么是OpenLAN
## 什么是OpenLAN
OpenLAN提供一种局域网数据报文在广域网的传输实现并能够建立多个用户空间的虚拟以太网络。
## 为什么是OpenLAN
如果你有更加灵活的VPN业务需求需要使用VPN访问企业内部或者借用公网云主机等进行网络代理、网络穿透等可以试试OpenLAN可以做的更简单。
如果你有更加灵活的VPN业务需求需要使用VPN访问企业内部或者借用公网云主机等进行网络代理、网络穿透等可以试试OpenLAN它能让部署变得更简单。
## OpenLAN支持什么功能?
## OpenLAN什么功能?
* 用户可以使用OpenLAN划分多个网络空间为不同的业务提供逻辑网络隔离
* 多个OpenLAN Switch之间可以使用OpenLAN协议在二层上互联互通在二层网络上可以添加SNAT路由轻松的访问企业内部网络
* 用户可以使用OpenVPN接入OpenLAN网络OpenVPN支持多平台如Android/MacOS/Windows等
* 多个OpenLAN Switch之间也可以使用PSec隧道网络并且支持在该网络上进一步划分VxLAN/STT的租户网络
* 多个OpenLAN Switch之间也可以使用IPSec隧道网络并且支持在该网络上进一步划分VxLAN/STT的租户网络
* 使用简单的用户名密码的作为接入认证方式,并且可以设置预共享密钥对数据报文进行加密;
* OpenLAN协议可以工作在TCP/TLS/UDP/KCP/WS/WSS等多种传输协议上TCP具有较高的性能TLS/WSS能够提供更好的加密安全
* OpenLAN也提供了简单的HTTP/HTTPS/SOCKS5等HTTP的正向代理技术用户可以根据需要灵活配置代理进行网络穿透
@@ -31,7 +31,7 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现并能够
## OpenLAN的工作场景
### 分支中心接入
OLSW(企业中心) - 10.16.1.10/24
OpenLan Switch(企业中心) - 10.16.1.10/24
^
|
Wifi(DNAT)
@@ -42,7 +42,7 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现并能够
| | |
分支1 分支2 分支3
| | |
OLAP OLAP OLAP
OpenLAN OpenLAN OpenLAN
10.16.1.11/24 10.16.1.12/24 10.16.1.13/24
@@ -50,13 +50,13 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现并能够
192.168.1.20/24 192.168.1.21/24
| |
OLAP -- 酒店 Wifi --> OLSW(南京) <--- 其他 Wifi --- OLAP
OpenLAN -- 酒店 Wifi --> OpenLAN Switch(南京) <--- 其他 Wifi --- OpenLAN
|
|
互联网
|
|
OLSW(上海) - 192.168.1.10/24
OpenLAN Switch(上海) - 192.168.1.10/24
|
|
------------------------------------------------------
@@ -64,7 +64,7 @@ OpenLAN提供一种局域网数据报文在广域网的传输实现并能够
| | |
办公 Wifi 家庭 Wifi 酒店 Wifi
| | |
OLAP OLAP OLAP
OpenLAN OpenLAN OpenLAN
192.168.1.11/24 192.168.1.12/24 192.168.1.13/24
### 数据中心全互联网络

2
cmd/api/app.go
View File

@@ -6,7 +6,7 @@ import (
)
const (
ConfSockFile = "unix:/var/openlan/confd.sock"
ConfSockFile = "unix:/var/openlan/confd/confd.sock"
ConfDatabase = "OpenLAN_Switch"
AdminTokenFile = "/etc/openlan/switch/token"
)

6
dist/openlan.spec.in vendored
View File

@@ -39,10 +39,10 @@ make install LINUX_DIR=%{buildroot}
[ -e "/etc/openlan/switch/confd.db" ] || {
/usr/bin/ovsdb-tool create /etc/openlan/switch/confd.db /etc/openlan/switch/confd.schema.json
}
[ -e "/var/openlan/confd.sock" ] && {
/usr/bin/ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json
[ ! -e "/var/openlan/confd/confd.sock" ] || {
/usr/bin/ovsdb-client convert unix:///var/openlan/confd/confd.sock /etc/openlan/switch/confd.schema.json
}
[ -e "/etc/sysctl.d/90-openlan.conf" ] && {
[ ! -e "/etc/sysctl.d/90-openlan.conf" ] || {
/usr/sbin/sysctl -p /etc/sysctl.d/90-openlan.conf || :
}
[ -e "/etc/openlan/switch/network/ipsec.json" ] || {

4
dist/resource/openlan-confd.service vendored
View File

@@ -5,11 +5,11 @@ Before=network.target network.service
[Service]
Type=forking
PIDFile=/var/openlan/confd.pid
PIDFile=/var/openlan/confd/confd.pid
Restart=on-failure
EnvironmentFile=-/etc/sysconfig/openlan/confd
ExecStart=/var/openlan/script/confd start
ExecStart=/var/openlan/script/confd start --detach
ExecStop=/var/openlan/script/confd stop
[Install]

17
dist/script/confd vendored
View File

@@ -2,13 +2,16 @@
set -e
command=$1
command=$1; shift
options=$@;
dir=$(dirname $0)
OVSDB_SERVER_BIN="/usr/bin/env ovsdb-server"
[ "$OVSDB_DATABASE" == "" ] && OVSDB_DATABASE="/etc/openlan/switch/confd.db"
[ "$OVSDB_LOG_FILE" == "" ] && OVSDB_LOG_FILE="/var/openlan/confd.log"
[ "$OVSDB_SOCK" == "" ] && OVSDB_SOCK="/var/openlan/confd.sock"
[ "$OVSDB_PID_FILE" == "" ] && OVSDB_PID_FILE="/var/openlan/confd.pid"
[ "$OVSDB_LOG_FILE" == "" ] && OVSDB_LOG_FILE="/var/openlan/confd/confd.log"
[ "$OVSDB_SOCK" == "" ] && OVSDB_SOCK="/var/openlan/confd/confd.sock"
[ "$OVSDB_PID_FILE" == "" ] && OVSDB_PID_FILE="/var/openlan/confd/confd.pid"
function stop() {
[ -e "$OVSDB_PID_FILE" ] && kill "$(cat $OVSDB_PID_FILE)"
@@ -21,8 +24,10 @@ function start() {
set "$@" --log-file="$OVSDB_LOG_FILE"
set "$@" --pidfile="$OVSDB_PID_FILE"
[ "$OVSDB_OPTIONS" != "" ] && set "$@" $OVSDB_OPTIONS
set "$@" --detach
OVS_RUNDIR="/var/openlan" "$@"
for opt in $options; do
set "$@" $opt
done
OVS_RUNDIR="/var/openlan/confd" "$@"
}
case $command in

6
dist/script/install.sh vendored
View File

@@ -17,7 +17,7 @@ function requires() {
elif type apt > /dev/null; then
apt-get install -y net-tools iptables iproute2 openvpn openvswitch-switch dnsmasq
else
echo "We didn't find yum and apt."
echo "We didn't find any packet tool: yum or apt."
fi
}
@@ -45,8 +45,8 @@ function post() {
[ -e "/etc/openlan/switch/confd.db" ] || {
/usr/bin/ovsdb-tool create /etc/openlan/switch/confd.db /etc/openlan/switch/confd.schema.json
}
[ ! -e "/var/openlan/confd.sock" ] || {
/usr/bin/ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json
[ ! -e "/var/openlan/confd/confd.sock" ] || {
/usr/bin/ovsdb-client convert unix:///var/openlan/confd/confd.sock /etc/openlan/switch/confd.schema.json
}
}

1
dist/script/setup.sh vendored
View File

@@ -13,4 +13,3 @@ set -x
/usr/bin/env find /var/openlan/openvpn -name '*.status' -delete
# upgrade database.
# ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json

2
dist/script/update.sh vendored
View File

@@ -3,7 +3,7 @@
set -ex
## Upgrade ovsdb
# ovsdb-client convert unix:///var/openlan/confd.sock /etc/openlan/switch/confd.schema.json
# ovsdb-client convert unix:///var/openlan/confd/confd.sock /etc/openlan/switch/confd.schema.json
## Enable check for DDNS
# [root@centos ~]# crontab -l

16
docker/docker-compose.yml Normal file
View File

@@ -0,0 +1,16 @@
version: "2.3"
services:
confd:
image: "openlan-confd:latest"
volumes:
- /opt/openlan/confd:/var/openlan/confd
switch:
image: "openlan-switch:latest"
privileged: true
ports:
- 10000:10000
- 10002:10002
volumes:
- /opt/openlan/confd:/var/openlan/confd
depends_on:
- confd

18
docker/openlan-confd.docker Executable file
View File

@@ -0,0 +1,18 @@
FROM centos:7
ARG BIN
WORKDIR /root
ADD ${BIN} /tmp
RUN yum install -y epel-release centos-release-openstack-train \
&& yum install -y rdma-core libibverbs
RUN DOCKER=yes /tmp/${BIN}
RUN rm -rf /tmp/* && rm -rf /var/cache/yum/*
LABEL application="OpenLAN Switch Application"
LABEL maintainer="danieldin95@163.com"
CMD ["/var/openlan/script/confd", "start"]

4
dist/openlan-switch.docker → docker/openlan-switch.docker
View File

@@ -1,11 +1,10 @@
FROM centos:7
ARG BIN
WORKDIR /root
ADD build/${BIN} /tmp
ADD ${BIN} /tmp
RUN yum install -y epel-release centos-release-openstack-train \
&& yum install -y rdma-core libibverbs
@@ -19,5 +18,6 @@ LABEL maintainer="danieldin95@163.com"
EXPOSE 10000/tcp
EXPOSE 10002/tcp
EXPOSE 10002/udp
EXPOSE 4500/udp
CMD ["/usr/bin/openlan-switch", "-conf:dir", "/etc/openlan/switch", "-log:level", "20"]

2
docs/install.md
View File

@@ -52,7 +52,7 @@ openlan软件包含下面部分
"bridge": {
"address": "172.32.10.10/24" ## 本地地址
},
"subnet": { ## example网络的子网配置
"subnet": { ## 网络的子网配置,如果没有动态地址分配可以忽略
"start": "172.32.10.100", ## 用于动态分配给point的起始地址
"end": "172.32.10.150", ## 截止地址
"netmask": "255.255.255.0" ## 子网掩码

2
pkg/network/firewall.go
View File

@@ -83,7 +83,7 @@ func (f *FireWall) jumpOLC() {
}
func (f *FireWall) Initialize() {
IpInit()
IptInit()
// Init chains
f.addOLC()
f.jumpOLC()

4
pkg/network/iptables.go
View File

@@ -240,12 +240,12 @@ func (chains IpChains) Pop(obj IpChain) IpChains {
var __iptablesInit__ = false
func IpInit() {
func IptInit() {
if __iptablesInit__ {
return
}
__iptablesInit__ = true
if err := iptables.FirewalldInit(); err != nil {
libol.Error("IpInit %s", err)
libol.Info("IptInit %s", err)
}
}