docker: container network for switch

dist/openlan.spec.in

@@ -6,7 +6,7 @@ Summary: OpenLAN's Project Software
 Group: Applications/Communications
 License: GPL-3.0
 URL: https://github.com/luscis/openlan
-Requires: net-tools, iptables, iputils, openvpn, openvswitch, dnsmasq
+Requires: xl2tpd net-tools, iptables, iputils, openvpn, openvswitch, dnsmasq
 
 # binary no-debug by go build
 %global debug_package %{nil}

dist/resource/modules.openlan.conf

@@ -0,0 +1,10 @@
+## file: /etc/modules-load.d/openlan.conf
+# kernel modules for OpenLAN
+# load it by modprobe
+# cat ./openlan.conf  | grep -v ^# | xargs -i modprobe {}
+##
+bridge
+br_netfilter
+vxlan
+l2tp_ppp
+xfrm4_mode_tunnel

dist/resource/openlan-switch.service

@@ -6,8 +6,7 @@ Requires=openlan-confd.service
 [Service]
 Type=notify
 EnvironmentFile=/etc/sysconfig/openlan/switch.cfg
-ExecStartPre=-/var/openlan/script/setup.sh
-ExecStart=/usr/bin/openlan-switch $OPTIONS
+ExecStart=/var/openlan/script/switch.sh start $OPTIONS
 LimitNOFILE=102400
 Restart=always
 

dist/script/confd.sh

@@ -32,7 +32,8 @@ function start() {
     for opt in $options; do
         set "$@" $opt
     done
-    OVS_RUNDIR="/var/openlan/confd" "$@"
+    export OVS_RUNDIR="/var/openlan/confd"
+    exec "$@"
 }
 
 case $command in

dist/script/install.sh

@@ -13,9 +13,9 @@ function download() {
 
 function requires() {
   if type yum > /dev/null; then
-    yum install -y openssl net-tools iptables iputils openvpn openvswitch dnsmasq
+    yum install -y xl2tpd openssl net-tools iptables iputils openvpn openvswitch dnsmasq
   elif type apt > /dev/null; then
-    apt-get install -y net-tools iptables iproute2 openvpn openvswitch-switch dnsmasq
+    apt-get install -y xl2tpd net-tools iptables iproute2 openvpn openvswitch-switch dnsmasq
   else
     echo "We didn't find any packet tool: yum or apt."
   fi

dist/script/ovs-vswitchd.sh

@@ -2,6 +2,6 @@
 
 set -ex
 
-/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock \
+exec /usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock \
   -vconsole:info -vsyslog:off -vfile:off --mlockall \
   --pidfile

dist/script/ovsdb-server.sh

@@ -8,7 +8,7 @@ elif ovsdb-tool needs-conversion /etc/openvswitch/conf.db | grep -s -w yes; then
   ovsdb-tool convert /etc/openvswitch/conf.db
 fi
 
-/usr/sbin/ovsdb-server /etc/openvswitch/conf.db \
+exec /usr/sbin/ovsdb-server /etc/openvswitch/conf.db \
   -vconsole:info -vsyslog:off -vfile:off \
   --remote=punix:/run/openvswitch/db.sock \
   --remote=db:Open_vSwitch,Open_vSwitch,manager_options \

dist/script/switch.sh

@@ -2,6 +2,10 @@
 
 set -ex
 
+# clean older files.
+/usr/bin/env find /var/openlan/point -type f -delete
+/usr/bin/env find /var/openlan/openvpn -name '*.status' -delete
+
 if [ ! -e "/etc/openlan/switch/switch.json" ]; then
 cat >> /etc/openlan/switch/switch.json << EOF
 {
@@ -29,4 +33,4 @@ cat >> /etc/openlan/switch/network/example.json << EOF
 EOF
 fi
 
-/usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20
+exec /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20

docker/docker-compose.yml

@@ -1,32 +1,48 @@
 version: "2.3"
 services:
-  ovsdb-server:
+  confd:
+    restart: always
     image: "openlan:latest"
+    privileged: true
+    entrypoint: ["/var/openlan/script/confd.sh", "start"]
+    # network_mode: "host"
+    volumes:
+      - /opt/openlan/confd:/var/openlan/confd
+      - /opt/openlan/etc/openlan:/etc/openlan
+    ports:
+      - 10000:10000
+      - 10002:10002
+  ovsdb-server:
+    restart: always
+    image: "openlan:latest"
+    privileged: true
     entrypoint: ["/var/openlan/script/ovsdb-server.sh", "start"]
+    # network_mode: "host"
+    network_mode: service:confd
     volumes:
       - /opt/openlan/run/openvswitch:/run/openvswitch
       - /opt/openlan/etc/openvswitch:/etc/openvswitch
+    depends_on:
+      - confd
   ovs-vswitchd:
+    restart: always
     image: "openlan:latest"
     privileged: true
+    # network_mode: "host"
+    network_mode: service:confd
     entrypoint: ["/var/openlan/script/ovs-vswitchd.sh", "start"]
     volumes:
       - /opt/openlan/run/openvswitch:/run/openvswitch
     depends_on:
+      - confd
       - ovsdb-server
-  confd:
-    image: "openlan:latest"
-    entrypoint: ["/var/openlan/script/confd.sh", "start"]
-    volumes:
-      - /opt/openlan/confd:/var/openlan/confd
-      - /opt/openlan/etc/openlan:/etc/openlan
   switch:
+    restart: always
     image: "openlan:latest"
     privileged: true
+    # network_mode: "host"
+    network_mode: service:confd
     entrypoint: ["/var/openlan/script/switch.sh", "start"]
-    ports:
-      - 10000:10000
-      - 10002:10002
     volumes:
       - /opt/openlan/confd:/var/openlan/confd
       - /opt/openlan/run/openvswitch:/run/openvswitch

pkg/switch/l2tp.go

@@ -162,11 +162,6 @@ func (d *L2TP) Start() {
 	if d.cfg.Subnet == nil {
 		return
 	}
-	load := exec.Command("/sbin/modprobe", "-q", "l2tp_ppp")
-	if err := load.Run(); err != nil {
-		d.out.Error("L2TP.Start %s: %s", d.uuid, err)
-		return
-	}
 	d.SaveConf()
 	d.SaveOptions()
 	libol.Go(func() {

pkg/switch/switch.go

@@ -589,18 +589,9 @@ func (v *Switch) Stop() {
 		v.l2tp.Stop()
 	}
 	v.confd.Stop()
-	// firstly, notify leave to point.
-	for p := range cache.Point.List() {
-		if p == nil {
-			break
-		}
-		v.leftClient(p.Client)
-	}
-	v.firewall.Stop()
 	if v.http != nil {
 		v.http.Shutdown()
 	}
-	v.server.Close()
 	// stop network.
 	for _, w := range v.worker {
 		if w.Provider() == "vxlan" {
@@ -608,6 +599,16 @@ func (v *Switch) Stop() {
 		}
 		w.Stop()
 	}
+	v.out.Info("Switch.Stop left points")
+	// notify leave to point.
+	for p := range cache.Point.List() {
+		if p == nil {
+			break
+		}
+		v.leftClient(p.Client)
+	}
+	v.firewall.Stop()
+	v.server.Close()
 }
 
 func (v *Switch) Alias() string {