From fbfcf9ab39f88c4bcad55893a33d16c335928eb5 Mon Sep 17 00:00:00 2001 From: "zhihui.ding" Date: Tue, 4 Apr 2023 23:59:03 +0800 Subject: [PATCH] docker: container network for switch --- dist/openlan.spec.in | 2 +- dist/resource/modules.openlan.conf | 10 ++++++++ dist/resource/openlan-switch.service | 3 +-- dist/script/confd.sh | 3 ++- dist/script/install.sh | 4 ++-- dist/script/ovs-vswitchd.sh | 2 +- dist/script/ovsdb-server.sh | 2 +- dist/script/switch.sh | 6 ++++- docker/docker-compose.yml | 36 ++++++++++++++++++++-------- pkg/switch/l2tp.go | 5 ---- pkg/switch/switch.go | 19 ++++++++------- 11 files changed, 59 insertions(+), 33 deletions(-) create mode 100644 dist/resource/modules.openlan.conf diff --git a/dist/openlan.spec.in b/dist/openlan.spec.in index 9c4239c..232670f 100755 --- a/dist/openlan.spec.in +++ b/dist/openlan.spec.in @@ -6,7 +6,7 @@ Summary: OpenLAN's Project Software Group: Applications/Communications License: GPL-3.0 URL: https://github.com/luscis/openlan -Requires: net-tools, iptables, iputils, openvpn, openvswitch, dnsmasq +Requires: xl2tpd net-tools, iptables, iputils, openvpn, openvswitch, dnsmasq # binary no-debug by go build %global debug_package %{nil} diff --git a/dist/resource/modules.openlan.conf b/dist/resource/modules.openlan.conf new file mode 100644 index 0000000..2bfbc05 --- /dev/null +++ b/dist/resource/modules.openlan.conf @@ -0,0 +1,10 @@ +## file: /etc/modules-load.d/openlan.conf +# kernel modules for OpenLAN +# load it by modprobe +# cat ./openlan.conf | grep -v ^# | xargs -i modprobe {} +## +bridge +br_netfilter +vxlan +l2tp_ppp +xfrm4_mode_tunnel diff --git a/dist/resource/openlan-switch.service b/dist/resource/openlan-switch.service index 0ae9d76..1e31381 100755 --- a/dist/resource/openlan-switch.service +++ b/dist/resource/openlan-switch.service @@ -6,8 +6,7 @@ Requires=openlan-confd.service [Service] Type=notify EnvironmentFile=/etc/sysconfig/openlan/switch.cfg -ExecStartPre=-/var/openlan/script/setup.sh -ExecStart=/usr/bin/openlan-switch $OPTIONS +ExecStart=/var/openlan/script/switch.sh start $OPTIONS LimitNOFILE=102400 Restart=always diff --git a/dist/script/confd.sh b/dist/script/confd.sh index 1421c6d..55eac9c 100755 --- a/dist/script/confd.sh +++ b/dist/script/confd.sh @@ -32,7 +32,8 @@ function start() { for opt in $options; do set "$@" $opt done - OVS_RUNDIR="/var/openlan/confd" "$@" + export OVS_RUNDIR="/var/openlan/confd" + exec "$@" } case $command in diff --git a/dist/script/install.sh b/dist/script/install.sh index c155e9a..fa58a61 100755 --- a/dist/script/install.sh +++ b/dist/script/install.sh @@ -13,9 +13,9 @@ function download() { function requires() { if type yum > /dev/null; then - yum install -y openssl net-tools iptables iputils openvpn openvswitch dnsmasq + yum install -y xl2tpd openssl net-tools iptables iputils openvpn openvswitch dnsmasq elif type apt > /dev/null; then - apt-get install -y net-tools iptables iproute2 openvpn openvswitch-switch dnsmasq + apt-get install -y xl2tpd net-tools iptables iproute2 openvpn openvswitch-switch dnsmasq else echo "We didn't find any packet tool: yum or apt." fi diff --git a/dist/script/ovs-vswitchd.sh b/dist/script/ovs-vswitchd.sh index 64071c7..8b0d8a6 100755 --- a/dist/script/ovs-vswitchd.sh +++ b/dist/script/ovs-vswitchd.sh @@ -2,6 +2,6 @@ set -ex -/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock \ +exec /usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock \ -vconsole:info -vsyslog:off -vfile:off --mlockall \ --pidfile diff --git a/dist/script/ovsdb-server.sh b/dist/script/ovsdb-server.sh index 49ac5f4..186cc1a 100755 --- a/dist/script/ovsdb-server.sh +++ b/dist/script/ovsdb-server.sh @@ -8,7 +8,7 @@ elif ovsdb-tool needs-conversion /etc/openvswitch/conf.db | grep -s -w yes; then ovsdb-tool convert /etc/openvswitch/conf.db fi -/usr/sbin/ovsdb-server /etc/openvswitch/conf.db \ +exec /usr/sbin/ovsdb-server /etc/openvswitch/conf.db \ -vconsole:info -vsyslog:off -vfile:off \ --remote=punix:/run/openvswitch/db.sock \ --remote=db:Open_vSwitch,Open_vSwitch,manager_options \ diff --git a/dist/script/switch.sh b/dist/script/switch.sh index 1e13980..f2f85d4 100755 --- a/dist/script/switch.sh +++ b/dist/script/switch.sh @@ -2,6 +2,10 @@ set -ex +# clean older files. +/usr/bin/env find /var/openlan/point -type f -delete +/usr/bin/env find /var/openlan/openvpn -name '*.status' -delete + if [ ! -e "/etc/openlan/switch/switch.json" ]; then cat >> /etc/openlan/switch/switch.json << EOF { @@ -29,4 +33,4 @@ cat >> /etc/openlan/switch/network/example.json << EOF EOF fi -/usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 +exec /usr/bin/openlan-switch -conf:dir /etc/openlan/switch -log:level 20 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 8ab97fc..4399b03 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,32 +1,48 @@ version: "2.3" services: - ovsdb-server: + confd: + restart: always image: "openlan:latest" + privileged: true + entrypoint: ["/var/openlan/script/confd.sh", "start"] + # network_mode: "host" + volumes: + - /opt/openlan/confd:/var/openlan/confd + - /opt/openlan/etc/openlan:/etc/openlan + ports: + - 10000:10000 + - 10002:10002 + ovsdb-server: + restart: always + image: "openlan:latest" + privileged: true entrypoint: ["/var/openlan/script/ovsdb-server.sh", "start"] + # network_mode: "host" + network_mode: service:confd volumes: - /opt/openlan/run/openvswitch:/run/openvswitch - /opt/openlan/etc/openvswitch:/etc/openvswitch + depends_on: + - confd ovs-vswitchd: + restart: always image: "openlan:latest" privileged: true + # network_mode: "host" + network_mode: service:confd entrypoint: ["/var/openlan/script/ovs-vswitchd.sh", "start"] volumes: - /opt/openlan/run/openvswitch:/run/openvswitch depends_on: + - confd - ovsdb-server - confd: - image: "openlan:latest" - entrypoint: ["/var/openlan/script/confd.sh", "start"] - volumes: - - /opt/openlan/confd:/var/openlan/confd - - /opt/openlan/etc/openlan:/etc/openlan switch: + restart: always image: "openlan:latest" privileged: true + # network_mode: "host" + network_mode: service:confd entrypoint: ["/var/openlan/script/switch.sh", "start"] - ports: - - 10000:10000 - - 10002:10002 volumes: - /opt/openlan/confd:/var/openlan/confd - /opt/openlan/run/openvswitch:/run/openvswitch diff --git a/pkg/switch/l2tp.go b/pkg/switch/l2tp.go index bb74bc9..1d1822c 100755 --- a/pkg/switch/l2tp.go +++ b/pkg/switch/l2tp.go @@ -162,11 +162,6 @@ func (d *L2TP) Start() { if d.cfg.Subnet == nil { return } - load := exec.Command("/sbin/modprobe", "-q", "l2tp_ppp") - if err := load.Run(); err != nil { - d.out.Error("L2TP.Start %s: %s", d.uuid, err) - return - } d.SaveConf() d.SaveOptions() libol.Go(func() { diff --git a/pkg/switch/switch.go b/pkg/switch/switch.go index f556f80..e0ba2b9 100755 --- a/pkg/switch/switch.go +++ b/pkg/switch/switch.go @@ -589,18 +589,9 @@ func (v *Switch) Stop() { v.l2tp.Stop() } v.confd.Stop() - // firstly, notify leave to point. - for p := range cache.Point.List() { - if p == nil { - break - } - v.leftClient(p.Client) - } - v.firewall.Stop() if v.http != nil { v.http.Shutdown() } - v.server.Close() // stop network. for _, w := range v.worker { if w.Provider() == "vxlan" { @@ -608,6 +599,16 @@ func (v *Switch) Stop() { } w.Stop() } + v.out.Info("Switch.Stop left points") + // notify leave to point. + for p := range cache.Point.List() { + if p == nil { + break + } + v.leftClient(p.Client) + } + v.firewall.Stop() + v.server.Close() } func (v *Switch) Alias() string {