zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-08 18:21:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

fixing netclient

Browse Source
This commit is contained in:
afeiszli
2021-07-15 15:14:48 -04:00
parent 4cf5aad2e7
commit 68607ae8ca
15 changed files with 150 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@@ -34,4 +34,3 @@ EXPOSE 8081
EXPOSE 50051 EXPOSE 50051
CMD ["./app"] CMD ["./app"]

26
Dockerfile-netclient Normal file
View File

@@ -0,0 +1,26 @@
#first stage - builder
FROM golang:latest as builder
COPY . /app
WORKDIR /app/netclient
ENV GO111MODULE=auto
RUN CGO_ENABLED=0 GOOS=linux go build -o netclient main.go
#second stage
FROM debian:latest
RUN apt-get update && apt-get -y install systemd procps
WORKDIR /root/
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /app/netclient/netclient .
CMD ["./netclient"]

1
config/config.go
View File

@@ -36,6 +36,7 @@ type EnvironmentConfig struct {
// ServerConfig : // ServerConfig :
type ServerConfig struct { type ServerConfig struct {
CoreDNSAddr string `yaml:"corednsaddr"`
APIConnString string `yaml:"apiconn"` APIConnString string `yaml:"apiconn"`
APIHost string `yaml:"apihost"` APIHost string `yaml:"apihost"`
APIPort string `yaml:"apiport"` APIPort string `yaml:"apiport"`

1
controllers/networkHttpController.go
View File

@@ -689,6 +689,7 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
s := servercfg.GetServerConfig() s := servercfg.GetServerConfig()
w := servercfg.GetWGConfig() w := servercfg.GetWGConfig()
servervals := models.ServerConfig{ servervals := models.ServerConfig{
CoreDNSAddr: s.CoreDNSAddr,
APIConnString: s.APIConnString, APIConnString: s.APIConnString,
APIHost: s.APIHost, APIHost: s.APIHost,
APIPort: s.APIPort, APIPort: s.APIPort,

58
kube/netclient-daemonset.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: netclient
labels:
app: netclient
spec:
selector:
matchLabels:
app: netclient
replicas: 1
template:
metadata:
labels:
app: netclient
spec:
hostNetwork: true
containers:
- name: netclient
image: gravitl/netclient:v0.5.5
command: ['bash', '-c', "netclient checkin -n $NETWORK; sleep $SLEEP"]
env:
- name: ACCESS_TOKEN
value: "XXXX"
- name: NETWORK
value: "default"
- name: SLEEP
value: 30
volumeMounts:
- mountPath: /etc/netclient
name: etc-netclient
- mountPath: /usr/bin/wg
name: wg
securityContext:
privileged: true
initContainers:
- name: netclient-join
image: gravitl/netclient:v0.5.5
command: ['bash', '-c', "netclient join -t $ACCESS_TOKEN --daemon off"]
env:
- name: ACCESS_TOKEN
value: "XXXX"
volumeMounts:
- mountPath: /etc/netclient
name: etc-netclient
- mountPath: /usr/bin/wg
name: wg
securityContext:
privileged: true
volumes:
- hostPath:
path: /etc/netclient
type: DirectoryOrCreate
name: etc-netclient
- hostPath:
path: /usr/bin/wg
type: File
name: wg

7
main.go
View File

@@ -87,7 +87,12 @@ func main() {
waitnetwork.Add(1) waitnetwork.Add(1)
go runGRPC(&waitnetwork, installserver) go runGRPC(&waitnetwork, installserver)
} }
if servercfg.IsDNSMode() {
err := controller.SetDNS()
if err != nil {
log.Fatal(err)
}
}
//Run Rest Server //Run Rest Server
if servercfg.IsRestBackend() { if servercfg.IsRestBackend() {
if !servercfg.DisableRemoteIPCheck() && servercfg.GetAPIHost() == "127.0.0.1" { if !servercfg.DisableRemoteIPCheck() && servercfg.GetAPIHost() == "127.0.0.1" {

1
models/accessToken.go
View File

@@ -13,6 +13,7 @@ type ClientConfig struct {
} }
type ServerConfig struct { type ServerConfig struct {
CoreDNSAddr string `json:"corednsaddr"`
APIConnString string `json:"apiconn"` APIConnString string `json:"apiconn"`
APIHost string `json:"apihost"` APIHost string `json:"apihost"`
APIPort string `json:"apiport"` APIPort string `json:"apiport"`

9
netclient/Dockerfile Normal file
View File

@@ -0,0 +1,9 @@
FROM debian:latest
RUN apt-get update && apt-get -y install systemd procps
WORKDIR /root/
COPY netclient .
CMD ["./netclient checkin"]

2
netclient/command/commands.go
View File

@@ -58,7 +58,7 @@ func CheckIn(cfg config.ClientConfig) error {
log.Println("Required, '-n'. No network provided. Exiting.") log.Println("Required, '-n'. No network provided. Exiting.")
os.Exit(1) os.Exit(1)
} }
err := functions.CheckIn(cfg.Network) err := functions.CheckIn(cfg)
if err != nil { if err != nil {
log.Println("Error checking in: ", err) log.Println("Error checking in: ", err)
os.Exit(1) os.Exit(1)

10
netclient/config/config.go
View File

@@ -26,6 +26,7 @@ type ClientConfig struct {
OperatingSystem string `yaml:"operatingsystem"` OperatingSystem string `yaml:"operatingsystem"`
} }
type ServerConfig struct { type ServerConfig struct {
CoreDNSAddr string `yaml:"corednsaddr"`
GRPCAddress string `yaml:"grpcaddress"` GRPCAddress string `yaml:"grpcaddress"`
APIAddress string `yaml:"apiaddress"` APIAddress string `yaml:"apiaddress"`
AccessKey string `yaml:"accesskey"` AccessKey string `yaml:"accesskey"`
@@ -55,7 +56,6 @@ type NodeConfig struct {
IsLocal string `yaml:"islocal"` IsLocal string `yaml:"islocal"`
IsDualStack string `yaml:"isdualstack"` IsDualStack string `yaml:"isdualstack"`
IsIngressGateway string `yaml:"isingressgateway"` IsIngressGateway string `yaml:"isingressgateway"`
AllowedIPs []string `yaml:"allowedips"`
LocalRange string `yaml:"localrange"` LocalRange string `yaml:"localrange"`
PostUp string `yaml:"postup"` PostUp string `yaml:"postup"`
PostDown string `yaml:"postdown"` PostDown string `yaml:"postdown"`
@@ -85,9 +85,6 @@ func Write(config *ClientConfig, network string) error{
} }
home := "/etc/netclient" home := "/etc/netclient"
if err != nil {
log.Fatal(err)
}
file := fmt.Sprintf(home + "/netconfig-" + network) file := fmt.Sprintf(home + "/netconfig-" + network)
f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm) f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
defer f.Close() defer f.Close()
@@ -408,6 +405,7 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
cfg.Node.LocalRange = accesstoken.ClientConfig.LocalRange cfg.Node.LocalRange = accesstoken.ClientConfig.LocalRange
cfg.Server.GRPCSSL = accesstoken.ServerConfig.GRPCSSL cfg.Server.GRPCSSL = accesstoken.ServerConfig.GRPCSSL
cfg.Server.GRPCWireGuard = accesstoken.WG.GRPCWireGuard cfg.Server.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
cfg.Server.CoreDNSAddr = accesstoken.ServerConfig.CoreDNSAddr
if c.String("grpcserver") != "" { if c.String("grpcserver") != "" {
cfg.Server.GRPCAddress = c.String("grpcserver") cfg.Server.GRPCAddress = c.String("grpcserver")
} }
@@ -427,6 +425,9 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
if c.String("grpcssl") != "" { if c.String("grpcssl") != "" {
cfg.Server.GRPCSSL = c.String("grpcssl") cfg.Server.GRPCSSL = c.String("grpcssl")
} }
if c.String("corednsaddr") != "" {
cfg.Server.CoreDNSAddr = c.String("corednsaddr")
}
if c.String("grpcwg") != "" { if c.String("grpcwg") != "" {
cfg.Server.GRPCWireGuard = c.String("grpcwg") cfg.Server.GRPCWireGuard = c.String("grpcwg")
} }
@@ -440,6 +441,7 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
cfg.Node.LocalRange = c.String("localrange") cfg.Node.LocalRange = c.String("localrange")
cfg.Server.GRPCWireGuard = c.String("grpcwg") cfg.Server.GRPCWireGuard = c.String("grpcwg")
cfg.Server.GRPCSSL = c.String("grpcssl") cfg.Server.GRPCSSL = c.String("grpcssl")
cfg.Server.CoreDNSAddr = c.String("corednsaddr")
} }
cfg.Node.Name = c.String("name") cfg.Node.Name = c.String("name")
cfg.Node.Interface = c.String("interface") cfg.Node.Interface = c.String("interface")

19
netclient/functions/checkin.go
View File

@@ -10,6 +10,7 @@ import (
"net" "net"
"os/exec" "os/exec"
"github.com/gravitl/netmaker/netclient/config" "github.com/gravitl/netmaker/netclient/config"
"github.com/gravitl/netmaker/netclient/local"
"github.com/gravitl/netmaker/netclient/wireguard" "github.com/gravitl/netmaker/netclient/wireguard"
"github.com/gravitl/netmaker/netclient/server" "github.com/gravitl/netmaker/netclient/server"
"github.com/gravitl/netmaker/netclient/auth" "github.com/gravitl/netmaker/netclient/auth"
@@ -19,7 +20,8 @@ import (
//homedir "github.com/mitchellh/go-homedir" //homedir "github.com/mitchellh/go-homedir"
) )
func CheckIn(network string) error { func CheckIn(cliconf config.ClientConfig) error {
network := cliconf.Network
node := server.GetNode(network) node := server.GetNode(network)
cfg, err := config.ReadConfig(network) cfg, err := config.ReadConfig(network)
if err != nil { if err != nil {
@@ -32,6 +34,14 @@ func CheckIn(network string) error {
setupcheck := true setupcheck := true
ipchange := false ipchange := false
if nodecfg.DNS == "on" || cliconf.Node.DNS == "on" {
fmt.Println("setting dns")
ifacename := node.Interface
nameserver := servercfg.CoreDNSAddr
network := node.Nodenetwork
_ = local.UpdateDNS(ifacename, network, nameserver)
}
if !(nodecfg.IPForwarding == "off") { if !(nodecfg.IPForwarding == "off") {
out, err := exec.Command("sysctl", "net.ipv4.ip_forward").Output() out, err := exec.Command("sysctl", "net.ipv4.ip_forward").Output()
if err != nil { if err != nil {
@@ -125,10 +135,13 @@ func CheckIn(network string) error {
var wcclient nodepb.NodeServiceClient var wcclient nodepb.NodeServiceClient
var requestOpts grpc.DialOption var requestOpts grpc.DialOption
requestOpts = grpc.WithInsecure() requestOpts = grpc.WithInsecure()
if cfg.Server.GRPCSSL == "on" { if servercfg.GRPCSSL == "on" {
log.Println("using SSL")
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}}) h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds) requestOpts = grpc.WithTransportCredentials(h2creds)
} } else {
log.Println("using insecure GRPC connection")
}
conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts) conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
if err != nil { if err != nil {
fmt.Printf("Cant dial GRPC server: %v", err) fmt.Printf("Cant dial GRPC server: %v", err)

5
netclient/functions/join.go
View File

@@ -183,6 +183,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
if err != nil { if err != nil {
return err return err
} }
log.Println("node created on remote server...updating configs")
node := res.Node node := res.Node
if err != nil { if err != nil {
return err return err
@@ -211,16 +212,18 @@ func JoinNetwork(cfg config.ClientConfig) error {
return err return err
} }
} }
log.Println("retrieving remote peers")
peers, hasGateway, gateways, err := server.GetPeers(node.Macaddress, cfg.Network, cfg.Server.GRPCAddress, node.Isdualstack, node.Isingressgateway) peers, hasGateway, gateways, err := server.GetPeers(node.Macaddress, cfg.Network, cfg.Server.GRPCAddress, node.Isdualstack, node.Isingressgateway)
if err != nil { if err != nil {
log.Println("failed to retrieve peers")
return err return err
} }
err = wireguard.StorePrivKey(cfg.Node.PrivateKey, cfg.Network) err = wireguard.StorePrivKey(cfg.Node.PrivateKey, cfg.Network)
if err != nil { if err != nil {
return err return err
} }
log.Println("starting wireguard")
err = wireguard.InitWireguard(node, cfg.Node.PrivateKey, peers, hasGateway, gateways) err = wireguard.InitWireguard(node, cfg.Node.PrivateKey, peers, hasGateway, gateways)
if err != nil { if err != nil {
return err return err

13
netclient/server/grpc.go
View File

@@ -143,7 +143,12 @@ func GetPeers(macaddress string, network string, server string, dualstack bool,
requestOpts := grpc.WithInsecure() requestOpts := grpc.WithInsecure()
conn, err := grpc.Dial(server, requestOpts) if cfg.Server.GRPCSSL == "on" {
h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
requestOpts = grpc.WithTransportCredentials(h2creds)
}
conn, err := grpc.Dial(server, requestOpts)
if err != nil { if err != nil {
log.Fatalf("Unable to establish client connection to localhost:50051: %v", err) log.Fatalf("Unable to establish client connection to localhost:50051: %v", err)
} }
@@ -157,15 +162,15 @@ func GetPeers(macaddress string, network string, server string, dualstack bool,
ctx := context.Background() ctx := context.Background()
ctx, err = auth.SetJWT(wcclient, network) ctx, err = auth.SetJWT(wcclient, network)
if err != nil { if err != nil {
fmt.Println("Failed to authenticate.") log.Println("Failed to authenticate.")
return peers, hasGateway, gateways, err return peers, hasGateway, gateways, err
} }
var header metadata.MD var header metadata.MD
stream, err := wcclient.GetPeers(ctx, req, grpc.Header(&header)) stream, err := wcclient.GetPeers(ctx, req, grpc.Header(&header))
if err != nil { if err != nil {
fmt.Println("Error retrieving peers") log.Println("Error retrieving peers")
fmt.Println(err) log.Println(err)
return nil, hasGateway, gateways, err return nil, hasGateway, gateways, err
} }
for { for {

3
netclient/wireguard/kernel.go
View File

@@ -186,8 +186,7 @@ func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig
if node.Address == "" { if node.Address == "" {
log.Fatal("no address to configure") log.Fatal("no address to configure")
} }
nameserver := servercfg.GRPCAddress nameserver := servercfg.CoreDNSAddr
nameserver = strings.Split(nameserver, ":")[0]
network := node.Nodenetwork network := node.Nodenetwork
if nodecfg.Network != "" { if nodecfg.Network != "" {
network = nodecfg.Network network = nodecfg.Network

11
servercfg/serverconf.go
View File

@@ -20,6 +20,7 @@ func SetHost() error {
func GetServerConfig() config.ServerConfig { func GetServerConfig() config.ServerConfig {
var cfg config.ServerConfig var cfg config.ServerConfig
cfg.APIConnString = GetAPIConnString() cfg.APIConnString = GetAPIConnString()
cfg.CoreDNSAddr = GetCoreDNSAddr()
cfg.APIHost = GetAPIHost() cfg.APIHost = GetAPIHost()
cfg.APIPort = GetAPIPort() cfg.APIPort = GetAPIPort()
cfg.GRPCConnString = GetGRPCConnString() cfg.GRPCConnString = GetGRPCConnString()
@@ -129,6 +130,16 @@ func GetGRPCConnString() string {
return conn return conn
} }
func GetCoreDNSAddr() string {
addr, _ := GetPublicIP()
if os.Getenv("COREDNS_ADDR") != "" {
addr = os.Getenv("COREDNS_ADDR")
} else if config.Config.Server.CoreDNSAddr != "" {
addr = config.Config.Server.GRPCConnString
}
return addr
}
func GetGRPCHost() string { func GetGRPCHost() string {
serverhost := "127.0.0.1" serverhost := "127.0.0.1"
if IsGRPCWireGuard() { if IsGRPCWireGuard() {