func main() {
// glog will log to tmp files by default. override so all entries
// can flow into journald (if running under systemd)
flag.Set("logtostderr", "true")
// now parse command line args
flag.Parse()
if opts.help {
fmt.Fprintf(os.Stderr, "Usage: %s [OPTION]...\n", os.Args[0])
flag.PrintDefaults()
os.Exit(0)
}
if opts.version {
fmt.Fprintln(os.Stderr, Version)
os.Exit(0)
}
flagsFromEnv("FLANNELD", flag.CommandLine)
be, sm, err := newBackend()
if err != nil {
log.Info(err)
os.Exit(1)
}
// Register for SIGINT and SIGTERM and wait for one of them to arrive
log.Info("Installing signal handlers")
sigs := make(chan os.Signal, 1)
signal.Notify(sigs, os.Interrupt, syscall.SIGTERM)
exit := make(chan int)
go run(be, sm, exit)
for {
select {
case <-sigs:
// unregister to get default OS nuke behaviour in case we don't exit cleanly
signal.Stop(sigs)
log.Info("Exiting...")
be.Stop()
case code := <-exit:
log.Infof("%s mode exited", be.Name())
os.Exit(code)
}
}
}
func (rb *HostgwBackend) Run() {
rb.wg.Add(1)
go func() {
rb.sm.LeaseRenewer(rb.stop)
rb.wg.Done()
}()
log.Info("Watching for new subnet leases")
evts := make(chan subnet.EventBatch)
rb.wg.Add(1)
go func() {
rb.sm.WatchLeases(evts, rb.stop)
rb.wg.Done()
}()
defer rb.wg.Wait()
for {
select {
case evtBatch := <-evts:
rb.handleSubnetEvents(evtBatch)
case <-rb.stop:
return
}
}
}
func setupIpMasq(localNet ip.IP4Net, overlayNet ip.IP4Net) error {
ipt, err := ip.NewIPTables()
if err != nil {
return err
}
err = ipt.ClearChain("nat", "FLANNEL")
if err != nil {
return fmt.Errorf("Failed to create/clear FLANNEL chain in NAT table: %v", err)
}
rules := [][]string{
[]string{"FLANNEL", "-s", localNet.String(), "-o", "lo", "-j", "ACCEPT"},
[]string{"FLANNEL", "-s", localNet.String(), "!", "-d", overlayNet.String(), "-j", "MASQUERADE"},
[]string{"POSTROUTING", "-s", localNet.String(), "-j", "FLANNEL"},
}
for _, args := range rules {
log.Info("Adding iptables rule: ", strings.Join(args, " "))
if err := ipt.AppendUnique("nat", args...); err != nil {
return fmt.Errorf("Failed to insert IP masquerade rule: %v", err)
}
}
return nil
}
func (sm *SubnetManager) LeaseRenewer(cancel chan bool) {
for {
dur := sm.leaseExp.Sub(time.Now()) - renewMargin
select {
case <-time.After(dur):
sm.mtx.RLock()
attrBytes, err := json.Marshal(&sm.myLease.Attrs)
sm.mtx.RUnlock()
if err != nil {
log.Error("Error renewing lease (trying again in 1 min): ", err)
dur = time.Minute
continue
}
sm.mtx.RLock()
resp, err := sm.registry.UpdateSubnet(sm.myLease.Network.StringSep(".", "-"), string(attrBytes), subnetTTL)
sm.mtx.RUnlock()
if err != nil {
log.Error("Error renewing lease (trying again in 1 min): ", err)
dur = time.Minute
continue
}
sm.leaseExp = *resp.Expiration
log.Info("Lease renewed, new expiration: ", sm.leaseExp)
dur = sm.leaseExp.Sub(time.Now()) - renewMargin
case <-cancel:
return
}
}
}
func setupIpMasq(ipn ip.IP4Net, iface string) error {
ipt, err := ip.NewIPTables()
if err != nil {
return fmt.Errorf("failed to setup IP Masquerade. iptables was not found")
}
err = ipt.ClearChain("nat", "FLANNEL")
if err != nil {
return fmt.Errorf("Failed to create/clear FLANNEL chain in NAT table: %v", err)
}
rules := [][]string{
// This rule makes sure we don't NAT traffic within overlay network (e.g. coming out of docker0)
{"FLANNEL", "-d", ipn.String(), "-j", "ACCEPT"},
// This rule makes sure we don't NAT multicast traffic within overlay network
{"FLANNEL", "-d", "224.0.0.0/4", "-j", "ACCEPT"}, // This rule will NAT everything originating from our overlay network and
{"FLANNEL", "!", "-o", iface, "-j", "MASQUERADE"},
// This rule will take everything coming from overlay and sent it to FLANNEL chain
{"POSTROUTING", "-s", ipn.String(), "-j", "FLANNEL"},
}
for _, args := range rules {
log.Info("Adding iptables rule: ", strings.Join(args, " "))
err = ipt.AppendUnique("nat", args...)
if err != nil {
return fmt.Errorf("Failed to insert IP masquerade rule: %v", err)
}
}
return nil
}
func lookupIface() (*net.Interface, net.IP, error) {
var iface *net.Interface
var ipaddr net.IP
var err error
if len(opts.iface) > 0 {
if ipaddr = net.ParseIP(opts.iface); ipaddr != nil {
iface, err = ip.GetInterfaceByIP(ipaddr)
if err != nil {
return nil, nil, fmt.Errorf("Error looking up interface %s: %s", opts.iface, err)
}
} else {
iface, err = net.InterfaceByName(opts.iface)
if err != nil {
return nil, nil, fmt.Errorf("Error looking up interface %s: %s", opts.iface, err)
}
}
} else {
log.Info("Determining IP address of default interface")
if iface, err = ip.GetDefaultGatewayIface(); err != nil {
return nil, nil, fmt.Errorf("Failed to get default interface: %s", err)
}
}
if ipaddr == nil {
ipaddr, err = ip.GetIfaceIP4Addr(iface)
if err != nil {
return nil, nil, fmt.Errorf("Failed to find IPv4 address for interface %s", iface.Name)
}
}
return iface, ipaddr, nil
}
func ensureExpiration(resp *etcd.Response, ttl uint64) {
if resp.Node.Expiration == nil {
// should not be but calc it ourselves in this case
log.Info("Expiration field missing on etcd response, calculating locally")
exp := time.Now().Add(time.Duration(ttl) * time.Second)
resp.Node.Expiration = &exp
}
}
func (m *UdpBackend) processSubnetEvents(batch subnet.EventBatch) {
for _, evt := range batch {
switch evt.Type {
case subnet.SubnetAdded:
log.Info("Subnet added: ", evt.Lease.Network)
setRoute(m.ctl, evt.Lease.Network, evt.Lease.Attrs.PublicIP, m.cfg.Port)
case subnet.SubnetRemoved:
log.Info("Subnet removed: ", evt.Lease.Network)
removeRoute(m.ctl, evt.Lease.Network)
default:
log.Error("Internal error: unknown event type: ", int(evt.Type))
}
}
}
func (rb *HostgwBackend) handleSubnetEvents(batch subnet.EventBatch) {
for _, evt := range batch {
switch evt.Type {
case subnet.SubnetAdded:
log.Infof("Subnet added: %v via %v", evt.Lease.Network, evt.Lease.Attrs.PublicIP)
if evt.Lease.Attrs.BackendType != "host-gw" {
log.Warningf("Ignoring non-host-gw subnet: type=%v", evt.Lease.Attrs.BackendType)
continue
}
route := netlink.Route{
Dst: evt.Lease.Network.ToIPNet(),
Gw: evt.Lease.Attrs.PublicIP.ToIP(),
LinkIndex: rb.extIface.Index,
}
if err := netlink.RouteAdd(&route); err != nil {
log.Errorf("Error adding route to %v via %v: %v", evt.Lease.Network, evt.Lease.Attrs.PublicIP, err)
continue
}
case subnet.SubnetRemoved:
log.Info("Subnet removed: ", evt.Lease.Network)
if evt.Lease.Attrs.BackendType != "host-gw" {
log.Warningf("Ignoring non-host-gw subnet: type=%v", evt.Lease.Attrs.BackendType)
continue
}
route := netlink.Route{
Dst: evt.Lease.Network.ToIPNet(),
Gw: evt.Lease.Attrs.PublicIP.ToIP(),
LinkIndex: rb.extIface.Index,
}
if err := netlink.RouteDel(&route); err != nil {
log.Errorf("Error deleting route to %v: %v", evt.Lease.Network, err)
continue
}
default:
log.Error("Internal error: unknown event type: ", int(evt.Type))
}
}
}
func (m *UdpBackend) monitorEvents() {
log.Info("Watching for new subnet leases")
evts := make(chan subnet.EventBatch)
m.wg.Add(1)
go func() {
m.sm.WatchLeases(evts, m.stop)
m.wg.Done()
}()
for {
select {
case evtBatch := <-evts:
m.processSubnetEvents(evtBatch)
case <-m.stop:
return
}
}
}
func (sm *SubnetManager) AcquireLease(attrs *LeaseAttrs, cancel chan bool) (ip.IP4Net, error) {
for {
sn, err := sm.acquireLeaseOnce(attrs, cancel)
switch {
case err == nil:
log.Info("Subnet lease acquired: ", sn)
return sn, nil
case err == task.ErrCanceled:
return ip.IP4Net{}, err
default:
log.Error("Failed to acquire subnet: ", err)
}
select {
case <-time.After(time.Second):
case <-cancel:
return ip.IP4Net{}, task.ErrCanceled
}
}
}