func setupNetworking(args *ContainerInitArgs) error {
// loopback
iface, err := net.InterfaceByName("lo")
if err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if err := netlink.NetworkLinkUp(iface); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if args.ip != "" {
if iface, err = net.InterfaceByName("eth0"); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
ip, ipNet, err := net.ParseCIDR(args.ip)
if err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if err := netlink.NetworkLinkAddIp(iface, ip, ipNet); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if args.gateway != "" {
if err := netlink.AddDefaultGw(args.gateway, "eth0"); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
}
if err := netlink.NetworkLinkUp(iface); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
}
return nil
}
func setupNetworking(c *Config) error {
if c.IP == "" {
return nil
}
// loopback
iface, err := net.InterfaceByName("lo")
if err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if err := netlink.NetworkLinkUp(iface); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if iface, err = net.InterfaceByName("eth0"); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
ip, ipNet, err := net.ParseCIDR(c.IP)
if err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if err := netlink.NetworkLinkAddIp(iface, ip, ipNet); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
if c.Gateway != "" {
if err := netlink.AddDefaultGw(c.Gateway, "eth0"); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
}
if err := netlink.NetworkLinkUp(iface); err != nil {
return fmt.Errorf("Unable to set up networking: %v", err)
}
return nil
}
func createBridge(name, network, natIface string) (*Bridge, error) {
ipAddr, ipNet, err := net.ParseCIDR(network)
if err != nil {
return nil, err
}
if err := netlink.CreateBridge(name, true); err != nil {
return nil, err
}
iface, err := net.InterfaceByName(name)
if err != nil {
return nil, err
}
if err := netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil {
return nil, err
}
if err := netlink.NetworkLinkUp(iface); err != nil {
return nil, err
}
if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
return nil, err
}
if err := setupIPTables(name, natIface); err != nil {
return nil, err
}
return &Bridge{name, iface, ipAddr, ipNet}, nil
}
func createBridge(name, network, natIface string) (*Bridge, error) {
ipAddr, ipNet, err := net.ParseCIDR(network)
if err != nil {
return nil, err
}
if err := netlink.CreateBridge(name, true); err != nil {
return nil, err
}
iface, err := net.InterfaceByName(name)
if err != nil {
return nil, err
}
// We need to explicitly assign the MAC address to avoid it changing to a lower value
// See: https://github.com/flynn/flynn/issues/223
b := random.Bytes(5)
mac := fmt.Sprintf("fe:%02x:%02x:%02x:%02x:%02x", b[0], b[1], b[2], b[3], b[4])
if err := netlink.NetworkSetMacAddress(iface, mac); err != nil {
return nil, err
}
if err := netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil {
return nil, err
}
if err := netlink.NetworkLinkUp(iface); err != nil {
return nil, err
}
if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
return nil, err
}
if err := setupIPTables(name, natIface); err != nil {
return nil, err
}
bridge := &Bridge{
name: name,
iface: iface,
ipAddr: ipAddr,
ipNet: ipNet,
alloc: ipallocator.New(),
}
bridge.alloc.RequestIP(ipNet, ipAddr)
return bridge, nil
}
func (t *TapManager) NewTap(uid, gid int) (*Tap, error) {
tap := &Tap{Name: "flynntap." + random.String(5), bridge: t.bridge}
if err := createTap(tap.Name, uid, gid); err != nil {
return nil, err
}
var err error
tap.LocalIP, err = ipallocator.RequestIP(t.bridge.ipNet, nil)
if err != nil {
tap.Close()
return nil, err
}
tap.RemoteIP, err = ipallocator.RequestIP(t.bridge.ipNet, nil)
if err != nil {
tap.Close()
return nil, err
}
iface, err := net.InterfaceByName(tap.Name)
if err != nil {
tap.Close()
return nil, err
}
if err := netlink.NetworkLinkAddIp(iface, *tap.LocalIP, t.bridge.ipNet); err != nil {
tap.Close()
return nil, err
}
if err := netlink.NetworkLinkUp(iface); err != nil {
tap.Close()
return nil, err
}
if err := netlink.AddToBridge(iface, t.bridge.iface); err != nil {
tap.Close()
return nil, err
}
return tap, nil
}
func setupIPv6Bridge(bridgeIPv6 string) error {
iface, err := net.InterfaceByName(bridgeIface)
if err != nil {
return err
}
// Enable IPv6 on the bridge
procFile := "/proc/sys/net/ipv6/conf/" + iface.Name + "/disable_ipv6"
if err := ioutil.WriteFile(procFile, []byte{'0', '\n'}, 0644); err != nil {
return fmt.Errorf("Unable to enable IPv6 addresses on bridge: %v", err)
}
ipAddr6, ipNet6, err := net.ParseCIDR(bridgeIPv6)
if err != nil {
return fmt.Errorf("Unable to parse bridge IPv6 address: %q, error: %v", bridgeIPv6, err)
}
if err := netlink.NetworkLinkAddIp(iface, ipAddr6, ipNet6); err != nil {
return fmt.Errorf("Unable to add private IPv6 network: %v", err)
}
return nil
}
// ConfigureNetworking is called once during host startup and passed the
// strategy and identifier of the networking coordinatior job. Currently the
// only strategy implemented uses flannel.
func (l *LibvirtLXCBackend) ConfigureNetworking(config *host.NetworkConfig) error {
var err error
l.bridgeAddr, l.bridgeNet, err = net.ParseCIDR(config.Subnet)
if err != nil {
return err
}
l.ipalloc.RequestIP(l.bridgeNet, l.bridgeAddr)
err = netlink.CreateBridge(bridgeName, false)
bridgeExists := os.IsExist(err)
if err != nil && !bridgeExists {
return err
}
bridge, err := net.InterfaceByName(bridgeName)
if err != nil {
return err
}
if !bridgeExists {
// We need to explicitly assign the MAC address to avoid it changing to a lower value
// See: https://github.com/flynn/flynn/issues/223
b := random.Bytes(5)
bridgeMAC := fmt.Sprintf("fe:%02x:%02x:%02x:%02x:%02x", b[0], b[1], b[2], b[3], b[4])
if err := netlink.NetworkSetMacAddress(bridge, bridgeMAC); err != nil {
return err
}
}
currAddrs, err := bridge.Addrs()
if err != nil {
return err
}
setIP := true
for _, addr := range currAddrs {
ip, net, _ := net.ParseCIDR(addr.String())
if ip.Equal(l.bridgeAddr) && net.String() == l.bridgeNet.String() {
setIP = false
} else {
if err := netlink.NetworkLinkDelIp(bridge, ip, net); err != nil {
return err
}
}
}
if setIP {
if err := netlink.NetworkLinkAddIp(bridge, l.bridgeAddr, l.bridgeNet); err != nil {
return err
}
}
if err := netlink.NetworkLinkUp(bridge); err != nil {
return err
}
network, err := l.libvirt.LookupNetworkByName(libvirtNetName)
if err != nil {
// network doesn't exist
networkConfig := <.Network{
Name: libvirtNetName,
Bridge: lt.Bridge{Name: bridgeName},
Forward: lt.Forward{Mode: "bridge"},
}
network, err = l.libvirt.NetworkDefineXML(string(networkConfig.XML()))
if err != nil {
return err
}
}
active, err := network.IsActive()
if err != nil {
return err
}
if !active {
if err := network.Create(); err != nil {
return err
}
}
if defaultNet, err := l.libvirt.LookupNetworkByName("default"); err == nil {
// The default network causes dnsmasq to run and bind to all interfaces,
// including ours. This prevents discoverd from binding its DNS server.
// We don't use it, so destroy it if it exists.
defaultNet.Destroy()
}
// enable IP forwarding
if err := ioutil.WriteFile("/proc/sys/net/ipv4/ip_forward", []byte("1\n"), 0644); err != nil {
return err
}
// Set up iptables for outbound traffic masquerading from containers to the
// rest of the network.
if err := iptables.EnableOutboundNAT(bridgeName, l.bridgeNet.String()); err != nil {
return err
}
// Read DNS config, discoverd uses the nameservers
dnsConf, err := dns.ClientConfigFromFile("/etc/resolv.conf")
if err != nil {
return err
}
config.Resolvers = dnsConf.Servers
// Write a resolv.conf to be bind-mounted into containers pointing at the
// future discoverd DNS listener
if err := os.MkdirAll("/etc/flynn", 0755); err != nil {
return err
}
var resolvSearch string
if len(dnsConf.Search) > 0 {
resolvSearch = fmt.Sprintf("search %s\n", strings.Join(dnsConf.Search, " "))
}
if err := ioutil.WriteFile("/etc/flynn/resolv.conf", []byte(fmt.Sprintf("%snameserver %s\n", resolvSearch, l.bridgeAddr.String())), 0644); err != nil {
return err
}
l.resolvConf = "/etc/flynn/resolv.conf"
// Allocate IPs for running jobs
for i, container := range l.containers {
if !container.job.Config.HostNetwork {
var err error
l.containers[i].IP, err = l.ipalloc.RequestIP(l.bridgeNet, container.IP)
if err != nil {
grohl.Log(grohl.Data{"fn": "ConfigureNetworking", "at": "request_ip", "status": "error", "err": err})
}
}
}
close(l.networkConfigured)
return nil
}
// CreateBridgeIface creates a network bridge interface on the host system with the name `ifaceName`,
// and attempts to configure it with an address which doesn't conflict with any other interface on the host.
// If it can't find an address which doesn't conflict, it will return an error.
func createBridge(bridgeIP string) error {
nameservers := []string{}
resolvConf, _ := resolvconf.Get()
// we don't check for an error here, because we don't really care
// if we can't read /etc/resolv.conf. So instead we skip the append
// if resolvConf is nil. It either doesn't exist, or we can't read it
// for some reason.
if resolvConf != nil {
nameservers = append(nameservers, resolvconf.GetNameserversAsCIDR(resolvConf)...)
}
var ifaceAddr string
if len(bridgeIP) != 0 {
_, _, err := net.ParseCIDR(bridgeIP)
if err != nil {
return err
}
ifaceAddr = bridgeIP
} else {
for _, addr := range addrs {
_, dockerNetwork, err := net.ParseCIDR(addr)
if err != nil {
return err
}
if err := networkdriver.CheckNameserverOverlaps(nameservers, dockerNetwork); err == nil {
if err := networkdriver.CheckRouteOverlaps(dockerNetwork); err == nil {
ifaceAddr = addr
break
} else {
log.Debugf("%s %s", addr, err)
}
}
}
}
if ifaceAddr == "" {
return fmt.Errorf("Could not find a free IP address range for interface '%s'. Please configure its address manually and run 'docker -b %s'", bridgeIface, bridgeIface)
}
log.Debugf("Creating bridge %s with network %s", bridgeIface, ifaceAddr)
if err := createBridgeIface(bridgeIface); err != nil {
return err
}
iface, err := net.InterfaceByName(bridgeIface)
if err != nil {
return err
}
ipAddr, ipNet, err := net.ParseCIDR(ifaceAddr)
if err != nil {
return err
}
if netlink.NetworkLinkAddIp(iface, ipAddr, ipNet); err != nil {
return fmt.Errorf("Unable to add private network: %s", err)
}
if err := netlink.NetworkLinkUp(iface); err != nil {
return fmt.Errorf("Unable to start network bridge: %s", err)
}
return nil
}