aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAlex <alex@adnab.me>2023-04-21 14:00:06 +0000
committerAlex <alex@adnab.me>2023-04-21 14:00:06 +0000
commitc19ab05802fda6651eb50d065db960a72f3a34b5 (patch)
tree996dccf1ba5d8653476883cf2db5f10a9ccc2349 /src
parentaaff9b7d4ab0d2eeae88e7bb4a4f6512deaebb34 (diff)
parentb60f5b1694aee70aea61f8de7bf5f6090c0d53e6 (diff)
downloadD53-c19ab05802fda6651eb50d065db960a72f3a34b5.tar.gz
D53-c19ab05802fda6651eb50d065db960a72f3a34b5.zip
Merge pull request 'Support for loading IP addresses from DiploNAT autodiscovery' (#4) from diplonat-autodiscovery into maindocker-4
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/D53/pulls/4
Diffstat (limited to 'src')
-rw-r--r--src/autodiscovery.rs147
-rw-r--r--src/dns_config.rs211
-rw-r--r--src/main.rs3
3 files changed, 297 insertions, 64 deletions
diff --git a/src/autodiscovery.rs b/src/autodiscovery.rs
new file mode 100644
index 0000000..aa33d01
--- /dev/null
+++ b/src/autodiscovery.rs
@@ -0,0 +1,147 @@
+//! Fetch autodiscoverd IP addresses stored by Diplonat into Consul
+
+use std::collections::HashMap;
+use std::net::{Ipv4Addr, Ipv6Addr};
+use std::sync::Arc;
+use std::time::{Duration, SystemTime};
+
+use anyhow::{anyhow, bail, Result};
+use regex::Regex;
+use serde::{Deserialize, Serialize};
+use tokio::{select, sync::watch};
+use tracing::*;
+
+use df_consul::*;
+
+#[derive(Serialize, Deserialize, Debug, Eq, PartialEq)]
+pub struct DiplonatAutodiscoveryResult<A> {
+ pub timestamp: u64,
+ pub address: Option<A>,
+}
+
+#[derive(Default, Debug, Eq, PartialEq)]
+pub struct AutodiscoveredAddresses {
+ pub ipv4: HashMap<String, DiplonatAutodiscoveryResult<Ipv4Addr>>,
+ pub ipv6: HashMap<String, DiplonatAutodiscoveryResult<Ipv6Addr>>,
+}
+
+pub fn watch_autodiscovered_ips(
+ consul: Consul,
+ mut must_exit: watch::Receiver<bool>,
+) -> watch::Receiver<Arc<AutodiscoveredAddresses>> {
+ let (tx, rx) = watch::channel(Arc::new(AutodiscoveredAddresses::default()));
+ let rx2 = rx.clone();
+
+ tokio::spawn(async move {
+ let mut last_index = None;
+ let re = Regex::new(r".*autodiscovery/(ipv[46])/([^/]+)$").unwrap();
+
+ while !*must_exit.borrow() {
+ let r = select! {
+ _ = must_exit.changed() => continue,
+ r = consul.kv_get_prefix("diplonat/autodiscovery/", last_index) => r,
+ };
+
+ let entries = match r {
+ Err(e) => {
+ warn!("Error fetching diplonat autodiscovery consul prefix: {}", e);
+ tokio::time::sleep(Duration::from_secs(30)).await;
+ continue;
+ }
+ Ok(r) => {
+ last_index = Some(r.index());
+ r.into_inner()
+ }
+ };
+
+ let mut addresses = AutodiscoveredAddresses::default();
+
+ for (k, v) in entries {
+ if let Err(e) = parse_autodiscovered_address(&re, &mut addresses, &k, &v) {
+ warn!(
+ "Invalid k/v pair in diplonat autodiscovery results: {} = {} ({})",
+ k,
+ std::str::from_utf8(&v).unwrap_or("<???>"),
+ e
+ );
+ }
+ }
+
+ if addresses.strip_timestamps() != rx2.borrow().strip_timestamps() {
+ addresses.dump();
+ }
+
+ if tx.send(Arc::new(addresses)).is_err() {
+ info!("Autodiscovered addresses watcher terminating");
+ return;
+ }
+ }
+ });
+
+ rx
+}
+
+fn parse_autodiscovered_address(
+ re: &Regex,
+ addresses: &mut AutodiscoveredAddresses,
+ k: &str,
+ v: &[u8],
+) -> Result<()> {
+ let caps = re.captures(k).ok_or(anyhow!("key does not match regex"))?;
+
+ if let (Some(family), Some(node)) = (caps.get(1), caps.get(2)) {
+ match family.as_str() {
+ "ipv4" => {
+ let r: DiplonatAutodiscoveryResult<Ipv4Addr> = serde_json::from_slice(v)?;
+ addresses.ipv4.insert(node.as_str().to_string(), r);
+ }
+ "ipv6" => {
+ let r: DiplonatAutodiscoveryResult<Ipv6Addr> = serde_json::from_slice(v)?;
+ addresses.ipv6.insert(node.as_str().to_string(), r);
+ }
+ _ => bail!("invalid address family {}", family.as_str()),
+ }
+ } else {
+ bail!("invalid regex captures {:?}", caps);
+ }
+
+ Ok(())
+}
+
+impl AutodiscoveredAddresses {
+ fn strip_timestamps(
+ &self,
+ ) -> (
+ HashMap<&str, Option<Ipv4Addr>>,
+ HashMap<&str, Option<Ipv6Addr>>,
+ ) {
+ (
+ self.ipv4
+ .iter()
+ .map(|(k, v)| (k.as_str(), v.address))
+ .collect(),
+ self.ipv6
+ .iter()
+ .map(|(k, v)| (k.as_str(), v.address))
+ .collect(),
+ )
+ }
+
+ fn dump(&self) {
+ println!("---- Autodiscovered addresses (fetched from DiploNAT): ----");
+ for (k, v) in self.ipv4.iter() {
+ println!(" IPv4 {} {} {:?}", k, v.timestamp, v.address);
+ }
+ for (k, v) in self.ipv6.iter() {
+ println!(" IPv6 {} {} {:?}", k, v.timestamp, v.address);
+ }
+ println!("");
+ }
+}
+
+pub fn timestamp() -> u64 {
+ SystemTime::now()
+ .duration_since(SystemTime::UNIX_EPOCH)
+ .expect("clock error")
+ .as_secs()
+}
diff --git a/src/dns_config.rs b/src/dns_config.rs
index f4a95be..acee8d7 100644
--- a/src/dns_config.rs
+++ b/src/dns_config.rs
@@ -1,17 +1,23 @@
use std::collections::{HashMap, HashSet};
use std::fmt;
+use std::net::{Ipv4Addr, Ipv6Addr};
use std::sync::Arc;
use std::time::Duration;
+use anyhow::Result;
+use serde::{Deserialize, Serialize};
use tokio::{select, sync::watch};
use tracing::*;
use df_consul::*;
-const IPV4_TARGET_METADATA_TAG: &str = "public_ipv4";
-const IPV6_TARGET_METADATA_TAG: &str = "public_ipv6";
+use crate::autodiscovery::*;
+
+const IP_TARGET_METADATA_TAG_PREFIX: &str = "public_";
const CNAME_TARGET_METADATA_TAG: &str = "cname_target";
+const AUTODISCOVERY_CACHE_DURATION: u64 = 600; // 10 minutes
+
// ---- Extract DNS config from Consul catalog ----
#[derive(Debug, Eq, PartialEq, Default)]
@@ -54,86 +60,165 @@ impl DnsConfig {
}
}
-fn parse_d53_tag(tag: &str, node: &catalog::Node) -> Option<(DnsEntryKey, DnsEntryValue)> {
- let splits = tag.split(' ').collect::<Vec<_>>();
- if splits.len() != 2 {
- return None;
- }
-
- let (record_type, targets) = match splits[0] {
- "d53-a" => match node.meta.get(IPV4_TARGET_METADATA_TAG) {
- Some(tgt) => (DnsRecordType::A, [tgt.to_string()].into_iter().collect()),
- None => {
- warn!("Got d53-a tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, IPV4_TARGET_METADATA_TAG);
- return None;
- }
- },
- "d53-aaaa" => match node.meta.get(IPV6_TARGET_METADATA_TAG) {
- Some(tgt) => (DnsRecordType::AAAA, [tgt.to_string()].into_iter().collect()),
- None => {
- warn!("Got d53-aaaa tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, IPV6_TARGET_METADATA_TAG);
- return None;
- }
- },
- "d53-cname" => match node.meta.get(CNAME_TARGET_METADATA_TAG) {
- Some(tgt) => (
- DnsRecordType::CNAME,
- [tgt.to_string()].into_iter().collect(),
- ),
- None => {
- warn!("Got d53-cname tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, CNAME_TARGET_METADATA_TAG);
- return None;
- }
- },
- _ => return None,
- };
-
- Some((
- DnsEntryKey {
- dns_path: splits[1].to_string(),
- record_type,
- },
- DnsEntryValue { targets },
- ))
-}
+// ---- fetcher and autodiscovery cache ----
pub fn spawn_dns_config_task(
- consul: &Consul,
- mut must_exit: watch::Receiver<bool>,
+ consul: Consul,
+ must_exit: watch::Receiver<bool>,
) -> watch::Receiver<Arc<DnsConfig>> {
let (tx, rx) = watch::channel(Arc::new(DnsConfig::new()));
- let mut catalog_rx = consul.watch_all_service_health(Duration::from_secs(60));
+ let fetcher = DnsConfigTask { consul };
+
+ tokio::spawn(fetcher.task(tx, must_exit));
+
+ rx
+}
+
+struct DnsConfigTask {
+ consul: Consul,
+}
+
+impl DnsConfigTask {
+ async fn task(
+ mut self,
+ tx: watch::Sender<Arc<DnsConfig>>,
+ mut must_exit: watch::Receiver<bool>,
+ ) {
+ let mut autodiscovery_rx = watch_autodiscovered_ips(self.consul.clone(), must_exit.clone());
+
+ let mut catalog_rx = self
+ .consul
+ .watch_all_service_health(Duration::from_secs(60));
- tokio::spawn(async move {
while !*must_exit.borrow() {
select! {
_ = catalog_rx.changed() => (),
+ _ = autodiscovery_rx.changed() => (),
_ = must_exit.changed() => continue,
};
- let services = catalog_rx.borrow_and_update();
+ let services = catalog_rx.borrow_and_update().clone();
+ let autodiscovery = autodiscovery_rx.borrow_and_update().clone();
+ match self.parse_catalog(&services, &autodiscovery) {
+ Ok(dns_config) => tx.send(Arc::new(dns_config)).expect("Internal error"),
+ Err(e) => {
+ error!("Error when parsing tags: {}", e);
+ }
+ };
+ }
+ }
- let mut dns_config = DnsConfig::new();
- for (_svc, nodes) in services.iter() {
- for node in nodes.iter() {
- // Do not take into account backends if any have status critical
- if node.checks.iter().any(|x| x.status == "critical") {
- continue;
- }
- for tag in node.service.tags.iter() {
- if let Some((k, v)) = parse_d53_tag(tag, &node.node) {
- dns_config.add(k, v);
- }
+ fn parse_catalog(
+ &mut self,
+ services: &catalog::AllServiceHealth,
+ autodiscovery: &AutodiscoveredAddresses,
+ ) -> Result<DnsConfig> {
+ let mut dns_config = DnsConfig::new();
+ for (_svc, nodes) in services.iter() {
+ for node in nodes.iter() {
+ // Do not take into account backends if any have status critical
+ if node.checks.iter().any(|x| x.status == "critical") {
+ continue;
+ }
+ for tag in node.service.tags.iter() {
+ if let Some((k, v)) = self.parse_d53_tag(tag, &node.node, autodiscovery)? {
+ dns_config.add(k, v);
}
}
}
+ }
- tx.send(Arc::new(dns_config)).expect("Internal error");
+ Ok(dns_config)
+ }
+
+ fn parse_d53_tag(
+ &mut self,
+ tag: &str,
+ node: &catalog::Node,
+ autodiscovery: &AutodiscoveredAddresses,
+ ) -> Result<Option<(DnsEntryKey, DnsEntryValue)>> {
+ let splits = tag.split(' ').collect::<Vec<_>>();
+ if splits.len() != 2 {
+ return Ok(None);
}
- });
- rx
+ let (record_type, target) = match splits[0] {
+ "d53-a" => match self.get_node_ipv4(&autodiscovery, &node)? {
+ Some(tgt) => (DnsRecordType::A, tgt.to_string()),
+ None => {
+ warn!("Got d53-a tag `{}` but node {} does not appear to have a known public IPv4 address. Tag is ignored.", tag, node.node);
+ return Ok(None);
+ }
+ },
+ "d53-aaaa" => match self.get_node_ipv6(&autodiscovery, &node)? {
+ Some(tgt) => (DnsRecordType::AAAA, tgt.to_string()),
+ None => {
+ warn!("Got d53-aaaa tag `{}` but node {} does not appear to have a known public IPv6 address. Tag is ignored.", tag, node.node);
+ return Ok(None);
+ }
+ },
+ "d53-cname" => match node.meta.get(CNAME_TARGET_METADATA_TAG) {
+ Some(tgt) => (DnsRecordType::CNAME, tgt.to_string()),
+ None => {
+ warn!("Got d53-cname tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, CNAME_TARGET_METADATA_TAG);
+ return Ok(None);
+ }
+ },
+ _ => return Ok(None),
+ };
+
+ Ok(Some((
+ DnsEntryKey {
+ dns_path: splits[1].to_string(),
+ record_type,
+ },
+ DnsEntryValue {
+ targets: [target].into_iter().collect(),
+ },
+ )))
+ }
+
+ fn get_node_ipv4(
+ &mut self,
+ autodiscovery: &AutodiscoveredAddresses,
+ node: &catalog::Node,
+ ) -> Result<Option<Ipv4Addr>> {
+ Self::get_node_ip("ipv4", &autodiscovery.ipv4, node)
+ }
+
+ fn get_node_ipv6(
+ &mut self,
+ autodiscovery: &AutodiscoveredAddresses,
+ node: &catalog::Node,
+ ) -> Result<Option<Ipv6Addr>> {
+ Self::get_node_ip("ipv6", &autodiscovery.ipv6, node)
+ }
+
+ fn get_node_ip<A>(
+ family: &'static str,
+ autodiscovery: &HashMap<String, DiplonatAutodiscoveryResult<A>>,
+ node: &catalog::Node,
+ ) -> Result<Option<A>>
+ where
+ A: Serialize + for<'de> Deserialize<'de> + std::fmt::Debug + std::str::FromStr + Copy + Eq,
+ <A as std::str::FromStr>::Err: Send + Sync + std::error::Error + 'static,
+ {
+ match autodiscovery.get(&node.node) {
+ Some(ar) if timestamp() <= ar.timestamp + AUTODISCOVERY_CACHE_DURATION => {
+ Ok(ar.address)
+ }
+ x => {
+ if let Some(ar) = x {
+ warn!("{} address for {} from diplonat autodiscovery is outdated (value: {:?}), falling back on value from Consul node meta", family, node.node, ar.address);
+ }
+
+ let meta_tag = format!("{}{}", IP_TARGET_METADATA_TAG_PREFIX, family);
+ let addr = node.meta.get(&meta_tag).map(|x| x.parse()).transpose()?;
+ Ok(addr)
+ }
+ }
+ }
}
// ---- Display impls ----
diff --git a/src/main.rs b/src/main.rs
index 1a41c18..9461596 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -5,6 +5,7 @@ use tokio::select;
use tokio::sync::watch;
use tracing::*;
+mod autodiscovery;
mod dns_config;
mod dns_updater;
mod provider;
@@ -111,7 +112,7 @@ async fn main() {
.map(ToString::to_string)
.collect::<Vec<_>>();
- let rx_dns_config = dns_config::spawn_dns_config_task(&consul, exit_signal.clone());
+ let rx_dns_config = dns_config::spawn_dns_config_task(consul, exit_signal.clone());
let updater_task = tokio::spawn(dns_updater::dns_updater_task(
rx_dns_config.clone(),