diff options
author | Alex <alex@adnab.me> | 2023-04-21 14:00:06 +0000 |
---|---|---|
committer | Alex <alex@adnab.me> | 2023-04-21 14:00:06 +0000 |
commit | c19ab05802fda6651eb50d065db960a72f3a34b5 (patch) | |
tree | 996dccf1ba5d8653476883cf2db5f10a9ccc2349 /src | |
parent | aaff9b7d4ab0d2eeae88e7bb4a4f6512deaebb34 (diff) | |
parent | b60f5b1694aee70aea61f8de7bf5f6090c0d53e6 (diff) | |
download | D53-c19ab05802fda6651eb50d065db960a72f3a34b5.tar.gz D53-c19ab05802fda6651eb50d065db960a72f3a34b5.zip |
Merge pull request 'Support for loading IP addresses from DiploNAT autodiscovery' (#4) from diplonat-autodiscovery into maindocker-4
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/D53/pulls/4
Diffstat (limited to 'src')
-rw-r--r-- | src/autodiscovery.rs | 147 | ||||
-rw-r--r-- | src/dns_config.rs | 211 | ||||
-rw-r--r-- | src/main.rs | 3 |
3 files changed, 297 insertions, 64 deletions
diff --git a/src/autodiscovery.rs b/src/autodiscovery.rs new file mode 100644 index 0000000..aa33d01 --- /dev/null +++ b/src/autodiscovery.rs @@ -0,0 +1,147 @@ +//! Fetch autodiscoverd IP addresses stored by Diplonat into Consul + +use std::collections::HashMap; +use std::net::{Ipv4Addr, Ipv6Addr}; +use std::sync::Arc; +use std::time::{Duration, SystemTime}; + +use anyhow::{anyhow, bail, Result}; +use regex::Regex; +use serde::{Deserialize, Serialize}; +use tokio::{select, sync::watch}; +use tracing::*; + +use df_consul::*; + +#[derive(Serialize, Deserialize, Debug, Eq, PartialEq)] +pub struct DiplonatAutodiscoveryResult<A> { + pub timestamp: u64, + pub address: Option<A>, +} + +#[derive(Default, Debug, Eq, PartialEq)] +pub struct AutodiscoveredAddresses { + pub ipv4: HashMap<String, DiplonatAutodiscoveryResult<Ipv4Addr>>, + pub ipv6: HashMap<String, DiplonatAutodiscoveryResult<Ipv6Addr>>, +} + +pub fn watch_autodiscovered_ips( + consul: Consul, + mut must_exit: watch::Receiver<bool>, +) -> watch::Receiver<Arc<AutodiscoveredAddresses>> { + let (tx, rx) = watch::channel(Arc::new(AutodiscoveredAddresses::default())); + let rx2 = rx.clone(); + + tokio::spawn(async move { + let mut last_index = None; + let re = Regex::new(r".*autodiscovery/(ipv[46])/([^/]+)$").unwrap(); + + while !*must_exit.borrow() { + let r = select! { + _ = must_exit.changed() => continue, + r = consul.kv_get_prefix("diplonat/autodiscovery/", last_index) => r, + }; + + let entries = match r { + Err(e) => { + warn!("Error fetching diplonat autodiscovery consul prefix: {}", e); + tokio::time::sleep(Duration::from_secs(30)).await; + continue; + } + Ok(r) => { + last_index = Some(r.index()); + r.into_inner() + } + }; + + let mut addresses = AutodiscoveredAddresses::default(); + + for (k, v) in entries { + if let Err(e) = parse_autodiscovered_address(&re, &mut addresses, &k, &v) { + warn!( + "Invalid k/v pair in diplonat autodiscovery results: {} = {} ({})", + k, + std::str::from_utf8(&v).unwrap_or("<???>"), + e + ); + } + } + + if addresses.strip_timestamps() != rx2.borrow().strip_timestamps() { + addresses.dump(); + } + + if tx.send(Arc::new(addresses)).is_err() { + info!("Autodiscovered addresses watcher terminating"); + return; + } + } + }); + + rx +} + +fn parse_autodiscovered_address( + re: &Regex, + addresses: &mut AutodiscoveredAddresses, + k: &str, + v: &[u8], +) -> Result<()> { + let caps = re.captures(k).ok_or(anyhow!("key does not match regex"))?; + + if let (Some(family), Some(node)) = (caps.get(1), caps.get(2)) { + match family.as_str() { + "ipv4" => { + let r: DiplonatAutodiscoveryResult<Ipv4Addr> = serde_json::from_slice(v)?; + addresses.ipv4.insert(node.as_str().to_string(), r); + } + "ipv6" => { + let r: DiplonatAutodiscoveryResult<Ipv6Addr> = serde_json::from_slice(v)?; + addresses.ipv6.insert(node.as_str().to_string(), r); + } + _ => bail!("invalid address family {}", family.as_str()), + } + } else { + bail!("invalid regex captures {:?}", caps); + } + + Ok(()) +} + +impl AutodiscoveredAddresses { + fn strip_timestamps( + &self, + ) -> ( + HashMap<&str, Option<Ipv4Addr>>, + HashMap<&str, Option<Ipv6Addr>>, + ) { + ( + self.ipv4 + .iter() + .map(|(k, v)| (k.as_str(), v.address)) + .collect(), + self.ipv6 + .iter() + .map(|(k, v)| (k.as_str(), v.address)) + .collect(), + ) + } + + fn dump(&self) { + println!("---- Autodiscovered addresses (fetched from DiploNAT): ----"); + for (k, v) in self.ipv4.iter() { + println!(" IPv4 {} {} {:?}", k, v.timestamp, v.address); + } + for (k, v) in self.ipv6.iter() { + println!(" IPv6 {} {} {:?}", k, v.timestamp, v.address); + } + println!(""); + } +} + +pub fn timestamp() -> u64 { + SystemTime::now() + .duration_since(SystemTime::UNIX_EPOCH) + .expect("clock error") + .as_secs() +} diff --git a/src/dns_config.rs b/src/dns_config.rs index f4a95be..acee8d7 100644 --- a/src/dns_config.rs +++ b/src/dns_config.rs @@ -1,17 +1,23 @@ use std::collections::{HashMap, HashSet}; use std::fmt; +use std::net::{Ipv4Addr, Ipv6Addr}; use std::sync::Arc; use std::time::Duration; +use anyhow::Result; +use serde::{Deserialize, Serialize}; use tokio::{select, sync::watch}; use tracing::*; use df_consul::*; -const IPV4_TARGET_METADATA_TAG: &str = "public_ipv4"; -const IPV6_TARGET_METADATA_TAG: &str = "public_ipv6"; +use crate::autodiscovery::*; + +const IP_TARGET_METADATA_TAG_PREFIX: &str = "public_"; const CNAME_TARGET_METADATA_TAG: &str = "cname_target"; +const AUTODISCOVERY_CACHE_DURATION: u64 = 600; // 10 minutes + // ---- Extract DNS config from Consul catalog ---- #[derive(Debug, Eq, PartialEq, Default)] @@ -54,86 +60,165 @@ impl DnsConfig { } } -fn parse_d53_tag(tag: &str, node: &catalog::Node) -> Option<(DnsEntryKey, DnsEntryValue)> { - let splits = tag.split(' ').collect::<Vec<_>>(); - if splits.len() != 2 { - return None; - } - - let (record_type, targets) = match splits[0] { - "d53-a" => match node.meta.get(IPV4_TARGET_METADATA_TAG) { - Some(tgt) => (DnsRecordType::A, [tgt.to_string()].into_iter().collect()), - None => { - warn!("Got d53-a tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, IPV4_TARGET_METADATA_TAG); - return None; - } - }, - "d53-aaaa" => match node.meta.get(IPV6_TARGET_METADATA_TAG) { - Some(tgt) => (DnsRecordType::AAAA, [tgt.to_string()].into_iter().collect()), - None => { - warn!("Got d53-aaaa tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, IPV6_TARGET_METADATA_TAG); - return None; - } - }, - "d53-cname" => match node.meta.get(CNAME_TARGET_METADATA_TAG) { - Some(tgt) => ( - DnsRecordType::CNAME, - [tgt.to_string()].into_iter().collect(), - ), - None => { - warn!("Got d53-cname tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, CNAME_TARGET_METADATA_TAG); - return None; - } - }, - _ => return None, - }; - - Some(( - DnsEntryKey { - dns_path: splits[1].to_string(), - record_type, - }, - DnsEntryValue { targets }, - )) -} +// ---- fetcher and autodiscovery cache ---- pub fn spawn_dns_config_task( - consul: &Consul, - mut must_exit: watch::Receiver<bool>, + consul: Consul, + must_exit: watch::Receiver<bool>, ) -> watch::Receiver<Arc<DnsConfig>> { let (tx, rx) = watch::channel(Arc::new(DnsConfig::new())); - let mut catalog_rx = consul.watch_all_service_health(Duration::from_secs(60)); + let fetcher = DnsConfigTask { consul }; + + tokio::spawn(fetcher.task(tx, must_exit)); + + rx +} + +struct DnsConfigTask { + consul: Consul, +} + +impl DnsConfigTask { + async fn task( + mut self, + tx: watch::Sender<Arc<DnsConfig>>, + mut must_exit: watch::Receiver<bool>, + ) { + let mut autodiscovery_rx = watch_autodiscovered_ips(self.consul.clone(), must_exit.clone()); + + let mut catalog_rx = self + .consul + .watch_all_service_health(Duration::from_secs(60)); - tokio::spawn(async move { while !*must_exit.borrow() { select! { _ = catalog_rx.changed() => (), + _ = autodiscovery_rx.changed() => (), _ = must_exit.changed() => continue, }; - let services = catalog_rx.borrow_and_update(); + let services = catalog_rx.borrow_and_update().clone(); + let autodiscovery = autodiscovery_rx.borrow_and_update().clone(); + match self.parse_catalog(&services, &autodiscovery) { + Ok(dns_config) => tx.send(Arc::new(dns_config)).expect("Internal error"), + Err(e) => { + error!("Error when parsing tags: {}", e); + } + }; + } + } - let mut dns_config = DnsConfig::new(); - for (_svc, nodes) in services.iter() { - for node in nodes.iter() { - // Do not take into account backends if any have status critical - if node.checks.iter().any(|x| x.status == "critical") { - continue; - } - for tag in node.service.tags.iter() { - if let Some((k, v)) = parse_d53_tag(tag, &node.node) { - dns_config.add(k, v); - } + fn parse_catalog( + &mut self, + services: &catalog::AllServiceHealth, + autodiscovery: &AutodiscoveredAddresses, + ) -> Result<DnsConfig> { + let mut dns_config = DnsConfig::new(); + for (_svc, nodes) in services.iter() { + for node in nodes.iter() { + // Do not take into account backends if any have status critical + if node.checks.iter().any(|x| x.status == "critical") { + continue; + } + for tag in node.service.tags.iter() { + if let Some((k, v)) = self.parse_d53_tag(tag, &node.node, autodiscovery)? { + dns_config.add(k, v); } } } + } - tx.send(Arc::new(dns_config)).expect("Internal error"); + Ok(dns_config) + } + + fn parse_d53_tag( + &mut self, + tag: &str, + node: &catalog::Node, + autodiscovery: &AutodiscoveredAddresses, + ) -> Result<Option<(DnsEntryKey, DnsEntryValue)>> { + let splits = tag.split(' ').collect::<Vec<_>>(); + if splits.len() != 2 { + return Ok(None); } - }); - rx + let (record_type, target) = match splits[0] { + "d53-a" => match self.get_node_ipv4(&autodiscovery, &node)? { + Some(tgt) => (DnsRecordType::A, tgt.to_string()), + None => { + warn!("Got d53-a tag `{}` but node {} does not appear to have a known public IPv4 address. Tag is ignored.", tag, node.node); + return Ok(None); + } + }, + "d53-aaaa" => match self.get_node_ipv6(&autodiscovery, &node)? { + Some(tgt) => (DnsRecordType::AAAA, tgt.to_string()), + None => { + warn!("Got d53-aaaa tag `{}` but node {} does not appear to have a known public IPv6 address. Tag is ignored.", tag, node.node); + return Ok(None); + } + }, + "d53-cname" => match node.meta.get(CNAME_TARGET_METADATA_TAG) { + Some(tgt) => (DnsRecordType::CNAME, tgt.to_string()), + None => { + warn!("Got d53-cname tag `{}` but node {} does not have a {} metadata value. Tag is ignored.", tag, node.node, CNAME_TARGET_METADATA_TAG); + return Ok(None); + } + }, + _ => return Ok(None), + }; + + Ok(Some(( + DnsEntryKey { + dns_path: splits[1].to_string(), + record_type, + }, + DnsEntryValue { + targets: [target].into_iter().collect(), + }, + ))) + } + + fn get_node_ipv4( + &mut self, + autodiscovery: &AutodiscoveredAddresses, + node: &catalog::Node, + ) -> Result<Option<Ipv4Addr>> { + Self::get_node_ip("ipv4", &autodiscovery.ipv4, node) + } + + fn get_node_ipv6( + &mut self, + autodiscovery: &AutodiscoveredAddresses, + node: &catalog::Node, + ) -> Result<Option<Ipv6Addr>> { + Self::get_node_ip("ipv6", &autodiscovery.ipv6, node) + } + + fn get_node_ip<A>( + family: &'static str, + autodiscovery: &HashMap<String, DiplonatAutodiscoveryResult<A>>, + node: &catalog::Node, + ) -> Result<Option<A>> + where + A: Serialize + for<'de> Deserialize<'de> + std::fmt::Debug + std::str::FromStr + Copy + Eq, + <A as std::str::FromStr>::Err: Send + Sync + std::error::Error + 'static, + { + match autodiscovery.get(&node.node) { + Some(ar) if timestamp() <= ar.timestamp + AUTODISCOVERY_CACHE_DURATION => { + Ok(ar.address) + } + x => { + if let Some(ar) = x { + warn!("{} address for {} from diplonat autodiscovery is outdated (value: {:?}), falling back on value from Consul node meta", family, node.node, ar.address); + } + + let meta_tag = format!("{}{}", IP_TARGET_METADATA_TAG_PREFIX, family); + let addr = node.meta.get(&meta_tag).map(|x| x.parse()).transpose()?; + Ok(addr) + } + } + } } // ---- Display impls ---- diff --git a/src/main.rs b/src/main.rs index 1a41c18..9461596 100644 --- a/src/main.rs +++ b/src/main.rs @@ -5,6 +5,7 @@ use tokio::select; use tokio::sync::watch; use tracing::*; +mod autodiscovery; mod dns_config; mod dns_updater; mod provider; @@ -111,7 +112,7 @@ async fn main() { .map(ToString::to_string) .collect::<Vec<_>>(); - let rx_dns_config = dns_config::spawn_dns_config_task(&consul, exit_signal.clone()); + let rx_dns_config = dns_config::spawn_dns_config_task(consul, exit_signal.clone()); let updater_task = tokio::spawn(dns_updater::dns_updater_task( rx_dns_config.clone(), |