2021-08-23 09:14:53 -04:00
//go:build linux
2021-05-25 19:48:54 -04:00
// +build linux
2015-06-10 17:24:19 -04:00
package overlay
2021-04-05 20:24:47 -04:00
//go:generate protoc -I.:../../Godeps/_workspace/src/github.com/gogo/protobuf --gogo_out=import_path=github.com/docker/docker/libnetwork/drivers/overlay,Mgogoproto/gogo.proto=github.com/gogo/protobuf/gogoproto:. overlay.proto
2016-05-18 23:44:50 -04:00
2015-06-10 17:24:19 -04:00
import (
2017-07-27 14:43:13 -04:00
"context"
2015-06-10 17:24:19 -04:00
"fmt"
2015-10-26 06:13:34 -04:00
"net"
2015-06-10 17:24:19 -04:00
"sync"
2021-04-05 20:24:47 -04:00
"github.com/docker/docker/libnetwork/datastore"
"github.com/docker/docker/libnetwork/discoverapi"
"github.com/docker/docker/libnetwork/driverapi"
"github.com/docker/docker/libnetwork/idm"
"github.com/docker/docker/libnetwork/netlabel"
"github.com/docker/docker/libnetwork/osl"
"github.com/docker/docker/libnetwork/types"
2015-06-10 17:24:19 -04:00
"github.com/hashicorp/serf/serf"
2017-07-26 17:18:31 -04:00
"github.com/sirupsen/logrus"
2015-06-10 17:24:19 -04:00
)
const (
networkType = "overlay"
vethPrefix = "veth"
vethLen = 7
vxlanIDStart = 256
2016-06-09 15:47:35 -04:00
vxlanIDEnd = ( 1 << 24 ) - 1
2016-07-23 15:29:49 -04:00
vxlanEncap = 50
2016-07-21 18:44:12 -04:00
secureOption = "encrypted"
2015-06-10 17:24:19 -04:00
)
2016-01-27 19:37:47 -05:00
var initVxlanIdm = make ( chan ( bool ) , 1 )
2015-06-10 17:24:19 -04:00
type driver struct {
2016-07-19 21:17:30 -04:00
eventCh chan serf . Event
notifyCh chan ovNotify
exitCh chan chan struct { }
bindAddress string
advertiseAddress string
neighIP string
config map [ string ] interface { }
peerDb peerNetworkMap
secMap * encrMap
serfInstance * serf . Serf
networks networkTable
store datastore . DataStore
localStore datastore . DataStore
vxlanIdm * idm . Idm
2017-05-31 19:46:14 -04:00
initOS sync . Once
2016-07-19 21:17:30 -04:00
joinOnce sync . Once
2017-02-10 17:24:24 -05:00
localJoinOnce sync . Once
2016-07-19 21:17:30 -04:00
keys [ ] * key
2017-07-27 14:43:13 -04:00
peerOpCh chan * peerOperation
peerOpCancel context . CancelFunc
2015-06-10 17:24:19 -04:00
sync . Mutex
}
// Init registers a new instance of overlay driver
2015-09-18 17:00:36 -04:00
func Init ( dc driverapi . DriverCallback , config map [ string ] interface { } ) error {
2015-06-10 17:24:19 -04:00
c := driverapi . Capability {
2017-04-07 16:31:44 -04:00
DataScope : datastore . GlobalScope ,
ConnectivityScope : datastore . GlobalScope ,
2015-06-10 17:24:19 -04:00
}
2015-09-18 17:00:36 -04:00
d := & driver {
2015-06-10 17:24:19 -04:00
networks : networkTable { } ,
peerDb : peerNetworkMap {
2015-12-07 17:20:13 -05:00
mp : map [ string ] * peerMap { } ,
2015-06-10 17:24:19 -04:00
} ,
2017-07-27 14:43:13 -04:00
secMap : & encrMap { nodes : map [ string ] [ ] * spi { } } ,
config : config ,
peerOpCh : make ( chan * peerOperation ) ,
2015-09-18 17:00:36 -04:00
}
2017-07-27 14:43:13 -04:00
// Launch the go routine for processing peer operations
ctx , cancel := context . WithCancel ( context . Background ( ) )
d . peerOpCancel = cancel
go d . peerOpRoutine ( ctx , d . peerOpCh )
2016-01-27 19:37:47 -05:00
if data , ok := config [ netlabel . GlobalKVClient ] ; ok {
var err error
dsc , ok := data . ( discoverapi . DatastoreConfigData )
if ! ok {
return types . InternalErrorf ( "incorrect data in datastore configuration: %v" , data )
}
d . store , err = datastore . NewDataStoreFromConfig ( dsc )
if err != nil {
return types . InternalErrorf ( "failed to initialize data store: %v" , err )
}
}
2016-06-08 01:54:28 -04:00
if data , ok := config [ netlabel . LocalKVClient ] ; ok {
var err error
dsc , ok := data . ( discoverapi . DatastoreConfigData )
if ! ok {
return types . InternalErrorf ( "incorrect data in datastore configuration: %v" , data )
}
d . localStore , err = datastore . NewDataStoreFromConfig ( dsc )
if err != nil {
return types . InternalErrorf ( "failed to initialize local data store: %v" , err )
}
}
2016-08-01 11:06:13 -04:00
if err := d . restoreEndpoints ( ) ; err != nil {
logrus . Warnf ( "Failure during overlay endpoints restore: %v" , err )
}
2015-09-18 17:00:36 -04:00
return dc . RegisterDriver ( networkType , d , c )
2015-06-10 17:24:19 -04:00
}
2016-06-08 01:54:28 -04:00
// Endpoints are stored in the local store. Restore them and reconstruct the overlay sandbox
func ( d * driver ) restoreEndpoints ( ) error {
if d . localStore == nil {
2016-11-01 00:26:14 -04:00
logrus . Warn ( "Cannot restore overlay endpoints because local datastore is missing" )
2016-06-08 01:54:28 -04:00
return nil
}
kvol , err := d . localStore . List ( datastore . Key ( overlayEndpointPrefix ) , & endpoint { } )
if err != nil && err != datastore . ErrKeyNotFound {
return fmt . Errorf ( "failed to read overlay endpoint from store: %v" , err )
}
if err == datastore . ErrKeyNotFound {
return nil
}
for _ , kvo := range kvol {
ep := kvo . ( * endpoint )
n := d . network ( ep . nid )
if n == nil {
2018-07-05 16:33:01 -04:00
logrus . Debugf ( "Network (%.7s) not found for restored endpoint (%.7s)" , ep . nid , ep . id )
logrus . Debugf ( "Deleting stale overlay endpoint (%.7s) from store" , ep . id )
2016-07-13 13:56:57 -04:00
if err := d . deleteEndpointFromStore ( ep ) ; err != nil {
2018-07-05 16:33:01 -04:00
logrus . Debugf ( "Failed to delete stale overlay endpoint (%.7s) from store" , ep . id )
2016-07-13 13:56:57 -04:00
}
2016-06-08 01:54:28 -04:00
continue
}
n . addEndpoint ( ep )
s := n . getSubnetforIP ( ep . addr )
if s == nil {
return fmt . Errorf ( "could not find subnet for endpoint %s" , ep . id )
}
2018-05-04 14:33:00 -04:00
if err := n . joinSandbox ( s , true , true ) ; err != nil {
2016-06-08 01:54:28 -04:00
return fmt . Errorf ( "restore network sandbox failed: %v" , err )
}
Ifaces := make ( map [ string ] [ ] osl . IfaceOption )
vethIfaceOption := make ( [ ] osl . IfaceOption , 1 )
vethIfaceOption = append ( vethIfaceOption , n . sbox . InterfaceOptions ( ) . Master ( s . brName ) )
2017-05-09 19:07:09 -04:00
Ifaces [ "veth+veth" ] = vethIfaceOption
2016-06-08 01:54:28 -04:00
err := n . sbox . Restore ( Ifaces , nil , nil , nil )
if err != nil {
2018-05-04 14:33:00 -04:00
n . leaveSandbox ( )
2016-06-08 01:54:28 -04:00
return fmt . Errorf ( "failed to restore overlay sandbox: %v" , err )
}
2017-08-14 12:20:55 -04:00
d . peerAdd ( ep . nid , ep . id , ep . addr . IP , ep . addr . Mask , ep . mac , net . ParseIP ( d . advertiseAddress ) , false , false , true )
2016-06-08 01:54:28 -04:00
}
return nil
}
2015-06-10 17:24:19 -04:00
// Fini cleans up the driver resources
func Fini ( drv driverapi . Driver ) {
d := drv . ( * driver )
2017-07-27 14:43:13 -04:00
// Notify the peer go routine to return
if d . peerOpCancel != nil {
d . peerOpCancel ( )
}
2015-06-10 17:24:19 -04:00
if d . exitCh != nil {
waitCh := make ( chan struct { } )
d . exitCh <- waitCh
<- waitCh
}
}
2015-09-24 22:01:15 -04:00
func ( d * driver ) configure ( ) error {
2017-06-06 23:30:41 -04:00
// Apply OS specific kernel configs if needed
d . initOS . Do ( applyOStweaks )
2016-01-27 19:37:47 -05:00
if d . store == nil {
2016-04-28 19:54:47 -04:00
return nil
2016-01-27 19:37:47 -05:00
}
2015-06-10 17:24:19 -04:00
2016-01-27 19:37:47 -05:00
if d . vxlanIdm == nil {
return d . initializeVxlanIdm ( )
2015-09-18 17:00:36 -04:00
}
2016-01-27 19:37:47 -05:00
return nil
}
2015-06-10 17:24:19 -04:00
2016-01-27 19:37:47 -05:00
func ( d * driver ) initializeVxlanIdm ( ) error {
var err error
2015-06-10 17:24:19 -04:00
2016-01-27 19:37:47 -05:00
initVxlanIdm <- true
defer func ( ) { <- initVxlanIdm } ( )
if d . vxlanIdm != nil {
return nil
}
d . vxlanIdm , err = idm . New ( d . store , "vxlan-id" , vxlanIDStart , vxlanIDEnd )
if err != nil {
return fmt . Errorf ( "failed to initialize vxlan id manager: %v" , err )
}
2015-06-10 17:24:19 -04:00
2016-01-27 19:37:47 -05:00
return nil
2015-06-10 17:24:19 -04:00
}
func ( d * driver ) Type ( ) string {
return networkType
}
2015-09-18 15:54:08 -04:00
2016-12-18 22:56:34 -05:00
func ( d * driver ) IsBuiltIn ( ) bool {
return true
}
2015-10-26 06:13:34 -04:00
func validateSelf ( node string ) error {
advIP := net . ParseIP ( node )
if advIP == nil {
return fmt . Errorf ( "invalid self address (%s)" , node )
}
addrs , err := net . InterfaceAddrs ( )
if err != nil {
return fmt . Errorf ( "Unable to get interface addresses %v" , err )
}
for _ , addr := range addrs {
ip , _ , err := net . ParseCIDR ( addr . String ( ) )
if err == nil && ip . Equal ( advIP ) {
return nil
}
}
return fmt . Errorf ( "Multi-Host overlay networking requires cluster-advertise(%s) to be configured with a local ip-address that is reachable within the cluster" , advIP . String ( ) )
}
2016-07-19 21:17:30 -04:00
func ( d * driver ) nodeJoin ( advertiseAddress , bindAddress string , self bool ) {
2015-10-02 00:50:54 -04:00
if self && ! d . isSerfAlive ( ) {
2015-09-18 15:54:08 -04:00
d . Lock ( )
2016-07-19 21:17:30 -04:00
d . advertiseAddress = advertiseAddress
d . bindAddress = bindAddress
2015-09-18 15:54:08 -04:00
d . Unlock ( )
2016-03-30 17:42:58 -04:00
2017-02-10 17:24:24 -05:00
// If containers are already running on this network update the
2017-09-05 13:43:20 -04:00
// advertise address in the peerDB
2017-02-10 17:24:24 -05:00
d . localJoinOnce . Do ( func ( ) {
d . peerDBUpdateSelf ( )
} )
2016-03-30 17:42:58 -04:00
// If there is no cluster store there is no need to start serf.
if d . store != nil {
2016-07-19 21:17:30 -04:00
if err := validateSelf ( advertiseAddress ) ; err != nil {
2017-05-09 19:07:09 -04:00
logrus . Warn ( err . Error ( ) )
2016-07-19 21:17:30 -04:00
}
2016-03-30 17:42:58 -04:00
err := d . serfInit ( )
if err != nil {
logrus . Errorf ( "initializing serf instance failed: %v" , err )
2016-07-19 21:17:30 -04:00
d . Lock ( )
d . advertiseAddress = ""
d . bindAddress = ""
d . Unlock ( )
2016-03-30 17:42:58 -04:00
return
}
2015-09-18 15:54:08 -04:00
}
}
2015-10-02 00:50:54 -04:00
d . Lock ( )
if ! self {
2016-07-19 21:17:30 -04:00
d . neighIP = advertiseAddress
2015-10-02 00:50:54 -04:00
}
neighIP := d . neighIP
d . Unlock ( )
if d . serfInstance != nil && neighIP != "" {
2015-09-18 15:54:08 -04:00
var err error
d . joinOnce . Do ( func ( ) {
2015-10-02 00:50:54 -04:00
err = d . serfJoin ( neighIP )
2015-10-02 15:20:29 -04:00
if err == nil {
d . pushLocalDb ( )
}
2015-09-18 15:54:08 -04:00
} )
if err != nil {
2016-07-19 21:17:30 -04:00
logrus . Errorf ( "joining serf neighbor %s failed: %v" , advertiseAddress , err )
2015-09-18 15:54:08 -04:00
d . Lock ( )
d . joinOnce = sync . Once { }
d . Unlock ( )
return
}
}
}
2015-10-02 15:20:29 -04:00
func ( d * driver ) pushLocalEndpointEvent ( action , nid , eid string ) {
2016-03-29 14:19:23 -04:00
n := d . network ( nid )
if n == nil {
logrus . Debugf ( "Error pushing local endpoint event for network %s" , nid )
return
}
ep := n . endpoint ( eid )
if ep == nil {
logrus . Debugf ( "Error pushing local endpoint event for ep %s / %s" , nid , eid )
return
}
2015-10-02 15:20:29 -04:00
if ! d . isSerfAlive ( ) {
return
}
d . notifyCh <- ovNotify {
action : "join" ,
2016-03-29 14:19:23 -04:00
nw : n ,
ep : ep ,
2015-10-02 15:20:29 -04:00
}
}
2015-09-18 15:54:08 -04:00
// DiscoverNew is a notification for a new discovery event, such as a new node joining a cluster
2016-01-28 14:54:03 -05:00
func ( d * driver ) DiscoverNew ( dType discoverapi . DiscoveryType , data interface { } ) error {
2016-06-06 21:17:10 -04:00
var err error
2016-01-27 19:37:47 -05:00
switch dType {
case discoverapi . NodeDiscovery :
2016-01-28 14:54:03 -05:00
nodeData , ok := data . ( discoverapi . NodeDiscoveryData )
2015-10-02 00:50:54 -04:00
if ! ok || nodeData . Address == "" {
2015-09-18 15:54:08 -04:00
return fmt . Errorf ( "invalid discovery data" )
}
2016-07-19 21:17:30 -04:00
d . nodeJoin ( nodeData . Address , nodeData . BindAddress , nodeData . Self )
2016-01-27 19:37:47 -05:00
case discoverapi . DatastoreConfig :
if d . store != nil {
return types . ForbiddenErrorf ( "cannot accept datastore configuration: Overlay driver has a datastore configured already" )
}
dsc , ok := data . ( discoverapi . DatastoreConfigData )
if ! ok {
return types . InternalErrorf ( "incorrect data in datastore configuration: %v" , data )
}
d . store , err = datastore . NewDataStoreFromConfig ( dsc )
if err != nil {
return types . InternalErrorf ( "failed to initialize data store: %v" , err )
}
2016-06-06 21:17:10 -04:00
case discoverapi . EncryptionKeysConfig :
encrData , ok := data . ( discoverapi . DriverEncryptionConfig )
if ! ok {
return fmt . Errorf ( "invalid encryption key notification data" )
}
keys := make ( [ ] * key , 0 , len ( encrData . Keys ) )
for i := 0 ; i < len ( encrData . Keys ) ; i ++ {
2016-06-11 07:50:25 -04:00
k := & key {
value : encrData . Keys [ i ] ,
tag : uint32 ( encrData . Tags [ i ] ) ,
2016-06-06 21:17:10 -04:00
}
keys = append ( keys , k )
}
2016-09-19 14:37:30 -04:00
if err := d . setKeys ( keys ) ; err != nil {
logrus . Warn ( err )
}
2016-06-06 21:17:10 -04:00
case discoverapi . EncryptionKeysUpdate :
var newKey , delKey , priKey * key
encrData , ok := data . ( discoverapi . DriverEncryptionUpdate )
if ! ok {
return fmt . Errorf ( "invalid encryption key notification data" )
}
2016-06-11 07:50:25 -04:00
if encrData . Key != nil {
newKey = & key {
value : encrData . Key ,
tag : uint32 ( encrData . Tag ) ,
}
2016-06-06 21:17:10 -04:00
}
2016-06-11 07:50:25 -04:00
if encrData . Primary != nil {
priKey = & key {
value : encrData . Primary ,
tag : uint32 ( encrData . PrimaryTag ) ,
}
2016-06-06 21:17:10 -04:00
}
2016-06-11 07:50:25 -04:00
if encrData . Prune != nil {
delKey = & key {
value : encrData . Prune ,
tag : uint32 ( encrData . PruneTag ) ,
}
2016-06-06 21:17:10 -04:00
}
2016-09-19 14:37:30 -04:00
if err := d . updateKeys ( newKey , priKey , delKey ) ; err != nil {
2019-10-31 15:50:49 -04:00
return err
2016-09-19 14:37:30 -04:00
}
2016-01-27 19:37:47 -05:00
default :
2015-09-18 15:54:08 -04:00
}
return nil
}
// DiscoverDelete is a notification for a discovery delete event, such as a node leaving a cluster
2016-01-28 14:54:03 -05:00
func ( d * driver ) DiscoverDelete ( dType discoverapi . DiscoveryType , data interface { } ) error {
2015-09-18 15:54:08 -04:00
return nil
}
