conlink 2.0.0

package/examples/dot.js

@@ -0,0 +1,36 @@
+// engines:
+// - dot: reasonable but elongated
+// - fdp: good fit but tons of crossing lines
+// - osage: boxes tightly packet, no layout on lines
+//
+// - neato: overlapping clusters/groups
+// - patchwork: one packed box, no visible lines
+// - circo: sparse rectilinear layout, no clusters/groups
+// - twopi: circo-like with diagonals, no clusters/groups
+const DEFAULT_ENGINE = 'dot'
+
+function downloadSVG(container) {
+  const svg = document.getElementById(container).innerHTML;
+  const blob = new Blob([svg.toString()]);
+  const element = document.createElement("a");
+  element.download = `${container}.svg`;
+  element.href = window.URL.createObjectURL(blob);
+  element.click();
+  element.remove();
+}
+
+const params = new URLSearchParams(location.search)
+
+const dotFile = params.get('data') || 'data.dot'
+const engine = params.get('engine') || DEFAULT_ENGINE
+console.log(`Fetching '${dotFile}'`)
+fetch(dotFile)
+  .then(resp => resp.text())
+  .then(text => {
+    console.log(`Loaded dot data:\n`, text)
+    console.log(`Rendering using engine '${engine}'`)
+    d3.select('#graph')
+      .graphviz()
+      .engine(engine)
+      .renderDot(text)
+  })

package/examples/index.html

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<body>
+  <script src="//d3js.org/d3.v5.min.js"></script>
+  <script src="https://unpkg.com/@hpcc-js/wasm@0.3.11/dist/index.min.js"></script>
+  <script src="https://unpkg.com/d3-graphviz@3.0.5/build/d3-graphviz.js"></script>
+  <script src="dot.js"></script>
+  <div id="graph" style="text-align: center;"></div>
+  <br><br>
+  <button onclick="downloadSVG('graph')">Download SVG</button>
+</body>

package/examples/net2dot.yaml

@@ -0,0 +1,21 @@
+links:
+  - {service: nodeA, bridge: s1, dev: e1}
+  - {service: nodeA, bridge: s2, dev: e2}
+  - {service: nodeA, bridge: s3, dev: e3}
+  - {service: nodeB, bridge: s2}
+
+  - {container: nodeC, bridge: s3}
+
+  - {type: dummy, container: nodeD, dev: dummy0}
+
+  - {type: vlan,    service: nodeE, dev: v0,  outer-dev: eni0, vlanid: 5}
+  - {type: macvlan, service: nodeE, dev: mv0, outer-dev: eni0, mode: bridge}
+  - {type: macvlan, service: nodeF, dev: mv0, outer-dev: eni0, mode: bridge}
+  - {type: ipvlan,  service: nodeG, dev: iv0, outer-dev: eni1, mode: bridge}
+  - {type: macvlan, service: nodeH, dev: mv0, outer-dev: eni1, mode: bridge}
+
+tunnels:
+  - {type: geneve, bridge: s1, vni: 1001, remote: "${REMOTE1}"}
+  - {type: geneve, bridge: s3, vni: 1002, remote: "${REMOTE2}"}
+
+

package/examples/test1-compose.yaml

@@ -0,0 +1,60 @@
+# Test Topology:
+#
+#       r0
+#       /|\
+#      / | \
+#    s1 s2  s3
+#    /   |   \
+#   /    |    \
+#  h1   h2    h3
+#
+
+version: "2.4"
+
+services:
+  r0:
+    image: alpine
+    network_mode: none
+    command: "sleep 864000"
+    x-network:
+      links:
+        - {bridge: s1, dev: eth-s1, ip: "192.168.1.1/24"}
+        - {bridge: s2, dev: eth-s2, ip: "172.16.0.1/12"}
+        - {bridge: s3, dev: eth-s3, ip: "10.0.0.1/8"}
+
+  h1:
+    image: alpine
+    network_mode: none
+    command: "sleep 864000"
+    x-network:
+      links:
+        - {bridge: s1, ip: "192.168.1.100/24", route: "default via 192.168.1.1"}
+
+  h2:
+    image: alpine
+    network_mode: none
+    command: "sleep 864000"
+    x-network:
+      links:
+        - {bridge: s2, ip: "172.16.0.100/12",  route: "default via 172.16.0.1"}
+
+  h3:
+    image: alpine
+    network_mode: none
+    command: "sleep 864000"
+    x-network:
+      links:
+        - {bridge: s3, ip: "10.0.0.100/8",     route: "default via 10.0.0.1"}
+
+  network:
+    build: {context: ../}
+    image: conlink
+    pid: host
+    network_mode: none
+    cap_add: [SYS_ADMIN, NET_ADMIN, SYS_NICE, NET_BROADCAST, IPC_LOCK]
+    security_opt: [ 'apparmor:unconfined' ] # needed on Ubuntu 18.04
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker:/var/lib/docker
+      - ./:/test
+    command: /app/build/conlink.js --compose-file /test/test1-compose.yaml

package/examples/test2-compose.yaml

@@ -0,0 +1,31 @@
+# A docker-compose file with an external network configuration file
+# and docker containers that are connected via a switch. The
+# "internet" container is setup that is also connected to the switch
+# and is listening on 8.8.8.8 (to test routing from the nodes).
+
+version: "2.4"
+
+services:
+  network:
+    build: {context: ../}
+    image: conlink
+    pid: host
+    network_mode: none
+    cap_add: [SYS_ADMIN, NET_ADMIN, SYS_NICE, NET_BROADCAST, IPC_LOCK]
+    security_opt: [ 'apparmor:unconfined' ] # needed on Ubuntu 18.04
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker:/var/lib/docker
+      - ./:/test
+    command: /app/build/conlink.js --compose-file /test/test2-compose.yaml --network-file /test/test2-network.yaml
+
+  node:
+    image: alpine
+    network_mode: none
+    scale: 2
+    command: sh -c 'while ! ip link show eth0 up; do sleep 1; done; sleep 864000'
+
+  internet:
+    image: alpine
+    network_mode: none
+    command: sleep 864000

package/examples/test2-network.yaml

@@ -0,0 +1,5 @@
+links:
+  - {service: node,     bridge: s1,  dev: eth0, ip: 10.0.1.1/16, route: "default via 10.0.0.1"}
+
+  - {service: internet, bridge: s1,  dev: eth0, ip: 10.0.0.1/16}
+  - {service: internet, type: dummy, dev: i0,   ip: 8.8.8.8/24}

package/examples/test3-network.yaml

@@ -0,0 +1,5 @@
+
+links:
+  - {container: "${NODE_NAME_1}", bridge: s1, dev: ext-intf, ip: 10.0.1.1/16}
+  - {container: "${NODE_NAME_2}", bridge: s1, dev: ext-intf, ip: 10.0.1.2/16}
+

package/examples/test4-multiple/all-compose.yaml

@@ -0,0 +1,5 @@
+version: "2.4"
+
+services:
+  network:
+    command: /app/build/conlink.js --compose-file ${COMPOSE_FILE:-examples/test4-multiple/base-compose.yaml:examples/test4-multiple/node1-compose.yaml:examples/test4-multiple/nodes2.yaml:examples/test4-multiple/all-compose.yaml} --network-file examples/test4-multiple/web-network.yaml

package/examples/test4-multiple/base-compose.yaml

@@ -0,0 +1,25 @@
+version: "2.4"
+
+services:
+  r0:
+    image: python:3-alpine
+    network_mode: none
+    command: sleep 864000
+    x-network:
+      links:
+        - {bridge: s0, dev: e0, ip: "10.0.0.100/24"}
+
+  network:
+    build: {context: ../..}
+    image: conlink
+    pid: host
+    network_mode: none
+    cap_add: [SYS_ADMIN, NET_ADMIN, SYS_NICE, NET_BROADCAST, IPC_LOCK]
+    security_opt: [ 'apparmor:unconfined' ] # needed on Ubuntu 18.04
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker:/var/lib/docker
+      - ../../:/test
+    working_dir: /test
+    command: /app/build/conlink.js --compose-file ${COMPOSE_FILE:-examples/test4-multiple/base-compose.yaml}
+

package/examples/test4-multiple/node1-compose.yaml

@@ -0,0 +1,17 @@
+version: "2.4"
+
+x-network:
+  links:
+    - {service: r0, bridge: s1, dev: e1, ip: "10.1.0.100/24"}
+
+services:
+  network:
+    command: /app/build/conlink.js --compose-file ${COMPOSE_FILE:-examples/test4-multiple/node1-compose.yaml}
+
+  node1:
+    image: alpine
+    network_mode: none
+    command: sleep 864000
+    x-network:
+      links:
+        - {bridge: s1, ip: "10.1.0.1/16", route: "default via 10.1.0.100"}

package/examples/test4-multiple/nodes2-compose.yaml

@@ -0,0 +1,20 @@
+version: "2.4"
+
+x-network:
+  links:
+    - {service: r0, bridge: s2, dev: e2, ip: "10.2.0.100/24"}
+
+
+services:
+  network:
+    command: /app/build/conlink.js --compose-file ${COMPOSE_FILE:-examples/test4-multiple/nodes2-compose.yaml}
+
+  node2:
+    image: alpine
+    scale: 2
+    network_mode: none
+    command: sleep 864000
+    x-network:
+      links:
+        - {bridge: s2, ip: "10.2.0.1/16", route: "default via 10.2.0.100"}
+

package/examples/test4-multiple/web-network.yaml

@@ -0,0 +1,2 @@
+commands:
+  - {service: r0, command: "python3 -m http.server 80"}

package/examples/test5-geneve-compose.yaml

@@ -0,0 +1,31 @@
+x-network:
+  tunnels:
+    - {type: geneve, bridge: s1, vni: 1001, remote: "${REMOTE}"}
+
+services:
+  network:
+    build: {context: ../}
+    image: conlink
+    pid: host
+    cap_add: [SYS_ADMIN, NET_ADMIN, SYS_NICE, NET_BROADCAST, IPC_LOCK]
+    security_opt: [ 'apparmor:unconfined' ] # needed on Ubuntu 18.04
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker:/var/lib/docker
+      - ./:/test
+    environment:
+      - REMOTE=${REMOTE:?REMOTE must be set}
+      - NODE_IP=${NODE_IP:?NODE_IP must be set}
+    ports:
+      - "8472:8472/udp" # vxlan default (Linux, ovs is 4789)
+      - "6081:6081/udp" # geneve default
+    command: /app/build/conlink.js --compose-file /test/test5-geneve-compose.yaml
+
+  node:
+    image: alpine
+    network_mode: none
+    command: sleep 864000
+    x-network:
+      links:
+        - {bridge: s1, ip: "${NODE_IP}/24"}
+

package/examples/test6-cfn.yaml

@@ -0,0 +1,184 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Description: Launch conlink on two instances that are connected by an overlay/tunnel network
+
+Parameters:
+  VpcId:
+    Type: AWS::EC2::VPC::Id
+    Description: VPCId of Virtual Private Cloud (VPC).
+
+  SubnetId:
+    Description: The ID of the subnet to launch the instances into.
+    Type: AWS::EC2::Subnet::Id
+
+  KeyPairName:
+    Description: Keypair associated with the EC2 instance
+    Type: AWS::EC2::KeyPair::KeyName
+    ConstraintDescription: Must provide a keypair to be associated with the EC2 instance
+
+  InstanceType:
+    Description: AWS instance type for conlink hosts
+    Type: String
+    Default: m6i.large
+
+  CidrIp:
+    Description: Allowed CIDR addresses for external access to instances
+    Type: String
+    AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$
+    ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x
+    Default: '10.0.0.0/8'
+
+Mappings:
+  RegionMap:
+    us-east-1:
+      AMI:     "ami-0fc5d935ebf8bc3bc"  # Ubuntu 22.04 LTS amd64 jammy (built 2023-09-19)
+    us-west-2:
+      AMI:     "ami-0efcece6bed30fd98"  # Ubuntu 22.04 LTS amd64 jammy (built 2023-09-19)
+
+
+Resources:
+
+  SecurityGroup:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      VpcId: !Ref 'VpcId'
+      GroupDescription: Conlink test security group
+      SecurityGroupIngress:
+        - {IpProtocol: tcp, Description: "SSH", FromPort: 22, ToPort: 22, CidrIp: !Ref 'CidrIp'}
+      SecurityGroupEgress:
+        - {IpProtocol: '-1', Description: "All outbound", CidrIp: '0.0.0.0/0'}
+
+  SecurityGroupInternal:  # Allow full inter-group communication (Geneve)
+    Type: AWS::EC2::SecurityGroupIngress
+    Properties: {GroupId: !Ref SecurityGroup, IpProtocol: -1, FromPort: -1, ToPort: -1, SourceSecurityGroupId: !GetAtt SecurityGroup.GroupId }
+
+
+  BaseUserData:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Value: !Sub |
+        # Uncomment to allow root login using KeyPairName
+        #sed -i "s/^.* ssh-rsa/ssh-rsa/" /root/.ssh/authorized_keys
+        
+        apt-get -y update
+        apt-get -y install ca-certificates curl gnupg lsb-release
+        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+
+        # docker repo
+        echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+        # install docker and docker-compose
+        apt-get -y update
+        apt-get -y install git docker-ce docker-ce-cli
+        curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+        chmod +x /usr/local/bin/docker-compose
+
+        # kernel modules needed by conlink
+        modprobe openvswitch
+        modprobe geneve
+
+        ## Uncomment below to install/configure podman
+        # # podman repo
+        # . /etc/os-release
+        # curl -L "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/Release.key" | apt-key add -
+        # echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" | tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
+        # apt-get -y install podman containerd.io
+        # ## enable and trigger systemd/dbus for ubuntu user
+        # loginctl enable-linger ubuntu
+        # echo "podman ps" | sudo -i -u ubuntu bash
+
+        ## Download conlink image and repo
+        docker pull lonocloud/conlink:config-and-cljs-refactor
+        git clone https://github.com/LonoCloud/conlink /root/conlink
+        cd /root/conlink
+        git checkout -b config-and-cljs-refactor origin/config-and-cljs-refactor
+
+        #cfn-signal -e 0 --stack ${AWS::StackName} --region ${AWS::Region} --resource WaitHandle
+        cat > /tmp/signal << EOF
+        {
+          "Status":   "SUCCESS",
+          "Reason":   "Configuration complete",
+          "UniqueId": "$NODE_IP",
+          "Data":     "REMOTE: $REMOTE, NODE_IP: $NODE_IP"
+        }
+        EOF
+        curl -T /tmp/signal "${WaitHandle}"
+
+        ## Start test5 example using conlink
+        sed -i 's@image: .*conlink@image: lonocloud/conlink:config-and-cljs-refactor@' examples/test5-geneve-compose.yaml
+        echo "REMOTE=$REMOTE" > .env
+        echo "NODE_IP=$NODE_IP" >> .env
+        docker-compose --env-file .env -f examples/test5-geneve-compose.yaml up --force-recreate
+
+
+  Eni1:
+    Type: AWS::EC2::NetworkInterface
+    Properties:
+      GroupSet: [!Ref 'SecurityGroup']
+      Description: Instance1 ENI
+      SubnetId: !Ref 'SubnetId'
+
+  Eni2:
+    Type: AWS::EC2::NetworkInterface
+    Properties:
+      GroupSet: [!Ref 'SecurityGroup']
+      Description: Instance2 ENI
+      SubnetId: !Ref 'SubnetId'
+
+  UserData1:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Value: !Sub |
+        #!/bin/bash
+        set -x
+        export REMOTE=${Eni2.PrimaryPrivateIpAddress} NODE_IP=192.168.100.1
+        ${BaseUserData.Value}
+
+  UserData2:
+    Type: AWS::SSM::Parameter
+    Properties:
+      Type: String
+      Value: !Sub |
+        #!/bin/bash
+        set -x
+        export REMOTE=${Eni1.PrimaryPrivateIpAddress} NODE_IP=192.168.100.2
+        ${BaseUserData.Value}
+
+
+  Instance1:
+    Type: AWS::EC2::Instance
+    Properties:
+      InstanceType: !Ref InstanceType
+      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI]
+      KeyName: !Ref 'KeyPairName'
+      NetworkInterfaces: [{NetworkInterfaceId: !Ref 'Eni1', DeviceIndex: '0'}]
+      UserData: {Fn::Base64: !Sub "${UserData1.Value}"}
+
+  Instance2:
+    Type: AWS::EC2::Instance
+    Properties:
+      InstanceType: !Ref InstanceType
+      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI]
+      KeyName: !Ref 'KeyPairName'
+      NetworkInterfaces: [{NetworkInterfaceId: !Ref 'Eni2', DeviceIndex: '0'}]
+      UserData: {Fn::Base64: !Sub "${UserData2.Value}"}
+
+  WaitHandle:
+    Type: "AWS::CloudFormation::WaitConditionHandle"
+    Properties: {}
+  WaitConfigured:
+    Type: AWS::CloudFormation::WaitCondition
+    DependsOn: [Instance1, Instance2]
+    Properties:
+      Handle: !Ref WaitHandle
+      Count: 2
+      Timeout: 1200  # 20 minutes timeout
+
+
+Outputs:
+  Instance1Id: {Value: !Ref Instance1}
+  Instance2Id: {Value: !Ref Instance2}
+
+  Instance1Ip: {Value: !GetAtt Eni1.PrimaryPrivateIpAddress}
+  Instance2Ip: {Value: !GetAtt Eni2.PrimaryPrivateIpAddress}

package/examples/test7-compose.yaml

@@ -0,0 +1,31 @@
+# A docker-compose file with embedded network config that demonstrates
+# MAC, MTU, and NetEm settings
+
+version: "2.4"
+
+services:
+  network:
+    build: {context: ../}
+    image: conlink
+    pid: host
+    network_mode: none
+    cap_add: [SYS_ADMIN, NET_ADMIN, SYS_NICE, NET_BROADCAST, IPC_LOCK]
+    security_opt: [ 'apparmor:unconfined' ] # needed on Ubuntu 18.04
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker:/var/lib/docker
+      - ./:/test
+    command: /app/build/conlink.js --compose-file /test/test7-compose.yaml
+
+  node:
+    image: alpine
+    network_mode: none
+    scale: 2
+    command: "sleep 864000"
+    x-network:
+      links:
+        - bridge: s1
+          ip: 10.0.1.1/16
+          mac: 00:0a:0b:0c:0d:01
+          mtu: 4111
+          netem: "delay 40ms rate 10mbit"

package/examples/test8-compose.yaml

@@ -0,0 +1,35 @@
+version: "2.4"
+
+services:
+  node-macvlan: &node-macvlan
+    image: python:3-alpine
+    network_mode: none
+    command: sh -c 'while ! ip link show eth0 up; do sleep 1; done; python3 -m http.server --bind 10.0.1.1 80'
+    x-network:
+      links:
+        - {type: dummy, dev: d0, ip: 10.0.1.1/24}
+        - {type: macvlan, mode: bridge, outer-dev: "${HOST_INTERFACE}", ip: "${NODE1_HOST_ADDRESS}", nat: 10.0.1.1}
+
+  node-vlan:
+    <<: *node-macvlan
+    x-network:
+      links:
+        - {type: dummy, dev: d0, ip: 10.0.1.1/24}
+        - {type: vlan, vlanid: 5,       outer-dev: "${HOST_INTERFACE}", ip: "${NODE2_HOST_ADDRESS}", nat: 10.0.1.1}
+
+  network:
+    build: {context: ../}
+    image: conlink
+    pid: host
+    network_mode: none
+    privileged: true  # required for *vlan creation in root ns
+    security_opt: [ 'apparmor:unconfined' ] # needed on Ubuntu 18.04
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/lib/docker:/var/lib/docker
+      - ./:/test
+    environment:
+      - HOST_INTERFACE=${HOST_INTERFACE:?HOST_INTERFACE must be set}
+      - NODE1_HOST_ADDRESS=${NODE1_HOST_ADDRESS:?NODE1_HOST_ADDRESS must be set}
+      - NODE2_HOST_ADDRESS=${NODE2_HOST_ADDRESS:?NODE2_HOST_ADDRESS must be set}
+    command: /app/build/conlink.js --compose-file /test/test8-compose.yaml

package/host-build.yaml

@@ -0,0 +1 @@
+services: {network: {volumes: ["../build:/app/build"]}}