diff options
| author | toby <smorgrav@yahoo-inc.com> | 2018-02-14 13:13:37 +0100 |
|---|---|---|
| committer | toby <smorgrav@yahoo-inc.com> | 2018-02-14 13:13:37 +0100 |
| commit | d6624fca2b590536dcb67b1e600b5f9975a62117 (patch) | |
| tree | 2c2bbb2dc96c258e999270786bcd601e9820921f | |
| parent | 0a149c3822befc0a0925f88570f60e985fe5041c (diff) | |
Start container on a NPTed network with a private address
3 files changed, 83 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java index 5cf197bd233..96cde6f9f64 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java @@ -121,13 +121,16 @@ public class DockerOperationsImpl implements DockerOperations { .withAddCapability("SYS_ADMIN"); // Needed for perf if (!docker.networkNPTed()) { - logger.info("Network not NPTed - setting up container with public ip address on a macvlan"); + logger.info("Network is macvlan - setting up container with public ip address on a macvlan"); command.withIpAddress(nodeInetAddress); command.withNetworkMode(DockerImpl.DOCKER_CUSTOM_MACVLAN_NETWORK_NAME); command.withVolume("/etc/hosts", "/etc/hosts"); // TODO This is probably not nessesary - review later } else { logger.info("Network is NPTed - setting up container with private ip address"); - command.withIpAddress(nodeInetAddress); + command.withIpAddress(NetworkPrefixTranslator.translate( + nodeInetAddress, + InetAddress.getByName("fd00::"), + 64)); command.withNetworkMode("vespa-bridge"); } @@ -165,6 +168,10 @@ public class DockerOperationsImpl implements DockerOperations { } } + private InetAddress toPrivateSubnet(InetAddress nodeInetAddress) { + return null; + } + @Override public void removeContainer(final Container existingContainer, ContainerNodeSpec nodeSpec) { final ContainerName containerName = existingContainer.name; diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/NetworkPrefixTranslator.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/NetworkPrefixTranslator.java new file mode 100644 index 00000000000..70c58def24f --- /dev/null +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/NetworkPrefixTranslator.java @@ -0,0 +1,38 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +/** + * @author smorgrav + */ +package com.yahoo.vespa.hosted.node.admin.docker; + +import java.net.Inet6Address; +import java.net.InetAddress; +import java.net.UnknownHostException; + +class NetworkPrefixTranslator { + + /** + * For NPTed networks we want to find the private address from a public. + * + * @param address The original address to translate + * @param prefix The prefix address + * @param subnetSize nof bits - e.g /64 subnet is 64 + * @return The translated address + */ + static Inet6Address translate(InetAddress address, InetAddress prefix, int subnetSize) { + + byte[] originalAddress = address.getAddress(); + byte[] prefixAddress = prefix.getAddress(); + byte[] translatedAddress = new byte[16]; + + for (int i = 0; i < 16; i++) { + translatedAddress[i] = i < subnetSize / 8 ? prefixAddress[i] : originalAddress[i]; + } + + try { + return (Inet6Address) InetAddress.getByAddress(address.getHostName(), translatedAddress); + } catch (UnknownHostException e) { + throw new RuntimeException(e); + } + } +} diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/NetworkPrefixTranslatorTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/NetworkPrefixTranslatorTest.java new file mode 100644 index 00000000000..96afe685a61 --- /dev/null +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/NetworkPrefixTranslatorTest.java @@ -0,0 +1,36 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +/** + * @author smorgrav + */ +package com.yahoo.vespa.hosted.node.admin.docker; + +import org.junit.Assert; +import org.junit.Test; + +import java.net.Inet6Address; +import java.net.InetAddress; +import java.net.UnknownHostException; + +public class NetworkPrefixTranslatorTest { + + @Test + public void translator_with_valid_parameters() throws UnknownHostException { + + // Test simplest possible address + Inet6Address original = (Inet6Address)InetAddress.getByName("2001:db8::1"); + Inet6Address prefix = (Inet6Address)InetAddress.getByName("fd00::"); + Inet6Address translated = NetworkPrefixTranslator.translate(original, prefix, 64); + Assert.assertEquals("fd00:0:0:0:0:0:0:1", translated.getHostAddress()); + + + // Test an actual aws address we use + original = (Inet6Address)InetAddress.getByName("2600:1f16:f34:5300:ccc6:1703:b7c2:369d"); + translated = NetworkPrefixTranslator.translate(original, prefix, 64); + Assert.assertEquals("fd00:0:0:0:ccc6:1703:b7c2:369d", translated.getHostAddress()); + + // Test different subnet size + translated = NetworkPrefixTranslator.translate(original, prefix, 48); + Assert.assertEquals("fd00:0:0:5300:ccc6:1703:b7c2:369d", translated.getHostAddress()); + } +} |