diff options
| author | Håkon Hallingstad <hakon@oath.com> | 2018-09-10 18:34:26 +0200 |
|---|---|---|
| committer | Håkon Hallingstad <hakon@oath.com> | 2018-09-10 18:34:26 +0200 |
| commit | 043ff9401a02a53ba2d47fb6855f43ff10dec478 (patch) | |
| tree | 9a171706555f0f513815e373c95705dc1d498627 /node-admin | |
| parent | 3af44a21fb5f058e1d6e32528f39f83eba4f8f95 (diff) | |
On-prem REDIRECT with NPT
Diffstat (limited to 'node-admin')
5 files changed, 46 insertions, 5 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java index c9f17b7cbf6..f0c0a9c31d3 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/component/Environment.java @@ -8,6 +8,7 @@ import com.yahoo.vespa.athenz.utils.AthenzIdentities; import com.yahoo.vespa.defaults.Defaults; import com.yahoo.vespa.hosted.dockerapi.ContainerName; import com.yahoo.vespa.hosted.node.admin.config.ConfigServerConfig; +import com.yahoo.vespa.hosted.node.admin.docker.DockerNetworking; import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddresses; import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddressesImpl; @@ -280,6 +281,10 @@ public class Environment { return isRunningOnHost; } + public DockerNetworking getDockerNetworking() { + return DockerNetworking.from(cloud, nodeType, isRunningOnHost); + } + public static class Builder { private ConfigServerConfig configServerConfig; private String environment; diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerNetworking.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerNetworking.java new file mode 100644 index 00000000000..60146a4fbb7 --- /dev/null +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerNetworking.java @@ -0,0 +1,32 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.node.admin.docker;// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +import com.yahoo.config.provision.NodeType; + +/** + * The types of network setup for the Docker containers. + * + * @author hakon + */ +public enum DockerNetworking { + /** Each container has an associated macvlan bridge. */ + MACVLAN, + + /** Network Prefix-Translated networking. */ + NPT, + + /** A host running a single container in the host network namespace. */ + HOST_NETWORK; + + public static DockerNetworking from(String cloud, NodeType nodeType, boolean hostAdmin) { + if (cloud.equals("AWS")) { + return DockerNetworking.NPT; + } else if (nodeType == NodeType.confighost || nodeType == NodeType.proxyhost) { + return DockerNetworking.HOST_NETWORK; + } else if (hostAdmin) { + return DockerNetworking.NPT; + } else { + return DockerNetworking.MACVLAN; + } + } +} diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java index e558cb5bdb2..47729ebb416 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/docker/DockerOperationsImpl.java @@ -107,7 +107,7 @@ public class DockerOperationsImpl implements DockerOperations { } } - if (!docker.networkNATed()) { + if (environment.getDockerNetworking() == DockerNetworking.MACVLAN) { command.withIpAddress(ipV6Address); command.withNetworkMode(DockerImpl.DOCKER_CUSTOM_MACVLAN_NETWORK_NAME); command.withSharedVolume("/etc/hosts", "/etc/hosts"); @@ -183,13 +183,13 @@ public class DockerOperationsImpl implements DockerOperations { PrefixLogger logger = PrefixLogger.getNodeAgentLogger(DockerOperationsImpl.class, containerName); logger.info("Starting container " + containerName); - if (!docker.networkNATed()) { + if (environment.getDockerNetworking() == DockerNetworking.MACVLAN) { docker.connectContainerToNetwork(containerName, "bridge"); } docker.startContainer(containerName); - if (!docker.networkNATed()) { + if (environment.getDockerNetworking() == DockerNetworking.MACVLAN) { setupContainerNetworkConnectivity(containerName); } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java index 80a702ead1e..1febe070072 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java @@ -6,6 +6,7 @@ import com.yahoo.vespa.hosted.dockerapi.Container; import com.yahoo.vespa.hosted.node.admin.component.Environment; import com.yahoo.vespa.hosted.node.admin.configserver.noderepository.Acl; import com.yahoo.vespa.hosted.node.admin.configserver.noderepository.NodeRepository; +import com.yahoo.vespa.hosted.node.admin.docker.DockerNetworking; import com.yahoo.vespa.hosted.node.admin.docker.DockerOperations; import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddresses; import com.yahoo.vespa.hosted.node.admin.task.util.network.IPVersion; @@ -61,7 +62,7 @@ public class AclMaintainer implements Runnable { IPTablesEditor.editFlushOnError(dockerOperations, container.name, IPVersion.IPv4, "filter", FilterTableLineEditor.from(acl, IPVersion.IPv4)); // Apply redirect to the nat table - if (this.environment.getCloud().equals("AWS")) { + if (environment.getDockerNetworking() == DockerNetworking.NPT) { ipAddresses.getAddress(container.hostname, IPVersion.IPv4).ifPresent(addr -> applyRedirect(container, addr)); ipAddresses.getAddress(container.hostname, IPVersion.IPv6).ifPresent(addr -> applyRedirect(container, addr)); } diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java index 28e21494c01..56373dda2f8 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainerTest.java @@ -9,6 +9,7 @@ import com.yahoo.vespa.hosted.dockerapi.ProcessResult; import com.yahoo.vespa.hosted.node.admin.component.Environment; import com.yahoo.vespa.hosted.node.admin.configserver.noderepository.Acl; import com.yahoo.vespa.hosted.node.admin.configserver.noderepository.NodeRepository; +import com.yahoo.vespa.hosted.node.admin.docker.DockerNetworking; import com.yahoo.vespa.hosted.node.admin.docker.DockerOperations; import com.yahoo.vespa.hosted.node.admin.task.util.network.IPAddressesMock; import com.yahoo.vespa.hosted.node.admin.task.util.network.IPVersion; @@ -25,12 +26,12 @@ import java.util.stream.Collectors; import static org.mockito.Matchers.any; import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.anyVararg; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.never; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.mockito.Mockito.anyVararg; public class AclMaintainerTest { @@ -49,11 +50,13 @@ public class AclMaintainerTest { public void before() { when(dockerOperations.getAllManagedContainers()).thenReturn(containerList); when(env.getCloud()).thenReturn("AWS"); + when(env.getDockerNetworking()).thenReturn(DockerNetworking.NPT); } @Test public void no_redirect_in_yahoo() { when(env.getCloud()).thenReturn("YAHOO"); + when(env.getDockerNetworking()).thenReturn(DockerNetworking.MACVLAN); Container container = addContainer("container1", "container1.host.com", Container.State.RUNNING); Map<String, Acl> acls = makeAcl(container.hostname, "4321", "2001::1"); |