forked from rancher/cluster-manager
/
tunnel.go
98 lines (85 loc) · 2.51 KB
/
tunnel.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package service
import (
"fmt"
"github.com/docker/engine-api/types/container"
"github.com/rancher/cluster-manager/config"
"github.com/rancher/cluster-manager/db"
"github.com/rancher/cluster-manager/docker"
)
type TunnelFactory struct {
c *config.Config
d *docker.Docker
}
func NewTunnelFactory(c *config.Config, d *docker.Docker) *TunnelFactory {
return &TunnelFactory{
c: c,
d: d,
}
}
func (t *TunnelFactory) DeleteTunnels(index int) error {
var lastErr error
for _, service := range db.ServicePorts {
err := t.deletePipe(service, index)
if err != nil {
lastErr = err
}
}
return lastErr
}
func (t *TunnelFactory) CreateTunnels(outgoing bool, target db.Member) error {
for _, service := range db.ServicePorts {
basePort := db.DefaultServicePorts[service]
if outgoing && target.IP == t.c.ClusterIP {
// Don't encrypt back to yourself
outgoing = false
}
if outgoing {
if err := t.pipeEncrypt(service, target.Index, basePort, db.LookupPortByService(t.c.Ports, service), target.IP); err != nil {
return err
}
} else {
if err := t.pipeDecrypt(service, target.Index, basePort, db.DefaultServicePorts[service]); err != nil {
return err
}
}
}
return nil
}
func (t *TunnelFactory) pipeDecrypt(name string, index, basePort, port int) error {
to := basePort + index - 1
containerName := fmt.Sprintf("tunnel-%s-%d", name, index)
source := fmt.Sprintf("[0.0.0.0]:%d", port+10000)
target := fmt.Sprintf("[127.0.0.1]:%d", to)
cmd := []string{"tunnel", "-d", "-s", source, "-t", target}
return t.d.Launch(docker.Container{
Name: containerName,
Command: cmd,
Labels: map[string]string{
"io.rancher.ha.service.tunnel": fmt.Sprintf("%s-%d", name, index),
},
RestartPolicy: container.RestartPolicy{
Name: "always",
},
})
}
func (t *TunnelFactory) pipeEncrypt(name string, index, basePort, port int, ip string) error {
from := basePort + index - 1
containerName := fmt.Sprintf("tunnel-%s-%d", name, index)
source := fmt.Sprintf("[127.0.0.1]:%d", from)
target := fmt.Sprintf("[%s]:%d", ip, port)
cmd := []string{"tunnel", "-e", "-s", source, "-t", target}
return t.d.Launch(docker.Container{
Name: containerName,
Command: cmd,
Labels: map[string]string{
"io.rancher.ha.service.tunnel": fmt.Sprintf("%s-%d", name, index),
},
RestartPolicy: container.RestartPolicy{
Name: "always",
},
})
}
func (t *TunnelFactory) deletePipe(name string, index int) error {
containerName := fmt.Sprintf("rancher-ha-tunnel-%s-%d", name, index)
return t.d.Delete(containerName)
}