azure-container-networking/cns/service.go

// Copyright 2017 Microsoft. All rights reserved.
// MIT License

package cns

import (
	"fmt"
	"github.com/Azure/azure-container-networking/cns/logger"
	"net/http"
	"net/url"
	"strings"

	"github.com/Azure/azure-container-networking/cns/common"
	acn "github.com/Azure/azure-container-networking/common"
	"github.com/Azure/azure-container-networking/log"
	"github.com/Azure/azure-container-networking/store"
)

const (
	// Default CNS server URL.
	defaultAPIServerURL = "tcp://localhost:10090"
	genericData         = "com.microsoft.azure.network.generic"
)

// Service defines Container Networking Service.
type Service struct {
	*common.Service
	EndpointType string
	Listener     *acn.Listener
}

// NewService creates a new Service object.
func NewService(name, version, channelMode string, store store.KeyValueStore) (*Service, error) {
	service, err := common.NewService(name, version, channelMode, store)

	if err != nil {
		return nil, err
	}

	return &Service{
		Service: service,
	}, nil
}

// GetAPIServerURL returns the API server URL.
func (service *Service) getAPIServerURL() string {
	urls, _ := service.GetOption(acn.OptCnsURL).(string)
	if urls == "" {
		urls = defaultAPIServerURL
	}

	return urls
}

// Initialize initializes the service and starts the listener.
func (service *Service) Initialize(config *common.ServiceConfig) error {
	log.Debugf("[Azure CNS] Going to initialize a service with config: %+v", config)

	// Initialize the base service.
	service.Service.Initialize(config)

	// Initialize the listener.
	if config.Listener == nil {
		// Fetch and parse the API server URL.
		u, err := url.Parse(service.getAPIServerURL())
		if err != nil {
			return err
		}
		// Create the listener.
		listener, err := acn.NewListener(u)
		if err != nil {
			return err
		}
		if config.TlsSettings.TLSPort != "" {
			// listener.URL.Host will always be hostname:port, passed in to CNS via CNS command
			// else it will default to localhost
			// extract hostname and override tls port.
			hostParts := strings.Split(listener.URL.Host, ":")
			config.TlsSettings.TLSEndpoint = hostParts[0] + ":" + config.TlsSettings.TLSPort
			// Start the listener and HTTP and HTTPS server.
			if err = listener.StartTLS(config.ErrChan, config.TlsSettings); err != nil {
				return err
			}
		}

		logger.Printf("HTTP listener will be started later after CNS state has been reconciled")
		config.Listener = listener
	}

	service.Listener = config.Listener

	log.Debugf("[Azure CNS] Successfully initialized a service with config: %+v", config)
	return nil
}

func (service *Service) StartListener(config *common.ServiceConfig) error {
	log.Debugf("[Azure CNS] Going to start listener: %+v", config)

	// Initialize the listener.
	if service.Listener != nil {
		log.Debugf("[Azure CNS] Starting listener: %+v", config)
		// Start the listener.
		// continue to listen on the normal endpoint for http traffic, this will be supported
		// for sometime until partners migrate fully to https
		if err := service.Listener.Start(config.ErrChan); err != nil {
			return err
		}
	} else {
		return fmt.Errorf("Failed to start a listener, it is not initialized, config %+v", config)
	}

	return nil
}

// Uninitialize cleans up the plugin.
func (service *Service) Uninitialize() {
	service.Listener.Stop()
	service.Service.Uninitialize()
}

// ParseOptions returns generic options from a libnetwork request.
func (service *Service) ParseOptions(options OptionMap) OptionMap {
	opt, _ := options[genericData].(OptionMap)
	return opt
}

// SendErrorResponse sends and logs an error response.
func (service *Service) SendErrorResponse(w http.ResponseWriter, errMsg error) {
	resp := errorResponse{errMsg.Error()}
	err := service.Listener.Encode(w, &resp)
	log.Errorf("[%s] %+v %s.", service.Name, &resp, err.Error())
}
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00			`// Copyright 2017 Microsoft. All rights reserved.`
			`// MIT License`

			`package cns`

			`import (`
Azure CNS fix reconcile bug (#809) Handle the race scenario where HTTP Listener gets started before initializing CNS state. During Initialization/Reconciliation, CNS gets the CRD and recreates the NC request with SecondaryIPs, then it gets list of pods and set those ips as Allocated. If HTTP listener is started then CNI will start requesting ips to CNS and CNS will start allocating right after they are set to Available, thus double allocations. Thus reordered the calls and ensured HTTP Listener is started after initializing CNS. Also fixed some logging avoid double release during failure in IPAM pool monitor 2021-03-02 20:01:49 +03:00			`"fmt"`
			`"github.com/Azure/azure-container-networking/cns/logger"`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00			`"net/http"`
			`"net/url"`
Updates for TLS: reading from encrypted PEM file & hostname fix (#742) * tls fixes * updating test * update to support linux as well * update to support linux and windows * remove old test file * pushing minor changes 2020-12-01 01:05:25 +03:00			`"strings"`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00
			`"github.com/Azure/azure-container-networking/cns/common"`
			`acn "github.com/Azure/azure-container-networking/common"`
			`"github.com/Azure/azure-container-networking/log"`
			`"github.com/Azure/azure-container-networking/store"`
			`)`

			`const (`
			`// Default CNS server URL.`
			`defaultAPIServerURL = "tcp://localhost:10090"`
			`genericData = "com.microsoft.azure.network.generic"`
			`)`

			`// Service defines Container Networking Service.`
			`type Service struct {`
			`*common.Service`
			`EndpointType string`
			`Listener *acn.Listener`
			`}`

			`// NewService creates a new Service object.`
CNS to DNC communication in Managed DNC (#574) * initial changes for CNS->DNC support * Adding changes for CNS to be compatible with managed DNC (reverse communication channel) * adding NC version validation with respective NMA * return errors for respective NC based on orchestrator context from CNI * add nc version check via NMA * adding logic to SyncNodeStatus and check if NCWaitingForUpdate for CniADD and CnsAttach calls * addressing most of ashvin's comments * adding managed config * fat rebase * addressing some comments * slight optimizations... * adding channel mode instead of managed bool * set err in register node so that we keep looping * addressing ashvin's comments * fix test * removing swift prefix mods for mdnc * addressing tamanoha's comments Co-authored-by: Jaeryn <tsun.chu@microsoft.com> 2020-07-23 23:03:10 +03:00			`func NewService(name, version, channelMode string, store store.KeyValueStore) (*Service, error) {`
			`service, err := common.NewService(name, version, channelMode, store)`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00
			`if err != nil {`
			`return nil, err`
			`}`

			`return &Service{`
			`Service: service,`
			`}, nil`
			`}`

			`// GetAPIServerURL returns the API server URL.`
			`func (service *Service) getAPIServerURL() string {`
Add APIs in CNS to support multitenancy (#106) * APIs to support multitenancy in Azure. * Add support to create, update, and delete network containers (adapters) in windows hosts * Add API to query host for programmed version of a container * Add API to retrieve interface given a container ID * Add support for custom log directory. 2018-03-29 01:03:58 +03:00			`urls, _ := service.GetOption(acn.OptCnsURL).(string)`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00			`if urls == "" {`
			`urls = defaultAPIServerURL`
			`}`

			`return urls`
			`}`

			`// Initialize initializes the service and starts the listener.`
			`func (service Service) Initialize(config common.ServiceConfig) error {`
			`log.Debugf("[Azure CNS] Going to initialize a service with config: %+v", config)`

			`// Initialize the base service.`
			`service.Service.Initialize(config)`

			`// Initialize the listener.`
			`if config.Listener == nil {`
			`// Fetch and parse the API server URL.`
			`u, err := url.Parse(service.getAPIServerURL())`
			`if err != nil {`
			`return err`
			`}`
			`// Create the listener.`
			`listener, err := acn.NewListener(u)`
			`if err != nil {`
			`return err`
			`}`
Updates for TLS: reading from encrypted PEM file & hostname fix (#742) * tls fixes * updating test * update to support linux as well * update to support linux and windows * remove old test file * pushing minor changes 2020-12-01 01:05:25 +03:00			`if config.TlsSettings.TLSPort != "" {`
			`// listener.URL.Host will always be hostname:port, passed in to CNS via CNS command`
			`// else it will default to localhost`
			`// extract hostname and override tls port.`
			`hostParts := strings.Split(listener.URL.Host, ":")`
			`config.TlsSettings.TLSEndpoint = hostParts[0] + ":" + config.TlsSettings.TLSPort`
changes to support http and https for CNS (#717) * changes to support http and https for CNS * correct small typo * address feedback * address feedback * rename file * small fix * small fix * fixing issue with cert not found 2020-11-06 20:51:30 +03:00			`// Start the listener and HTTP and HTTPS server.`
			`if err = listener.StartTLS(config.ErrChan, config.TlsSettings); err != nil {`
			`return err`
			`}`
			`}`
Azure CNS fix reconcile bug (#809) Handle the race scenario where HTTP Listener gets started before initializing CNS state. During Initialization/Reconciliation, CNS gets the CRD and recreates the NC request with SecondaryIPs, then it gets list of pods and set those ips as Allocated. If HTTP listener is started then CNI will start requesting ips to CNS and CNS will start allocating right after they are set to Available, thus double allocations. Thus reordered the calls and ensured HTTP Listener is started after initializing CNS. Also fixed some logging avoid double release during failure in IPAM pool monitor 2021-03-02 20:01:49 +03:00
			`logger.Printf("HTTP listener will be started later after CNS state has been reconciled")`
			`config.Listener = listener`
			`}`

			`service.Listener = config.Listener`

			`log.Debugf("[Azure CNS] Successfully initialized a service with config: %+v", config)`
			`return nil`
			`}`

			`func (service Service) StartListener(config common.ServiceConfig) error {`
			`log.Debugf("[Azure CNS] Going to start listener: %+v", config)`

			`// Initialize the listener.`
			`if service.Listener != nil {`
			`log.Debugf("[Azure CNS] Starting listener: %+v", config)`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00			`// Start the listener.`
changes to support http and https for CNS (#717) * changes to support http and https for CNS * correct small typo * address feedback * address feedback * rename file * small fix * small fix * fixing issue with cert not found 2020-11-06 20:51:30 +03:00			`// continue to listen on the normal endpoint for http traffic, this will be supported`
			`// for sometime until partners migrate fully to https`
Azure CNS fix reconcile bug (#809) Handle the race scenario where HTTP Listener gets started before initializing CNS state. During Initialization/Reconciliation, CNS gets the CRD and recreates the NC request with SecondaryIPs, then it gets list of pods and set those ips as Allocated. If HTTP listener is started then CNI will start requesting ips to CNS and CNS will start allocating right after they are set to Available, thus double allocations. Thus reordered the calls and ensured HTTP Listener is started after initializing CNS. Also fixed some logging avoid double release during failure in IPAM pool monitor 2021-03-02 20:01:49 +03:00			`if err := service.Listener.Start(config.ErrChan); err != nil {`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00			`return err`
			`}`
Azure CNS fix reconcile bug (#809) Handle the race scenario where HTTP Listener gets started before initializing CNS state. During Initialization/Reconciliation, CNS gets the CRD and recreates the NC request with SecondaryIPs, then it gets list of pods and set those ips as Allocated. If HTTP listener is started then CNI will start requesting ips to CNS and CNS will start allocating right after they are set to Available, thus double allocations. Thus reordered the calls and ensured HTTP Listener is started after initializing CNS. Also fixed some logging avoid double release during failure in IPAM pool monitor 2021-03-02 20:01:49 +03:00			`} else {`
			`return fmt.Errorf("Failed to start a listener, it is not initialized, config %+v", config)`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00			`}`

			`return nil`
			`}`

			`// Uninitialize cleans up the plugin.`
			`func (service *Service) Uninitialize() {`
			`service.Listener.Stop()`
			`service.Service.Uninitialize()`
			`}`

			`// ParseOptions returns generic options from a libnetwork request.`
			`func (service *Service) ParseOptions(options OptionMap) OptionMap {`
			`opt, _ := options[genericData].(OptionMap)`
			`return opt`
			`}`

			`// SendErrorResponse sends and logs an error response.`
			`func (service *Service) SendErrorResponse(w http.ResponseWriter, errMsg error) {`
			`resp := errorResponse{errMsg.Error()}`
			`err := service.Listener.Encode(w, &resp)`
Cns telemetry (#275) Adds telemetry capability for CNS. 2018-12-12 21:45:48 +03:00			`log.Errorf("[%s] %+v %s.", service.Name, &resp, err.Error())`
CNS - Container Network Service (#64) * Creates container network service (CNS): A service that exposes a set of REST API calls to support/manage networking for containers in Windows and Linux hosts. It currently requires docker daemon to be running on the node, as well as azure-vnet plugins for IPAM and Network. Supported Scenarios: Windows/Azure Future Scenarios: Linux/Azure, Windows/Overlay, Linux/Overlay 2017-07-06 08:31:49 +03:00			`}`