Support for one Touch provisioning of Contiv as a Container (#367)

* Add support for Net Plugin / Net Master / OVS to be containerized

* Changes to Support Build inside a container without vagrant.

* Fix minor issues with script

* some changes to cleanup and fix issues

* Add Mod probe into the Build script

* add sudo to modprobe

* Script changes to reinit a bridge

* Add RC file and source it in the contivInit.sh

* Address Review Comments
Fix an issue with contivRc not being source correctly

* Remove Proxy settings and leave them empty and commented out

* fix copy path in the build script

* Start/ Restart / Reinit Support via Script

* Seperate Build and start/stop scripts

Author: rnataraja

Dockerfile

@@ -20,11 +20,18 @@
 # docker run --net=host <image> -host-label=<label>
 ##
 
-FROM golang:1.4
+FROM golang:1.5.1
 MAINTAINER Madhav Puri <[email protected]> (@mapuri)
 
+
+# Insert your proxy server settings if this build is running behind 
+# a proxy.
+#ENV http_proxy ""
+#ENV https_proxy ""
 ENV GOPATH /go/
 
+ENV NET_CONTAINER_BUILD 1
+
 COPY ./ /go/src/github.com/contiv/netplugin/
 
 WORKDIR /go/src/github.com/contiv/netplugin/

Makefile

@@ -3,7 +3,7 @@
 
 # find all verifiable packages.
 # XXX: explore a better way that doesn't need multiple 'find'
-PKGS := `find . -mindepth 1 -maxdepth 1 -type d -name '*' | grep -vE '/\..*$\|Godeps|examples|docs|scripts|mgmtfn|bin|vagrant'`
+PKGS := `find . -mindepth 1 -maxdepth 1 -type d -name '*' | grep -vE '/\..*$\|Godeps|examples|docs|scripts|mgmtfn|bin|vagrant|netContain'`
 PKGS += `find . -mindepth 2 -maxdepth 2 -type d -name '*'| grep -vE '/\..*$\|Godeps|examples|docs|scripts|bin|vagrant'`
 TO_BUILD := ./netplugin/ ./netmaster/ ./netctl/netctl/ ./mgmtfn/k8splugin/contivk8s/
 HOST_GOBIN := `if [ -n "$$(go env GOBIN)" ]; then go env GOBIN; else dirname $$(which go); fi`
@@ -39,11 +39,21 @@ deps:
 checks:
 	./scripts/checks "$(PKGS)"
 
+# We cannot perform sudo inside a golang, the only reason to split the rules
+# here
+ifdef NET_CONTAINER_BUILD
+run-build: deps checks clean
+	cd ${GOPATH}/src/github.com/contiv/netplugin && version/generate_version ${USE_RELEASE} && \
+	cd $(GOPATH)/src/github.com/contiv/netplugin && \
+	GOGC=1500 godep go install -v $(TO_BUILD) && \
+	cp scripts/contrib/completion/bash/netctl /etc/bash_completion.d/netctl
+else
 run-build: deps checks clean
 	cd ${GOPATH}/src/github.com/contiv/netplugin && version/generate_version ${USE_RELEASE} && \
 	cd $(GOPATH)/src/github.com/contiv/netplugin && \
 	GOGC=1500 godep go install -v $(TO_BUILD) && \
 	sudo cp scripts/contrib/completion/bash/netctl /etc/bash_completion.d/netctl
+endif
 
 build:
 	make start
@@ -58,10 +68,15 @@ clean: deps
 update:
 	vagrant box update
 
+
 # setting CONTIV_NODES=<number> while calling 'make demo' can be used to bring
 # up a cluster of <number> nodes. By default <number> = 1
+ifdef NET_CONTAINER_BUILD
+start:
+else
 start: update
 	CONTIV_NODE_OS=${CONTIV_NODE_OS} vagrant up
+endif
 
 #kubernetes demo targets
 k8s-cluster:
@@ -86,8 +101,12 @@ mesos-docker-destroy:
 demo-ubuntu:
 	CONTIV_NODE_OS=ubuntu make demo
 
+ifdef NET_CONTAINER_BUILD
+stop:
+else
 stop:
 	CONTIV_NODES=$${CONTIV_NODES:-2} vagrant destroy -f
+endif
 
 demo:
 	make ssh-build
@@ -96,8 +115,13 @@ demo:
 ssh:
 	@vagrant ssh netplugin-node1 -c 'bash -lc "cd /opt/gopath/src/github.com/contiv/netplugin/ && bash"' || echo 'Please run "make demo"'
 
+ifdef NET_CONTAINER_BUILD
+ssh-build:
+	cd /go/src/github.com/contiv/netplugin && make run-build
+else
 ssh-build: start
-	vagrant ssh netplugin-node1 -c 'sudo -i bash -lc "source /etc/profile.d/envvar.sh && cd /opt/gopath/src/github.com/contiv/netplugin && make run-build"'
+		vagrant ssh netplugin-node1 -c 'sudo -i bash -lc "source /etc/profile.d/envvar.sh && cd /opt/gopath/src/github.com/contiv/netplugin && make run-build"'
+endif
 
 unit-test: stop clean build
 	./scripts/unittests -vagrant

scripts/netContain/BuildContainer.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/bash
+
+function dockerBuildIt {
+    imgId=`docker build $1 | grep "Successfully built" | cut -d " " -f 3`
+
+    if [[ $imgId =~ [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f] ]]; then
+       echo "$2 Image has been built with ID $imgId"
+       return 0
+    fi
+    echo "$2 Image was not built properly"
+    return 255
+}
+
+set -x 
+
+eexists=`docker images contivbase | grep -w "contivbase" | wc -l`
+if [ $eexists != 0 ]; then
+    echo "An image by name contivbase already exists"
+    echo "Remove contivbase (docker rmi contivbase) and retry"
+    exit
+fi
+
+ARG1=${1:-none}
+if [ $ARG1 == "reinit" ]; then
+   etcdctl rm -recursive /contiv.io
+   etcdctl rm -recursive /docker/network
+fi
+
+sudo modprobe openvswitch
+
+imgId="Contiv"
+dockerBuildIt . $imgId
+if [ $? != 0 ]; then
+   echo "Failed building Contiv Image Bailing out Err $?"
+   exit
+fi
+
+docker run --name=$imgId $imgId  2> /dev/null
+
+echo "Copying the Contiv Binaries from the built container"
+docker cp $imgId:/go/bin/netplugin scripts/netContain/
+docker cp $imgId:/go/bin/netmaster scripts/netContain/
+docker cp $imgId:/go/bin/netctl scripts/netContain/
+
+
+echo "Removing Intermediate Contiv Container"
+docker rm -f $imgId
+docker rmi -f $imgId
+
+
+dockerBuildIt scripts/netContain contivbase
+if [ $? != 0 ]; then
+   echo "Failed building Contiv OVS Container Image, Bailing out Err $?"
+   exit
+fi
+
+docker tag $imgId contivbase
+
+
+scripts/netContain/contivd.sh start $ARG1

scripts/netContain/Dockerfile

@@ -0,0 +1,45 @@
+##
+#Copyright 2014 Cisco Systems Inc. All rights reserved.
+#
+#Licensed under the Apache License, Version 2.0 (the "License");
+#you may not use this file except in compliance with the License.
+#You may obtain a copy of the License at
+#http://www.apache.org/licenses/LICENSE-2.0
+#
+#Unless required by applicable law or agreed to in writing, software
+#distributed under the License is distributed on an "AS IS" BASIS,
+#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#See the License for the specific language governing permissions and
+#limitations under the License.
+##
+
+# One Container for OVS / netplugin / netmaster 
+
+FROM ubuntu:14.04
+
+MAINTAINER Rajesh Nataraja <[email protected]>
+
+# Make sure to Modify the Proxy Server values if required 
+# ENV export http_proxy=http://proxy.localhost.com:8080
+# ENV export https_proxy=https://proxy.localhost.com:8080
+
+
+#Install the Open vSwitch package on this ubuntu container.
+RUN apt update
+RUN apt --assume-yes  install openvswitch-switch
+
+#Copy the Net Plugin Binaries  and the Scripts required to 
+# start the Net Plugin and Net Master. 
+
+RUN mkdir -p /contiv/bin
+RUN mkdir -p /contiv/scripts
+
+COPY ./netplugin /contiv/bin/
+COPY ./netmaster /contiv/bin/
+COPY ./ovsInit.sh /contiv/scripts/
+COPY ./contivInit.sh /contiv/scripts/
+COPY ./contivNet.sh /contiv/scripts/
+COPY ./contivRc /contiv/scripts/
+
+
+ENTRYPOINT ["/contiv/scripts/contivNet.sh"]

scripts/netContain/contivInit.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+#Initialize contiv Net Plugin and Net Master as required
+# Values below need to be tailored as per needs
+
+set -x
+
+source /contiv/scripts/contivRc
+
+if [ $IS_NETMASTER == 1 ]
+then
+   /contiv/bin/netmaster 2> /var/log/contiv/netmaster.errlog 1> /var/log/contiv/netmaster.log &
+fi
+
+echo "$NETMASTER_IP  netmaster" > /etc/hosts
+echo "0.0.0.0 localhost" >> /etc/hosts
+export no_proxy="0.0.0.0, $NETMASTER_IP" 
+
+if [ not $CONTIV_FWD_MODE == "routing" ] 
+then
+   CONTIV_FWD_MODE="bridged"
+fi
+
+/contiv/bin/netplugin -vtep-ip $VTEP_IP -vlan-if $VLAN_IF -fwd-mode $CONTIV_FWD_MODE 2> /var/log/contiv/netplugin.errlog 1> /var/log/contiv/netplugin.log &
+

scripts/netContain/contivNet.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+#Initialize complete contiv container. Start OVS and Net Plugin
+
+ARG1=${1:-none}
+
+if [ $ARG1 == "reinit" ]; then
+    ovs-vsctl del-br contivVlanBridge
+    ovs-vsctl del-br contivVxlanBridge
+fi
+
+/contiv/scripts/ovsInit.sh
+/contiv/scripts/contivInit.sh
+
+
+while true; do sleep 1; done

scripts/netContain/contivRc

@@ -0,0 +1,22 @@
+# RC file for passing or tuning contiv parameters correctly. Please set
+# them as necessary and described below. 
+
+# IF this contiv node needs to run as netmaster, set the following to 1
+IS_NETMASTER=0
+
+# This IP currently is only used to set the no_proxy before starting the
+# netplugin process
+NETMASTER_IP="172.28.11.253"
+
+# VTEP IP address used for VXLAN encapsulation. This should be one 
+# routable within the contiv cluster
+VTEP_IP="172.28.11.252"
+
+# Interface used for Sending Dot1Q tagged packets in bridged mode
+# Or
+# Interface used for routing vlan encapped networks across Contiv Nodes
+# Also used for BGP when started
+VLAN_IF="ens32"
+
+#routing or bridged
+CONTIV_FWD_MODE="routing"

scripts/netContain/contivd.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/bash
+
+set -x 
+
+function usage {
+	echo "contivd.sh  { {start | restart} [reinit] } | {stop}"
+}
+
+sudo mkdir -p /var/log/contiv
+sudo mkdir -p /var/run/openvswitch
+
+eexists=`docker images contivbase | grep -w "contivbase" | wc -l`
+if [ $eexists == 0 ]; then
+    echo "contivbase image has not been created, First Build contivbase"
+    exit
+fi
+
+arg=${1:-none}
+
+for arg in $*; do
+    case $arg in
+       "reinit" )
+          reinitContiv=true
+          ;;
+       "restart" )
+          restartContiv=true
+          ;;
+       "stop" )
+          docker stop contivNet
+          exit
+          ;;
+        "start" )
+          startNow=true
+          ;;
+        "none" )
+          usage
+          exit
+          ;;
+    esac
+done
+
+spawned=`docker ps | grep -w "contivNet" | wc -l`
+stopped=`docker ps -a | grep -w "contivNet" | grep "Exited" | wc -l`
+
+if [ $startNow ]; then
+    if [ $spawned != 0 ]; then
+        echo "contivNet is Already Running, Try Stopping or restart"
+        exit
+    fi
+fi
+
+
+if [ $restartContiv ]; then
+    if [ $spawned == 0 ]; then
+       echo "contivNet has not been spawned, Try Start"
+       exit
+    fi
+    if [ $stopped == 0 ]; then
+        docker stop contivNet
+	stopped=1
+    fi
+fi
+
+
+reinitArg=""
+if [  $reinitContiv ]; then
+    docker rm -f contivNet
+    reinitArg="reinit"
+    etcdctl rm -recursive /contiv.io
+    etcdctl rm -recursive /docker/network
+fi   
+
+
+sudo modprobe openvswitch
+if [ $stopped != 0 ]; then
+    docker start contivNet
+else
+    docker run -itd --net=host --name=contivNet  --privileged   -v /etc/openvswitch:/etc/openvswitch -v /var/run/:/var/run -v /var/log/contiv:/var/log/contiv contivbase "$reinitArg"
+fi

scripts/netContain/ovsInit.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+#Start OVS in the Contiv Container
+
+sleep 2
+
+if [ -d "/etc/openvswitch" ]; then
+  if [ -f "/etc/openvswitch/conf.db" ]; then
+     echo "DB Exists No Need to Create"
+  else
+     ovsdb-tool create  /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema
+  fi
+else
+  echo "Open V Switch not mounted from Host"
+fi
+
+ovsdb-server --remote=punix:/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --private-key=db:Open_vSwitch,SSL,private_key --certificate=db:Open_vSwitch,SSL,certificate --bootstrap-ca-cert=db:Open_vSwitch,SSL,ca_cert --log-file=/var/log/contiv/ovs-db.log -vsyslog:dbg -vfile:dbg --pidfile --detach /etc/openvswitch/conf.db
+
+ovs-vswitchd -v --pidfile --detach --log-file=/var/log/contiv/ovs-vswitchd.log -vconsole:err -vsyslog:info -vfile:info &
+
+ovs-vsctl set-manager tcp:127.0.0.1:6640 
+
+ovs-vsctl set-manager ptcp:6640
+