Add plugin code

This adds basic plugins.
"main" types: veth, bridge, macvlan
"ipam" type: host-local

The code has been ported over from github.com/coreos/rkt project
and adapted to fit the CNI spec.

plugins/ipam/host-local/README.md

@@ -0,0 +1,86 @@
+# host-local IP address manager
+
+host-local IPAM allocates IPv4 and IPv6 addresses out of a specified address range.
+
+## Usage
+
+### Obtain an IP
+
+Given the following network configuration:
+
+```
+{
+    "name": "default",
+    "ipam": {
+        "type": "host-local",
+        "subnet": "203.0.113.0/24"
+    }
+}
+```
+
+#### Using the command line interface
+
+```
+$ export CNI_COMMAND=ADD
+$ export CNI_CONTAINERID=f81d4fae-7dec-11d0-a765-00a0c91e6bf6
+$ ./host-local < $conf
+```
+
+```
+{
+    "ip4": {
+        "ip": "203.0.113.1/24"
+    }
+}
+```
+
+## Backends
+
+By default ipmanager stores IP allocations on the local filesystem using the IP address as the file name and the ID as contents. For example:
+
+```
+$ ls /var/lib/cni/networks/default
+```
+```
+203.0.113.1	203.0.113.2
+```
+
+```
+$ cat /var/lib/cni/networks/default/203.0.113.1
+```
+```
+f81d4fae-7dec-11d0-a765-00a0c91e6bf6
+```
+
+## Configuration Files
+
+
+```
+{
+	"name": "ipv6",
+    "ipam": {
+		"type": "host-local",
+		"subnet": "3ffe:ffff:0:01ff::/64",
+		"range-start": "3ffe:ffff:0:01ff::0010",
+		"range-end": "3ffe:ffff:0:01ff::0020",
+		"routes": [
+			"3ffe:ffff:0:01ff::1/64"
+		]
+	}
+}
+```
+
+```
+{
+    "name": "ipv4",
+	"ipam": {
+		"type": "host-local",
+		"subnet": "203.0.113.1/24",
+		"range-start": "203.0.113.10",
+		"range-end": "203.0.113.20",
+		"routes": [
+			"203.0.113.0/24"
+		]
+	}
+}
+```

plugins/ipam/host-local/allocator.go

@@ -0,0 +1,185 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/appc/cni/pkg/ip"
+	"github.com/appc/cni/pkg/plugin"
+	"github.com/appc/cni/plugins/ipam/host-local/backend"
+)
+
+type IPAllocator struct {
+	start net.IP
+	end   net.IP
+	conf  *IPAMConfig
+	store backend.Store
+}
+
+func NewIPAllocator(conf *IPAMConfig, store backend.Store) (*IPAllocator, error) {
+	var (
+		start net.IP
+		end   net.IP
+		err   error
+	)
+	start, end, err = networkRange((*net.IPNet)(&conf.Subnet))
+	if err != nil {
+		return nil, err
+	}
+
+	// skip the .0 address
+	start = ip.NextIP(start)
+
+	if conf.RangeStart != nil {
+		if err := validateRangeIP(conf.RangeStart, (*net.IPNet)(&conf.Subnet)); err != nil {
+			return nil, err
+		}
+		start = conf.RangeStart
+	}
+	if conf.RangeEnd != nil {
+		if err := validateRangeIP(conf.RangeEnd, (*net.IPNet)(&conf.Subnet)); err != nil {
+			return nil, err
+		}
+		// RangeEnd is inclusive
+		end = ip.NextIP(conf.RangeEnd)
+	}
+
+	return &IPAllocator{start, end, conf, store}, nil
+}
+
+func validateRangeIP(ip net.IP, ipnet *net.IPNet) error {
+	if !ipnet.Contains(ip) {
+		return fmt.Errorf("%s not in network: %s", ip, ipnet)
+	}
+	return nil
+}
+
+// Returns newly allocated IP along with its config
+func (a *IPAllocator) Get(id string) (*plugin.IPConfig, error) {
+	a.store.Lock()
+	defer a.store.Unlock()
+
+	gw := a.conf.Gateway
+	if gw == nil {
+		gw = ip.NextIP(a.conf.Subnet.IP)
+	}
+
+	for cur := a.start; !cur.Equal(a.end); cur = ip.NextIP(cur) {
+		// don't allocate gateway IP
+		if gw != nil && cur.Equal(gw) {
+			continue
+		}
+
+		reserved, err := a.store.Reserve(id, cur)
+		if err != nil {
+			return nil, err
+		}
+		if reserved {
+			return &plugin.IPConfig{
+				IP:      net.IPNet{cur, a.conf.Subnet.Mask},
+				Gateway: gw,
+				Routes:  a.conf.Routes,
+			}, nil
+		}
+	}
+
+	return nil, fmt.Errorf("no IP addresses available in network: %s", a.conf.Name)
+}
+
+// Allocates both an IP and the Gateway IP, i.e. a /31
+// This is used for Point-to-Point links
+func (a *IPAllocator) GetPtP(id string) (*plugin.IPConfig, error) {
+	a.store.Lock()
+	defer a.store.Unlock()
+
+	for cur := a.start; !cur.Equal(a.end); cur = ip.NextIP(cur) {
+		// we're looking for unreserved even, odd pair
+		if !evenIP(cur) {
+			continue
+		}
+
+		gw := cur
+		reserved, err := a.store.Reserve(id, gw)
+		if err != nil {
+			return nil, err
+		}
+		if reserved {
+			cur = ip.NextIP(cur)
+			if cur.Equal(a.end) {
+				break
+			}
+
+			reserved, err := a.store.Reserve(id, cur)
+			if err != nil {
+				return nil, err
+			}
+			if reserved {
+				// found them both!
+				_, bits := a.conf.Subnet.Mask.Size()
+				mask := net.CIDRMask(bits-1, bits)
+
+				return &plugin.IPConfig{
+					IP:      net.IPNet{cur, mask},
+					Gateway: gw,
+					Routes:  a.conf.Routes,
+				}, nil
+			}
+		}
+	}
+
+	return nil, fmt.Errorf("no ip addresses available in network: %s", a.conf.Name)
+}
+
+// Releases all IPs allocated for the container with given ID
+func (a *IPAllocator) Release(id string) error {
+	a.store.Lock()
+	defer a.store.Unlock()
+
+	return a.store.ReleaseByID(id)
+}
+
+func networkRange(ipnet *net.IPNet) (net.IP, net.IP, error) {
+	ip := ipnet.IP.To4()
+	if ip == nil {
+		ip = ipnet.IP.To16()
+		if ip == nil {
+			return nil, nil, fmt.Errorf("IP not v4 nor v6")
+		}
+	}
+
+	if len(ip) != len(ipnet.Mask) {
+		return nil, nil, fmt.Errorf("IPNet IP and Mask version mismatch")
+	}
+
+	var end net.IP
+	for i := 0; i < len(ip); i++ {
+		end = append(end, ip[i]|^ipnet.Mask[i])
+	}
+	return ipnet.IP, end, nil
+}
+
+func evenIP(ip net.IP) bool {
+	i := ip.To4()
+	if i == nil {
+		i = ip.To16()
+		if i == nil {
+			panic("IP is not v4 or v6")
+		}
+	}
+
+	return i[len(i)-1]%2 == 0
+}

plugins/ipam/host-local/backend/disk/backend.go

@@ -0,0 +1,88 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package disk
+
+import (
+	"io/ioutil"
+	"net"
+	"os"
+	"path/filepath"
+)
+
+var defaultDataDir = "/var/lib/cni/networks"
+
+type Store struct {
+	FileLock
+	dataDir string
+}
+
+func New(network string) (*Store, error) {
+	dir := filepath.Join(defaultDataDir, network)
+	if err := os.MkdirAll(dir, 0644); err != nil {
+		return nil, err
+	}
+
+	lk, err := NewFileLock(dir)
+	if err != nil {
+		return nil, err
+	}
+	return &Store{*lk, dir}, nil
+}
+
+func (s *Store) Reserve(id string, ip net.IP) (bool, error) {
+	fname := filepath.Join(s.dataDir, ip.String())
+	f, err := os.OpenFile(fname, os.O_RDWR|os.O_EXCL|os.O_CREATE, 0644)
+	if os.IsExist(err) {
+		return false, nil
+	}
+	if err != nil {
+		return false, err
+	}
+	if _, err := f.WriteString(id); err != nil {
+		f.Close()
+		os.Remove(f.Name())
+		return false, err
+	}
+	if err := f.Close(); err != nil {
+		os.Remove(f.Name())
+		return false, err
+	}
+	return true, nil
+}
+
+func (s *Store) Release(ip net.IP) error {
+	return os.Remove(filepath.Join(s.dataDir, ip.String()))
+}
+
+// N.B. This function eats errors to be tolerant and
+// release as much as possible
+func (s *Store) ReleaseByID(id string) error {
+	err := filepath.Walk(s.dataDir, func(path string, info os.FileInfo, err error) error {
+		if err != nil || info.IsDir() {
+			return nil
+		}
+		data, err := ioutil.ReadFile(path)
+		if err != nil {
+			return nil
+		}
+		if string(data) == id {
+			if err := os.Remove(path); err != nil {
+				return nil
+			}
+		}
+		return nil
+	})
+	return err
+}

plugins/ipam/host-local/backend/disk/lock.go

@@ -0,0 +1,50 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package disk
+
+import (
+	"os"
+	"syscall"
+)
+
+// FileLock wraps os.File to be used as a lock using flock
+type FileLock struct {
+	f *os.File
+}
+
+// NewFileLock opens file/dir at path and returns unlocked FileLock object
+func NewFileLock(path string) (*FileLock, error) {
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+
+	return &FileLock{f}, nil
+}
+
+// Close closes underlying file
+func (l *FileLock) Close() error {
+	return l.f.Close()
+}
+
+// Lock acquires an exclusive lock
+func (l *FileLock) Lock() error {
+	return syscall.Flock(int(l.f.Fd()), syscall.LOCK_EX)
+}
+
+// Unlock releases the lock
+func (l *FileLock) Unlock() error {
+	return syscall.Flock(int(l.f.Fd()), syscall.LOCK_UN)
+}

plugins/ipam/host-local/backend/store.go

@@ -0,0 +1,26 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package backend
+
+import "net"
+
+type Store interface {
+	Lock() error
+	Unlock() error
+	Close() error
+	Reserve(id string, ip net.IP) (bool, error)
+	Release(ip net.IP) error
+	ReleaseByID(id string) error
+}

plugins/ipam/host-local/config.go

@@ -0,0 +1,57 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"net"
+
+	"github.com/appc/cni/pkg/ip"
+	"github.com/appc/cni/pkg/plugin"
+)
+
+// IPAMConfig represents the IP related network configuration.
+type IPAMConfig struct {
+	Name       string
+	Type       string         `json:"type"`
+	RangeStart net.IP         `json:"rangeStart"`
+	RangeEnd   net.IP         `json:"rangeEnd"`
+	Subnet     ip.IPNet       `json:"subnet"`
+	Gateway    net.IP         `json:"gateway"`
+	Routes     []plugin.Route `json:"routes"`
+}
+
+type Net struct {
+	Name string      `json:"name"`
+	IPAM *IPAMConfig `json:"ipam"`
+}
+
+// NewIPAMConfig creates a NetworkConfig from the given network name.
+func LoadIPAMConfig(bytes []byte) (*IPAMConfig, error) {
+	n := Net{}
+	if err := json.Unmarshal(bytes, &n); err != nil {
+		return nil, err
+	}
+
+	if n.IPAM == nil {
+		return nil, fmt.Errorf("%q missing 'ipam' key")
+	}
+
+	// Copy net name into IPAM so not to drag Net struct around
+	n.IPAM.Name = n.Name
+
+	return n.IPAM, nil
+}

plugins/ipam/host-local/main.go

@@ -0,0 +1,85 @@
+// Copyright 2015 CoreOS, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"errors"
+
+	"github.com/appc/cni/plugins/ipam/host-local/backend/disk"
+
+	"github.com/appc/cni/pkg/plugin"
+	"github.com/appc/cni/pkg/skel"
+)
+
+func main() {
+	skel.PluginMain(cmdAdd, cmdDel)
+}
+
+func cmdAdd(args *skel.CmdArgs) error {
+	ipamConf, err := LoadIPAMConfig(args.StdinData)
+	if err != nil {
+		return err
+	}
+
+	store, err := disk.New(ipamConf.Name)
+	if err != nil {
+		return err
+	}
+	defer store.Close()
+
+	allocator, err := NewIPAllocator(ipamConf, store)
+	if err != nil {
+		return err
+	}
+
+	var ipConf *plugin.IPConfig
+
+	switch ipamConf.Type {
+	case "host-local":
+		ipConf, err = allocator.Get(args.Netns)
+	case "host-local-ptp":
+		ipConf, err = allocator.GetPtP(args.Netns)
+	default:
+		return errors.New("Unsupported IPAM plugin type")
+	}
+
+	if err != nil {
+		return err
+	}
+
+	return plugin.PrintResult(&plugin.Result{
+		IP4: ipConf,
+	})
+}
+
+func cmdDel(args *skel.CmdArgs) error {
+	ipamConf, err := LoadIPAMConfig(args.StdinData)
+	if err != nil {
+		return err
+	}
+
+	store, err := disk.New(ipamConf.Name)
+	if err != nil {
+		return err
+	}
+	defer store.Close()
+
+	allocator, err := NewIPAllocator(ipamConf, store)
+	if err != nil {
+		return err
+	}
+
+	return allocator.Release(args.Netns)
+}