From 3fcacc2ad849b501293aded8e901cc8065634498 Mon Sep 17 00:00:00 2001 From: Jake McGinty Date: Thu, 20 May 2021 03:16:28 +0900 Subject: [PATCH] docker-tests: use userspace wireguard --- docker-tests/Dockerfile.innernet | 37 +++++++++++++++++-------- docker-tests/Dockerfile.innernet-server | 37 +++++++++++++++++-------- docker-tests/run-docker-tests.sh | 9 ++++-- docker-tests/start-client.sh | 6 ++-- docker-tests/start-server.sh | 16 ++++++++--- 5 files changed, 75 insertions(+), 30 deletions(-) diff --git a/docker-tests/Dockerfile.innernet b/docker-tests/Dockerfile.innernet index d601a38..de04e02 100644 --- a/docker-tests/Dockerfile.innernet +++ b/docker-tests/Dockerfile.innernet @@ -1,41 +1,56 @@ #################################################################################################### ## Builder #################################################################################################### -FROM rust as planner -RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev -RUN update-ca-certificates +FROM rust:slim as planner +RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev WORKDIR /app RUN cargo install cargo-chef COPY . . RUN cargo chef prepare --recipe-path recipe.json -FROM rust as cacher -RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev -RUN update-ca-certificates +FROM rust:slim as cacher +RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev WORKDIR /app RUN cargo install cargo-chef COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json -FROM rust as builder -RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev -RUN update-ca-certificates +FROM rust:slim as builder +RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev WORKDIR /app + COPY . . COPY --from=cacher /app/target target RUN cargo build --release --bin innernet RUN strip /app/target/release/innernet +FROM golang:latest as wireguard +ARG wg_go_tag=0.0.20210323 +ARG wg_tools_tag=v1.0.20210315 +RUN apt-get update && apt-get install -y git + +RUN git clone -b $wg_go_tag --depth 1 https://git.zx2c4.com/wireguard-go && \ + cd wireguard-go && \ + make && \ + make install + +ENV WITH_WGQUICK=yes +RUN git clone -b $wg_tools_tag --depth 1 https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + cd src && \ + make && \ + make install + #################################################################################################### ## Final image #################################################################################################### -FROM ubuntu:latest +FROM debian:buster-slim RUN apt-get update && apt-get install -y libsqlite3-dev iproute2 iputils-ping && rm -rf /var/lib/apt/lists/* WORKDIR /app - COPY ./docker-tests/start-client.sh ./ +COPY --from=wireguard /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/ COPY --from=builder /app/target/release/innernet /usr/bin/ CMD ["/app/start-client.sh"] diff --git a/docker-tests/Dockerfile.innernet-server b/docker-tests/Dockerfile.innernet-server index d581a54..17269d9 100644 --- a/docker-tests/Dockerfile.innernet-server +++ b/docker-tests/Dockerfile.innernet-server @@ -1,40 +1,55 @@ #################################################################################################### ## Builder #################################################################################################### -FROM rust as planner -RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev -RUN update-ca-certificates +FROM rust:slim as planner +RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev WORKDIR /app RUN cargo install cargo-chef COPY . . RUN cargo chef prepare --recipe-path recipe.json -FROM rust as cacher -RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev -RUN update-ca-certificates +FROM rust:slim as cacher +RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev WORKDIR /app RUN cargo install cargo-chef COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json -FROM rust as builder -RUN apt-get update && apt-get install -y build-essential musl-tools musl-dev clang libclang-dev libsqlite3-dev -RUN update-ca-certificates +FROM rust:slim as builder +RUN apt-get update && apt-get install -y build-essential clang libclang-dev libsqlite3-dev WORKDIR /app + COPY . . COPY --from=cacher /app/target target RUN cargo build --release --bin innernet-server RUN strip /app/target/release/innernet-server +FROM golang:latest as wireguard +ARG wg_go_tag=0.0.20210323 +ARG wg_tools_tag=v1.0.20210315 +RUN apt-get update && apt-get install -y git + +RUN git clone -b $wg_go_tag --depth 1 https://git.zx2c4.com/wireguard-go && \ + cd wireguard-go && \ + make && \ + make install + +ENV WITH_WGQUICK=yes +RUN git clone -b $wg_tools_tag --depth 1 https://git.zx2c4.com/wireguard-tools && \ + cd wireguard-tools && \ + cd src && \ + make && \ + make install + #################################################################################################### ## Final image #################################################################################################### -FROM ubuntu:latest +FROM debian:buster-slim RUN apt-get update && apt-get install -y libsqlite3-dev iproute2 iputils-ping && rm -rf /var/lib/apt/lists/* - WORKDIR /app COPY ./docker-tests/start-server.sh ./ +COPY --from=wireguard /usr/bin/wireguard-go /usr/bin/wg* /usr/bin/ COPY --from=builder /app/target/release/innernet-server /usr/bin/ EXPOSE 51820/udp diff --git a/docker-tests/run-docker-tests.sh b/docker-tests/run-docker-tests.sh index 4c2afa0..2ef07a4 100755 --- a/docker-tests/run-docker-tests.sh +++ b/docker-tests/run-docker-tests.sh @@ -32,11 +32,14 @@ info "Creating network." NETWORK=$(cmd docker network create -d bridge --subnet=172.18.0.0/16 innernet) info "Starting server." -SERVER_CONTAINER=$(cmd docker run -itd --rm \ +SERVER_CONTAINER=$(cmd docker create -it --rm \ --network "$NETWORK" \ --ip 172.18.1.1 \ + --volume /dev/net/tun:/dev/net/tun \ + --env RUST_LOG=debug \ --cap-add NET_ADMIN \ innernet-server) +cmd docker start -a "$SERVER_CONTAINER" & info "server started as $SERVER_CONTAINER" info "Waiting for server to initialize." @@ -47,13 +50,14 @@ cmd docker cp "$SERVER_CONTAINER:/app/peer1.toml" "$tmp_dir" PEER1_CONTAINER=$(cmd docker create --rm -it \ --network "$NETWORK" \ --ip 172.18.1.2 \ + --volume /dev/net/tun:/dev/net/tun \ --env INTERFACE=evilcorp \ --cap-add NET_ADMIN \ innernet) info "peer1 started as $PEER1_CONTAINER" cmd docker cp "$tmp_dir/peer1.toml" "$PEER1_CONTAINER:/app/invite.toml" cmd docker start "$PEER1_CONTAINER" -sleep 5 +sleep 10 info "Creating a new CIDR from first peer." cmd docker exec "$PEER1_CONTAINER" innernet \ @@ -85,6 +89,7 @@ info "Starting second peer." PEER2_CONTAINER=$(docker create --rm -it \ --network "$NETWORK" \ --ip 172.18.1.3 \ + --volume /dev/net/tun:/dev/net/tun \ --cap-add NET_ADMIN \ --env INTERFACE=evilcorp \ innernet) diff --git a/docker-tests/start-client.sh b/docker-tests/start-client.sh index b5ce15d..11186be 100755 --- a/docker-tests/start-client.sh +++ b/docker-tests/start-client.sh @@ -1,14 +1,16 @@ #!/bin/bash set -e +DEFAULT_ARGS="--backend userspace" + INTERFACE="${INTERFACE:-innernet}" -innernet install \ +innernet $DEFAULT_ARGS install \ --name "$INTERFACE" \ --delete-invite \ --no-write-hosts \ /app/invite.toml while true; do - innernet up --no-write-hosts "$INTERFACE" + innernet $DEFAULT_ARGS up --no-write-hosts "$INTERFACE" sleep 1 done diff --git a/docker-tests/start-server.sh b/docker-tests/start-server.sh index 05a9cac..79e2443 100755 --- a/docker-tests/start-server.sh +++ b/docker-tests/start-server.sh @@ -1,19 +1,27 @@ #!/bin/bash set -e -innernet-server new \ +DEFAULT_ARGS="--backend userspace" + +innernet-server \ + $DEFAULT_ARGS \ + new \ --network-name "evilcorp" \ --network-cidr "10.66.0.0/16" \ --external-endpoint "172.18.1.1:51820" \ --listen-port 51820 -innernet-server add-cidr evilcorp \ +innernet-server \ + $DEFAULT_ARGS \ + add-cidr evilcorp \ --name "humans" \ --cidr "10.66.1.0/24" \ --parent "evilcorp" \ --yes -innernet-server add-peer evilcorp \ +innernet-server \ + $DEFAULT_ARGS \ + add-peer evilcorp \ --name "admin" \ --cidr "humans" \ --admin true \ @@ -22,4 +30,4 @@ innernet-server add-peer evilcorp \ --invite-expires "30d" \ --yes -innernet-server serve evilcorp +innernet-server $DEFAULT_ARGS serve evilcorp