From ab211cf599b502d8f92a99a3867996f4cdd08e5e Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Wed, 11 Mar 2015 08:44:38 -0700 Subject: [PATCH] Changed my mind design-wise on netconf/ -- will embed using SQLite. This fits much better into the OnePoint plans. I am also officially sick of NoSQL, which in this cases forces you to invent things that SQL gives you for free. --- netconf/README.md | 28 ++++++++++ netconf/tests/Makefile | 9 ---- netconf/tests/README.md | 2 - netconf/tests/package.json | 15 ------ netconf/tests/runtests.js | 107 ------------------------------------- netconf/tests/tests.cpp | 27 ---------- 6 files changed, 28 insertions(+), 160 deletions(-) delete mode 100644 netconf/tests/Makefile delete mode 100644 netconf/tests/README.md delete mode 100644 netconf/tests/package.json delete mode 100644 netconf/tests/runtests.js delete mode 100644 netconf/tests/tests.cpp diff --git a/netconf/README.md b/netconf/README.md index e69de29bb..fa7c369ac 100644 --- a/netconf/README.md +++ b/netconf/README.md @@ -0,0 +1,28 @@ +Network Configuration Master +====== + +This folder contains code implementing the node/NetworkConfigMaster.hpp interface to allow ZeroTier nodes to create and manage virtual networks. + +The standard implementation uses SQLite3 with the attached schema. A separate service (not included here yet) is used to administrate that database and configure networks. + +### Building + +By default this code is not built or included in the client. To build on Linux, BSD, or Mac add ZT_ENABLE_NETCONF_MASTER=1 to the make command line. It could be built on Windows as well, but you're on your own there. You'd have to build SQLite3 first, or get a pre-built copy somewhere. + +### Running + +When you run a node with netconf support, a SQLite3 database will be created in the ZeroTier One working directory. On Linux this is /var/lib/zerotier-one by default unless you run the service with a command line to specify something else. + +This database can be attached to and modified while the service is running as per SQLite3's rather awesome sharing capabilities. For now you're on your own in that department too, but in the future we might ship some code for this. + +### Reliability + +Network configuration masters can go offline without affecting already-configured members of running networks. You just won't be able to add new members, de-authorize members, or otherwise change any network configuration while the master is offline. + +High-availability can be implemented through fail-over. A simple method involves making a frequent backup of the SQLite database (use the SQLite command line client to do this safely) and the network configuration master's working directory. Then, if the master goes down, another instance of it can rapidly be provisioned elsewhere. Since ZeroTier addresses are mobile, the new instance will quickly take over for the old one and service requests. + +### Limits + +A single network configuration master can administrate up to 2^24 networks as per the ZeroTier protocol limit. The number of clients is theoretically unlimited, but in practice is limited by network bandwidth. + +You should keep an eye on CPU utilization and stop adding networks/users to a network configuration master if it gets too high. The bottleneck here is not the SQLite database but the CPU overhead of signing certificates of membership. You'll hit limits there long before hitting any limit associated with SQLite. diff --git a/netconf/tests/Makefile b/netconf/tests/Makefile deleted file mode 100644 index b90ea0586..000000000 --- a/netconf/tests/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -# Builds tests.cpp for Redis-based netconf master tests on Linux or OSX - -all: FORCE - $(CXX) -g -o tests tests.cpp ../../node/Utils.o ../../node/Identity.o ../../node/C25519.o ../../node/SHA512.o ../../node/Salsa20.o ../../node/CertificateOfMembership.o ../../node/Dictionary.o - -clean: - rm -rf tests *.o *.dSYM - -FORCE: diff --git a/netconf/tests/README.md b/netconf/tests/README.md deleted file mode 100644 index 50b74d043..000000000 --- a/netconf/tests/README.md +++ /dev/null @@ -1,2 +0,0 @@ -Redis Network Configuration Master Tests -====== diff --git a/netconf/tests/package.json b/netconf/tests/package.json deleted file mode 100644 index 18c9cf81a..000000000 --- a/netconf/tests/package.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "name": "zt1-netconf-master-tests", - "version": "0.0.0", - "description": "Network configuration master tests", - "main": "runtests.js", - "scripts": { - "test": "echo \"Error: no test specified\" && exit 1" - }, - "author": "ZeroTier, Inc.", - "license": "GPL", - "dependencies": { - "redis": "~0.10.3", - "async": "~0.9.0" - } -} diff --git a/netconf/tests/runtests.js b/netconf/tests/runtests.js deleted file mode 100644 index fedc18c26..000000000 --- a/netconf/tests/runtests.js +++ /dev/null @@ -1,107 +0,0 @@ -/* - * ZeroTier One Redis netconf master test script -- see README.md for instructions - */ - -// Use this Redis database number to avoid conflicting with running data that might be in DB #0 -var redisDatabaseNumber = 9; - -// --------------------------------------------------------------------------- -// Test data - -// Test signing identity (and first 10 digits of our test network IDs of course) -var netconfMasterIdentity = "39410d7f2a:0:badb041ef2a6e50e001222e76cf41ee41a71d944e67501d71d0635701975bd27a7c84106d76a4b14c5dc0082cce73ecbf05762df9d740df10314ce8f58841c99:ae8cc6d2b48123b48c5c78d4ead5947adc58cbcab2585b3997061e2316a60f7916ac5564e7602e4d035816fd11906d4e0018a18c8fc5fd88b4e46ce706c45597"; - -// Test member identities -var memberIdentities = { - "bf521d42f3": "bf521d42f3:0:1f08082079e35dc4a08e87947b9f314ec1cbecd8ff9f744f69a5ba9840efe76d9490a307262f684d643c7ba517dd9209d65b4cf2f691f21c3884514b9dc88fb1:9b8b4a7de3bae5c26513ce1c75495e4a42b7c7b29dc650bea477019f13f57f6b84f098fe3498caf758175dcb0ddafd8fc818b05f7cc620b46a51c78a9177c96a", - "c0dd8dbaf3": "c0dd8dbaf3:0:ce3513e1344ec32cb5d914cf2295d76a4818a8f6c0e9242efbf9744a861893552d8bed75a4fd9954ca1db259e72fd4e0c3a1f7b1ef665c341ab3c4929e741716:92410fe5b422bb1891a94d139e219a5b035866e9070eb43a96898f71aef61e01dee9e9de8f6e9565d5a1c3167b128a040781bf627d643e6be368d8f32eeaa27e", - "c8a24c4e66": "c8a24c4e66:0:4b1fea827d3e36bf7aa880ccb31ba9af85c4822da3ee672bebd0d7b6b2e39052de45d185a0093badb4945c9c51bf6274e2fb60405cd5fe92e35af47ada133b71:e78b9df0355eece7b12274c049d96219a3025c0612f87138dd82f171dcad9ef6ac6fdd362e2d81cd79abdfea310a9c8eb9b66bce00c11f8ee90e6a5e09f6de6f", - "d75952db23": "d75952db23:0:3f94e97ca4f5d406af80d56e2b92dd1218214f683e4828b69f0e3686888b397385979f882e1112ad45b8d913c11968eeaf67bd117bdcc648d903b3caac669284:b5798859e7bcce9ef75024f5bc53ee1299aa05e129dfa528b362f7be7ed4947e5a07634d55e53d96f65967a5819537327eadab2fe93d487348864a3acdbfd06d", - "46cf921359": "46cf921359:0:5bb72587cd0be9c7ed5fa4a8660251533c9dce8ce9267e6d886eb9670ca2cb44c610bcd37d64d33a1a66c8ece66e79a9528e9ca6d6ee718770551de4ab6a585a:ea5fb0429234a4e4f182d8bedcdacbd896e6502347e79e8ce9cacb6ca9271145457ce797a585511427f7d03bb5add636d408e8292ef3f9a5478da1d6ac56cf90", - "d3cc6e0998": "d3cc6e0998:0:ab43003195bcbfb52d860eec52bca97782ca7a7d640721dbfa92e2ba0d897e19e61c6e6ca8f55ba3600d3a5163474679c29c1c5873ca3f4a102adbc696e7bf9f:dcfb7c9ec072aca226d86d3d3c9229c3cf1a6ef2ab650e6c0ac314951eb391e8d5dc9751259ece45e8cf0bca3540da82ce984c7a04e0cab7f74ffe15ad81a2db", - "3b09b12f05": "3b09b12f05:0:413e3a01d5b5b626f815ef2f984caebd2337fd7a679a9c35a1d4fb63e357625bfa9905bfc93f866908baeac0df943f356981ad735dd6125941961f1950145956:9be0be044d2f0625420017fe1dddda1321739ce1072ea9f2af6d651af07342c83302fdfeef80184315625761407084c2da08d2a0e61d9fd297bec46a2fe46fdc", - "b1df956f1b": "b1df956f1b:0:87635a20426a8b7ed6d590fdc972e0849635f9c765fc1edc05724eb79d32cd4d9962329074f7fd9673acc0dc3898e1f3c720b8aac8a1b382e0ff421810785f94:408c8a3a55d12846e956369c506148c710345dd7249239a10dc2829e79536e864867cadaf48ea9626c7489307a9832fdaef854cff065331696fee28e597586cc" -}; - -// Test database initial state -var initialTestData = { - "zt1:schema": 2, - - "zt1:network:39410d7f2a111111:~": { - "id": "39410d7f2a111111", - "name": "zerotier-testnet", - "desc": "Test Public Network", - "private": "0", - "etherTypes": "0800,0806", - "enableBroadcast": "1", - "v4AssignMode": "zt", - "v4AssignPool": "192.168.123.0/24", - "v6AssignMode": "none" - }, - "zt1:network:39410d7f2a111111:revision": 1, - - "zt1:network:39410d7f2a222222:~": { - "id": "39410d7f2a222222", - "name": "zerotier-testnet2", - "desc": "Test Private Network", - "private": "1", - "etherTypes": "0800,0806", - "enableBroadcast": "1", - "v4AssignMode": "zt", - "v4AssignPool": "192.168.124.0/24", - "v6AssignMode": "none" - }, - "zt1:network:39410d7f2a222222:members": [ "bf521d42f3", "c0dd8dbaf3" ], - "zt1:network:39410d7f2a222222:member:bf521d42f3": { - "id": "bf521d42f3", - "nwid": "39410d7f2a222222", - "authorized": "1", - "identity": "bf521d42f3:0:1f08082079e35dc4a08e87947b9f314ec1cbecd8ff9f744f69a5ba9840efe76d9490a307262f684d643c7ba517dd9209d65b4cf2f691f21c3884514b9dc88fb1" - }, - "zt1:network:39410d7f2a222222:member:c0dd8dbaf3": { - "id": "c0dd8dbaf3", - "nwid": "39410d7f2a222222", - "authorized": "0", - "identity": "c0dd8dbaf3:0:ce3513e1344ec32cb5d914cf2295d76a4818a8f6c0e9242efbf9744a861893552d8bed75a4fd9954ca1db259e72fd4e0c3a1f7b1ef665c341ab3c4929e741716" - }, - "zt1:network:39410d7f2a222222:revision": 2 -}; - -// --------------------------------------------------------------------------- - -var async = require('async'); -var redis = require('redis'); - -var DB = redis.createClient(); -DB.on("error",function(err) { console.error('redis query error: '+err); }); -DB.select(redisDatabaseNumber,function() {}); - -async.series([function(nextStepInTesting) { - - console.log('Loading test data...'); - - async.eachSeries(Object.keys(initialTestData),function(key,next) { - var value = initialTestData[key]; - if (typeof value === 'object') { - async.eachSeries(Object.keys(value),function(hkey,next2) { - DB.hset(key,hkey,value[hkey],next2); - },next); - } else if ((typeof value !== 'undefined')&&(value !== null)) { - if (Array.isArray(value)) { - DB.sadd(key,value,next); - } else { - DB.set(key,value,next); - } - } else return next(null); - },function(err) { - if (err) { - console.log('Error loading initial data: '+err); - return process.exit(1); - } else { - return nextStepInTesting(); - } - }); - -},function(nextStepInTesting) { - -}]); diff --git a/netconf/tests/tests.cpp b/netconf/tests/tests.cpp deleted file mode 100644 index 510325f2a..000000000 --- a/netconf/tests/tests.cpp +++ /dev/null @@ -1,27 +0,0 @@ -/* - * ZeroTier One - Network Virtualization Everywhere - * Copyright (C) 2011-2015 ZeroTier, Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * -- - * - * ZeroTier may be used and distributed under the terms of the GPLv3, which - * are available at: http://www.gnu.org/licenses/gpl-3.0.html - * - * If you would like to embed ZeroTier into a commercial application or - * redistribute it in a modified binary form, please contact ZeroTier Networks - * LLC. Start here: http://www.zerotier.com/ - */ -