Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NET-1778: scale test code changes #3203

Merged
merged 33 commits into from
Dec 10, 2024
Merged
Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
767d1b5
comment ACL call and add debug message
yabinma Nov 12, 2024
b9b04dd
Merge branch 'develop' into NET-1778
yabinma Nov 12, 2024
8340cb0
add cache for network nodes
yabinma Nov 12, 2024
91f58e9
fix load node to network cache issue
yabinma Nov 12, 2024
b79d031
add peerUpdate call 1 min limit
yabinma Nov 15, 2024
f722b8a
add debug log for scale test
yabinma Nov 18, 2024
439cc87
Merge branch 'develop' into NET-1778
yabinma Nov 18, 2024
0d801e0
release maps
abhishek9686 Nov 18, 2024
74306d6
avoid default policy for node
abhishek9686 Nov 18, 2024
9ec8283
1 min limit for peerUpdate trigger
yabinma Nov 18, 2024
10b93d0
mq options
abhishek9686 Nov 21, 2024
db5d306
Revert "mq options"
abhishek9686 Nov 21, 2024
590479f
set peerUpdate run in sequence
yabinma Nov 21, 2024
a11e2dd
update for emqx 5.8.2
yabinma Nov 21, 2024
a13c907
remove batch peer update
yabinma Nov 21, 2024
a13e55b
change the sleep to 10 millisec to avoid timeout
yabinma Nov 22, 2024
359dc8f
add compress and change encrypt for peerUpdate message
yabinma Nov 22, 2024
b42c71e
add mem profiling and automaxprocs
yabinma Nov 10, 2024
127bf25
add failover ctx mutex
abhishek9686 Nov 22, 2024
f084691
ignore request to failover peer
abhishek9686 Nov 22, 2024
55b5500
Merge branch 'develop' into NET-1778
yabinma Nov 26, 2024
51aeb35
remove code without called
yabinma Nov 26, 2024
edfacc1
Merge branch 'develop' into NET-1778
yabinma Nov 27, 2024
57d4c40
remove debug logs
yabinma Nov 27, 2024
dfbb11e
update emqx to v5.8.2
yabinma Nov 27, 2024
344d61e
change broker keepalive
yabinma Nov 28, 2024
6ea86b4
add OLD_ACL_SUPPORT setting
yabinma Dec 3, 2024
21093c6
Merge branch 'develop' into NET-1778
yabinma Dec 3, 2024
1576e4c
add host version check for message encrypt
yabinma Dec 3, 2024
c45f255
remove debug message
yabinma Dec 3, 2024
553b055
remove peerUpdate call control
yabinma Dec 4, 2024
73f7354
Merge branch 'develop' into NET-1778
yabinma Dec 4, 2024
27369db
Merge branch 'develop' into NET-1778
yabinma Dec 6, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion compose/docker-compose-emqx.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ version: "3.4"
services:
mq:
container_name: mq
image: emqx/emqx:5.0.9
image: emqx/emqx:5.8.2
env_file: ./netmaker.env
restart: unless-stopped
environment:
Expand All @@ -20,6 +20,7 @@ services:
- emqx_data:/opt/emqx/data
- emqx_etc:/opt/emqx/etc
- emqx_logs:/opt/emqx/log
- ./emqx.conf:/opt/emqx/data/configs/cluster.hocon
volumes:
emqx_data: { } # storage for emqx data
emqx_etc: { } # storage for emqx etc
Expand Down
2 changes: 1 addition & 1 deletion controllers/acls.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ func aclDebug(w http.ResponseWriter, r *http.Request) {
logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest"))
return
}
allowed := logic.IsNodeAllowedToCommunicate(node, peer)
allowed := logic.IsNodeAllowedToCommunicate(node, peer, true)
logic.ReturnSuccessResponseWithJson(w, r, allowed, "fetched all acls in the network ")
}

Expand Down
6 changes: 6 additions & 0 deletions controllers/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ func serverHandlers(r *mux.Router) {
Methods(http.MethodGet)
r.HandleFunc("/api/server/cpu_profile", logic.SecurityCheck(false, http.HandlerFunc(cpuProfile))).
Methods(http.MethodPost)
r.HandleFunc("/api/server/mem_profile", logic.SecurityCheck(false, http.HandlerFunc(memProfile))).
Methods(http.MethodPost)
}

func cpuProfile(w http.ResponseWriter, r *http.Request) {
Expand All @@ -62,6 +64,10 @@ func cpuProfile(w http.ResponseWriter, r *http.Request) {
}
}
}
func memProfile(w http.ResponseWriter, r *http.Request) {
os.Remove("/root/data/mem.prof")
logic.StartMemProfiling()
}

func getUsage(w http.ResponseWriter, _ *http.Request) {
type usage struct {
Expand Down
21 changes: 21 additions & 0 deletions docker/emqx.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
authentication = [
{
backend = "built_in_database"
mechanism = "password_based"
password_hash_algorithm {
name = "sha256",
salt_position = "suffix"
}
user_id_type = "username"
}
]
authorization {
deny_action = ignore
no_match = allow
sources = [
{
type = built_in_database
enable = true
}
]
}
abhishek9686 marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ require (
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
github.com/stretchr/testify v1.9.0
github.com/txn2/txeh v1.5.5
go.uber.org/automaxprocs v1.6.0
golang.org/x/crypto v0.28.0
golang.org/x/net v0.27.0 // indirect
golang.org/x/oauth2 v0.23.0
Expand Down Expand Up @@ -51,6 +52,7 @@ require (
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/rivo/uniseg v0.2.0 // indirect
github.com/seancfoley/bintree v1.3.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
Expand Down
12 changes: 11 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ github.com/c-robinson/iplib v1.0.8/go.mod h1:i3LuuFL1hRT5gFpBRnEydzw8R6yhGkF4szN
github.com/coreos/go-oidc/v3 v3.9.0 h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo=
github.com/coreos/go-oidc/v3 v3.9.0/go.mod h1:rTKz2PYwftcrtoCzV5g5kvfJoWcm0Mk8AF8y1iAQro4=
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
Expand Down Expand Up @@ -46,6 +47,10 @@ github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKe
github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
Expand All @@ -64,6 +69,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/posthog/posthog-go v1.2.24 h1:A+iG4saBJemo++VDlcWovbYf8KFFNUfrCoJtsc40RPA=
github.com/posthog/posthog-go v1.2.24/go.mod h1:uYC2l1Yktc8E+9FAHJ9QZG4vQf/NHJPD800Hsm7DzoM=
github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
Expand All @@ -87,6 +94,8 @@ github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8
github.com/txn2/txeh v1.5.5 h1:UN4e/lCK5HGw/gGAi2GCVrNKg0GTCUWs7gs5riaZlz4=
github.com/txn2/txeh v1.5.5/go.mod h1:qYzGG9kCzeVEI12geK4IlanHWY8X4uy/I3NcW7mk8g4=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
Expand Down Expand Up @@ -142,8 +151,9 @@ golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb h1:9aqVcYED
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20221104135756-97bc4ad4a1cb/go.mod h1:mQqgjkW8GQQcJQsbBvK890TKqUK1DfKWkuBGbOkuMHQ=
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk=
gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
Expand Down
34 changes: 24 additions & 10 deletions logic/acls.go
Original file line number Diff line number Diff line change
Expand Up @@ -347,14 +347,20 @@ func GetDefaultPolicy(netID models.NetworkID, ruleType models.AclPolicyType) (mo
return acl, nil
}
// check if there are any custom all policies
srcMap := make(map[string]struct{})
dstMap := make(map[string]struct{})
defer func() {
srcMap = nil
dstMap = nil
}()
policies, _ := ListAcls(netID)
for _, policy := range policies {
if !policy.Enabled {
continue
}
if policy.RuleType == ruleType {
dstMap := convAclTagToValueMap(policy.Dst)
srcMap := convAclTagToValueMap(policy.Src)
dstMap = convAclTagToValueMap(policy.Dst)
srcMap = convAclTagToValueMap(policy.Src)
if _, ok := srcMap["*"]; ok {
if _, ok := dstMap["*"]; ok {
return policy, nil
Expand Down Expand Up @@ -512,29 +518,37 @@ func IsUserAllowedToCommunicate(userName string, peer models.Node) bool {
}

// IsNodeAllowedToCommunicate - check node is allowed to communicate with the peer
func IsNodeAllowedToCommunicate(node, peer models.Node) bool {
func IsNodeAllowedToCommunicate(node, peer models.Node, checkDefaultPolicy bool) bool {
if node.IsStatic {
node = node.StaticNode.ConvertToStaticNode()
}
if peer.IsStatic {
peer = peer.StaticNode.ConvertToStaticNode()
}
// check default policy if all allowed return true
defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
if err == nil {
if defaultPolicy.Enabled {
return true
if checkDefaultPolicy {
// check default policy if all allowed return true
defaultPolicy, err := GetDefaultPolicy(models.NetworkID(node.Network), models.DevicePolicy)
if err == nil {
if defaultPolicy.Enabled {
return true
}
}
}

// list device policies
policies := listDevicePolicies(models.NetworkID(peer.Network))
srcMap := make(map[string]struct{})
dstMap := make(map[string]struct{})
defer func() {
srcMap = nil
dstMap = nil
}()
for _, policy := range policies {
if !policy.Enabled {
continue
}
srcMap := convAclTagToValueMap(policy.Src)
dstMap := convAclTagToValueMap(policy.Dst)
srcMap = convAclTagToValueMap(policy.Src)
dstMap = convAclTagToValueMap(policy.Dst)
// fmt.Printf("\n======> SRCMAP: %+v\n", srcMap)
// fmt.Printf("\n======> DSTMAP: %+v\n", dstMap)
// fmt.Printf("\n======> node Tags: %+v\n", node.Tags)
Expand Down
27 changes: 14 additions & 13 deletions logic/acls/nodeacls/retrieve.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,19 +13,20 @@ var NodesAllowedACLMutex = &sync.Mutex{}

// AreNodesAllowed - checks if nodes are allowed to communicate in their network ACL
func AreNodesAllowed(networkID NetworkID, node1, node2 NodeID) bool {
NodesAllowedACLMutex.Lock()
defer NodesAllowedACLMutex.Unlock()
var currentNetworkACL, err = FetchAllACLs(networkID)
if err != nil {
return false
}
var allowed bool
acls.AclMutex.Lock()
currNetworkACLNode1 := currentNetworkACL[acls.AclID(node1)]
currNetworkACLNode2 := currentNetworkACL[acls.AclID(node2)]
acls.AclMutex.Unlock()
allowed = currNetworkACLNode1.IsAllowed(acls.AclID(node2)) && currNetworkACLNode2.IsAllowed(acls.AclID(node1))
return allowed
return true
abhishek9686 marked this conversation as resolved.
Show resolved Hide resolved
// NodesAllowedACLMutex.Lock()
// defer NodesAllowedACLMutex.Unlock()
// var currentNetworkACL, err = FetchAllACLs(networkID)
// if err != nil {
// return false
// }
// var allowed bool
// acls.AclMutex.Lock()
// currNetworkACLNode1 := currentNetworkACL[acls.AclID(node1)]
// currNetworkACLNode2 := currentNetworkACL[acls.AclID(node2)]
// acls.AclMutex.Unlock()
// allowed = currNetworkACLNode1.IsAllowed(acls.AclID(node2)) && currNetworkACLNode2.IsAllowed(acls.AclID(node1))
// return allowed
}

// FetchNodeACL - fetches a specific node's ACL in a given network
Expand Down
8 changes: 4 additions & 4 deletions logic/extpeers.go
Original file line number Diff line number Diff line change
Expand Up @@ -564,7 +564,7 @@ func GetFwRulesOnIngressGateway(node models.Node) (rules []models.FwRule) {
if peer.StaticNode.ClientID == nodeI.StaticNode.ClientID || peer.IsUserNode {
continue
}
if IsNodeAllowedToCommunicate(nodeI, peer) {
if IsNodeAllowedToCommunicate(nodeI, peer, true) {
if peer.IsStatic {
if nodeI.StaticNode.Address != "" {
rules = append(rules, models.FwRule{
Expand Down Expand Up @@ -650,7 +650,7 @@ func GetExtPeers(node, peer *models.Node) ([]wgtypes.PeerConfig, []models.IDandA
continue
}
if extPeer.RemoteAccessClientID == "" {
if !IsNodeAllowedToCommunicate(extPeer.ConvertToStaticNode(), *peer) {
if !IsNodeAllowedToCommunicate(extPeer.ConvertToStaticNode(), *peer, true) {
continue
}
} else {
Expand Down Expand Up @@ -739,7 +739,7 @@ func getExtpeerEgressRanges(node models.Node) (ranges, ranges6 []net.IPNet) {
if len(extPeer.ExtraAllowedIPs) == 0 {
continue
}
if !IsNodeAllowedToCommunicate(extPeer.ConvertToStaticNode(), node) {
if !IsNodeAllowedToCommunicate(extPeer.ConvertToStaticNode(), node, true) {
continue
}
for _, allowedRange := range extPeer.ExtraAllowedIPs {
Expand All @@ -766,7 +766,7 @@ func getExtpeersExtraRoutes(node models.Node) (egressRoutes []models.EgressNetwo
if len(extPeer.ExtraAllowedIPs) == 0 {
continue
}
if !IsNodeAllowedToCommunicate(extPeer.ConvertToStaticNode(), node) {
if !IsNodeAllowedToCommunicate(extPeer.ConvertToStaticNode(), node, true) {
continue
}
egressRoutes = append(egressRoutes, getExtPeerEgressRoute(node, extPeer)...)
Expand Down
Loading
Loading