Web socket subscription to see IPAM changes in a CEN/CIN:
- Create CENs. There are many ways to do this here is one:
curl -d @cen.json http://localhost:8080/cen
- Connect to the monitor using the simple websocket viewer
http://localhost:8080/leviathan/monitor/test/index.html
- Create a monitor
- cut-and-paste the JSON below into the input box and click "send"
JSON to create a subscription:
{
"type":"start",
"sequence":"1",
"monitor":"CIN",
"parameters":{
"cinID":"cen1"
}
}
- Observe the response on the webpage:
RESPONSE: {"type":"response","sequence":"1","response":{"state":[{"tag":null,"ipaddress":"10.7.0.11","containerID":"c2"},{"tag":null,"ipaddress":"10.11.0.10","containerID":"c2"},{"tag":null,"ipaddress":"10.7.0.13","containerID":"c14"},{"tag":null,"ipaddress":"10.7.0.12","containerID":"c13"},{"tag":null,"ipaddress":"10.7.0.10","containerID":"c1"}],"monitorID":"1441765085652924"}}
- Create a new container in a CEN:
curl -v -X PUT -H "content-type: application/json" http://localhost:8080/host/host1/cA/cen1 - Observe the response on the webpage:
RESPONSE: {"type":"event","monitorID":"undefined","message":[{"tag":null,"ipaddress":"10.7.0.14","containerID":"cA"}],"event":"create"}
- Create another new container in a CEN. There are many ways to do this here is one:
curl -v -X PUT -H "content-type: application/json" http://localhost:8080/host/host1/cB/cen1
- Observe the response on the webpage:
RESPONSE: {"type":"event","monitorID":"undefined","message":[{"tag":null,"ipaddress":"10.7.0.15","containerID":"cB"}],"event":"create"}
- Incremental container membership via
docker runenvironment variableLEV_CIN
To add Docker container to a Leviathian Conatiner IP Network (CIN), set the container environment variable LEV_CIN with LEV_CIN=<cin1>,<cin2>,...,<cinN>. You must also set --net=none.
For example:
docker run --net=none -i -t -e LEV_CIN=cen1 ubuntu:14.04 /bin/bash
WARNING: The CIN must already have been created. You can do this using the instructions here:
https://hub.docker.com/r/ivanos/leviathan/
- Launch Leviathan 0.8
docker run -v /run:/run -v /var:/host/var -v /proc:/host/proc --net=host --privileged=true -i -t ivanos/leviathan:rel-0.8
- Create couple of CINS using the Leviathan test tool. You can find cpool.json used in this example here: https://github.com/ivanos/leviathan_lib/blob/master/cpool.json
curl -d@cpool.json http://localhost:8080/cpool
- Ping a container from the host to make sure everything is working
$ ping 10.7.0.10
PING 10.7.0.10 (10.7.0.10) 56(84) bytes of data.
64 bytes from 10.7.0.10: icmp_seq=1 ttl=64 time=0.050 ms
64 bytes from 10.7.0.10: icmp_seq=2 ttl=64 time=0.090 ms
- Start a new container and add it to
cen2
$ docker run -i --net=none -e LEV_CIN=cen2 -t ubuntu:14.04 /bin/bash
root@34fc181ba62d:/#
- Visually inspect that the container is a member of
cen2
root@34fc181ba62d:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
89: cen2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b2:46:3c:1f:fd:83 brd ff:ff:ff:ff:ff:ff
inet 10.7.0.16/16 scope global cen2
valid_lft forever preferred_lft forever
inet6 fe80::b046:3cff:fe1f:fd83/64 scope link tentative
valid_lft forever preferred_lft forever
- ping the container from the host
$ ping 10.7.0.16
PING 10.7.0.16 (10.7.0.16) 56(84) bytes of data.
64 bytes from 10.7.0.16: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 10.7.0.16: icmp_seq=2 ttl=64 time=0.075 ms
64 bytes from 10.7.0.16: icmp_seq=3 ttl=64 time=0.088 ms
- Browse to the Dobby Visualizer to visually inspect all the Leviathan bindings that make up
cen1andcen2:
http://localhost:8080/static/www/index.html`
- If you want to destroy both
cen1andcen2:
curl -d'["cen1","cen2"]' http://localhost:8080/cen/destroy
- NOTE: if you want to clear out all your Docker containers just restart Docker
$sudo restart docker
In order to test Leviathan in isolation (i.e. no requirement for other ochestration tools), 0.7.1 introduces support for container pools (cpools). By defining a cpool, some number of containers with a specific tag will be started and added to specific container ip networks (CINs). A RESTful API /cpool is added to upload a list of cpools, start the containers and wire the network accordingly. Using this facility the tester does not have to keep track of ContainerIDs.
UNDER CONSTRUCTION: 0.9 For this release /bin/bash will be executed in the containers, but that will be settable in 0.9
| URI | Method | Body | Description |
|---|---|---|---|
| /cpool | POST | JSON file | upload CPool JSON file |
{
"cpoolID": <CPoolId>,
"type": <ContainerType>,
"start_with": <Number of ContainerType to run>,
"cins":[{"cinID":<CinID>,"default_route":<optional "true"|"false">},...]
}
{"cpoolList":
[
{"cpoolID":"pool1",
"type":"ubuntu:14.04",
"start_with": 3,
"cins":[{"cinID":"cen1","default_route":"true"},
{"cinID":"cen2"}]},
{"cpoolID":"pool2",
"type":"ubuntu:14.04",
"start_with": 3,
"cins":[{"cinID":"cen2"}]}
]
}
- Load this file into Leviathan with the following command:
curl -d @/tmp/cpool.json http://<lev_host>:8080/cpool - Check the host machine and running containers. The JSON file in this example will create six containers and two bridges
cen1andcen2. Three (of six) containers will be added tocen1and six (of six) containers tocen2. It will assign IP Addresses of the form10.7.X.Ytocen1and10.8.X.Ytocen2. You can see the bridges and interfaces created on the host by running:ip aYou can see the interfaces created in the containers and their IP Addresses by running:docker exec <container id> ip a - Exec into various containers that are members of the same CIN and try to have them ping one another
- Try to ping containers from the host
- Remove the networking components from the host machine and running containers:
curl -d '["cen1","cen2"]' http://<lev_host>:8080/cin/destroy
The examples listed in the DockerHub documentation for 0.7.1 https://hub.docker.com/r/ivanos/leviathan/ uses the CEN JSON format with the CIN API calls. This is correct for this release, but expect the JSON format for CINs to be slightly different in the next release. For example the use of cinID rather than cenID.
Leviathan will create /16 CINs with 65511 usable IP addresses per CIN. Leviathan will assign an IP address in the form: 10.X.Y.Z where X is in the range 7-250 and Y.Z is in the range 0.10-255.240
X will increment for every CIN and Y.Z will increment for every container within a CIN.
For example, the first container in the first CIN will have the IP address: 10.7.0.10.
Leviathan will always set up CINs to forward to a different networks using a default gateway of 10.X.0.1. Multi-homed containers (e.g. containers which are members of more than one CIN) will be able to reach containers in every CIN it is a member directly through the membership interface and not through the default gateway.