Network isolation modules for Apache Mesos
The first implementation in this repository showcases Apache Mesos using Project Calico as the networking solution.
We recommend running the demo from a Linux host, specifically Ubuntu 14.04-desktop. A Vagrant file has been provided to create this environment.
The following table provides information on which Netmodules branches/releases are compatible with which version of Mesos:
| Mesos Version | Netmodules Version |
|---|---|
| 0.27.0 | 0.2.x |
| 0.26.0 | 0.1.x |
-
Download and install VirtualBox and Vagrant.
-
Clone this repository.
git clone https://github.com/mesosphere/net-modules.git -
Start the Vagrant VM. This will automatically provision the VM. Sit back and relax, it takes a few minutes to pre-load the Docker images used for the demo.
cd net-modules vagrant up -
Ensure you wait until the Vagrant script has completed succesfully before moving onto the Demo.
Note: the shell provision step contains steps that must be performed each time the VM is booted. Append the --provision-with shell flag when running vagrant up or vagrant reload when booting the VM subsequent times.
-
Install Docker: https://docs.docker.com/installation/
-
Install Docker-compose: https://docs.docker.com/compose/install/
-
Load Kernel modules used by Project Calico:
sudo modprobe ip6_tables sudo modprobe xt_set -
Clone this repository.
git clone https://github.com/mesosphere/net-modules.git
Vagrant users should run all demo functionality from within their Ubuntu VM.
The demo runs several docker images to simulate a full Mesos Cluster:
| Image | Description |
|---|---|
| mesosmaster | mesos master |
| slave | mesos slave |
| marathon | mesos app framework |
| zookeeper | datastore for Mesos |
| etcd | datastore for Calico |
To download and build these docker images, enter the net-modules directory and run:
make images
This first demo shows what life is like with "vanilla" Mesos: port conflicts and no network isolation.
-
Launch the Cluster
./demo/launch-cluster-before.shThe docker-compose.yml file binds port 5050 on the Host to port 5050 of the Mesos-Master docker container, allowing quick access to the mesos UI via
http://localhost:5050/. Upon visiting the UI, you should see a working Mesos status page with no tasks and two slaves. -
Launch the probes:
./demo/launch-probes-before.shIn "before" mesos networking, tasks run on each slave bind to ports on their Host. The Stars-visualization task is set to bind to port 9001. Since it is launched first, mesos should launch it on
netmodules_slave_1. -
View the Stars Visualization by first finding the IP of
netmodules_slave_1docker inspect --format '{{ .NetworkSettings.IPAddress }}' netmodules_slave_1Then visit
http://<SLAVE_1_IP>:9001/to see the visualization. You should see only two probes are running, since multiple probes cannot bind to the same port on the same host.404? Mesos may have launched the UI task on the other slave. Rerun step 3 with
netmodules_slave_2 -
Tear down the cluster for your next demo.
./demo/stop-cluster-before.sh
This demo shows Calico without network isolation. All probes are assigned their own IP Address and can reach one another.
-
Launch the cluster
./demo/launch-cluster.sh -
Wait until the cluster is up, then launch the probes
./demo/launch-probes.sh -
View the Stars Visualizer by visiting http://192.168.255.253:9001/.
Since each probe has its own IP, we can view the Stars Visualizer by directly navigating to the IP it was statically assigned.
-
Using the same cluster, launch the test probes and targets with isolation.
./demo/launch-probes-isolated.sh -
Verify by visiting the Isolated Stars Visualizer page: http://192.168.255.252:9001/
-
Tear down the test workloads.
./demo/stop-probes.sh ./demo/stop-probes-isolated.shOr, alternatively simply tear down the cluster.
./demo/stop-cluster.sh
-
To build RPMs just type:
make builder-rpm -
To clean build stuff:
make builder-clean