fixing netclient

Dockerfile

@@ -34,4 +34,3 @@ EXPOSE 8081
 EXPOSE 50051
 
 CMD ["./app"]
-

Dockerfile-netclient

@@ -0,0 +1,26 @@
+#first stage - builder
+
+FROM golang:latest as builder
+
+COPY . /app
+
+WORKDIR /app/netclient
+
+ENV GO111MODULE=auto
+
+RUN CGO_ENABLED=0 GOOS=linux go build -o netclient main.go
+
+#second stage
+
+FROM debian:latest
+
+RUN apt-get update && apt-get -y install systemd procps
+
+WORKDIR /root/
+
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+COPY --from=builder /app/netclient/netclient .
+
+CMD ["./netclient"]
+

config/config.go

@@ -36,6 +36,7 @@ type EnvironmentConfig struct {
 
 // ServerConfig :
 type ServerConfig struct {
+  CoreDNSAddr string `yaml:"corednsaddr"`
   APIConnString string `yaml:"apiconn"`
   APIHost   string  `yaml:"apihost"`
   APIPort   string `yaml:"apiport"`

controllers/networkHttpController.go

@@ -689,6 +689,7 @@ func CreateAccessKey(accesskey models.AccessKey, network models.Network) (models
         s := servercfg.GetServerConfig()
         w := servercfg.GetWGConfig()
 	servervals := models.ServerConfig{
+			CoreDNSAddr: s.CoreDNSAddr,
 			APIConnString: s.APIConnString,
 			APIHost: s.APIHost,
 			APIPort: s.APIPort,

kube/netclient-daemonset.yaml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: netclient
+  labels:
+    app: netclient
+spec:
+  selector:
+    matchLabels:
+      app: netclient
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: netclient
+    spec:
+      hostNetwork: true
+      containers:
+      - name: netclient
+        image: gravitl/netclient:v0.5.5
+        command: ['bash', '-c', "netclient checkin -n $NETWORK; sleep $SLEEP"]
+        env:
+        - name: ACCESS_TOKEN
+          value: "XXXX"
+        - name: NETWORK
+          value: "default"
+        - name: SLEEP
+          value: 30
+        volumeMounts:
+        - mountPath: /etc/netclient
+          name: etc-netclient
+        - mountPath: /usr/bin/wg
+          name: wg
+        securityContext:
+          privileged: true
+      initContainers:
+      - name: netclient-join
+        image: gravitl/netclient:v0.5.5
+        command: ['bash', '-c', "netclient join -t $ACCESS_TOKEN --daemon off"]
+        env:
+        - name: ACCESS_TOKEN
+          value: "XXXX"
+        volumeMounts:
+        - mountPath: /etc/netclient
+          name: etc-netclient
+        - mountPath: /usr/bin/wg
+          name: wg
+        securityContext:
+          privileged: true
+  volumes:
+  - hostPath:
+      path: /etc/netclient
+      type: DirectoryOrCreate
+    name: etc-netclient
+  - hostPath:
+      path: /usr/bin/wg
+      type: File
+    name: wg

main.go

@@ -87,7 +87,12 @@ func main() {
 		waitnetwork.Add(1)
 		go runGRPC(&waitnetwork, installserver)
 	}
-
+        if servercfg.IsDNSMode() {
+		err := controller.SetDNS()
+                if err != nil {
+                        log.Fatal(err)
+                }
+        }
 	//Run Rest Server
 	if servercfg.IsRestBackend() {
                 if !servercfg.DisableRemoteIPCheck() && servercfg.GetAPIHost() == "127.0.0.1" {

models/accessToken.go

@@ -13,6 +13,7 @@ type ClientConfig struct {
 }
 
 type ServerConfig struct {
+  CoreDNSAddr string `json:"corednsaddr"`
   APIConnString string `json:"apiconn"`
   APIHost   string  `json:"apihost"`
   APIPort   string `json:"apiport"`

netclient/Dockerfile

@@ -0,0 +1,9 @@
+FROM debian:latest
+
+RUN apt-get update && apt-get -y install systemd procps
+
+WORKDIR /root/
+
+COPY netclient .
+
+CMD ["./netclient checkin"]

netclient/command/commands.go

@@ -58,7 +58,7 @@ func CheckIn(cfg config.ClientConfig) error {
 		log.Println("Required, '-n'. No network provided. Exiting.")
                 os.Exit(1)
         }
-	err := functions.CheckIn(cfg.Network)
+	err := functions.CheckIn(cfg)
 	if err != nil {
 		log.Println("Error checking in: ", err)
 		os.Exit(1)

netclient/config/config.go

@@ -26,6 +26,7 @@ type ClientConfig struct {
 	OperatingSystem string `yaml:"operatingsystem"`
 }
 type ServerConfig struct {
+        CoreDNSAddr string `yaml:"corednsaddr"`
         GRPCAddress string `yaml:"grpcaddress"`
         APIAddress string `yaml:"apiaddress"`
         AccessKey string `yaml:"accesskey"`
@@ -55,7 +56,6 @@ type NodeConfig struct {
         IsLocal string `yaml:"islocal"`
         IsDualStack string `yaml:"isdualstack"`
         IsIngressGateway string `yaml:"isingressgateway"`
-        AllowedIPs []string `yaml:"allowedips"`
         LocalRange string `yaml:"localrange"`
         PostUp string `yaml:"postup"`
         PostDown string `yaml:"postdown"`
@@ -85,9 +85,6 @@ func Write(config *ClientConfig, network string) error{
         }
 	home := "/etc/netclient"
 
-        if err != nil {
-                log.Fatal(err)
-        }
         file := fmt.Sprintf(home + "/netconfig-" + network)
         f, err := os.OpenFile(file, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, os.ModePerm)
         defer f.Close()
@@ -408,6 +405,7 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
 		cfg.Node.LocalRange = accesstoken.ClientConfig.LocalRange
 		cfg.Server.GRPCSSL = accesstoken.ServerConfig.GRPCSSL
 		cfg.Server.GRPCWireGuard = accesstoken.WG.GRPCWireGuard
+		cfg.Server.CoreDNSAddr = accesstoken.ServerConfig.CoreDNSAddr
 		if c.String("grpcserver") != "" {
 			cfg.Server.GRPCAddress = c.String("grpcserver")
 		}
@@ -427,6 +425,9 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
                 if c.String("grpcssl") != "" {
                         cfg.Server.GRPCSSL = c.String("grpcssl")
                 }
+                if c.String("corednsaddr") != "" {
+                        cfg.Server.CoreDNSAddr = c.String("corednsaddr")
+                }
                 if c.String("grpcwg") != "" {
                         cfg.Server.GRPCWireGuard = c.String("grpcwg")
                 }
@@ -440,6 +441,7 @@ func GetCLIConfig(c *cli.Context) (ClientConfig, error){
                 cfg.Node.LocalRange = c.String("localrange")
                 cfg.Server.GRPCWireGuard = c.String("grpcwg")
                 cfg.Server.GRPCSSL = c.String("grpcssl")
+                cfg.Server.CoreDNSAddr = c.String("corednsaddr")
 	}
 	cfg.Node.Name = c.String("name")
 	cfg.Node.Interface = c.String("interface")

netclient/functions/checkin.go

@@ -10,6 +10,7 @@ import (
 	"net"
 	"os/exec"
         "github.com/gravitl/netmaker/netclient/config"
+        "github.com/gravitl/netmaker/netclient/local"
         "github.com/gravitl/netmaker/netclient/wireguard"
         "github.com/gravitl/netmaker/netclient/server"
         "github.com/gravitl/netmaker/netclient/auth"
@@ -19,7 +20,8 @@ import (
 	//homedir "github.com/mitchellh/go-homedir"
 )
 
-func CheckIn(network string) error {
+func CheckIn(cliconf config.ClientConfig) error {
+	network := cliconf.Network
 	node := server.GetNode(network)
         cfg, err := config.ReadConfig(network)
         if err != nil {
@@ -32,6 +34,14 @@ func CheckIn(network string) error {
 	setupcheck := true
 	ipchange := false
 
+        if nodecfg.DNS == "on" || cliconf.Node.DNS == "on" {
+		fmt.Println("setting dns")
+		ifacename := node.Interface
+		nameserver := servercfg.CoreDNSAddr
+		network := node.Nodenetwork
+                _ = local.UpdateDNS(ifacename, network, nameserver)
+        }
+
 	if !(nodecfg.IPForwarding == "off") {
 		out, err := exec.Command("sysctl", "net.ipv4.ip_forward").Output()
                  if err != nil {
@@ -125,10 +135,13 @@ func CheckIn(network string) error {
         var wcclient nodepb.NodeServiceClient
         var requestOpts grpc.DialOption
         requestOpts = grpc.WithInsecure()
-        if cfg.Server.GRPCSSL == "on" {
+        if servercfg.GRPCSSL == "on" {
+		log.Println("using SSL")
                 h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
                 requestOpts = grpc.WithTransportCredentials(h2creds)
-        }
+        } else {
+                log.Println("using insecure GRPC connection")
+	}
         conn, err := grpc.Dial(servercfg.GRPCAddress, requestOpts)
         if err != nil {
 		fmt.Printf("Cant dial GRPC server: %v", err)

netclient/functions/join.go

@@ -183,6 +183,7 @@ func JoinNetwork(cfg config.ClientConfig) error {
         if err != nil {
                 return err
         }
+	log.Println("node created on remote server...updating configs")
         node := res.Node
         if err != nil {
                 return err
@@ -211,16 +212,18 @@ func JoinNetwork(cfg config.ClientConfig) error {
 			return err
 		}
 	}
-
+	log.Println("retrieving remote peers")
 	peers, hasGateway, gateways, err := server.GetPeers(node.Macaddress, cfg.Network, cfg.Server.GRPCAddress, node.Isdualstack, node.Isingressgateway)
 
 	if err != nil {
+		log.Println("failed to retrieve peers")
                 return err
         }
 	err = wireguard.StorePrivKey(cfg.Node.PrivateKey, cfg.Network)
         if err != nil {
                 return err
         }
+        log.Println("starting wireguard")
 	err = wireguard.InitWireguard(node, cfg.Node.PrivateKey, peers, hasGateway, gateways)
         if err != nil {
                 return err

netclient/server/grpc.go

@@ -143,7 +143,12 @@ func GetPeers(macaddress string, network string, server string, dualstack bool,
 
 
         requestOpts := grpc.WithInsecure()
-        conn, err := grpc.Dial(server, requestOpts)
+        if cfg.Server.GRPCSSL == "on" {
+                h2creds := credentials.NewTLS(&tls.Config{NextProtos: []string{"h2"}})
+                requestOpts = grpc.WithTransportCredentials(h2creds)
+        }
+
+	conn, err := grpc.Dial(server, requestOpts)
         if err != nil {
                 log.Fatalf("Unable to establish client connection to localhost:50051: %v", err)
         }
@@ -157,15 +162,15 @@ func GetPeers(macaddress string, network string, server string, dualstack bool,
         ctx := context.Background()
         ctx, err = auth.SetJWT(wcclient, network)
         if err != nil {
-                fmt.Println("Failed to authenticate.")
+                log.Println("Failed to authenticate.")
                 return peers, hasGateway, gateways, err
         }
         var header metadata.MD
 
         stream, err := wcclient.GetPeers(ctx, req, grpc.Header(&header))
         if err != nil {
-                fmt.Println("Error retrieving peers")
-                fmt.Println(err)
+                log.Println("Error retrieving peers")
+                log.Println(err)
                 return nil, hasGateway, gateways, err
         }
         for {

netclient/wireguard/kernel.go

@@ -186,8 +186,7 @@ func InitWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig
 	if node.Address == "" {
 		log.Fatal("no address to configure")
 	}
-	nameserver := servercfg.GRPCAddress
-	nameserver = strings.Split(nameserver, ":")[0]
+	nameserver := servercfg.CoreDNSAddr
 	network := node.Nodenetwork
         if nodecfg.Network != "" {
                 network = nodecfg.Network

servercfg/serverconf.go

@@ -20,6 +20,7 @@ func SetHost() error {
 func GetServerConfig() config.ServerConfig {
 	var cfg config.ServerConfig
 	cfg.APIConnString = GetAPIConnString()
+	cfg.CoreDNSAddr = GetCoreDNSAddr()
 	cfg.APIHost = GetAPIHost()
 	cfg.APIPort = GetAPIPort()
 	cfg.GRPCConnString = GetGRPCConnString()
@@ -129,6 +130,16 @@ func GetGRPCConnString() string {
         return conn
 }
 
+func GetCoreDNSAddr() string {
+        addr, _ := GetPublicIP()
+        if os.Getenv("COREDNS_ADDR") != ""  {
+                addr = os.Getenv("COREDNS_ADDR")
+        } else if config.Config.Server.CoreDNSAddr != "" {
+                addr = config.Config.Server.GRPCConnString
+        }
+        return addr
+}
+
 func GetGRPCHost() string {
 	serverhost := "127.0.0.1"
 	if IsGRPCWireGuard() {