m/rdp-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gate VPN fabric session transport config

Browse Source
This commit is contained in:
Mikhail
2026-05-16 00:56:11 +03:00
parent 9cd0cb5ea9
commit e16f456fe8
11 changed files with 189 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files
agents/rap-node-agent/cmd/rap-node-agent/main.go
+14
View File
@@ -1115,6 +1115,7 @@ func meshListenerConfigKey(cfg config.Config) string {
strings.TrimSpace(cfg.MeshNATType), strings.TrimSpace(cfg.MeshNATType),
strings.TrimSpace(cfg.MeshRegion), strings.TrimSpace(cfg.MeshRegion),
fmt.Sprintf("%t", cfg.MeshProductionForwardingEnabled), fmt.Sprintf("%t", cfg.MeshProductionForwardingEnabled),
fmt.Sprintf("%t", cfg.VPNFabricSessionTransportEnabled),
}, "|") }, "|")
} }
@@ -2480,6 +2481,18 @@ func heartbeatPayload(cfg config.Config, identity state.Identity, meshState *syn
payload.Capabilities["fabric_session_websocket_endpoint"] = true payload.Capabilities["fabric_session_websocket_endpoint"] = true
payload.Capabilities["fabric_data_session_v1"] = true payload.Capabilities["fabric_data_session_v1"] = true
} }
if cfg.VPNFabricSessionTransportEnabled {
payload.Metadata["vpn_fabric_session_transport_report"] = map[string]any{
"schema_version": "rap.vpn_fabric_session_transport_report.v1",
"enabled": true,
"transport": "fabric_session_websocket_binary_frames",
"packet_payload": "rap.vpn_packet_batch.fabric.v1",
"gated": true,
"observed_at": observedAt.UTC().Format(time.RFC3339Nano),
}
payload.Capabilities["vpn_fabric_session_transport"] = true
payload.Capabilities["vpn_packet_batch_binary_frames"] = true
}
if meshState != nil && meshState.ConfigLoadError != "" { if meshState != nil && meshState.ConfigLoadError != "" {
payload.HealthStatus = "warning" payload.HealthStatus = "warning"
} }
@@ -3724,6 +3737,7 @@ func advertisedEndpointCandidates(cfg config.Config, identity state.Identity, me
"runtime": "c17z7", "runtime": "c17z7",
"synthetic_runtime": cfg.MeshSyntheticRuntimeEnabled, "synthetic_runtime": cfg.MeshSyntheticRuntimeEnabled,
"production_forwarding": cfg.MeshProductionForwardingEnabled, "production_forwarding": cfg.MeshProductionForwardingEnabled,
"vpn_fabric_session": cfg.VPNFabricSessionTransportEnabled,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
agents/rap-node-agent/cmd/rap-node-agent/main_test.go
+15 -8
View File
@@ -627,14 +627,15 @@ func TestProductionEnvelopeObservationSinkFromConfigIsDisabledByDefault(t *testi
func TestHeartbeatPayloadIncludesMeshEndpointReport(t *testing.T) { func TestHeartbeatPayloadIncludesMeshEndpointReport(t *testing.T) {
payload := heartbeatPayload(config.Config{ payload := heartbeatPayload(config.Config{
MeshAdvertiseEndpoint: "https://node-a.example.test:443", MeshAdvertiseEndpoint: "https://node-a.example.test:443",
MeshAdvertiseTransport: "wss", MeshAdvertiseTransport: "wss",
MeshConnectivityMode: "outbound_only", MeshConnectivityMode: "outbound_only",
MeshNATType: "symmetric", MeshNATType: "symmetric",
MeshRegion: "eu", MeshRegion: "eu",
MeshSyntheticRuntimeEnabled: true, MeshSyntheticRuntimeEnabled: true,
MeshProductionForwardingEnabled: true, MeshProductionForwardingEnabled: true,
MeshFabricSessionEnabled: true, MeshFabricSessionEnabled: true,
VPNFabricSessionTransportEnabled: true,
}, state.Identity{ }, state.Identity{
ClusterID: "cluster-1", ClusterID: "cluster-1",
NodeID: "node-a", NodeID: "node-a",
@@ -659,6 +660,12 @@ func TestHeartbeatPayloadIncludesMeshEndpointReport(t *testing.T) {
if report, ok := payload.Metadata["fabric_session_endpoint_report"].(map[string]any); !ok || report["path"] != "/mesh/v1/fabric/session/ws" { if report, ok := payload.Metadata["fabric_session_endpoint_report"].(map[string]any); !ok || report["path"] != "/mesh/v1/fabric/session/ws" {
t.Fatalf("fabric session endpoint report missing: %+v", payload.Metadata) t.Fatalf("fabric session endpoint report missing: %+v", payload.Metadata)
} }
if payload.Capabilities["vpn_fabric_session_transport"] != true || payload.Capabilities["vpn_packet_batch_binary_frames"] != true {
t.Fatalf("vpn fabric session capabilities missing: %+v", payload.Capabilities)
}
if report, ok := payload.Metadata["vpn_fabric_session_transport_report"].(map[string]any); !ok || report["packet_payload"] != "rap.vpn_packet_batch.fabric.v1" {
t.Fatalf("vpn fabric session report missing: %+v", payload.Metadata)
}
} }
func TestHeartbeatPayloadReportsMeshListenerFailureWithoutKillingHeartbeat(t *testing.T) { func TestHeartbeatPayloadReportsMeshListenerFailureWithoutKillingHeartbeat(t *testing.T) {
agents/rap-node-agent/internal/config/config.go
+2
View File
@@ -27,6 +27,7 @@ type Config struct {
MeshSyntheticRuntimeEnabled bool MeshSyntheticRuntimeEnabled bool
MeshProductionForwardingEnabled bool MeshProductionForwardingEnabled bool
MeshFabricSessionEnabled bool MeshFabricSessionEnabled bool
VPNFabricSessionTransportEnabled bool
MeshProductionObservationSinkCapacity int MeshProductionObservationSinkCapacity int
MeshListenAddr string MeshListenAddr string
MeshListenPortMode string MeshListenPortMode string
@@ -65,6 +66,7 @@ func Load(args []string, env map[string]string) (Config, error) {
fs.BoolVar(&cfg.MeshSyntheticRuntimeEnabled, "mesh-synthetic-runtime-enabled", getEnvBool(env, "RAP_MESH_SYNTHETIC_RUNTIME_ENABLED", false), "Enable C17A synthetic fabric probe runtime. Disabled by default.") fs.BoolVar(&cfg.MeshSyntheticRuntimeEnabled, "mesh-synthetic-runtime-enabled", getEnvBool(env, "RAP_MESH_SYNTHETIC_RUNTIME_ENABLED", false), "Enable C17A synthetic fabric probe runtime. Disabled by default.")
fs.BoolVar(&cfg.MeshProductionForwardingEnabled, "mesh-production-forwarding-enabled", getEnvBool(env, "RAP_MESH_PRODUCTION_FORWARDING_ENABLED", false), "Enable production fabric-control direct next-hop forwarding gate. Disabled by default.") fs.BoolVar(&cfg.MeshProductionForwardingEnabled, "mesh-production-forwarding-enabled", getEnvBool(env, "RAP_MESH_PRODUCTION_FORWARDING_ENABLED", false), "Enable production fabric-control direct next-hop forwarding gate. Disabled by default.")
fs.BoolVar(&cfg.MeshFabricSessionEnabled, "mesh-fabric-session-enabled", getEnvBool(env, "RAP_MESH_FABRIC_SESSION_ENABLED", false), "Enable authenticated fabric session WebSocket endpoint. Disabled by default.") fs.BoolVar(&cfg.MeshFabricSessionEnabled, "mesh-fabric-session-enabled", getEnvBool(env, "RAP_MESH_FABRIC_SESSION_ENABLED", false), "Enable authenticated fabric session WebSocket endpoint. Disabled by default.")
fs.BoolVar(&cfg.VPNFabricSessionTransportEnabled, "vpn-fabric-session-transport-enabled", getEnvBool(env, "RAP_VPN_FABRIC_SESSION_TRANSPORT_ENABLED", false), "Route VPN packet transport over persistent fabric session when explicitly enabled. Disabled by default.")
fs.IntVar(&cfg.MeshProductionObservationSinkCapacity, "mesh-production-observation-sink-capacity", getEnvSignedInt(env, "RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY", 0), "Bounded local metadata-only production envelope observation sink capacity. Disabled when 0.") fs.IntVar(&cfg.MeshProductionObservationSinkCapacity, "mesh-production-observation-sink-capacity", getEnvSignedInt(env, "RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY", 0), "Bounded local metadata-only production envelope observation sink capacity. Disabled when 0.")
fs.StringVar(&cfg.MeshListenAddr, "mesh-listen-addr", getEnv(env, "RAP_MESH_LISTEN_ADDR", ""), "Listen address for disabled-by-default C17E synthetic mesh HTTP endpoint.") fs.StringVar(&cfg.MeshListenAddr, "mesh-listen-addr", getEnv(env, "RAP_MESH_LISTEN_ADDR", ""), "Listen address for disabled-by-default C17E synthetic mesh HTTP endpoint.")
fs.StringVar(&cfg.MeshListenPortMode, "mesh-listen-port-mode", getEnv(env, "RAP_MESH_LISTEN_PORT_MODE", "manual"), "Mesh listen port behavior: manual, auto, or disabled.") fs.StringVar(&cfg.MeshListenPortMode, "mesh-listen-port-mode", getEnv(env, "RAP_MESH_LISTEN_PORT_MODE", "manual"), "Mesh listen port behavior: manual, auto, or disabled.")
agents/rap-node-agent/internal/config/config_test.go
+4
View File
@@ -21,6 +21,7 @@ func TestLoadConfigFromEnvAndArgs(t *testing.T) {
"RAP_MESH_SYNTHETIC_RUNTIME_ENABLED": "true", "RAP_MESH_SYNTHETIC_RUNTIME_ENABLED": "true",
"RAP_MESH_PRODUCTION_FORWARDING_ENABLED": "true", "RAP_MESH_PRODUCTION_FORWARDING_ENABLED": "true",
"RAP_MESH_FABRIC_SESSION_ENABLED": "true", "RAP_MESH_FABRIC_SESSION_ENABLED": "true",
"RAP_VPN_FABRIC_SESSION_TRANSPORT_ENABLED": "true",
"RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY": "5", "RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY": "5",
"RAP_MESH_LISTEN_ADDR": "127.0.0.1:19001", "RAP_MESH_LISTEN_ADDR": "127.0.0.1:19001",
"RAP_MESH_LISTEN_PORT_MODE": "auto", "RAP_MESH_LISTEN_PORT_MODE": "auto",
@@ -70,6 +71,9 @@ func TestLoadConfigFromEnvAndArgs(t *testing.T) {
if !cfg.MeshFabricSessionEnabled { if !cfg.MeshFabricSessionEnabled {
t.Fatal("MeshFabricSessionEnabled = false, want true") t.Fatal("MeshFabricSessionEnabled = false, want true")
} }
if !cfg.VPNFabricSessionTransportEnabled {
t.Fatal("VPNFabricSessionTransportEnabled = false, want true")
}
if cfg.MeshProductionObservationSinkCapacity != 5 { if cfg.MeshProductionObservationSinkCapacity != 5 {
t.Fatalf("MeshProductionObservationSinkCapacity = %d, want 5", cfg.MeshProductionObservationSinkCapacity) t.Fatalf("MeshProductionObservationSinkCapacity = %d, want 5", cfg.MeshProductionObservationSinkCapacity)
} }
agents/rap-node-agent/internal/hostagent/config.go
+36 -35
View File
@@ -14,41 +14,42 @@ const (
) )
type RuntimeConfig struct { type RuntimeConfig struct {
BackendURL string BackendURL string
ClusterID string ClusterID string
JoinToken string JoinToken string
NodeName string NodeName string
Image string Image string
ContainerName string ContainerName string
StateDir string StateDir string
Network string Network string
RestartPolicy string RestartPolicy string
PullImage bool PullImage bool
Replace bool Replace bool
DockerVPNGatewayEnabled bool DockerVPNGatewayEnabled bool
WorkloadSupervisionEnabled bool WorkloadSupervisionEnabled bool
MeshSyntheticRuntimeEnabled bool MeshSyntheticRuntimeEnabled bool
MeshProductionForwardingEnabled bool MeshProductionForwardingEnabled bool
MeshFabricSessionEnabled bool MeshFabricSessionEnabled bool
MeshListenAddr string VPNFabricSessionTransportEnabled bool
MeshListenPortMode string MeshListenAddr string
MeshListenAutoPortStart int MeshListenPortMode string
MeshListenAutoPortEnd int MeshListenAutoPortStart int
MeshAdvertiseEndpoint string MeshListenAutoPortEnd int
MeshAdvertiseEndpointsJSON string MeshAdvertiseEndpoint string
MeshAdvertiseTransport string MeshAdvertiseEndpointsJSON string
MeshConnectivityMode string MeshAdvertiseTransport string
MeshNATType string MeshConnectivityMode string
MeshRegion string MeshNATType string
HeartbeatIntervalSeconds int MeshRegion string
EnrollmentPollIntervalSeconds int HeartbeatIntervalSeconds int
EnrollmentPollTimeoutSeconds int EnrollmentPollIntervalSeconds int
ExtraEnv []string EnrollmentPollTimeoutSeconds int
AdditionalDockerRunArgs []string ExtraEnv []string
ProductionObservationSinkCap int AdditionalDockerRunArgs []string
ImageArtifactURLs []string ProductionObservationSinkCap int
ImageArtifactSHA256 string ImageArtifactURLs []string
ImageArtifactSizeBytes int64 ImageArtifactSHA256 string
ImageArtifactSizeBytes int64
} }
func (cfg RuntimeConfig) Normalize() RuntimeConfig { func (cfg RuntimeConfig) Normalize() RuntimeConfig {
agents/rap-node-agent/internal/hostagent/docker.go
+1
View File
@@ -265,6 +265,7 @@ func NodeAgentEnvWithStateDir(cfg RuntimeConfig, stateDir string) []string {
"RAP_MESH_SYNTHETIC_RUNTIME_ENABLED=" + boolString(cfg.MeshSyntheticRuntimeEnabled), "RAP_MESH_SYNTHETIC_RUNTIME_ENABLED=" + boolString(cfg.MeshSyntheticRuntimeEnabled),
"RAP_MESH_PRODUCTION_FORWARDING_ENABLED=" + boolString(cfg.MeshProductionForwardingEnabled), "RAP_MESH_PRODUCTION_FORWARDING_ENABLED=" + boolString(cfg.MeshProductionForwardingEnabled),
"RAP_MESH_FABRIC_SESSION_ENABLED=" + boolString(cfg.MeshFabricSessionEnabled), "RAP_MESH_FABRIC_SESSION_ENABLED=" + boolString(cfg.MeshFabricSessionEnabled),
"RAP_VPN_FABRIC_SESSION_TRANSPORT_ENABLED=" + boolString(cfg.VPNFabricSessionTransportEnabled),
} }
if cfg.JoinToken != "" { if cfg.JoinToken != "" {
env = append(env, "RAP_JOIN_TOKEN="+cfg.JoinToken) env = append(env, "RAP_JOIN_TOKEN="+cfg.JoinToken)
agents/rap-node-agent/internal/hostagent/linux.go
+24 -23
View File
@@ -64,29 +64,30 @@ func LinuxInstallConfigFromProfile(profile LinuxInstallProfile) LinuxInstallConf
installDir := firstNonEmpty(profile.InstallDir, filepath.Join(DefaultLinuxInstallRoot, safeUnitSlug(profile.NodeName))) installDir := firstNonEmpty(profile.InstallDir, filepath.Join(DefaultLinuxInstallRoot, safeUnitSlug(profile.NodeName)))
return LinuxInstallConfig{ return LinuxInstallConfig{
RuntimeConfig: RuntimeConfig{ RuntimeConfig: RuntimeConfig{
BackendURL: profile.BackendURL, BackendURL: profile.BackendURL,
ClusterID: profile.ClusterID, ClusterID: profile.ClusterID,
JoinToken: profile.JoinToken, JoinToken: profile.JoinToken,
NodeName: profile.NodeName, NodeName: profile.NodeName,
StateDir: stateDir, StateDir: stateDir,
WorkloadSupervisionEnabled: profile.WorkloadSupervisionEnabled, WorkloadSupervisionEnabled: profile.WorkloadSupervisionEnabled,
MeshSyntheticRuntimeEnabled: profile.MeshSyntheticRuntimeEnabled, MeshSyntheticRuntimeEnabled: profile.MeshSyntheticRuntimeEnabled,
MeshProductionForwardingEnabled: profile.MeshProductionForwardingEnabled, MeshProductionForwardingEnabled: profile.MeshProductionForwardingEnabled,
MeshFabricSessionEnabled: profile.MeshFabricSessionEnabled, MeshFabricSessionEnabled: profile.MeshFabricSessionEnabled,
MeshListenAddr: profile.MeshListenAddr, VPNFabricSessionTransportEnabled: profile.VPNFabricSessionTransportEnabled,
MeshListenPortMode: profile.MeshListenPortMode, MeshListenAddr: profile.MeshListenAddr,
MeshListenAutoPortStart: profile.MeshListenAutoPortStart, MeshListenPortMode: profile.MeshListenPortMode,
MeshListenAutoPortEnd: profile.MeshListenAutoPortEnd, MeshListenAutoPortStart: profile.MeshListenAutoPortStart,
MeshAdvertiseEndpoint: profile.MeshAdvertiseEndpoint, MeshListenAutoPortEnd: profile.MeshListenAutoPortEnd,
MeshAdvertiseEndpointsJSON: string(profile.MeshAdvertiseEndpointsJSON), MeshAdvertiseEndpoint: profile.MeshAdvertiseEndpoint,
MeshAdvertiseTransport: profile.MeshAdvertiseTransport, MeshAdvertiseEndpointsJSON: string(profile.MeshAdvertiseEndpointsJSON),
MeshConnectivityMode: profile.MeshConnectivityMode, MeshAdvertiseTransport: profile.MeshAdvertiseTransport,
MeshNATType: profile.MeshNATType, MeshConnectivityMode: profile.MeshConnectivityMode,
MeshRegion: profile.MeshRegion, MeshNATType: profile.MeshNATType,
HeartbeatIntervalSeconds: profile.HeartbeatIntervalSeconds, MeshRegion: profile.MeshRegion,
EnrollmentPollIntervalSeconds: profile.EnrollmentPollIntervalSeconds, HeartbeatIntervalSeconds: profile.HeartbeatIntervalSeconds,
EnrollmentPollTimeoutSeconds: profile.EnrollmentPollTimeoutSeconds, EnrollmentPollIntervalSeconds: profile.EnrollmentPollIntervalSeconds,
ProductionObservationSinkCap: profile.ProductionObservationSinkCapacity, EnrollmentPollTimeoutSeconds: profile.EnrollmentPollTimeoutSeconds,
ProductionObservationSinkCap: profile.ProductionObservationSinkCapacity,
}, },
InstallDir: installDir, InstallDir: installDir,
StateDir: stateDir, StateDir: stateDir,
agents/rap-node-agent/internal/hostagent/profile.go
+37 -33
View File
@@ -31,6 +31,7 @@ type DockerInstallProfile struct {
MeshSyntheticRuntimeEnabled bool `json:"mesh_synthetic_runtime_enabled"` MeshSyntheticRuntimeEnabled bool `json:"mesh_synthetic_runtime_enabled"`
MeshProductionForwardingEnabled bool `json:"mesh_production_forwarding_enabled"` MeshProductionForwardingEnabled bool `json:"mesh_production_forwarding_enabled"`
MeshFabricSessionEnabled bool `json:"mesh_fabric_session_enabled"` MeshFabricSessionEnabled bool `json:"mesh_fabric_session_enabled"`
VPNFabricSessionTransportEnabled bool `json:"vpn_fabric_session_transport_enabled"`
MeshListenAddr string `json:"mesh_listen_addr"` MeshListenAddr string `json:"mesh_listen_addr"`
MeshListenPortMode string `json:"mesh_listen_port_mode"` MeshListenPortMode string `json:"mesh_listen_port_mode"`
MeshListenAutoPortStart int `json:"mesh_listen_auto_port_start"` MeshListenAutoPortStart int `json:"mesh_listen_auto_port_start"`
@@ -74,6 +75,7 @@ type WindowsInstallProfile struct {
MeshSyntheticRuntimeEnabled bool `json:"mesh_synthetic_runtime_enabled"` MeshSyntheticRuntimeEnabled bool `json:"mesh_synthetic_runtime_enabled"`
MeshProductionForwardingEnabled bool `json:"mesh_production_forwarding_enabled"` MeshProductionForwardingEnabled bool `json:"mesh_production_forwarding_enabled"`
MeshFabricSessionEnabled bool `json:"mesh_fabric_session_enabled"` MeshFabricSessionEnabled bool `json:"mesh_fabric_session_enabled"`
VPNFabricSessionTransportEnabled bool `json:"vpn_fabric_session_transport_enabled"`
MeshListenAddr string `json:"mesh_listen_addr"` MeshListenAddr string `json:"mesh_listen_addr"`
MeshListenPortMode string `json:"mesh_listen_port_mode"` MeshListenPortMode string `json:"mesh_listen_port_mode"`
MeshListenAutoPortStart int `json:"mesh_listen_auto_port_start"` MeshListenAutoPortStart int `json:"mesh_listen_auto_port_start"`
@@ -107,6 +109,7 @@ type LinuxInstallProfile struct {
MeshSyntheticRuntimeEnabled bool `json:"mesh_synthetic_runtime_enabled"` MeshSyntheticRuntimeEnabled bool `json:"mesh_synthetic_runtime_enabled"`
MeshProductionForwardingEnabled bool `json:"mesh_production_forwarding_enabled"` MeshProductionForwardingEnabled bool `json:"mesh_production_forwarding_enabled"`
MeshFabricSessionEnabled bool `json:"mesh_fabric_session_enabled"` MeshFabricSessionEnabled bool `json:"mesh_fabric_session_enabled"`
VPNFabricSessionTransportEnabled bool `json:"vpn_fabric_session_transport_enabled"`
MeshListenAddr string `json:"mesh_listen_addr"` MeshListenAddr string `json:"mesh_listen_addr"`
MeshListenPortMode string `json:"mesh_listen_port_mode"` MeshListenPortMode string `json:"mesh_listen_port_mode"`
MeshListenAutoPortStart int `json:"mesh_listen_auto_port_start"` MeshListenAutoPortStart int `json:"mesh_listen_auto_port_start"`
@@ -269,39 +272,40 @@ func FetchLinuxInstallProfile(ctx context.Context, req ProfileRequest) (LinuxIns
func RuntimeConfigFromProfile(profile DockerInstallProfile) RuntimeConfig { func RuntimeConfigFromProfile(profile DockerInstallProfile) RuntimeConfig {
return RuntimeConfig{ return RuntimeConfig{
BackendURL: profile.BackendURL, BackendURL: profile.BackendURL,
ClusterID: profile.ClusterID, ClusterID: profile.ClusterID,
JoinToken: profile.JoinToken, JoinToken: profile.JoinToken,
NodeName: profile.NodeName, NodeName: profile.NodeName,
Image: profile.Image, Image: profile.Image,
ContainerName: profile.ContainerName, ContainerName: profile.ContainerName,
StateDir: profile.StateDir, StateDir: profile.StateDir,
Network: profile.Network, Network: profile.Network,
RestartPolicy: profile.RestartPolicy, RestartPolicy: profile.RestartPolicy,
PullImage: profile.PullImage, PullImage: profile.PullImage,
Replace: profile.Replace, Replace: profile.Replace,
DockerVPNGatewayEnabled: profile.DockerVPNGatewayEnabled, DockerVPNGatewayEnabled: profile.DockerVPNGatewayEnabled,
WorkloadSupervisionEnabled: profile.WorkloadSupervisionEnabled, WorkloadSupervisionEnabled: profile.WorkloadSupervisionEnabled,
MeshSyntheticRuntimeEnabled: profile.MeshSyntheticRuntimeEnabled, MeshSyntheticRuntimeEnabled: profile.MeshSyntheticRuntimeEnabled,
MeshProductionForwardingEnabled: profile.MeshProductionForwardingEnabled, MeshProductionForwardingEnabled: profile.MeshProductionForwardingEnabled,
MeshFabricSessionEnabled: profile.MeshFabricSessionEnabled, MeshFabricSessionEnabled: profile.MeshFabricSessionEnabled,
MeshListenAddr: profile.MeshListenAddr, VPNFabricSessionTransportEnabled: profile.VPNFabricSessionTransportEnabled,
MeshListenPortMode: profile.MeshListenPortMode, MeshListenAddr: profile.MeshListenAddr,
MeshListenAutoPortStart: profile.MeshListenAutoPortStart, MeshListenPortMode: profile.MeshListenPortMode,
MeshListenAutoPortEnd: profile.MeshListenAutoPortEnd, MeshListenAutoPortStart: profile.MeshListenAutoPortStart,
MeshAdvertiseEndpoint: profile.MeshAdvertiseEndpoint, MeshListenAutoPortEnd: profile.MeshListenAutoPortEnd,
MeshAdvertiseEndpointsJSON: string(profile.MeshAdvertiseEndpointsJSON), MeshAdvertiseEndpoint: profile.MeshAdvertiseEndpoint,
MeshAdvertiseTransport: profile.MeshAdvertiseTransport, MeshAdvertiseEndpointsJSON: string(profile.MeshAdvertiseEndpointsJSON),
MeshConnectivityMode: profile.MeshConnectivityMode, MeshAdvertiseTransport: profile.MeshAdvertiseTransport,
MeshNATType: profile.MeshNATType, MeshConnectivityMode: profile.MeshConnectivityMode,
MeshRegion: profile.MeshRegion, MeshNATType: profile.MeshNATType,
HeartbeatIntervalSeconds: profile.HeartbeatIntervalSeconds, MeshRegion: profile.MeshRegion,
EnrollmentPollIntervalSeconds: profile.EnrollmentPollIntervalSeconds, HeartbeatIntervalSeconds: profile.HeartbeatIntervalSeconds,
EnrollmentPollTimeoutSeconds: profile.EnrollmentPollTimeoutSeconds, EnrollmentPollIntervalSeconds: profile.EnrollmentPollIntervalSeconds,
ProductionObservationSinkCap: profile.ProductionObservationSinkCapacity, EnrollmentPollTimeoutSeconds: profile.EnrollmentPollTimeoutSeconds,
ImageArtifactURLs: dockerArtifactURLs(profile), ProductionObservationSinkCap: profile.ProductionObservationSinkCapacity,
ImageArtifactSHA256: dockerArtifactSHA256(profile), ImageArtifactURLs: dockerArtifactURLs(profile),
ImageArtifactSizeBytes: dockerArtifactSizeBytes(profile), ImageArtifactSHA256: dockerArtifactSHA256(profile),
ImageArtifactSizeBytes: dockerArtifactSizeBytes(profile),
} }
} }
agents/rap-node-agent/internal/hostagent/update.go
+28 -27
View File
@@ -583,33 +583,34 @@ func (m DockerManager) runtimeConfigFromContainer(ctx context.Context, runner Co
} }
env := envMap(inspected[0].Config.Env) env := envMap(inspected[0].Config.Env)
cfg := RuntimeConfig{ cfg := RuntimeConfig{
BackendURL: env["RAP_BACKEND_URL"], BackendURL: env["RAP_BACKEND_URL"],
ClusterID: env["RAP_CLUSTER_ID"], ClusterID: env["RAP_CLUSTER_ID"],
NodeName: firstNonEmpty(env["RAP_NODE_NAME"], containerName), NodeName: firstNonEmpty(env["RAP_NODE_NAME"], containerName),
Image: inspected[0].Config.Image, Image: inspected[0].Config.Image,
ContainerName: containerName, ContainerName: containerName,
StateDir: hostStateDir(inspected[0]), StateDir: hostStateDir(inspected[0]),
Network: firstNonEmpty(inspected[0].HostConfig.NetworkMode, DefaultNetwork), Network: firstNonEmpty(inspected[0].HostConfig.NetworkMode, DefaultNetwork),
RestartPolicy: firstNonEmpty(inspected[0].HostConfig.RestartPolicy.Name, "unless-stopped"), RestartPolicy: firstNonEmpty(inspected[0].HostConfig.RestartPolicy.Name, "unless-stopped"),
WorkloadSupervisionEnabled: parseBool(env["RAP_WORKLOAD_SUPERVISION_ENABLED"]), WorkloadSupervisionEnabled: parseBool(env["RAP_WORKLOAD_SUPERVISION_ENABLED"]),
MeshSyntheticRuntimeEnabled: true, MeshSyntheticRuntimeEnabled: true,
MeshProductionForwardingEnabled: parseBool(env["RAP_MESH_PRODUCTION_FORWARDING_ENABLED"]), MeshProductionForwardingEnabled: parseBool(env["RAP_MESH_PRODUCTION_FORWARDING_ENABLED"]),
MeshFabricSessionEnabled: parseBool(env["RAP_MESH_FABRIC_SESSION_ENABLED"]), MeshFabricSessionEnabled: parseBool(env["RAP_MESH_FABRIC_SESSION_ENABLED"]),
MeshListenAddr: env["RAP_MESH_LISTEN_ADDR"], VPNFabricSessionTransportEnabled: parseBool(env["RAP_VPN_FABRIC_SESSION_TRANSPORT_ENABLED"]),
MeshListenPortMode: env["RAP_MESH_LISTEN_PORT_MODE"], MeshListenAddr: env["RAP_MESH_LISTEN_ADDR"],
MeshListenAutoPortStart: parseInt(env["RAP_MESH_LISTEN_AUTO_PORT_START"]), MeshListenPortMode: env["RAP_MESH_LISTEN_PORT_MODE"],
MeshListenAutoPortEnd: parseInt(env["RAP_MESH_LISTEN_AUTO_PORT_END"]), MeshListenAutoPortStart: parseInt(env["RAP_MESH_LISTEN_AUTO_PORT_START"]),
MeshAdvertiseEndpoint: env["RAP_MESH_ADVERTISE_ENDPOINT"], MeshListenAutoPortEnd: parseInt(env["RAP_MESH_LISTEN_AUTO_PORT_END"]),
MeshAdvertiseEndpointsJSON: env["RAP_MESH_ADVERTISE_ENDPOINTS_JSON"], MeshAdvertiseEndpoint: env["RAP_MESH_ADVERTISE_ENDPOINT"],
MeshAdvertiseTransport: env["RAP_MESH_ADVERTISE_TRANSPORT"], MeshAdvertiseEndpointsJSON: env["RAP_MESH_ADVERTISE_ENDPOINTS_JSON"],
MeshConnectivityMode: env["RAP_MESH_CONNECTIVITY_MODE"], MeshAdvertiseTransport: env["RAP_MESH_ADVERTISE_TRANSPORT"],
MeshNATType: env["RAP_MESH_NAT_TYPE"], MeshConnectivityMode: env["RAP_MESH_CONNECTIVITY_MODE"],
MeshRegion: env["RAP_MESH_REGION"], MeshNATType: env["RAP_MESH_NAT_TYPE"],
HeartbeatIntervalSeconds: parseInt(env["RAP_HEARTBEAT_INTERVAL_SECONDS"]), MeshRegion: env["RAP_MESH_REGION"],
EnrollmentPollIntervalSeconds: parseInt(env["RAP_ENROLLMENT_POLL_INTERVAL_SECONDS"]), HeartbeatIntervalSeconds: parseInt(env["RAP_HEARTBEAT_INTERVAL_SECONDS"]),
EnrollmentPollTimeoutSeconds: parseInt(env["RAP_ENROLLMENT_POLL_TIMEOUT_SECONDS"]), EnrollmentPollIntervalSeconds: parseInt(env["RAP_ENROLLMENT_POLL_INTERVAL_SECONDS"]),
ProductionObservationSinkCap: parseInt(env["RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY"]), EnrollmentPollTimeoutSeconds: parseInt(env["RAP_ENROLLMENT_POLL_TIMEOUT_SECONDS"]),
DockerVPNGatewayEnabled: dockerInspectHasVPNGatewayRuntime(inspected[0]), ProductionObservationSinkCap: parseInt(env["RAP_MESH_PRODUCTION_OBSERVATION_SINK_CAPACITY"]),
DockerVPNGatewayEnabled: dockerInspectHasVPNGatewayRuntime(inspected[0]),
} }
return inspected[0], cfg.Normalize(), nil return inspected[0], cfg.Normalize(), nil
} }
agents/rap-node-agent/internal/hostagent/windows.go
+24 -23
View File
@@ -58,29 +58,30 @@ func WindowsInstallConfigFromProfile(profile WindowsInstallProfile) WindowsInsta
stateDir := firstNonEmpty(profile.StateDir, filepath.Join(DefaultWindowsStateRoot, safeUnitSlug(profile.NodeName))) stateDir := firstNonEmpty(profile.StateDir, filepath.Join(DefaultWindowsStateRoot, safeUnitSlug(profile.NodeName)))
return WindowsInstallConfig{ return WindowsInstallConfig{
RuntimeConfig: RuntimeConfig{ RuntimeConfig: RuntimeConfig{
BackendURL: profile.BackendURL, BackendURL: profile.BackendURL,
ClusterID: profile.ClusterID, ClusterID: profile.ClusterID,
JoinToken: profile.JoinToken, JoinToken: profile.JoinToken,
NodeName: profile.NodeName, NodeName: profile.NodeName,
StateDir: stateDir, StateDir: stateDir,
WorkloadSupervisionEnabled: profile.WorkloadSupervisionEnabled, WorkloadSupervisionEnabled: profile.WorkloadSupervisionEnabled,
MeshSyntheticRuntimeEnabled: profile.MeshSyntheticRuntimeEnabled, MeshSyntheticRuntimeEnabled: profile.MeshSyntheticRuntimeEnabled,
MeshProductionForwardingEnabled: profile.MeshProductionForwardingEnabled, MeshProductionForwardingEnabled: profile.MeshProductionForwardingEnabled,
MeshFabricSessionEnabled: profile.MeshFabricSessionEnabled, MeshFabricSessionEnabled: profile.MeshFabricSessionEnabled,
MeshListenAddr: profile.MeshListenAddr, VPNFabricSessionTransportEnabled: profile.VPNFabricSessionTransportEnabled,
MeshListenPortMode: profile.MeshListenPortMode, MeshListenAddr: profile.MeshListenAddr,
MeshListenAutoPortStart: profile.MeshListenAutoPortStart, MeshListenPortMode: profile.MeshListenPortMode,
MeshListenAutoPortEnd: profile.MeshListenAutoPortEnd, MeshListenAutoPortStart: profile.MeshListenAutoPortStart,
MeshAdvertiseEndpoint: profile.MeshAdvertiseEndpoint, MeshListenAutoPortEnd: profile.MeshListenAutoPortEnd,
MeshAdvertiseEndpointsJSON: string(profile.MeshAdvertiseEndpointsJSON), MeshAdvertiseEndpoint: profile.MeshAdvertiseEndpoint,
MeshAdvertiseTransport: profile.MeshAdvertiseTransport, MeshAdvertiseEndpointsJSON: string(profile.MeshAdvertiseEndpointsJSON),
MeshConnectivityMode: profile.MeshConnectivityMode, MeshAdvertiseTransport: profile.MeshAdvertiseTransport,
MeshNATType: profile.MeshNATType, MeshConnectivityMode: profile.MeshConnectivityMode,
MeshRegion: profile.MeshRegion, MeshNATType: profile.MeshNATType,
HeartbeatIntervalSeconds: profile.HeartbeatIntervalSeconds, MeshRegion: profile.MeshRegion,
EnrollmentPollIntervalSeconds: profile.EnrollmentPollIntervalSeconds, HeartbeatIntervalSeconds: profile.HeartbeatIntervalSeconds,
EnrollmentPollTimeoutSeconds: profile.EnrollmentPollTimeoutSeconds, EnrollmentPollIntervalSeconds: profile.EnrollmentPollIntervalSeconds,
ProductionObservationSinkCap: profile.ProductionObservationSinkCapacity, EnrollmentPollTimeoutSeconds: profile.EnrollmentPollTimeoutSeconds,
ProductionObservationSinkCap: profile.ProductionObservationSinkCapacity,
}, },
InstallDir: firstNonEmpty(profile.InstallDir, filepath.Join(DefaultWindowsInstallDir, safeUnitSlug(profile.NodeName))), InstallDir: firstNonEmpty(profile.InstallDir, filepath.Join(DefaultWindowsInstallDir, safeUnitSlug(profile.NodeName))),
StartupMode: firstNonEmpty(profile.StartupMode, "auto"), StartupMode: firstNonEmpty(profile.StartupMode, "auto"),
docs/architecture/DISTRIBUTED_FABRIC_NODE_PROTOCOL_PLAN.md
+4
View File
@@ -280,6 +280,10 @@ VPN packet inbox by stream id.
stream ACK from the remote node. stream ACK from the remote node.
Mesh has a peer session manager that reuses one pump per peer endpoint, giving Mesh has a peer session manager that reuses one pump per peer endpoint, giving
VPN transport selection a stable place to acquire long-lived fabric sessions. VPN transport selection a stable place to acquire long-lived fabric sessions.
Node config now carries a separate gated
`RAP_VPN_FABRIC_SESSION_TRANSPORT_ENABLED` switch and heartbeat report for the
binary VPN packet transport, keeping endpoint exposure and VPN dataplane
rollout independently controllable.
Deliverables: Deliverables: