From 3b4862328b5f5a3faddfe503d12699938fcbca23 Mon Sep 17 00:00:00 2001 From: Guus der Kinderen Date: Wed, 16 Oct 2024 13:46:19 +0200 Subject: [PATCH] Add dualstack support This adds support for IPv6, by giving all `start.sh` scripts an `-6` argument, that causes a dualstack configuration to be loaded. Each individual docker-compose file has been split out. Now, each file no longer defines any networking. Instead, one of two networking fragments is expected to be merged in. When starting Openfire, a Hazelcast configuration option is passed through to the Openfire process to denote preference for IPv4 or IPv6. This passing through depends on the change in Openfire, that is introduced by https://github.com/igniterealtime/Openfire/commit/2634d4a83a86ed9a3d64f62f23ba9e0f84be2397 Minor other changes have been applied, that mostly make the start scripts more consistent amongst each-other. fixes #61 --- cluster/README.md | 44 ++++++++++ cluster/docker-compose-clustered.yml | 52 +----------- cluster/docker-compose-network-dualstack.yml | 63 ++++++++++++++ cluster/docker-compose-network-ipv4-only.yml | 56 ++++++++++++ cluster/nginx/nginx.conf | 25 ++++-- cluster/start.sh | 22 +++-- .../xmpp/1/conf/hazelcast-local-config.xml | 22 +++-- .../xmpp/2/conf/hazelcast-local-config.xml | 22 +++-- .../xmpp/3/conf/hazelcast-local-config.xml | 22 +++-- cluster_with_federation/README.md | 70 +++++++++++++++ .../docker-compose-clustered.yml | 73 ++-------------- .../docker-compose-network-dualstack.yml | 85 +++++++++++++++++++ .../docker-compose-network-ipv4-only.yml | 76 +++++++++++++++++ cluster_with_federation/nginx/nginx.conf | 15 ++++ cluster_with_federation/start.sh | 26 ++++-- .../xmpp/1/conf/hazelcast-local-config.xml | 22 +++-- .../xmpp/2/conf/hazelcast-local-config.xml | 22 +++-- .../xmpp/3/conf/hazelcast-local-config.xml | 22 +++-- federation/README.md | 81 +++++++++++++++++- federation/docker-compose-federated.yml | 33 +------ .../docker-compose-network-dualstack.yml | 45 ++++++++++ .../docker-compose-network-ipv4-only.yml | 40 +++++++++ federation/start.sh | 20 +++-- proxy/README.md | 39 +++++++++ proxy/docker-compose-network-dualstack.yml | 32 +++++++ proxy/docker-compose-network-ipv4-only.yml | 27 ++++++ proxy/docker-compose.yml | 20 ----- proxy/nginx/nginx.conf | 15 ++-- proxy/start.sh | 16 +++- simple/README.md | 30 +++++++ simple/docker-compose-network-dualstack.yml | 26 ++++++ simple/docker-compose-network-ipv4-only.yml | 22 +++++ simple/docker-compose.yml | 19 +---- simple/start.sh | 16 +++- 34 files changed, 943 insertions(+), 277 deletions(-) create mode 100644 cluster/docker-compose-network-dualstack.yml create mode 100644 cluster/docker-compose-network-ipv4-only.yml create mode 100644 cluster_with_federation/docker-compose-network-dualstack.yml create mode 100644 cluster_with_federation/docker-compose-network-ipv4-only.yml create mode 100644 federation/docker-compose-network-dualstack.yml create mode 100644 federation/docker-compose-network-ipv4-only.yml create mode 100644 proxy/docker-compose-network-dualstack.yml create mode 100644 proxy/docker-compose-network-ipv4-only.yml create mode 100644 simple/docker-compose-network-dualstack.yml create mode 100644 simple/docker-compose-network-ipv4-only.yml diff --git a/cluster/README.md b/cluster/README.md index c26fa11..baceb63 100644 --- a/cluster/README.md +++ b/cluster/README.md @@ -62,6 +62,50 @@ The following MUC rooms are configured: The Docker compose file defines a custom bridge network with a single subnet of `172.60.0.0/24` for the clustered configuration. +When the `-6` argument to `./start.sh` is provided, then an additional subnet of `fd23:0d79:d076::/64` is configured. +Then, IPv6 is preferred for internal networking. Note that the IPv4 network remains in place, as Docker does not support +IPv6-only containers. + +When running with the optional `-6` flag (that adds IPv6 support) the system looks like this: + +``` + +--------------------------------------------------+ + | [fd23:d79:d076::99] | + | 172.60.0.99 | + | +----------------+ | + | | |+--------------+ | +(XMPP-C2S) 55222 -|-------| Load Balancer |+-------+ | | +(BOSH) 57070 -| | | | | | +(BOSHS) 57443 -| +----------------+ | | | + | | | [fd23:d79:d076::30] + | | | 172.60.0.30 | + | | | +--------+ | + | | +=============+ | |- 5223 (XMPP-C2S) + | | | | | XMPP 3 |----|- 5263 (XMPP-S2S) + | | | | | | |- 9093 (HTTP-Admin) + | | | | +------+-+ |- 7073 (BOSH) + | | | | | | + | [fd23:d79:d076::10] | [fd23:d79:d076::20]| | + | 172.60.0.10 | 172.60.0.20 | | + | +--------+ | +--------+ | | +(XMPP-C2S) 5221 -| | +======+ | |=====+ |- 5222 (XMPP-C2S) +(XMPP-S2S) 5261 -|------| XMPP 1 +============+ XMPP 2 | |- 5262 (XMPP-S2S) +(HTTP-Admin) 9091 -| | | | |------------|- 9092 (HTTP-Admin) +(BOSH) 7071 -| +----+---+ +----+---+ |- 7072 (BOSH) + | | | | + | | | | + | +---+--+ | | + | | | | | +(Database) 5432 -|-------| DB +------------------+ | + | | | | + | +------+ | + | 172.60.0.11 | + | [fd23:d79:d076::11] | + | | + +----------------172.60.0.0/24---------------------+ + fd23:0d79:d076::/64 +``` + ### Removing a node from the network To remove a node from the network run the following command: diff --git a/cluster/docker-compose-clustered.yml b/cluster/docker-compose-clustered.yml index 3124794..e736fc3 100644 --- a/cluster/docker-compose-clustered.yml +++ b/cluster/docker-compose-clustered.yml @@ -12,9 +12,6 @@ services: - "POSTGRES_PASSWORD=hunter2" volumes: - ./sql:/docker-entrypoint-initdb.d - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.11 lb: image: nginx:stable @@ -24,10 +21,7 @@ services: - "57443:57443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.99 - + xmpp1: image: "openfire:${OPENFIRE_TAG}" ports: @@ -42,17 +36,7 @@ services: - ./_data/xmpp/1/conf:/var/lib/openfire/conf - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh - command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.10 - extra_hosts: - - "xmpp1.localhost.example:172.60.0.10" - - "conference.xmpp1.localhost.example:172.60.0.10" - - "xmpp2.localhost.example:172.60.0.20" - - "conference.xmpp2.localhost.example:172.60.0.20" - - "xmpp3.localhost.example:172.60.0.30" - - "conference.xmpp3.localhost.example:172.60.0.30" + command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh", "-Dhazelcast.prefer.ipv4.stack=${PREFER_IPV4}"] xmpp2: image: "openfire:${OPENFIRE_TAG}" @@ -68,17 +52,7 @@ services: - ./_data/xmpp/2/conf:/var/lib/openfire/conf - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh - command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.20 - extra_hosts: - - "xmpp1.localhost.example:172.60.0.10" - - "conference.xmpp1.localhost.example:172.60.0.10" - - "xmpp2.localhost.example:172.60.0.20" - - "conference.xmpp2.localhost.example:172.60.0.20" - - "xmpp3.localhost.example:172.60.0.30" - - "conference.xmpp3.localhost.example:172.60.0.30" + command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh", "-Dhazelcast.prefer.ipv4.stack=${PREFER_IPV4}"] xmpp3: image: "openfire:${OPENFIRE_TAG}" @@ -94,17 +68,7 @@ services: - ./_data/xmpp/3/conf:/var/lib/openfire/conf - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh - command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.30 - extra_hosts: - - "xmpp1.localhost.example:172.60.0.10" - - "conference.xmpp1.localhost.example:172.60.0.10" - - "xmpp2.localhost.example:172.60.0.20" - - "conference.xmpp2.localhost.example:172.60.0.20" - - "xmpp3.localhost.example:172.60.0.30" - - "conference.xmpp3.localhost.example:172.60.0.30" + command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh", "-Dhazelcast.prefer.ipv4.stack=${PREFER_IPV4}"] dozzle: image: amir20/dozzle:latest @@ -112,11 +76,3 @@ services: - /var/run/docker.sock:/var/run/docker.sock ports: - 9999:8080 - -networks: - openfire-clustered-net: - driver: bridge - ipam: - driver: default - config: - - subnet: 172.60.0.0/24 diff --git a/cluster/docker-compose-network-dualstack.yml b/cluster/docker-compose-network-dualstack.yml new file mode 100644 index 0000000..513670d --- /dev/null +++ b/cluster/docker-compose-network-dualstack.yml @@ -0,0 +1,63 @@ +services: + + db: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.11 + ipv6_address: fd23:d79:d076::11 + + lb: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.99 + ipv6_address: fd23:d79:d076::99 + + xmpp1: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.10 + ipv6_address: fd23:d79:d076::10 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=fd23:d79:d076::20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + - "xmpp3.localhost.example=fd23:d79:d076::30" + - "conference.xmpp3.localhost.example=fd23:d79:d076::30" + + xmpp2: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.20 + ipv6_address: fd23:d79:d076::20 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=fd23:d79:d076::20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + - "xmpp3.localhost.example=fd23:d79:d076::30" + - "conference.xmpp3.localhost.example=fd23:d79:d076::30" + + xmpp3: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.30 + ipv6_address: fd23:d79:d076::30 + + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=172.60.0.20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + - "xmpp3.localhost.example=172.60.0.30" + - "conference.xmpp3.localhost.example=fd23:d79:d076::30" + +networks: + openfire-clustered-net: + driver: bridge + enable_ipv6: true + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 + - subnet: fd23:0d79:d076::/64 diff --git a/cluster/docker-compose-network-ipv4-only.yml b/cluster/docker-compose-network-ipv4-only.yml new file mode 100644 index 0000000..c58526a --- /dev/null +++ b/cluster/docker-compose-network-ipv4-only.yml @@ -0,0 +1,56 @@ +services: + + db: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.11 + + lb: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.99 + + xmpp1: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.10 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp1.localhost.example=172.60.0.10" + - "xmpp2.localhost.example=172.60.0.20" + - "conference.xmpp2.localhost.example=172.60.0.20" + - "xmpp3.localhost.example=172.60.0.30" + - "conference.xmpp3.localhost.example=172.60.0.30" + + xmpp2: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.20 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp1.localhost.example=172.60.0.10" + - "xmpp2.localhost.example=172.60.0.20" + - "conference.xmpp2.localhost.example=172.60.0.20" + - "xmpp3.localhost.example=172.60.0.30" + - "conference.xmpp3.localhost.example=172.60.0.30" + + xmpp3: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.30 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp1.localhost.example=172.60.0.10" + - "xmpp2.localhost.example=172.60.0.20" + - "conference.xmpp2.localhost.example=172.60.0.20" + - "xmpp3.localhost.example=172.60.0.30" + - "conference.xmpp3.localhost.example=172.60.0.30" + +networks: + openfire-clustered-net: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 + diff --git a/cluster/nginx/nginx.conf b/cluster/nginx/nginx.conf index d7e8db5..af059a7 100644 --- a/cluster/nginx/nginx.conf +++ b/cluster/nginx/nginx.conf @@ -5,11 +5,14 @@ stream { server 172.60.0.10:5222; server 172.60.0.20:5222; server 172.60.0.30:5222; + fd23:d79:d076::10:5222; + fd23:d79:d076::20:5222; + fd23:d79:d076::30:5222; } server { listen 55222; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 12h; # Set this lower to be more flappy proxy_pass xmpp; } @@ -18,11 +21,14 @@ stream { server 172.60.0.10:7070; server 172.60.0.20:7070; server 172.60.0.30:7070; + fd23:d79:d076::10:7070; + fd23:d79:d076::20:7070; + fd23:d79:d076::30:7070; } server { listen 57070; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 12h; # Set this lower to be more flappy proxy_pass bosh; } @@ -31,11 +37,14 @@ stream { server 172.60.0.10:7443; server 172.60.0.20:7443; server 172.60.0.30:7443; + fd23:d79:d076::10:7443; + fd23:d79:d076::20:7443; + fd23:d79:d076::30:7443; } server { listen 57443; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 30s; proxy_pass boshs; } @@ -44,11 +53,14 @@ stream { server 172.60.0.10:5269; server 172.60.0.20:5269; server 172.60.0.30:5269; + fd23:d79:d076::10:5269; + fd23:d79:d076::20:5269; + fd23:d79:d076::30:5269; } server { listen 5269; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 1m; proxy_pass s2s; } @@ -57,11 +69,14 @@ stream { server 172.60.0.10:5270; server 172.60.0.20:5270; server 172.60.0.30:5270; + fd23:d79:d076::10:5270; + fd23:d79:d076::20:5270; + fd23:d79:d076::30:5270; } server { listen 5270; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 1m; proxy_pass s2slegacy; } diff --git a/cluster/start.sh b/cluster/start.sh index 1ce1fcf..1595a4c 100755 --- a/cluster/start.sh +++ b/cluster/start.sh @@ -1,7 +1,8 @@ #!/bin/bash -usage() { echo "Usage: $0 [-n openfire-tag] [-h] +usage() { echo "Usage: $0 [-n openfire-tag] [-6] [-h] -n openfire-tag Launches all Openfire instances with the specified tag. This overrides the value in .env + -6 Replace standard IPv4-based bridge networking with IPv6. -h Show this helpful information "; exit 0; } @@ -10,6 +11,9 @@ COMPOSE_FILE_COMMAND=("docker" "compose") COMPOSE_FILE_COMMAND+=("--env-file" "../_common/.env") COMPOSE_FILE_COMMAND+=("--project-name" "$PROJECT") +NETWORK_COMPOSE_FILE="docker-compose-network-ipv4-only.yml" +PREFER_IPV4="true" + # Where is this script? It could be called from anywhere, so use this to get full paths. SCRIPTPATH="$( cd "$(dirname "$0")"; pwd -P )" @@ -17,7 +21,7 @@ source "$SCRIPTPATH/../_common/functions.sh" check_deps -while getopts n:h o; do +while getopts n:6h o; do case "$o" in n) if [[ $OPTARG =~ " " ]]; then @@ -27,7 +31,12 @@ while getopts n:h o; do echo "Using Openfire tag: $OPTARG" export OPENFIRE_TAG="$OPTARG" ;; - h) + 6) + echo "Using IPv6" + NETWORK_COMPOSE_FILE="docker-compose-network-dualstack.yml" + PREFER_IPV4="false" + ;; + h) usage ;; *) @@ -36,8 +45,11 @@ while getopts n:h o; do esac done +export PREFER_IPV4 + echo "Starting a clustered environment." COMPOSE_FILE_COMMAND+=("-f" "docker-compose-clustered.yml") +COMPOSE_FILE_COMMAND+=("-f" "$NETWORK_COMPOSE_FILE") pushd "$SCRIPTPATH" @@ -45,8 +57,8 @@ pushd "$SCRIPTPATH" "${COMPOSE_FILE_COMMAND[@]}" pull --ignore-pull-failures # Clean up temporary persistence data -if ! rm -rf _data; then - echo "ERROR: Failed to delete _data directory. Try with sudo, then re-run." && popd && exit 1 +if ! rm -rf _data; then + echo "ERROR: Failed to delete the _data directory. Try with sudo, then re-run." && popd && exit 1 fi mkdir _data cp -r xmpp _data/ diff --git a/cluster/xmpp/1/conf/hazelcast-local-config.xml b/cluster/xmpp/1/conf/hazelcast-local-config.xml index 4542d2c..0db4f86 100644 --- a/cluster/xmpp/1/conf/hazelcast-local-config.xml +++ b/cluster/xmpp/1/conf/hazelcast-local-config.xml @@ -8,30 +8,34 @@ 0 - + + + - - 10.10.1.* + + 172.60.0.10 + fd23:d79:d076:0:0:0:0:10 diff --git a/cluster/xmpp/2/conf/hazelcast-local-config.xml b/cluster/xmpp/2/conf/hazelcast-local-config.xml index 4542d2c..2515dce 100644 --- a/cluster/xmpp/2/conf/hazelcast-local-config.xml +++ b/cluster/xmpp/2/conf/hazelcast-local-config.xml @@ -8,30 +8,34 @@ 0 - + + + - - 10.10.1.* + + fd23:d79:d076:0:0:0:0:20 + 172.60.0.20 diff --git a/cluster/xmpp/3/conf/hazelcast-local-config.xml b/cluster/xmpp/3/conf/hazelcast-local-config.xml index 4542d2c..4ec7de4 100644 --- a/cluster/xmpp/3/conf/hazelcast-local-config.xml +++ b/cluster/xmpp/3/conf/hazelcast-local-config.xml @@ -8,30 +8,34 @@ 0 - + + + - - 10.10.1.* + + fd23:d79:d076:0:0:0:0:30 + 172.60.0.30 diff --git a/cluster_with_federation/README.md b/cluster_with_federation/README.md index 8141669..a32b059 100644 --- a/cluster_with_federation/README.md +++ b/cluster_with_federation/README.md @@ -106,6 +106,76 @@ Note that users and MUC rooms on the additional Openfire domain have a similar n The Docker compose file defines a custom bridge network with a single subnet of `172.60.0.0/24` for the clustered configuration. +When the `-6` argument to `./start.sh` is provided, then an additional subnet of `fd23:0d79:d076::/64` is configured. +Then, IPv6 is preferred for internal networking. Note that the IPv4 network remains in place, as Docker does not support +IPv6-only containers. + +When running with the optional `-6` flag (that adds IPv6 support) the system looks like this: + +``` + +--------------------------------------------------+ + | [fd23:d79:d076::99] | + | 172.60.0.99 | + | +----------------+ | + | | |+--------------+ | +(XMPP-C2S) 55222 -|-------| Load Balancer |+-------+ | | +(BOSH) 57070 -| | | | | | +(BOSHS) 57443 -| +----------------+ | | | + | | | [fd23:d79:d076::30] + | | | 172.60.0.30 | + | | | +--------+ | + | | +=============+ | |- 5223 (XMPP-C2S) + | | | | | XMPP 3 |----|- 5263 (XMPP-S2S) + | | | | | | |- 9093 (HTTP-Admin) + | | | | +------+-+ |- 7073 (BOSH) + | | | | | | + | [fd23:d79:d076::10] | [fd23:d79:d076::20]| | + | 172.60.0.10 | 172.60.0.20 | | + | +--------+ | +--------+ | | +(XMPP-C2S) 5221 -| | +======+ | |=====+ |- 5222 (XMPP-C2S) +(XMPP-S2S) 5261 -|------| XMPP 1 +============+ XMPP 2 | |- 5262 (XMPP-S2S) +(HTTP-Admin) 9091 -| | | | |------------|- 9092 (HTTP-Admin) +(BOSH) 7071 -| +----+---+ +----+---+ |- 7072 (BOSH) + | | | | + | | | | + | +---+--+ | | + | | | | | +(Database) 5432 -|-------| DB +------------------+ | + | | | | + | +------+ | + | 172.60.0.11 | + | [fd23:d79:d076::11] | + | | + +----------------172.60.0.0/24---------------------+ + fd23:0d79:d076::/64 +``` + +The federated domain, with IPv6 enabled, looks like this: + +``` + +------------------------+ + | [fd23:d79:d076::110] | + | 172.60.0.110 | + | +------------+ | +(XMPP-C2S) 5229 -| | | | +(XMPP-S2S) 5269 -|------| OTHER XMPP | | +(HTTP-Admin) 9099 -| | | | +(BOSH) 7079/7449 -| +------+-----+ | + | | | + | | | + | +-----+----+ | + | | | | +(Database) 5433 -|-------| OTHER DB | | + | | | | + | +----------+ | + | 172.60.0.111 | + | [fd23:d79:d076::111] | + | | + +------172.60.0.0/24-----+ + fd23:0d79:d076::/64 + +``` + ### Removing a node from the network To remove a node from the network run the following command: diff --git a/cluster_with_federation/docker-compose-clustered.yml b/cluster_with_federation/docker-compose-clustered.yml index d8505ca..df34b04 100644 --- a/cluster_with_federation/docker-compose-clustered.yml +++ b/cluster_with_federation/docker-compose-clustered.yml @@ -12,9 +12,6 @@ services: - "POSTGRES_PASSWORD=hunter2" volumes: - ./sql/clustered:/docker-entrypoint-initdb.d - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.11 lb: image: nginx:stable @@ -24,10 +21,7 @@ services: - "57443:57443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.99 - + xmpp1: image: "openfire:${OPENFIRE_TAG}" ports: @@ -42,19 +36,7 @@ services: - ./_data/xmpp/1/conf:/var/lib/openfire/conf - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh - command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.10 - extra_hosts: - - "xmpp1.localhost.example:172.60.0.10" - - "conference.xmpp1.localhost.example:172.60.0.10" - - "xmpp2.localhost.example:172.60.0.20" - - "conference.xmpp2.localhost.example:172.60.0.20" - - "xmpp3.localhost.example:172.60.0.30" - - "conference.xmpp3.localhost.example:172.60.0.30" - - "otherxmpp.localhost.example:172.60.0.110" - - "conference.otherxmpp.localhost.example:172.60.0.110" + command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh", "-Dhazelcast.prefer.ipv4.stack=${PREFER_IPV4}"] xmpp2: image: "openfire:${OPENFIRE_TAG}" @@ -70,19 +52,7 @@ services: - ./_data/xmpp/2/conf:/var/lib/openfire/conf - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh - command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.20 - extra_hosts: - - "xmpp1.localhost.example:172.60.0.10" - - "conference.xmpp1.localhost.example:172.60.0.10" - - "xmpp2.localhost.example:172.60.0.20" - - "conference.xmpp2.localhost.example:172.60.0.20" - - "xmpp3.localhost.example:172.60.0.30" - - "conference.xmpp3.localhost.example:172.60.0.30" - - "otherxmpp.localhost.example:172.60.0.110" - - "conference.otherxmpp.localhost.example:172.60.0.110" + command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh", "-Dhazelcast.prefer.ipv4.stack=${PREFER_IPV4}"] xmpp3: image: "openfire:${OPENFIRE_TAG}" @@ -98,19 +68,7 @@ services: - ./_data/xmpp/3/conf:/var/lib/openfire/conf - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh - command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.30 - extra_hosts: - - "xmpp1.localhost.example:172.60.0.10" - - "conference.xmpp1.localhost.example:172.60.0.10" - - "xmpp2.localhost.example:172.60.0.20" - - "conference.xmpp2.localhost.example:172.60.0.20" - - "xmpp3.localhost.example:172.60.0.30" - - "conference.xmpp3.localhost.example:172.60.0.30" - - "otherxmpp.localhost.example:172.60.0.110" - - "conference.otherxmpp.localhost.example:172.60.0.110" + command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh", "-Dhazelcast.prefer.ipv4.stack=${PREFER_IPV4}"] otherdb: image: library/postgres:9.6.24-alpine @@ -122,10 +80,7 @@ services: - "POSTGRES_PASSWORD=hunter2" volumes: - ./sql/otherdomain:/docker-entrypoint-initdb.d - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.111 - + otherxmpp: image: "openfire:${OPENFIRE_TAG}" ports: @@ -141,26 +96,10 @@ services: - ./_data/plugins_for_otherdomain:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh command: ["/wait-for-it.sh", "-s", "otherdb:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-clustered-net: - ipv4_address: 172.60.0.110 - extra_hosts: - - "xmpp.localhost.example:172.60.0.99" - - "conference.xmpp.localhost.example:172.60.0.99" - - "otherxmpp.localhost.example:172.60.0.110" - - "conference.otherxmpp.localhost.example:172.60.0.110" - + dozzle: image: amir20/dozzle:latest volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - 9999:8080 - -networks: - openfire-clustered-net: - driver: bridge - ipam: - driver: default - config: - - subnet: 172.60.0.0/24 diff --git a/cluster_with_federation/docker-compose-network-dualstack.yml b/cluster_with_federation/docker-compose-network-dualstack.yml new file mode 100644 index 0000000..7a1c52f --- /dev/null +++ b/cluster_with_federation/docker-compose-network-dualstack.yml @@ -0,0 +1,85 @@ +services: + + db: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.11 + ipv6_address: fd23:d79:d076::11 + + lb: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.99 + ipv6_address: fd23:d79:d076::99 + + xmpp1: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.10 + ipv6_address: fd23:d79:d076::10 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=fd23:d79:d076::20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + - "xmpp3.localhost.example=fd23:d79:d076::30" + - "conference.xmpp3.localhost.example=fd23:d79:d076::30" + - "otherxmpp.localhost.example=fd23:d79:d076::110" + - "conference.otherxmpp.localhost.example=fd23:d79:d076::110" + + xmpp2: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.20 + ipv6_address: fd23:d79:d076::20 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=fd23:d79:d076::20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + - "xmpp3.localhost.example=fd23:d79:d076::30" + - "conference.xmpp3.localhost.example=fd23:d79:d076::30" + - "otherxmpp.localhost.example=fd23:d79:d076::110" + - "conference.otherxmpp.localhost.example=fd23:d79:d076::110" + + xmpp3: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.30 + ipv6_address: fd23:d79:d076::30 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=fd23:d79:d076::20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + - "xmpp3.localhost.example=fd23:d79:d076::30" + - "conference.xmpp3.localhost.example=fd23:d79:d076::30" + - "otherxmpp.localhost.example=fd23:d79:d076::110" + - "conference.otherxmpp.localhost.example=fd23:d79:d076::110" + + otherdb: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.111 + ipv6_address: fd23:d79:d076::111 + + otherxmpp: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.110 + ipv6_address: fd23:d79:d076::110 + extra_hosts: + - "xmpp.localhost.example=fd23:d79:d076::99" + - "conference.xmpp.localhost.example=fd23:d79:d076::99" + - "otherxmpp.localhost.example=fd23:d79:d076::110" + - "conference.otherxmpp.localhost.example=fd23:d79:d076::110" + +networks: + openfire-clustered-net: + driver: bridge + enable_ipv6: true + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 + - subnet: fd23:0d79:d076::/64 diff --git a/cluster_with_federation/docker-compose-network-ipv4-only.yml b/cluster_with_federation/docker-compose-network-ipv4-only.yml new file mode 100644 index 0000000..1a29fe6 --- /dev/null +++ b/cluster_with_federation/docker-compose-network-ipv4-only.yml @@ -0,0 +1,76 @@ +services: + + db: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.11 + + lb: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.99 + + xmpp1: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.10 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp1.localhost.example=172.60.0.10" + - "xmpp2.localhost.example=172.60.0.20" + - "conference.xmpp2.localhost.example=172.60.0.20" + - "xmpp3.localhost.example=172.60.0.30" + - "conference.xmpp3.localhost.example=172.60.0.30" + - "otherxmpp.localhost.example=172.60.0.110" + - "conference.otherxmpp.localhost.example=172.60.0.110" + + xmpp2: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.20 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp1.localhost.example=172.60.0.10" + - "xmpp2.localhost.example=172.60.0.20" + - "conference.xmpp2.localhost.example=172.60.0.20" + - "xmpp3.localhost.example=172.60.0.30" + - "conference.xmpp3.localhost.example=172.60.0.30" + - "otherxmpp.localhost.example=172.60.0.110" + - "conference.otherxmpp.localhost.example=172.60.0.110" + + xmpp3: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.30 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp1.localhost.example=172.60.0.10" + - "xmpp2.localhost.example=172.60.0.20" + - "conference.xmpp2.localhost.example=172.60.0.20" + - "xmpp3.localhost.example=172.60.0.30" + - "conference.xmpp3.localhost.example=172.60.0.30" + - "otherxmpp.localhost.example=172.60.0.110" + - "conference.otherxmpp.localhost.example=172.60.0.110" + + otherdb: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.111 + + otherxmpp: + networks: + openfire-clustered-net: + ipv4_address: 172.60.0.110 + extra_hosts: + - "xmpp.localhost.example=172.60.0.99" + - "conference.xmpp.localhost.example=172.60.0.99" + - "otherxmpp.localhost.example=172.60.0.110" + - "conference.otherxmpp.localhost.example=172.60.0.110" + +networks: + openfire-clustered-net: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 diff --git a/cluster_with_federation/nginx/nginx.conf b/cluster_with_federation/nginx/nginx.conf index d7e8db5..8ce1cdc 100644 --- a/cluster_with_federation/nginx/nginx.conf +++ b/cluster_with_federation/nginx/nginx.conf @@ -5,6 +5,9 @@ stream { server 172.60.0.10:5222; server 172.60.0.20:5222; server 172.60.0.30:5222; + fd23:d79:d076::10:5222; + fd23:d79:d076::20:5222; + fd23:d79:d076::30:5222; } server { listen 55222; @@ -18,6 +21,9 @@ stream { server 172.60.0.10:7070; server 172.60.0.20:7070; server 172.60.0.30:7070; + fd23:d79:d076::10:7070; + fd23:d79:d076::20:7070; + fd23:d79:d076::30:7070; } server { listen 57070; @@ -31,6 +37,9 @@ stream { server 172.60.0.10:7443; server 172.60.0.20:7443; server 172.60.0.30:7443; + fd23:d79:d076::10:7443; + fd23:d79:d076::20:7443; + fd23:d79:d076::30:7443; } server { listen 57443; @@ -44,6 +53,9 @@ stream { server 172.60.0.10:5269; server 172.60.0.20:5269; server 172.60.0.30:5269; + fd23:d79:d076::10:5269; + fd23:d79:d076::20:5269; + fd23:d79:d076::30:5269; } server { listen 5269; @@ -57,6 +69,9 @@ stream { server 172.60.0.10:5270; server 172.60.0.20:5270; server 172.60.0.30:5270; + fd23:d79:d076::10:5270; + fd23:d79:d076::20:5270; + fd23:d79:d076::30:5270; } server { listen 5270; diff --git a/cluster_with_federation/start.sh b/cluster_with_federation/start.sh index 4122023..e114136 100755 --- a/cluster_with_federation/start.sh +++ b/cluster_with_federation/start.sh @@ -1,21 +1,27 @@ #!/bin/bash -usage() { echo "Usage: $0 [-n openfire-tag] [-h] +usage() { echo "Usage: $0 [-n openfire-tag] [-6] [-h] -n openfire-tag Launches all Openfire instances with the specified tag. This overrides the value in .env + -6 Replace standard IPv4-based bridge networking with IPv6. -h Show this helpful information "; exit 0; } PROJECT="openfire" -COMPOSE_FILE_COMMAND=("docker-compose") +COMPOSE_FILE_COMMAND=("docker" "compose") COMPOSE_FILE_COMMAND+=("--env-file" "../_common/.env") COMPOSE_FILE_COMMAND+=("--project-name" "$PROJECT") +NETWORK_COMPOSE_FILE="docker-compose-network-ipv4-only.yml" +PREFER_IPV4="true" + # Where is this script? It could be called from anywhere, so use this to get full paths. SCRIPTPATH="$( cd "$(dirname "$0")"; pwd -P )" source "$SCRIPTPATH/../_common/functions.sh" -while getopts n:h o; do +check_deps + +while getopts n:6h o; do case "$o" in n) if [[ $OPTARG =~ " " ]]; then @@ -25,7 +31,12 @@ while getopts n:h o; do echo "Using Openfire tag: $OPTARG" export OPENFIRE_TAG="$OPTARG" ;; - h) + 6) + echo "Using IPv6" + NETWORK_COMPOSE_FILE="docker-compose-network-dualstack.yml" + PREFER_IPV4="false" + ;; + h) usage ;; *) @@ -34,8 +45,11 @@ while getopts n:h o; do esac done +export PREFER_IPV4 + echo "Starting a clustered environment." COMPOSE_FILE_COMMAND+=("-f" "docker-compose-clustered.yml") +COMPOSE_FILE_COMMAND+=("-f" "$NETWORK_COMPOSE_FILE") pushd "$SCRIPTPATH" @@ -43,8 +57,8 @@ pushd "$SCRIPTPATH" "${COMPOSE_FILE_COMMAND[@]}" pull --ignore-pull-failures # Clean up temporary persistence data -if ! rm -rf _data; then - echo "ERROR: Failed to delete _data directory. Try with sudo, then re-run." && popd && exit 1 +if ! rm -rf _data; then + echo "ERROR: Failed to delete the _data directory. Try with sudo, then re-run." && popd && exit 1 fi mkdir _data cp -r xmpp _data/ diff --git a/cluster_with_federation/xmpp/1/conf/hazelcast-local-config.xml b/cluster_with_federation/xmpp/1/conf/hazelcast-local-config.xml index 4542d2c..0db4f86 100644 --- a/cluster_with_federation/xmpp/1/conf/hazelcast-local-config.xml +++ b/cluster_with_federation/xmpp/1/conf/hazelcast-local-config.xml @@ -8,30 +8,34 @@ 0 - + + + - - 10.10.1.* + + 172.60.0.10 + fd23:d79:d076:0:0:0:0:10 diff --git a/cluster_with_federation/xmpp/2/conf/hazelcast-local-config.xml b/cluster_with_federation/xmpp/2/conf/hazelcast-local-config.xml index 4542d2c..2515dce 100644 --- a/cluster_with_federation/xmpp/2/conf/hazelcast-local-config.xml +++ b/cluster_with_federation/xmpp/2/conf/hazelcast-local-config.xml @@ -8,30 +8,34 @@ 0 - + + + - - 10.10.1.* + + fd23:d79:d076:0:0:0:0:20 + 172.60.0.20 diff --git a/cluster_with_federation/xmpp/3/conf/hazelcast-local-config.xml b/cluster_with_federation/xmpp/3/conf/hazelcast-local-config.xml index 4542d2c..4ec7de4 100644 --- a/cluster_with_federation/xmpp/3/conf/hazelcast-local-config.xml +++ b/cluster_with_federation/xmpp/3/conf/hazelcast-local-config.xml @@ -8,30 +8,34 @@ 0 - + + + - - 10.10.1.* + + fd23:d79:d076:0:0:0:0:30 + 172.60.0.30 diff --git a/federation/README.md b/federation/README.md index e2788a1..5eadafd 100644 --- a/federation/README.md +++ b/federation/README.md @@ -52,6 +52,35 @@ XMPP 2 hosts the following MUC rooms: The Docker compose file defines a custom bridge network with a single subnet of `172.50.0.0/24` +When the `-6` argument to `./start.sh` is provided, then an additional subnet of `fd23:0d79:d076::/64` is configured. +Then, IPv6 is preferred for internal networking. Note that the IPv4 network remains in place, as Docker does not support +IPv6-only containers. + +When running with the optional `-6` flag (that adds IPv6 support) the system looks like this: + +``` + +---------------------------------------------+ + | [fd23:d79:d076::10] [fd23:d79:d076::20] | + | 172.50.0.10 172.50.0.20 | + | +--------+ +--------+ | +(XMPP-C2S) 5221 -| | | | | |- 5222 (XMPP-C2S) +(XMPP-S2S) 5261 -|------| XMPP 1 +============+ XMPP 2 |-------|- 5262 (XMPP-S2S) +(HTTP-Admin) 9091 -| | | | | |- 9092 (HTTP-Admin) +(BOSH) 7071/7441 -| +----+---+ +----+---+ |- 7072/7442 (BOSH) + | | | | + | | | | + | +---+--+ +--+---+ | + | | | | | | +(Database) 5431 -|-------| DB 1 | | DB 2 |-------|- 5432 (Database) + | | | | | | + | +------+ +------+ | + | 172.50.0.11 172.50.0.21 | + | [fd23:d79:d076::11] [fd23:d79:d076::21] | + | | + +----------------172.50.0.0/24----------------+ + fd23:0d79:d076::/64 +``` + ### Removing a node from the network To remove a node from the network run the following command: @@ -93,15 +122,15 @@ The convention I have followed is to increment the IP addresses by 10 and the po For `xmpp1` -* Openfire IP: `172.50.0.10` -* DB IP: `172.50.0.11` +* Openfire IP: `172.50.0.10` / `fd23:d79:d076::10` +* DB IP: `172.50.0.11` / `fd23:d79:d076::11` * XMPP port: `5221` * Admin port: `9091` For `xmpp2` -* Openfire IP: `172.50.0.20` -* DB IP: `172.50.0.21` +* Openfire IP: `172.50.0.20` / `fd23:d79:d076::20` +* DB IP: `172.50.0.21` / `fd23:d79:d076::21` * XMPP port: `5222` * Admin port: `9092` @@ -117,6 +146,7 @@ db3: networks: openfire-federated-net: ipv4_address: 172.50.0.31 + ipv6_address: fd23:d79:d076::31 xmpp3: image: openfire:latest @@ -128,14 +158,17 @@ xmpp3: networks: openfire-federated-net: ipv4_address: 172.50.0.30 + ipv6_address: fd23:d79:d076::30 networks: openfire-federated-net: driver: bridge + enable_ipv6: true ipam: driver: default config: - subnet: 172.50.0.0/24 + - subnet: fd23:0d79:d076::/64 ``` Run this with the `start.sh`. Once running navigate to `http://localhost:9093` and manually configure the Openfire server. @@ -192,3 +225,43 @@ xmpp3: ... ``` + +Add the IPv4-only network definition in `docker-compose-federated-ipv4-only.yml`: + +``` +... + +db3: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.31 + +xmpp3: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.30 +... + +``` + +Add the dual-stack network definition in `docker-compose-federated-dualstack.yml` (note that this also includes IPv4 config): + +``` +... + +db3: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.31 + ipv6_address: fd23:d79:d076::31 + +xmpp3: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.30 + ipv6_address: fd23:d79:d076::30 +... + +``` + +Lastly, add the new host in all `extra_hosts` configuration blocks. \ No newline at end of file diff --git a/federation/docker-compose-federated.yml b/federation/docker-compose-federated.yml index 549f209..0c8e9ec 100644 --- a/federation/docker-compose-federated.yml +++ b/federation/docker-compose-federated.yml @@ -12,9 +12,6 @@ services: - "POSTGRES_PASSWORD=hunter2" volumes: - ./sql/1:/docker-entrypoint-initdb.d - networks: - openfire-federated-net: - ipv4_address: 172.50.0.11 db2: image: library/postgres:9.6.24-alpine @@ -26,9 +23,6 @@ services: - "POSTGRES_PASSWORD=hunter2" volumes: - ./sql/2:/docker-entrypoint-initdb.d - networks: - openfire-federated-net: - ipv4_address: 172.50.0.21 xmpp1: image: "openfire:${OPENFIRE_TAG}" @@ -45,14 +39,6 @@ services: - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh command: ["/wait-for-it.sh", "-s", "db1:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-federated-net: - ipv4_address: 172.50.0.10 - extra_hosts: - - "xmpp1.localhost.example:172.50.0.10" - - "conference.xmpp1.localhost.example:172.50.0.10" - - "xmpp2.localhost.example:172.50.0.20" - - "conference.xmpp2.localhost.example:172.50.0.20" xmpp2: image: "openfire:${OPENFIRE_TAG}" @@ -69,27 +55,10 @@ services: - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh command: ["/wait-for-it.sh", "-s", "db2:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-federated-net: - ipv4_address: 172.50.0.20 - extra_hosts: - - "xmpp1.localhost.example:172.50.0.10" - - "conference.xmpp1.localhost.example:172.50.0.10" - - "xmpp2.localhost.example:172.50.0.20" - - "conference.xmpp2.localhost.example:172.50.0.20" - + dozzle: image: amir20/dozzle:latest volumes: - /var/run/docker.sock:/var/run/docker.sock ports: - 9999:8080 - -networks: - openfire-federated-net: - driver: bridge - ipam: - driver: default - config: - - subnet: 172.50.0.0/24 - diff --git a/federation/docker-compose-network-dualstack.yml b/federation/docker-compose-network-dualstack.yml new file mode 100644 index 0000000..03856d9 --- /dev/null +++ b/federation/docker-compose-network-dualstack.yml @@ -0,0 +1,45 @@ +services: + + db1: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.11 + ipv6_address: fd23:d79:d076::11 + + db2: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.21 + ipv6_address: fd23:d79:d076::21 + + xmpp1: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.10 + ipv6_address: fd23:d79:d076::10 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=fd23:d79:d076::20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + + xmpp2: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.20 + ipv6_address: fd23:d79:d076::20 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + - "xmpp2.localhost.example=fd23:d79:d076::20" + - "conference.xmpp2.localhost.example=fd23:d79:d076::20" + +networks: + openfire-federated-net: + driver: bridge + enable_ipv6: true + ipam: + driver: default + config: + - subnet: 172.50.0.0/24 + - subnet: fd23:0d79:d076::/64 diff --git a/federation/docker-compose-network-ipv4-only.yml b/federation/docker-compose-network-ipv4-only.yml new file mode 100644 index 0000000..fc4d2aa --- /dev/null +++ b/federation/docker-compose-network-ipv4-only.yml @@ -0,0 +1,40 @@ +services: + + db1: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.11 + + db2: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.21 + + xmpp1: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.10 + extra_hosts: + - "xmpp1.localhost.example:172.50.0.10" + - "conference.xmpp1.localhost.example:172.50.0.10" + - "xmpp2.localhost.example:172.50.0.20" + - "conference.xmpp2.localhost.example:172.50.0.20" + + xmpp2: + networks: + openfire-federated-net: + ipv4_address: 172.50.0.20 + extra_hosts: + - "xmpp1.localhost.example:172.50.0.10" + - "conference.xmpp1.localhost.example:172.50.0.10" + - "xmpp2.localhost.example:172.50.0.20" + - "conference.xmpp2.localhost.example:172.50.0.20" + +networks: + openfire-federated-net: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.50.0.0/24 + diff --git a/federation/start.sh b/federation/start.sh index 676e97d..607cd04 100755 --- a/federation/start.sh +++ b/federation/start.sh @@ -1,7 +1,8 @@ #!/bin/bash -usage() { echo "Usage: $0 [-n openfire-tag] [-h] +usage() { echo "Usage: $0 [-n openfire-tag] [-6] [-h] -n openfire-tag Launches all Openfire instances with the specified tag. This overrides the value in .env + -6 Replace standard IPv4-based bridge networking with IPv6. -h Show this helpful information "; exit 0; } @@ -10,12 +11,16 @@ COMPOSE_FILE_COMMAND=("docker" "compose") COMPOSE_FILE_COMMAND+=("--env-file" "../_common/.env") COMPOSE_FILE_COMMAND+=("--project-name" "$PROJECT") +NETWORK_COMPOSE_FILE="docker-compose-network-ipv4-only.yml" + # Where is this script? It could be called from anywhere, so use this to get full paths. SCRIPTPATH="$( cd "$(dirname "$0")"; pwd -P )" source "$SCRIPTPATH/../_common/functions.sh" -while getopts n:h o; do +check_deps + +while getopts n:6h o; do case "$o" in n) if [[ $OPTARG =~ " " ]]; then @@ -25,7 +30,11 @@ while getopts n:h o; do echo "Using Openfire tag: $OPTARG" export OPENFIRE_TAG="$OPTARG" ;; - h) + 6) + echo "Using IPv6" + NETWORK_COMPOSE_FILE="docker-compose-network-dualstack.yml" + ;; + h) usage ;; *) @@ -36,6 +45,7 @@ done echo "Starting a federated environment." COMPOSE_FILE_COMMAND+=("-f" "docker-compose-federated.yml") +COMPOSE_FILE_COMMAND+=("-f" "$NETWORK_COMPOSE_FILE") pushd "$SCRIPTPATH" @@ -43,8 +53,8 @@ pushd "$SCRIPTPATH" "${COMPOSE_FILE_COMMAND[@]}" pull --ignore-pull-failures # Clean up temporary persistence data -if ! rm -rf _data; then - echo "ERROR: Failed to delete the data directory. Try with sudo, then re-run." && popd && exit 1 +if ! rm -rf _data; then + echo "ERROR: Failed to delete the _data directory. Try with sudo, then re-run." && popd && exit 1 fi mkdir _data cp -r xmpp _data/ diff --git a/proxy/README.md b/proxy/README.md index cbe549e..0bacdd6 100644 --- a/proxy/README.md +++ b/proxy/README.md @@ -54,3 +54,42 @@ The following MUC rooms are configured: ## Network The Docker compose file defines a custom bridge network with a single subnet of `172.60.0.0/24`. + +When the `-6` argument to `./start.sh` is provided, then an additional subnet of `fd23:0d79:d076::/64` is configured. +Then, IPv6 is preferred for internal networking. Note that the IPv4 network remains in place, as Docker does not support +IPv6-only containers. + +When running with the optional `-6` flag (that adds IPv6 support) the system looks like this: + +``` + +--------------------------+ + | | + | [fd23:d79:d076::99] | + | 172.60.0.99 | + | +--------+ | +(XMPP-C2S) 55222 -| | | | +(XMPP-S2S) 55269 -|------| Nginx + | +(HTTP-Admin) 59090 -| | | | +(BOSH) 57070 -| +----+---+ | + | | | + | | | + | [fd23:d79:d076::10] | + | 172.60.0.10 | + | +--------+ | +(XMPP-C2S) 5222 -| | | | +(XMPP-S2S) 5269 -|------| XMPP 1 + | +(HTTP-Admin) 9090 -| | | | +(BOSH) 7070 -| +----+---+ | + | | | + | | | + | +---+--+ | + | | | | +(Database) 5432 -|-------| DB + | + | | | | + | +------+ | + | 172.60.0.11 | + | [fd23:d79:d076::11] | + | | + +-----172.60.0.0/24--------+ + fd23:0d79:d076::/64 +``` \ No newline at end of file diff --git a/proxy/docker-compose-network-dualstack.yml b/proxy/docker-compose-network-dualstack.yml new file mode 100644 index 0000000..235f04c --- /dev/null +++ b/proxy/docker-compose-network-dualstack.yml @@ -0,0 +1,32 @@ +services: + + db: + networks: + openfire-net: + ipv4_address: 172.60.0.11 + ipv6_address: fd23:d79:d076::11 + + proxy: + networks: + openfire-net: + ipv4_address: 172.60.0.99 + ipv6_address: fd23:d79:d076::99 + + xmpp: + networks: + openfire-net: + ipv4_address: 172.60.0.10 + ipv6_address: fd23:d79:d076::10 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp1.localhost.example=fd23:d79:d076::10" + +networks: + openfire-net: + driver: bridge + enable_ipv6: true + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 + - subnet: fd23:0d79:d076::/64 diff --git a/proxy/docker-compose-network-ipv4-only.yml b/proxy/docker-compose-network-ipv4-only.yml new file mode 100644 index 0000000..f2a0c9d --- /dev/null +++ b/proxy/docker-compose-network-ipv4-only.yml @@ -0,0 +1,27 @@ +services: + + db: + networks: + openfire-net: + ipv4_address: 172.60.0.11 + + proxy: + networks: + openfire-net: + ipv4_address: 172.60.0.99 + + xmpp: + networks: + openfire-net: + ipv4_address: 172.60.0.10 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp1.localhost.example=172.60.0.10" + +networks: + openfire-net: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 \ No newline at end of file diff --git a/proxy/docker-compose.yml b/proxy/docker-compose.yml index 9a239fd..a32ab26 100644 --- a/proxy/docker-compose.yml +++ b/proxy/docker-compose.yml @@ -12,9 +12,6 @@ services: - "POSTGRES_PASSWORD=hunter2" volumes: - ./sql:/docker-entrypoint-initdb.d - networks: - openfire-net: - ipv4_address: 172.60.0.11 proxy: image: nginx:stable @@ -27,9 +24,6 @@ services: - "59090:59090" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf - networks: - openfire-net: - ipv4_address: 172.60.0.99 xmpp: image: "openfire:${OPENFIRE_TAG}" @@ -46,12 +40,6 @@ services: - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-net: - ipv4_address: 172.60.0.10 - extra_hosts: - - "xmpp1.localhost.example:172.60.0.10" - - "conference.xmpp1.localhost.example:172.60.0.10" dozzle: image: amir20/dozzle:latest @@ -59,11 +47,3 @@ services: - /var/run/docker.sock:/var/run/docker.sock ports: - 9999:8080 - -networks: - openfire-net: - driver: bridge - ipam: - driver: default - config: - - subnet: 172.60.0.0/24 diff --git a/proxy/nginx/nginx.conf b/proxy/nginx/nginx.conf index 8eadbf8..5fe7e1c 100644 --- a/proxy/nginx/nginx.conf +++ b/proxy/nginx/nginx.conf @@ -3,55 +3,60 @@ stream { upstream xmpp { server 172.60.0.10:5222; + fd23:d79:d076::10:5222; } server { listen 55222; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 12h; # Set this lower to be more flappy proxy_pass xmpp; } upstream bosh { server 172.60.0.10:7070; + fd23:d79:d076::10:7070; } server { listen 57070; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 12h; # Set this lower to be more flappy proxy_pass bosh; } upstream boshs { server 172.60.0.10:7443; + fd23:d79:d076::10:7443; } server { listen 57443; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 30s; proxy_pass boshs; } upstream s2s { server 172.60.0.10:5269; + fd23:d79:d076::10:5269; } server { listen 55269; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 1m; proxy_pass s2s; } upstream s2slegacy { server 172.60.0.10:5270; + fd23:d79:d076::10:5270; } server { listen 55270; tcp_nodelay on; - proxy_connect_timeout 10s; + proxy_connect_timeout 10s; proxy_timeout 1m; proxy_pass s2slegacy; } diff --git a/proxy/start.sh b/proxy/start.sh index bc6ab9f..cec7d1a 100755 --- a/proxy/start.sh +++ b/proxy/start.sh @@ -1,7 +1,8 @@ #!/bin/bash -usage() { echo "Usage: $0 [-n openfire-tag] [-h] +usage() { echo "Usage: $0 [-n openfire-tag] [-6] [-h] -n openfire-tag Launches all Openfire instances with the specified tag. This overrides the value in .env + -6 Replace standard IPv4-based bridge networking with IPv6. -h Show this helpful information "; exit 0; } @@ -10,6 +11,8 @@ COMPOSE_FILE_COMMAND=("docker" "compose") COMPOSE_FILE_COMMAND+=("--env-file" "../_common/.env") COMPOSE_FILE_COMMAND+=("--project-name" "$PROJECT") +NETWORK_COMPOSE_FILE="docker-compose-network-ipv4-only.yml" + # Where is this script? It could be called from anywhere, so use this to get full paths. SCRIPTPATH="$( cd "$(dirname "$0")"; pwd -P )" @@ -17,7 +20,7 @@ source "$SCRIPTPATH/../_common/functions.sh" check_deps -while getopts n:h o; do +while getopts n:6h o; do case "$o" in n) if [[ $OPTARG =~ " " ]]; then @@ -27,7 +30,11 @@ while getopts n:h o; do echo "Using Openfire tag: $OPTARG" export OPENFIRE_TAG="$OPTARG" ;; - h) + 6) + echo "Using IPv6" + NETWORK_COMPOSE_FILE="docker-compose-network-dualstack.yml" + ;; + h) usage ;; *) @@ -38,6 +45,7 @@ done echo "Starting a simple environment." COMPOSE_FILE_COMMAND+=("-f" "docker-compose.yml") +COMPOSE_FILE_COMMAND+=("-f" "$NETWORK_COMPOSE_FILE") pushd "$SCRIPTPATH" @@ -46,7 +54,7 @@ pushd "$SCRIPTPATH" # Clean up temporary persistence data if ! rm -rf _data; then - echo "ERROR: Failed to delete _data directory. Try with sudo, then re-run." && popd && exit 1 + echo "ERROR: Failed to delete the _data directory. Try with sudo, then re-run." && popd && exit 1 fi mkdir _data cp -r xmpp _data/ diff --git a/simple/README.md b/simple/README.md index dcc871c..e395bf7 100644 --- a/simple/README.md +++ b/simple/README.md @@ -46,3 +46,33 @@ The following MUC rooms are configured: ## Network The Docker compose file defines a custom bridge network with a single subnet of `172.60.0.0/24`. + +When the `-6` argument to `./start.sh` is provided, then an additional subnet of `fd23:0d79:d076::/64` is configured. +Then, IPv6 is preferred for internal networking. Note that the IPv4 network remains in place, as Docker does not support +IPv6-only containers. + +When running with the optional `-6` flag (that adds IPv6 support) the system looks like this: + +``` + +--------------------------+ + | | + | [fd23:d79:d076::10] | + | 172.60.0.10 | + | +--------+ | +(XMPP-C2S) 5222 -| | | | +(XMPP-S2S) 5269 -|------| XMPP 1 + | +(HTTP-Admin) 9090 -| | | | +(BOSH) 7070 -| +----+---+ | + | | | + | | | + | +---+--+ | + | | | | +(Database) 5432 -|-------| DB + | + | | | | + | +------+ | + | 172.60.0.11 | + | [fd23:d79:d076::11] | + | | + +-----172.60.0.0/24--------+ + fd23:0d79:d076::/64 +``` \ No newline at end of file diff --git a/simple/docker-compose-network-dualstack.yml b/simple/docker-compose-network-dualstack.yml new file mode 100644 index 0000000..e0b2c7a --- /dev/null +++ b/simple/docker-compose-network-dualstack.yml @@ -0,0 +1,26 @@ +services: + + db: + networks: + openfire-net: + ipv4_address: 172.60.0.11 + ipv6_address: fd23:d79:d076::11 + + xmpp1: + networks: + openfire-net: + ipv4_address: 172.60.0.10 + ipv6_address: fd23:d79:d076::10 + extra_hosts: + - "xmpp1.localhost.example=fd23:d79:d076::10" + - "conference.xmpp.localhost.example=fd23:d79:d076::10" + +networks: + openfire-net: + driver: bridge + enable_ipv6: true + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 + - subnet: fd23:0d79:d076::/64 diff --git a/simple/docker-compose-network-ipv4-only.yml b/simple/docker-compose-network-ipv4-only.yml new file mode 100644 index 0000000..e6391b5 --- /dev/null +++ b/simple/docker-compose-network-ipv4-only.yml @@ -0,0 +1,22 @@ +services: + + db: + networks: + openfire-net: + ipv4_address: 172.60.0.11 + + xmpp1: + networks: + openfire-net: + ipv4_address: 172.60.0.10 + extra_hosts: + - "xmpp1.localhost.example=172.60.0.10" + - "conference.xmpp.localhost.example=172.60.0.10" + +networks: + openfire-net: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.60.0.0/24 \ No newline at end of file diff --git a/simple/docker-compose.yml b/simple/docker-compose.yml index 127ce5a..c850136 100644 --- a/simple/docker-compose.yml +++ b/simple/docker-compose.yml @@ -12,10 +12,7 @@ services: - "POSTGRES_PASSWORD=hunter2" volumes: - ./sql:/docker-entrypoint-initdb.d - networks: - openfire-net: - ipv4_address: 172.60.0.11 - + xmpp1: image: "openfire:${OPENFIRE_TAG}" ports: @@ -31,12 +28,6 @@ services: - ./_data/plugins:/opt/plugins - ../_common/wait-for-it.sh:/wait-for-it.sh command: ["/wait-for-it.sh", "-s", "db:5432", "--", "/sbin/entrypoint.sh"] - networks: - openfire-net: - ipv4_address: 172.60.0.10 - extra_hosts: - - "xmpp.localhost.example:172.60.0.10" - - "conference.xmpp.localhost.example:172.60.0.10" dozzle: image: amir20/dozzle:latest @@ -44,11 +35,3 @@ services: - /var/run/docker.sock:/var/run/docker.sock ports: - 9999:8080 - -networks: - openfire-net: - driver: bridge - ipam: - driver: default - config: - - subnet: 172.60.0.0/24 diff --git a/simple/start.sh b/simple/start.sh index bc6ab9f..cec7d1a 100755 --- a/simple/start.sh +++ b/simple/start.sh @@ -1,7 +1,8 @@ #!/bin/bash -usage() { echo "Usage: $0 [-n openfire-tag] [-h] +usage() { echo "Usage: $0 [-n openfire-tag] [-6] [-h] -n openfire-tag Launches all Openfire instances with the specified tag. This overrides the value in .env + -6 Replace standard IPv4-based bridge networking with IPv6. -h Show this helpful information "; exit 0; } @@ -10,6 +11,8 @@ COMPOSE_FILE_COMMAND=("docker" "compose") COMPOSE_FILE_COMMAND+=("--env-file" "../_common/.env") COMPOSE_FILE_COMMAND+=("--project-name" "$PROJECT") +NETWORK_COMPOSE_FILE="docker-compose-network-ipv4-only.yml" + # Where is this script? It could be called from anywhere, so use this to get full paths. SCRIPTPATH="$( cd "$(dirname "$0")"; pwd -P )" @@ -17,7 +20,7 @@ source "$SCRIPTPATH/../_common/functions.sh" check_deps -while getopts n:h o; do +while getopts n:6h o; do case "$o" in n) if [[ $OPTARG =~ " " ]]; then @@ -27,7 +30,11 @@ while getopts n:h o; do echo "Using Openfire tag: $OPTARG" export OPENFIRE_TAG="$OPTARG" ;; - h) + 6) + echo "Using IPv6" + NETWORK_COMPOSE_FILE="docker-compose-network-dualstack.yml" + ;; + h) usage ;; *) @@ -38,6 +45,7 @@ done echo "Starting a simple environment." COMPOSE_FILE_COMMAND+=("-f" "docker-compose.yml") +COMPOSE_FILE_COMMAND+=("-f" "$NETWORK_COMPOSE_FILE") pushd "$SCRIPTPATH" @@ -46,7 +54,7 @@ pushd "$SCRIPTPATH" # Clean up temporary persistence data if ! rm -rf _data; then - echo "ERROR: Failed to delete _data directory. Try with sudo, then re-run." && popd && exit 1 + echo "ERROR: Failed to delete the _data directory. Try with sudo, then re-run." && popd && exit 1 fi mkdir _data cp -r xmpp _data/