added new docker int folder

integrations/docker/README.md

@@ -0,0 +1,99 @@
+Docker + ZeroTier SDK
+====
+
+Welcome!
+
+Imagine a flat, encrypted, no-configuration LAN for all of your Docker containers. 
+
+This short tutorial will show you how to enable ZeroTier functionality for your Docker software container with little to no configuration. In this example we aim to build a Docker container with ZeroTier’s Network Container service bundled right in so that it’s effortless to hook any number of your services in the container up to your virtual network. Alternatively, you can check out a docker project directory [here](sdk/integrations/docker/docker_demo).
+
+
+**Step 1: Build ZeroTier shared library**
+
+`make shared_lib`, to see debug output, use `make shared_lib SDK_DEBUG=1`
+
+**Step 2: Build your Docker image**
+
+`docker build --tag=redis_test .`
+
+The example dockerfile below incorperates a few important elements:
+ 
+1) The ZeroTier service binaries
+2) Whatever ZeroTier identity keys you plan on using (if you don't already have keys you wish to use, fret not! A new identity will be generated automatically).
+3) The service we've chosen to use. In this case, redis.
+```
+FROM fedora:23
+# Install apps
+RUN yum -y update
+RUN yum -y install redis-3.0.4-1.fc23.x86_64
+RUN yum clean all
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD sdk_identity.public /var/lib/zerotier-one/identity.public
+ADD sdk_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+EXPOSE 9993/udp 6379/udp
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+# Install syscall intercept library
+ADD libztintercept.so /
+RUN cp libztintercept.so lib/libztintercept.so
+RUN ln -sf /lib/libztintercept.so /lib/libztintercept
+ADD zerotier-cli /
+Add zerotier-sdk-service /
+# Install test scripts
+ADD sdk_entrypoint.sh /sdk_entrypoint.sh
+RUN chmod -v +x /sdk_entrypoint.sh
+# Start ZeroTier-One
+CMD ["./sdk_entrypoint.sh"]
+```
+
+**Step 3: Start container**
+
+`docker run -d -it redis_test /bin/bash`
+
+**Step 4: From container, set up environment variables**
+
+Set our application pre-load with `export LD_PRELOAD=./libztintercept.so`. This dynamically loads our intercept library into your application which allows us to re-direct its network calls to our virtual network.
+
+Tell the ZeroTier Network Containers service which network to connect to with `export ZT_NC_NETWORK=/var/lib/zerotier-one/nc_XXXXXXXXXXXXXXXX`.
+
+**Step 5: Run your new ZeroTier-enabled service**
+
+At this point, simply run your application as you normally would. It will be automatically intercepted and linked to the ZeroTier service (and hence your virtual networks!)
+
+`/usr/bin/redis-server --port 6379`
+
+***
+**Additional info**
+If you'd like to know the IP address your service can be reached at on this particular virtual network, use the following:
+`zerotier-cli -D/var/lib/zerotier-one/nc_XXXXXXXXXXXXXXXX listnetworks`
+
+
+## Tests
+
+For info on testing the SDK, take a look at [docs/docker_linux_testing.md](docs/docker_linux_testing.md)
+
+
+## Installing in a Docker container (or any other container engine)
+
+If it's not immediately obvious, installation into a Docker container is easy. Just install `zerotier-sdk-service`, `libztintercept.so`, and `liblwip.so` into the container at an appropriate locations. We suggest putting it all in `/var/lib/zerotier-one` since this is the default ZeroTier home and will eliminate the need to supply a path to any of ZeroTier's services or utilities. Then, in your Docker container entry point script launch the service with *-d* to run it in the background, set the appropriate environment variables as described above, and launch your container's main application.
+
+The only bit of complexity is configuring which virtual network to join. ZeroTier's service automatically joins networks that have `.conf` files in `ZTHOME/networks.d` even if the `.conf` file is empty. So one way of doing this very easily is to add the following commands to your Dockerfile or container entry point script:
+
+    mkdir -p /var/lib/zerotier-one/networks.d
+    touch /var/lib/zerotier-one/networks.d/8056c2e21c000001.conf
+
+Replace 8056c2e21c000001 with the network ID of the network you want your container to automatically join. It's also a good idea in your container's entry point script to add a small loop to wait until the container's instance of ZeroTier generates an identity and comes online. This could be something like:
+
+    /var/lib/zerotier-one/zerotier-sdk-service -d
+    while [ ! -f /var/lib/zerotier-one/identity.secret ]; do
+      sleep 0.1
+    done
+    # zerotier-sdk-service is now running and has generated an identity
+
+(Be sure you don't bundle the identity into the container, otherwise every container will try to be the same device and they will "fight" over the device's address.)
+
+Now each new instance of your container will automatically join the specified network on startup. Authorizing the container on a private network still requires a manual authorization step either via the ZeroTier Central web UI or the API. We're working on some ideas to automate this via bearer token auth or similar since doing this manually or with scripts for large deployments is tedious.

integrations/docker/_remove_all.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+# Delete all containers
+docker rm $(docker ps -a -q)
+# Delete all images
+docker rmi $(docker images -q)

integrations/docker/docker_demo/hello.lua

@@ -0,0 +1,3 @@
+local msg = "welcome to the machine!"
+redis.call("SET", "msg", msg)
+return redis.call("GET", "msg")

integrations/docker/docker_demo/monitor_dockerfile

@@ -0,0 +1,28 @@
+# ZT SDK Test Monitor
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+RUN yum -y install redis-3.0.4-1.fc23.x86_64
+
+EXPOSE 9993/udp
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD monitor_identity.public /var/lib/zerotier-one/identity.public
+ADD monitor_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+ADD hello.lua /
+
+ADD zerotier-one /
+ADD zerotier-cli /
+
+# Start ZeroTier-One
+ADD monitor_entrypoint.sh /monitor_entrypoint.sh
+RUN chmod -v +x /monitor_entrypoint.sh
+CMD ["./monitor_entrypoint.sh"]

integrations/docker/docker_demo/monitor_entrypoint.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+sdk_wait_time=60 # wait for test container to come online
+app_timeout_time=15 # app-specific timeout
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+fail=FAIL. # appended to result file in event of failure
+ok=OK. # appended to result file in event of success
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+
+# --- Network Config ---
+echo '*** ZeroTier SDK Test Monitor'
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-one -d -U -p9993 >>/tmp/zerotier-one.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+done
+echo '*** Starting Test...'
+echo '*** Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Sleeping for ('  "$sdk_wait_time"  's ) while we wait for the container to come online...'
+sleep "$sdk_wait_time"s
+ncvirtip=$(<$address_file)
+
+# --- Test section ---
+echo '*** Running lua script against redis host at' $ncvirtip
+redis-cli -h $ncvirtip EVAL "$(cat hello.lua)" 0 > redis_response.txt
+response_string=$(<redis_response.txt)
+
+
+if [[ $response_string == *"welcome to the machine!"* ]]
+then
+	echo 'REDIS RESPONSE OK'
+	touch "$file_path$ok$test_name.txt"
+	printf 'Test: redis-server responded!\n' >> "$file_path$ok$test_name.txt"
+else
+	echo 'REDIS RESPONSE FAIL'
+	touch "$file_path$fail$test_name.txt"
+	printf 'Test: redis server did NOT respond!\n' >> "$file_path$fail$test_name.txt"
+fi
+
+
+
+

integrations/docker/docker_demo/sdk_dockerfile

@@ -0,0 +1,36 @@
+# ZT SDK Test
+FROM fedora:23
+MAINTAINER https://www.zerotier.com/
+
+# Install apps
+RUN yum -y update
+RUN yum -y install redis-3.0.4-1.fc23.x86_64
+RUN yum clean all
+
+# Add ZT files
+RUN mkdir -p /var/lib/zerotier-one/networks.d
+ADD sdk_identity.public /var/lib/zerotier-one/identity.public
+ADD sdk_identity.secret /var/lib/zerotier-one/identity.secret
+ADD *.conf /var/lib/zerotier-one/networks.d/
+ADD *.conf /
+ADD *.name /
+
+EXPOSE 9993/udp 6379/udp
+
+# Install LWIP library used by service
+ADD liblwip.so /var/lib/zerotier-one/liblwip.so
+
+# Install syscall intercept library
+ADD libztintercept.so /
+RUN cp libztintercept.so lib/libztintercept.so
+RUN ln -sf /lib/libztintercept.so /lib/libzerotierintercept
+
+ADD zerotier-cli /
+Add zerotier-sdk-service /
+
+# Install test scripts
+ADD sdk_entrypoint.sh /sdk_entrypoint.sh
+RUN chmod -v +x /sdk_entrypoint.sh
+
+# Start ZeroTier-One
+CMD ["./sdk_entrypoint.sh"]

integrations/docker/docker_demo/sdk_entrypoint.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+export PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/
+
+# --- Test Parameters ---
+test_namefile=$(ls *.name)
+test_name="${test_namefile%.*}" # test network id
+nwconf=$(ls *.conf) # blank test network config file
+nwid="${nwconf%.*}" # test network id
+file_path=/opt/results/ # test result output file path (fs shared between host and containers)
+file_base="$test_name".txt # test result output file
+tmp_ext=.tmp # temporary filetype used for sharing test data between containers
+address_file="$file_path$test_name"_addr"$tmp_ext" # file shared between host and containers for sharing address (optional)
+
+# --- Network Config ---
+echo '*** ZeroTier SDK Test: ' "$test_name"
+chown -R daemon /var/lib/zerotier-one
+chgrp -R daemon /var/lib/zerotier-one
+su daemon -s /bin/bash -c '/zerotier-sdk-service -d -U -p9993 >>/tmp/zerotier-sdk-service.out 2>&1'
+virtip4=""
+while [ -z "$virtip4" ]; do
+	sleep 0.2
+	virtip4=`/zerotier-cli listnetworks | grep -F $nwid | cut -d ' ' -f 9 | sed 's/,/\n/g' | grep -F '.' | cut -d / -f 1`
+	dev=`/zerotier-cli listnetworks | grep -F "" | cut -d ' ' -f 8 | cut -d "_" -f 2 | sed "s/^<dev>//" | tr '\n' '\0'`
+done
+echo '*** Up and running at' $virtip4 ' on network: ' $nwid
+echo '*** Writing address to ' "$address_file"
+echo $virtip4 > "$address_file"
+
+# --- Test section ---
+echo '*** Starting application...'
+sleep 0.5
+
+export ZT_NC_NETWORK=/var/lib/zerotier-one/nc_"$dev"
+export LD_PRELOAD=./libztintercept.so
+/usr/bin/redis-server --port 6379

integrations/docker/docker_demo/start.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# Runs test image and monitor image as daemons
+test_name=${PWD##*/}
+echo 'Starting containers for: ' "$test_name"
+touch "$test_name".name
+test_container=$(docker run -d -it -v $PWD/_results:/opt/results --privileged --device=/dev/net/tun "$test_name":latest)
+monitor_container=$(docker run -d -it -v $PWD/_results:/opt/results --privileged --device=/dev/net/tun "$test_name"_monitor:latest)

integrations/docker/docker_demo/stop.sh

@@ -0,0 +1,3 @@
+docker stop $(docker ps -a -q)
+docker rm $test_container
+docker rm $monitor_container