Make proxy listen on /var/run/weave.sock

prog/weaveproxy/main.go

@@ -11,21 +11,21 @@ import (
 )
 
 var (
-	version           = "(unreleased version)"
-	defaultListenAddr = "tcp://0.0.0.0:12375"
+	version            = "(unreleased version)"
+	defaultListenAddrs = []string{"tcp://0.0.0.0:12375", "unix:///var/run/weave.sock"}
 )
 
 func main() {
 	var (
 		debug       bool
 		justVersion bool
-		c           = proxy.Config{ListenAddr: defaultListenAddr}
+		c           = proxy.Config{ListenAddrs: defaultListenAddrs}
 	)
 
 	c.Version = version
 	getopt.BoolVarLong(&debug, "debug", 'd', "log debugging information")
 	getopt.BoolVarLong(&justVersion, "version", 0, "print version and exit")
-	getopt.StringVar(&c.ListenAddr, 'H', fmt.Sprintf("address on which to listen (default %s)", defaultListenAddr))
+	getopt.ListVar(&c.ListenAddrs, 'H', fmt.Sprintf("address on which to listen (default %s)", defaultListenAddrs))
 	getopt.BoolVarLong(&c.NoDefaultIPAM, "no-default-ipam", 0, "do not automatically allocate addresses for containers without a WEAVE_CIDR")
 	getopt.StringVarLong(&c.TLSConfig.CACert, "tlscacert", 0, "Trust certs signed only by this CA")
 	getopt.StringVarLong(&c.TLSConfig.Cert, "tlscert", 0, "Path to TLS certificate file")
@@ -52,22 +52,10 @@ func main() {
 	Info.Println("weave proxy", version)
 	Info.Println("Command line arguments:", strings.Join(os.Args[1:], " "))
 
-	protoAddrParts := strings.SplitN(c.ListenAddr, "://", 2)
-	if len(protoAddrParts) == 2 {
-		if protoAddrParts[0] != "tcp" {
-			Error.Fatalf("Invalid protocol format: %q", protoAddrParts[0])
-		}
-		c.ListenAddr = protoAddrParts[1]
-	} else {
-		c.ListenAddr = protoAddrParts[0]
-	}
-
 	p, err := proxy.NewProxy(c)
 	if err != nil {
 		Error.Fatalf("Could not start proxy: %s", err)
 	}
 
-	if err := p.ListenAndServe(); err != nil {
-		Error.Fatalf("Could not listen on %s: %s", p.ListenAddr, err)
-	}
+	p.ListenAndServe()
 }

proxy/proxy.go

@@ -4,8 +4,10 @@ import (
 	"crypto/tls"
 	"net"
 	"net/http"
+	"os"
 	"regexp"
 	"strings"
+	"syscall"
 
 	"github.com/fsouza/go-dockerclient"
 	. "github.com/weaveworks/weave/common"
@@ -15,6 +17,8 @@ const (
 	defaultCaFile   = "ca.pem"
 	defaultKeyFile  = "key.pem"
 	defaultCertFile = "cert.pem"
+	dockerSock      = "/var/run/docker.sock"
+	dockerSockUnix  = "unix://" + dockerSock
 )
 
 var (
@@ -24,7 +28,7 @@ var (
 )
 
 type Config struct {
-	ListenAddr    string
+	ListenAddrs   []string
 	NoDefaultIPAM bool
 	TLSConfig     TLSConfig
 	Version       string
@@ -45,7 +49,7 @@ func NewProxy(c Config) (*Proxy, error) {
 		Error.Fatalf("Could not configure tls for proxy: %s", err)
 	}
 
-	client, err := docker.NewClient("unix:///var/run/docker.sock")
+	client, err := docker.NewClient(dockerSockUnix)
 	if err != nil {
 		return nil, err
 	}
@@ -63,7 +67,7 @@ func NewProxy(c Config) (*Proxy, error) {
 }
 
 func (proxy *Proxy) Dial() (net.Conn, error) {
-	return net.Dial("unix", "/var/run/docker.sock")
+	return net.Dial("unix", dockerSock)
 }
 
 func (proxy *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -83,18 +87,80 @@ func (proxy *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	proxy.Intercept(i, w, r)
 }
 
-func (proxy *Proxy) ListenAndServe() error {
-	listener, err := net.Listen("tcp", proxy.ListenAddr)
+func (proxy *Proxy) ListenAndServe() {
+	errs := make(chan error)
+	for _, addr := range proxy.ListenAddrs {
+		go func(addr string) {
+			errs <- proxy.listenAndServe(addr)
+		}(addr)
+	}
+	for range proxy.ListenAddrs {
+		err := <-errs
+		if err != nil {
+			Error.Fatalf("Could not listen: %s", err)
+		}
+	}
+}
+
+func copyOwnerAndPermissions(from, to string) error {
+	stat, err := os.Stat(from)
 	if err != nil {
 		return err
 	}
+	if err = os.Chmod(to, stat.Mode()); err != nil {
+		return err
+	}
+
+	moreStat, ok := stat.Sys().(*syscall.Stat_t)
+	if !ok {
+		return nil
+	}
+
+	if err = os.Chown(to, int(moreStat.Uid), int(moreStat.Gid)); err != nil {
+		return err
+	}
 
-	if proxy.TLSConfig.enabled() {
-		listener = tls.NewListener(listener, proxy.TLSConfig.Config)
+	return nil
+}
+
+func (proxy *Proxy) listenAndServe(addr string) error {
+	protoAddrParts := strings.SplitN(addr, "://", 2)
+	if len(protoAddrParts) != 2 {
+		Error.Fatalf("Invalid protocol format: %q", addr)
+		return nil
 	}
 
-	Info.Println("proxy listening on", proxy.ListenAddr)
+	var (
+		listener net.Listener
+		err      error
+	)
+
+	switch protoAddrParts[0] {
+	case "tcp":
+		listener, err = net.Listen(protoAddrParts[0], protoAddrParts[1])
+		if err != nil {
+			return err
+		}
+		if proxy.TLSConfig.enabled() {
+			listener = tls.NewListener(listener, proxy.TLSConfig.Config)
+		}
+
+	case "unix":
+		os.Remove(protoAddrParts[1]) // remove socket from last invocation
+		listener, err = net.Listen(protoAddrParts[0], protoAddrParts[1])
+		if err != nil {
+			return err
+		}
+		defer os.Remove(protoAddrParts[1])
+		if err = copyOwnerAndPermissions(dockerSock, protoAddrParts[1]); err != nil {
+			return err
+		}
+
+	default:
+		Error.Fatalf("Invalid protocol format: %q", protoAddrParts[0])
+	}
 
+	Info.Println("proxy listening on", addr)
 	return (&http.Server{Handler: proxy}).Serve(listener)
 }
 

weave

@@ -921,8 +921,8 @@ proxy_args() {
 }
 
 proxy_addr() {
-    if addr=$(docker logs $PROXY_CONTAINER_NAME 2>/dev/null | head -n3 | grep -oE "proxy listening on .*"); then
-      addr=${addr##* }
+    if addr=$(docker logs $PROXY_CONTAINER_NAME 2>/dev/null | grep -oE "proxy listening on .*" | head -n1); then
+      addr=${addr##* tcp://}
       host=${addr%:*}
       [ "$host" = "0.0.0.0" ] && host=$PROXY_HOST
       port=${addr#*:}
@@ -1090,7 +1090,7 @@ case "$COMMAND" in
         proxy_args "$@"
         PROXY_CONTAINER=$(docker run --privileged -d --name=$PROXY_CONTAINER_NAME --net=host \
             $PROXY_VOLUMES \
-            -v /var/run/docker.sock:/var/run/docker.sock \
+            -v /var/run:/var/run \
             -v /proc:/hostproc \
             -e PROCFS=/hostproc \
             -e WEAVE_CIDR=none \