Enable game server ip address allocation for macvlan driver.

[madpeteguy]

I'm not a Go programmer, please double check my code!

Issue (pterodactyl/panel#3865):
For macvlan driver default docker config assign first available ip.
Game servers get ip assigned in order of container creation.

Solution proposal:
Wings support only one docker network for each game server.
To assign correct IP default allocation could be used.
Allocations doesn't limit IPs at all, admin could set desired game server container ip and port by default allocation.

Risks:

• Potential ip conflicts, but hey who could make macvlan working with pterodactyl without docker networking knowledge?

[madpeteguy]

I just rebased to the current develop and resolved the conflict.

[madpeteguy]

Made some tests, this PR needs more love:

• Create server container with custom macvlan IP - OK
• Restart server container with custom macvlan IP - TBD

[madpeteguy]

Brief

Changes only affect the Server and Server Installer on Wings with configuration Docker.Network.Driver=macvlan.
Servers do not need reinstallation, but allocations must be configured properly (separate IP Addresses).
By default Pterodactyl allocations with macvlan are useless becouse of random IPs, with this fix they won't work as they did before.
Configuration with macvlan might be considered as advanced, requires knowledge of docker networking and network security.
But if someone is configuring Pterodactyl the more difficult way, I assume he have the right knowledge.

For those who do not want to wait for the merge (which may never happen), I provide the build and source I use:
https://github.com/madpeteguy/wings/pkgs/container/wings
Pterodactyl is a project in my home lab, so I don't guarantee quick updates, I'd rather have the changes pulled into the official release.

Tested cases:

• Run/Restart server - Allocations.DefaultMapping.Ip is always assigned to Docker Server Container as expected.
• Reinstall server - Allocations.DefaultMapping.Ip is assigned to Installer Container as expected.

Example configuration:

Examples use Cloudflare DNS (1.1.1.1, 1.0.0.1), if you use own servers with local domains change them to your own.

Additional Wing compose configuration (docker-compose.yml)

networks:
  services_net: # external macvlan network definition
    external: true
    name: "mvl115"

services:
  wings:
    image: ghcr.io/madpeteguy/wings:v1.7.2_mvl # My own build based on pterodactyl/wings:v1.7.2 with proposed fix
    networks:
      services_net: # uses external network only
        ipv4_address: 192.168.115.152 # IP for Wings container (not for servers)
      # remove other networks
    dns: # dns config to have internet on macvlan only container
      - 1.1.1.1
      - 1.0.0.1

Additional Wing configuration (/etc/pterodactyl/config.yml)

docker:
  network:
    interface: 192.168.115.1 # Not sure if that is correct or what it's for, on my setup it is network router interface.
    dns: # Required for docker macvlans as they do not get configs from dhcp
    - 1.1.1.1
    - 1.0.0.1
    name: mvl115 # Docker macvlan network name (must be created before use, haven't tested if wings will make valid network)
    driver: macvlan # driver that this fix is all about
    network_mode: mvl115 # I do not remember why it is set to network name :/
    is_internal: false # network must exist so it is not internal
    interfaces:
      v4:
        subnet: 192.168.115.0/24
        gateway: 192.168.115.1 # Set on container interface as gateway

Panel config

I will not describe how to connect the Panel to the Wings.
In short, my configuration exposes Panel and Wings via Nginx reverse proxy.
Communication between Panel and Wings goes trough that proxy, nothing is connecting directly.

Allocation

1. IP Address from Default Allocation will be used as container IP Address.
2. Each game server must have its own IP Address.
   Nothing will check for conflicts, strange things can happen in network when IP conflict exists, so be carefull!
   If there are any Eggs built on multiple containers they might not work on macvlan with this fix.
3. No game server can exist on Wing or Panel IP, each server and docker container is a separate network client/device (thats what macvlan is for).
4. Once again be extreme carefull when assigning IP in network where wings will create serwers.
   On my own I have separate vlan only for pterodactyl and it servers, without dhcp, all clients have static IPs.
   Docker macvlan does not communicate with dhcp servers to obtain IP Address.
5. When allocation is made, make sure all ports for server are assigned to the same IP Address (multiple adresses per one server won't work)
6. To be honest i don't think that ports allocation does anything for macvlan.
   If Egg uses allocations to set game server configuration they may be configured as expected, otherwise server IP will open default ports.
   Allocations on default Docker bridge networks might be solved by docker port mapping, which has no effect on macvlan.
   In such case Server container will expose default ports on assigned IP Address, instead of ones configured by allocations.
7. Container on macvlan exposes its all ports, it might be a high security issue.
   Do not expose full access to Server Container IP for public, use routing on your network to secure Servers, share only ports required by game server, again, that's how docker macvlan works.

Screenshots

Node allocations (all three Servers are accessible by assigned IP Addresses):

Cryofall Server allocation:

Running containers:

[Kieranwest]

@madpeteguy this is a wonderful write up. My Pterodactyl VMs just died recently and I'm looking to revisit this project and I'd really like to have everything nicely integrated into unRAID.
By the looks of things this wasn't merged into the main release which is sad news!
Do you know if this is still an issue in the main release?

[madpeteguy]

@Kieranwest Based on this PR and the low interest in mvl support, I think so. But I haven't updated since 1.10.3, So i cant tell for sure.