def container_ip_remove(container_name, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_name: The name of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=container_id)
if address.version == 4:
nets = endpoint.ipv4_nets
else:
nets = endpoint.ipv6_nets
if not IPNetwork(address) in nets:
print "IP address is not assigned to container. Aborting."
sys.exit(1)
except KeyError:
print "Container is unknown to Calico."
sys.exit(1)
try:
nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
print "Error updating datastore. Aborting."
sys.exit(1)
try:
container_pid = info["State"]["Pid"]
netns.remove_ip_from_ns_veth(container_pid, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
sys.exit(1)
client.unassign_address(pool, ip)
print "IP %s removed from %s" % (ip, container_name)
def container_remove(container_id):
"""
Remove a container (on this host) from Calico networking.
The container may be left in a state without any working networking.
If there is a network adaptor in the host namespace used by the container
then it is removed.
:param container_id: The namespace path or the ID of the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# Resolve the name to ID.
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
workload_id = get_workload_id(container_id)
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Find the endpoint ID. We need this to find any ACL rules
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
print "Container %s doesn't contain any endpoints" % container_id
sys.exit(1)
# Remove any IP address assignments that this endpoint has
for net in endpoint.ipv4_nets | endpoint.ipv6_nets:
assert(net.size == 1)
ip = net.ip
pools = client.get_ip_pools(ip.version)
for pool in pools:
if ip in pool:
# Ignore failure to unassign address, since we're not
# enforcing assignments strictly in datastore.py.
client.unassign_address(pool, ip)
try:
# Remove the interface if it exists
netns.remove_veth(endpoint.name)
except CalledProcessError:
print "Could not remove Calico interface %s" % endpoint.name
sys.exit(1)
# Remove the container from the datastore.
client.remove_workload(hostname, orchestrator_id, workload_id)
print "Removed Calico interface from %s" % container_id
def container_remove(container_id):
"""
Remove a container (on this host) from Calico networking.
The container may be left in a state without any working networking.
If there is a network adaptor in the host namespace used by the container
then it is removed.
:param container_id: The namespace path or the ID of the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# Resolve the name to ID.
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
workload_id = get_workload_id(container_id)
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Find the endpoint ID. We need this to find any ACL rules
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
print "Container %s doesn't contain any endpoints" % container_id
sys.exit(1)
# Remove any IP address assignments that this endpoint has
for net in endpoint.ipv4_nets | endpoint.ipv6_nets:
assert (net.size == 1)
ip = net.ip
pools = client.get_ip_pools(ip.version)
for pool in pools:
if ip in pool:
# Ignore failure to unassign address, since we're not
# enforcing assignments strictly in datastore.py.
client.unassign_address(pool, ip)
try:
# Remove the interface if it exists
netns.remove_veth(endpoint.name)
except CalledProcessError:
print "Could not remove Calico interface %s" % endpoint.name
sys.exit(1)
# Remove the container from the datastore.
client.remove_workload(hostname, orchestrator_id, workload_id)
print "Removed Calico interface from %s" % container_id
def container_remove(container_name):
"""
Remove a container (on this host) from Calico networking.
The container may be left in a state without any working networking.
If there is a network adaptor in the host namespace used by the container
then it is removed.
:param container_name: The name or ID of the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# Resolve the name to ID.
workload_id = get_container_id(container_name)
# Find the endpoint ID. We need this to find any ACL rules
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=workload_id)
except KeyError:
print "Container %s doesn't contain any endpoints" % container_name
sys.exit(1)
# Remove any IP address assignments that this endpoint has
for net in endpoint.ipv4_nets | endpoint.ipv6_nets:
assert(net.size == 1)
ip = net.ip
pools = client.get_ip_pools(ip.version)
for pool in pools:
if ip in pool:
# Ignore failure to unassign address, since we're not
# enforcing assignments strictly in datastore.py.
client.unassign_address(pool, ip)
# Remove the endpoint
netns.remove_veth(endpoint.name)
# Remove the container from the datastore.
client.remove_workload(hostname, ORCHESTRATOR_ID, workload_id)
print "Removed Calico interface from %s" % container_name
def container_remove(container_name):
"""
Remove a container (on this host) from Calico networking.
The container may be left in a state without any working networking.
If there is a network adaptor in the host namespace used by the container
then it is removed.
:param container_name: The name or ID of the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# Resolve the name to ID.
workload_id = get_container_id(container_name)
# Find the endpoint ID. We need this to find any ACL rules
try:
endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=workload_id)
except KeyError:
print "Container %s doesn't contain any endpoints" % container_name
sys.exit(1)
# Remove any IP address assignments that this endpoint has
for net in endpoint.ipv4_nets | endpoint.ipv6_nets:
assert net.size == 1
ip = net.ip
pools = client.get_ip_pools(ip.version)
for pool in pools:
if ip in pool:
# Ignore failure to unassign address, since we're not
# enforcing assignments strictly in datastore.py.
client.unassign_address(pool, ip)
# Remove the endpoint
netns.remove_veth(endpoint.name)
# Remove the container from the datastore.
client.remove_workload(hostname, ORCHESTRATOR_ID, workload_id)
print "Removed Calico interface from %s" % container_name
def container_ip_remove(container_id, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_id: The namespace path or container_id of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
namespace = netns.Namespace(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
namespace = netns.PidNamespace(info["State"]["Pid"])
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_id
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
if address.version == 4:
nets = endpoint.ipv4_nets
else:
nets = endpoint.ipv6_nets
if not IPNetwork(address) in nets:
print "IP address is not assigned to container. Aborting."
sys.exit(1)
except KeyError:
print "Container is unknown to Calico."
sys.exit(1)
try:
nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
print "Error updating datastore. Aborting."
sys.exit(1)
try:
netns.remove_ip_from_ns_veth(namespace, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
sys.exit(1)
client.unassign_address(pool, address)
print "IP %s removed from %s" % (ip, container_id)
def container_ip_add(container_id, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_id: The namespace path or container_id of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
namespace = netns.Namespace(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
namespace = netns.PidNamespace(info["State"]["Pid"])
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_id
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
print "Failed to add IP address to container.\n"
print_container_not_in_calico_msg(container_id)
sys.exit(1)
# From here, this method starts having side effects. If something
# fails then at least try to leave the system in a clean state.
if not client.assign_address(pool, address):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
try:
if address.version == 4:
endpoint.ipv4_nets.add(IPNetwork(address))
else:
endpoint.ipv6_nets.add(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
client.unassign_address(pool, ip)
print "Error updating datastore. Aborting."
sys.exit(1)
try:
netns.add_ip_to_ns_veth(namespace, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
if address.version == 4:
endpoint.ipv4_nets.remove(IPNetwork(address))
else:
endpoint.ipv6_nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
client.unassign_address(pool, ip)
sys.exit(1)
print "IP %s added to %s" % (ip, container_id)
def container_ip_remove(container_name, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_name: The name of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id)
if address.version == 4:
nets = endpoint.ipv4_nets
else:
nets = endpoint.ipv6_nets
if not IPNetwork(address) in nets:
print "IP address is not assigned to container. Aborting."
sys.exit(1)
except KeyError:
print "Container is unknown to Calico."
sys.exit(1)
try:
nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
print "Error updating datastore. Aborting."
sys.exit(1)
try:
container_pid = info["State"]["Pid"]
netns.remove_ip_from_ns_veth(container_pid, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
sys.exit(1)
client.unassign_address(pool, ip)
print "IP %s removed from %s" % (ip, container_name)
def container_ip_add(container_name, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_name: The name of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id)
except KeyError:
print "Failed to add IP address to container.\n"
print_container_not_in_calico_msg(container_name)
sys.exit(1)
# From here, this method starts having side effects. If something
# fails then at least try to leave the system in a clean state.
if not client.assign_address(pool, address):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
try:
if address.version == 4:
endpoint.ipv4_nets.add(IPNetwork(address))
else:
endpoint.ipv6_nets.add(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
client.unassign_address(pool, ip)
print "Error updating datastore. Aborting."
sys.exit(1)
try:
container_pid = info["State"]["Pid"]
netns.add_ip_to_ns_veth(container_pid, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
if address.version == 4:
endpoint.ipv4_nets.remove(IPNetwork(address))
else:
endpoint.ipv6_nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
client.unassign_address(pool, ip)
sys.exit(1)
print "IP %s added to %s" % (ip, container_id)
def container_ip_remove(container_id, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_id: The namespace path or container_id of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
namespace = netns.Namespace(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
namespace = netns.PidNamespace(info["State"]["Pid"])
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_id
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
if address.version == 4:
nets = endpoint.ipv4_nets
else:
nets = endpoint.ipv6_nets
if not IPNetwork(address) in nets:
print "IP address is not assigned to container. Aborting."
sys.exit(1)
except KeyError:
print "Container is unknown to Calico."
sys.exit(1)
try:
nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
print "Error updating datastore. Aborting."
sys.exit(1)
try:
netns.remove_ip_from_ns_veth(namespace, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
sys.exit(1)
client.unassign_address(pool, ip)
print "IP %s removed from %s" % (ip, container_id)