def find_mesos_container(ip):
mesos_state_url = app.config['MESOS_STATE_URL']
try:
state = requests.get(mesos_state_url, timeout=app.config['MESOS_STATE_TIMEOUT']).json()
for framework in state['frameworks']:
for executor in framework['executors']:
for task in executor['tasks']:
for status in task['statuses']:
if status['state'] == 'TASK_RUNNING':
for network in status['container_status']['network_infos']:
for ip_map in network['ip_addresses']:
if ip_map['ip_address'] == ip:
if 'labels' in task:
env = []
for label in task['labels']:
key = label['key']
val = label['value']
env_var = '{0}={1}'.format(key, val)
env.append(env_var)
container = {'Config': {'Env': env, 'Labels': env}}
return container
except requests.exceptions.Timeout:
log.error('Timeout when trying to call the mesos http api: {0}'.format(mesos_state_url))
except requests.exceptions.RequestException:
log.exception('Error while trying to call the mesos http api: {0}'.format(mesos_state_url))
except KeyError:
log.exception('Error while trying to lookup the required keys in the json object')
return None
def get_iam_info(api_version, junk=None):
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
log.debug('Providing IAM role info for {0}'.format(role_name_from_ip))
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
else:
log.error('Role name not found; returning 404.')
return '', 404
def get_iam_info(api_version, junk=None):
role_params_from_ip = roles.get_role_params_from_ip(request.remote_addr)
if role_params_from_ip['name']:
log.debug('Providing IAM role info for {0}'.format(role_params_from_ip['name']))
return jsonify(roles.get_role_info_from_params(role_params_from_ip))
else:
log.error('Role name not found; returning 404.')
return '', 404
def iam_role_name(api_version):
if not _supports_iam(api_version):
return passthrough(request.path)
role_params_from_ip = roles.get_role_params_from_ip(request.remote_addr)
if role_params_from_ip['name']:
return role_params_from_ip['name']
else:
log.error('Role name not found; returning 404.')
return '', 404
def iam_role_name(api_version):
if not _supports_iam(api_version):
return passthrough(request.path)
role_params_from_ip = roles.get_role_params_from_ip(request.remote_addr)
if role_params_from_ip['name']:
return role_params_from_ip['name']
else:
log.error('Role name not found; returning 404.')
return '', 404
def iam_role_info(api_version, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr)
if role_name_from_ip:
log.debug('Providing IAM role info for {0}'.format(role_name_from_ip))
return jsonify(roles.get_role_info_from_ip(request.remote_addr))
else:
log.error('Role name not found; returning 404.')
return '', 404
def iam_role_info(api_version, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
role_params_from_ip = roles.get_role_params_from_ip(request.remote_addr)
if role_params_from_ip['name']:
log.debug('Providing IAM role info for {0}'.format(
role_params_from_ip['name']))
return jsonify(roles.get_role_info_from_params(role_params_from_ip))
else:
log.error('Role name not found; returning 404.')
return '', 404
def iam_sts_credentials(api_version, requested_role, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
if not roles.check_role_name_from_ip(request.remote_addr, requested_role):
msg = "Role name {0} doesn't match expected role for container"
log.error(msg.format(requested_role))
return '', 404
role_name = roles.get_role_name_from_ip(request.remote_addr,
stripped=False)
log.debug('Providing assumed role credentials for {0}'.format(role_name))
assumed_role = roles.get_assumed_role_credentials(requested_role=role_name,
api_version=api_version)
return jsonify(assumed_role)
def find_container(ip):
pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX'])
client = docker_client()
# Try looking at the container mapping cache first
if ip in CONTAINER_MAPPING:
log.info('Container id for IP {0} in cache'.format(ip))
try:
with PrintingBlockTimer('Container inspect'):
container = client.inspect_container(CONTAINER_MAPPING[ip])
return container
except docker.errors.NotFound:
msg = 'Container id {0} no longer mapped to {1}'
log.error(msg.format(CONTAINER_MAPPING[ip], ip))
del CONTAINER_MAPPING[ip]
_fqdn = None
with PrintingBlockTimer('Reverse DNS'):
if app.config['ROLE_REVERSE_LOOKUP']:
try:
_fqdn = socket.gethostbyaddr(ip)[0]
except socket.error as e:
log.error('gethostbyaddr failed: {0}'.format(e.args))
pass
with PrintingBlockTimer('Container fetch'):
_ids = [c['Id'] for c in client.containers()]
for _id in _ids:
try:
with PrintingBlockTimer('Container inspect'):
c = client.inspect_container(_id)
except docker.errors.NotFound:
log.error('Container id {0} not found'.format(_id))
continue
# Try matching container to caller by IP address
_ip = c['NetworkSettings']['IPAddress']
if ip == _ip:
msg = 'Container id {0} mapped to {1} by IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Try matching container to caller by hostname match
if app.config['ROLE_REVERSE_LOOKUP']:
hostname = c['Config']['Hostname']
domain = c['Config']['Domainname']
fqdn = '{0}.{1}'.format(hostname, domain)
# Default pattern matches _fqdn == fqdn
_groups = re.match(pattern, _fqdn).groups()
groups = re.match(pattern, fqdn).groups()
if _groups and groups:
if groups[0] == _groups[0]:
msg = 'Container id {0} mapped to {1} by FQDN match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
log.error('No container found for ip {0}'.format(ip))
return None
def iam_sts_credentials(api_version, requested_role, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
try:
role_params = roles.get_role_params_from_ip(
request.remote_addr, requested_role=requested_role)
except roles.UnexpectedRoleError:
msg = "Role name {0} doesn't match expected role for container"
log.error(msg.format(requested_role))
return '', 404
log.debug('Providing assumed role credentials for {0}'.format(
role_params['name']))
assumed_role = roles.get_assumed_role_credentials(role_params=role_params,
api_version=api_version)
return jsonify(assumed_role)
def iam_sts_credentials(api_version, requested_role, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
if not roles.check_role_name_from_ip(request.remote_addr, requested_role):
msg = "Role name {0} doesn't match expected role for container"
log.error(msg.format(requested_role))
return '', 404
role_name = roles.get_role_name_from_ip(
request.remote_addr,
stripped=False
)
log.debug('Providing assumed role credentials for {0}'.format(role_name))
assumed_role = roles.get_assumed_role_credentials(
requested_role=role_name,
api_version=api_version
)
return jsonify(assumed_role)
def iam_sts_credentials(api_version, requested_role, junk=None):
if not _supports_iam(api_version):
return passthrough(request.path)
try:
role_params = roles.get_role_params_from_ip(
request.remote_addr,
requested_role=requested_role
)
except roles.UnexpectedRoleError:
msg = "Role name {0} doesn't match expected role for container"
log.error(msg.format(requested_role))
return '', 404
log.debug('Providing assumed role credentials for {0}'.format(role_params['name']))
assumed_role = roles.get_assumed_role_credentials(
role_params=role_params,
api_version=api_version
)
return jsonify(assumed_role)
def find_container(ip):
pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX'])
client = docker_client()
# Try looking at the container mapping cache first
if ip in CONTAINER_MAPPING:
log.info('Container id for IP {0} in cache'.format(ip))
try:
with PrintingBlockTimer('Container inspect'):
container = client.inspect_container(CONTAINER_MAPPING[ip])
# Only return a cached container if it is running.
if container['State']['Running']:
return container
else:
log.error('Container id {0} is no longer running'.format(ip))
del CONTAINER_MAPPING[ip]
except docker.errors.NotFound:
msg = 'Container id {0} no longer mapped to {1}'
log.error(msg.format(CONTAINER_MAPPING[ip], ip))
del CONTAINER_MAPPING[ip]
_fqdn = None
with PrintingBlockTimer('Reverse DNS'):
if app.config['ROLE_REVERSE_LOOKUP']:
try:
_fqdn = socket.gethostbyaddr(ip)[0]
except socket.error as e:
log.error('gethostbyaddr failed: {0}'.format(e.args))
pass
with PrintingBlockTimer('Container fetch'):
_ids = [c['Id'] for c in client.containers()]
for _id in _ids:
try:
with PrintingBlockTimer('Container inspect'):
c = client.inspect_container(_id)
except docker.errors.NotFound:
log.error('Container id {0} not found'.format(_id))
continue
# Try matching container to caller by IP address
_ip = c['NetworkSettings']['IPAddress']
if ip == _ip:
msg = 'Container id {0} mapped to {1} by IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Try matching container to caller by sub network IP address
_networks = c['NetworkSettings']['Networks']
if _networks:
for _network in _networks:
if _networks[_network]['IPAddress'] == ip:
msg = 'Container id {0} mapped to {1} by sub-network IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Not Found ? Let's see if we are running under rancher 1.2+,which uses a label to store the IP
try:
_labels = c.get('Config', {}).get('Labels', {})
except (KeyError, ValueError):
_labels = {}
try:
if _labels.get('io.rancher.container.ip'):
_ip = _labels.get('io.rancher.container.ip').split("/")[0]
except docker.errors.NotFound:
log.error(
'Container: {0} Label container.ip not found'.format(_id))
if ip == _ip:
msg = 'Container id {0} mapped to {1} by Rancher IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Try matching container to caller by hostname match
if app.config['ROLE_REVERSE_LOOKUP']:
hostname = c['Config']['Hostname']
domain = c['Config']['Domainname']
fqdn = '{0}.{1}'.format(hostname, domain)
# Default pattern matches _fqdn == fqdn
_groups = re.match(pattern, _fqdn).groups()
groups = re.match(pattern, fqdn).groups()
if _groups and groups:
if groups[0] == _groups[0]:
msg = 'Container id {0} mapped to {1} by FQDN match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
log.error('No container found for ip {0}'.format(ip))
return None
def find_container(ip):
pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX'])
client = docker_client()
# Try looking at the container mapping cache first
container_id = CONTAINER_MAPPING.get(ip)
if container_id:
log.info('Container id for IP {0} in cache'.format(ip))
try:
with PrintingBlockTimer('Container inspect'):
container = client.inspect_container(container_id)
# Only return a cached container if it is running.
if container['State']['Running']:
return container
else:
log.error('Container id {0} is no longer running'.format(ip))
if ip in CONTAINER_MAPPING:
del CONTAINER_MAPPING[ip]
except docker.errors.NotFound:
msg = 'Container id {0} no longer mapped to {1}'
log.error(msg.format(container_id, ip))
if ip in CONTAINER_MAPPING:
del CONTAINER_MAPPING[ip]
_fqdn = None
with PrintingBlockTimer('Reverse DNS'):
if app.config['ROLE_REVERSE_LOOKUP']:
try:
_fqdn = socket.gethostbyaddr(ip)[0]
except socket.error as e:
log.error('gethostbyaddr failed: {0}'.format(e.args))
pass
with PrintingBlockTimer('Container fetch'):
_ids = [c['Id'] for c in client.containers()]
for _id in _ids:
try:
with PrintingBlockTimer('Container inspect'):
c = client.inspect_container(_id)
except docker.errors.NotFound:
log.error('Container id {0} not found'.format(_id))
continue
# Try matching container to caller by IP address
_ip = c['NetworkSettings']['IPAddress']
if ip == _ip:
msg = 'Container id {0} mapped to {1} by IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Try matching container to caller by sub network IP address
_networks = c['NetworkSettings']['Networks']
if _networks:
for _network in _networks:
if _networks[_network]['IPAddress'] == ip:
msg = 'Container id {0} mapped to {1} by sub-network IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Not Found ? Let's see if we are running under rancher 1.2+,which uses a label to store the IP
try:
_labels = c.get('Config', {}).get('Labels', {})
except (KeyError, ValueError):
_labels = {}
try:
if _labels.get('io.rancher.container.ip'):
_ip = _labels.get('io.rancher.container.ip').split("/")[0]
except docker.errors.NotFound:
log.error('Container: {0} Label container.ip not found'.format(_id))
if ip == _ip:
msg = 'Container id {0} mapped to {1} by Rancher IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Try matching container to caller by hostname match
if app.config['ROLE_REVERSE_LOOKUP']:
hostname = c['Config']['Hostname']
domain = c['Config']['Domainname']
fqdn = '{0}.{1}'.format(hostname, domain)
# Default pattern matches _fqdn == fqdn
_groups = re.match(pattern, _fqdn).groups()
groups = re.match(pattern, fqdn).groups()
if _groups and groups:
if groups[0] == _groups[0]:
msg = 'Container id {0} mapped to {1} by FQDN match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
log.error('No container found for ip {0}'.format(ip))
return None
def find_container(ip):
pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX'])
client = docker_client()
# Try looking at the container mapping cache first
if ip in CONTAINER_MAPPING:
log.info('Container id for IP {0} in cache'.format(ip))
try:
with PrintingBlockTimer('Container inspect'):
container = client.inspect_container(CONTAINER_MAPPING[ip])
# Only return a cached container if it is running.
if container['State']['Running']:
return container
else:
log.error('Container id {0} is no longger running'.format(ip))
del CONTAINER_MAPPING[ip]
except docker.errors.NotFound:
msg = 'Container id {0} no longer mapped to {1}'
log.error(msg.format(CONTAINER_MAPPING[ip], ip))
del CONTAINER_MAPPING[ip]
_fqdn = None
with PrintingBlockTimer('Reverse DNS'):
if app.config['ROLE_REVERSE_LOOKUP']:
try:
_fqdn = socket.gethostbyaddr(ip)[0]
except socket.error as e:
log.error('gethostbyaddr failed: {0}'.format(e.args))
pass
with PrintingBlockTimer('Container fetch'):
_ids = [c['Id'] for c in client.containers()]
for _id in _ids:
try:
with PrintingBlockTimer('Container inspect'):
c = client.inspect_container(_id)
except docker.errors.NotFound:
log.error('Container id {0} not found'.format(_id))
continue
# Try matching container to caller by IP address
_ip = c['NetworkSettings']['IPAddress']
if ip == _ip:
msg = 'Container id {0} mapped to {1} by IP match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
# Try matching container to caller by hostname match
if app.config['ROLE_REVERSE_LOOKUP']:
hostname = c['Config']['Hostname']
domain = c['Config']['Domainname']
fqdn = '{0}.{1}'.format(hostname, domain)
# Default pattern matches _fqdn == fqdn
_groups = re.match(pattern, _fqdn).groups()
groups = re.match(pattern, fqdn).groups()
if _groups and groups:
if groups[0] == _groups[0]:
msg = 'Container id {0} mapped to {1} by FQDN match'
log.debug(msg.format(_id, ip))
CONTAINER_MAPPING[ip] = _id
return c
log.error('No container found for ip {0}'.format(ip))
return None
