Example #1
0
    def clean_iptables_rules(self, container):
        """Sometimes when we run docker stop
        (version dc9c28f/0.10.0) it doesn't clean
        iptables rules, as result when we run new
        container on the same port we have two rules
        with the same port but with different IPs,
        we have to clean this rules to prevent services
        unavailability.

        Example of the problem:
          $ iptables -t nat -S
          ...
          -A DOCKER -p tcp -m tcp --dport 443 -j DNAT \
            --to-destination 172.17.0.7:443
          -A DOCKER -p tcp -m tcp --dport 443 -j DNAT \
            --to-destination 172.17.0.3:443

          -A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport \
            8777 -j DNAT --to-destination 172.17.0.10:8777
          -A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport \
            8777 -j DNAT --to-destination 172.17.0.11:8777
          -A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport \
            8777 -j DNAT --to-destination 172.17.0.11:8777
        """
        if not container.get('port_bindings'):
            return

        self._log_iptables()
        utils.safe_exec_cmd('dockerctl post_start_hooks {0}'.format(
            container['id']))
        utils.safe_exec_cmd('service iptables save')
        self._log_iptables()
Example #2
0
 def run(self):
     # save dhcrelay.conf to versioned folder
     copy_file(self._save_from, self._save_to)
     # remove dhcrelay.conf from global supervisor scope
     remove(self._save_from)
     # stop dhcrelay in supervisord, otherwise it will be re-ran
     # automatically
     safe_exec_cmd('supervisorctl stop dhcrelay_monitor')
Example #3
0
 def run(self):
     # save dhcrelay.conf to versioned folder
     copy_file(self._save_from, self._save_to)
     # remove dhcrelay.conf from global supervisor scope
     remove(self._save_from)
     # stop dhcrelay in supervisord, otherwise it will be re-ran
     # automatically
     safe_exec_cmd('supervisorctl stop dhcrelay_monitor')
Example #4
0
    def run(self):
        for container in self._containers:
            confname = '/etc/supervisord.d/{version}/{container}.conf'.format(
                version=self.config.from_version, container=container)

            if os.path.exists(confname):
                self._set_version_in(confname)
            else:
                logger.info('Could not find supervisor conf: "%s"', confname)

        # apply updated configurations without actual restart
        utils.safe_exec_cmd('supervisorctl update')
Example #5
0
    def run(self):
        for container in self._containers:
            confname = "/etc/supervisord.d/{version}/{container}.conf".format(
                version=self.config.from_version, container=container
            )

            if os.path.exists(confname):
                self._set_version_in(confname)
            else:
                logger.info('Could not find supervisor conf: "%s"', confname)

        # apply updated configurations without actual restart
        utils.safe_exec_cmd("supervisorctl update")
Example #6
0
    def _create_container(self):
        command = ' '.join([
            'docker run -d -t --privileged', '-p {BIND_ADMIN}:8001:8001',
            '-p {BIND_LOCAL}:8001:8001', '-v /etc/nailgun',
            '-v /var/log/docker-logs:/var/log',
            '-v /var/www/nailgun:/var/www/nailgun:rw',
            '-v /etc/yum.repos.d:/etc/yum.repos.d:rw',
            '-v /etc/fuel:/etc/fuel:ro', '-v /root/.ssh:/root/.ssh:ro',
            '--name={CONTAINER}', '{IMAGE}'
        ])

        command = command.format(BIND_ADMIN=self.config.master_ip,
                                 BIND_LOCAL='127.0.0.1',
                                 CONTAINER=self._container,
                                 IMAGE=self._image)

        safe_exec_cmd(command)
Example #7
0
    def _create_container(self):
        command = ' '.join([
            'docker run -d -t --privileged',
            '-p {BIND_ADMIN}:8001:8001',
            '-p {BIND_LOCAL}:8001:8001',
            '-v /etc/nailgun',
            '-v /var/log/docker-logs:/var/log',
            '-v /var/www/nailgun:/var/www/nailgun:rw',
            '-v /etc/yum.repos.d:/etc/yum.repos.d:rw',
            '-v /etc/fuel:/etc/fuel:ro',
            '-v /root/.ssh:/root/.ssh:ro',
            '--name={CONTAINER}',
            '{IMAGE}'])

        command = command.format(
            BIND_ADMIN=self.config.master_ip,
            BIND_LOCAL='127.0.0.1',
            CONTAINER=self._container,
            IMAGE=self._image)

        safe_exec_cmd(command)
Example #8
0
    def _log_iptables(self):
        """Method for additional logging of iptables rules

        NOTE(eli): Sometimes there are problems with
        iptables rules like this
        https://bugs.launchpad.net/fuel/+bug/1349287
        """
        utils.safe_exec_cmd('iptables -t nat -S')
        utils.safe_exec_cmd('iptables -S')
        utils.safe_exec_cmd('cat /etc/sysconfig/iptables.save')
Example #9
0
 def test_safe_exec_cmd(self, exec_mock):
     cmd = 'some command'
     utils.safe_exec_cmd(cmd)
     exec_mock.assert_called_once_with(cmd)
Example #10
0
 def test_safe_exec_cmd(self, exec_mock):
     cmd = 'some command'
     utils.safe_exec_cmd(cmd)
     exec_mock.assert_called_once_with(cmd)
Example #11
0
 def _destroy_container(self):
     safe_exec_cmd('docker rm -f {0}'.format(self._container))
Example #12
0
 def _stop_container(self):
     safe_exec_cmd('docker stop {0}'.format(self._container))
Example #13
0
 def _destroy_container(self):
     safe_exec_cmd('docker rm -f {0}'.format(self._container))
Example #14
0
 def _stop_container(self):
     safe_exec_cmd('docker stop {0}'.format(self._container))