def container_add(container_name, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_name: The name or ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
"""
# The netns manipulations must be done as root.
enforce_root()
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print "%s has already been configured with Calico Networking." % \
container_name
sys.exit(1)
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# Check the IP is in the allocation pool. If it isn't, BIRD won't export
# it.
ip = IPAddress(ip)
pool = get_pool_or_exit(ip)
# The next hop IPs for this host are stored in etcd.
next_hops = client.get_default_next_hops(hostname)
try:
next_hops[ip.version]
except KeyError:
print "This node is not configured for IPv%d." % ip.version
sys.exit(1)
# Assign the IP
if not client.assign_address(pool, ip):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
# Actually configure the netns. Defaults to eth1 since eth0 could
# already be in use (e.g. by the Docker bridge)
pid = info["State"]["Pid"]
endpoint = netns.set_up_endpoint(ip=ip,
hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id,
cpid=pid,
next_hop_ips=next_hops,
veth_name=interface,
proc_alias="/proc")
# Register the endpoint
client.set_endpoint(endpoint)
print "IP %s added to %s" % (ip, container_name)
def container_ip_add(container_name, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_name: The name of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id)
except KeyError:
print "Failed to add IP address to container.\n"
print_container_not_in_calico_msg(container_name)
sys.exit(1)
# From here, this method starts having side effects. If something
# fails then at least try to leave the system in a clean state.
if not client.assign_address(pool, ip):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
try:
if address.version == 4:
endpoint.ipv4_nets.add(IPNetwork(address))
else:
endpoint.ipv6_nets.add(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
client.unassign_address(pool, ip)
print "Error updating datastore. Aborting."
sys.exit(1)
try:
container_pid = info["State"]["Pid"]
netns.add_ip_to_ns_veth(container_pid, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
if address.version == 4:
endpoint.ipv4_nets.remove(IPNetwork(address))
else:
endpoint.ipv6_nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
client.unassign_address(pool, ip)
sys.exit(1)
print "IP %s added to %s" % (ip, container_id)
def container_ip_add(container_name, ip, version, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_name: The name of the container.
:param ip: The IP to add
:param version: The IP version ("v4" or "v6")
:param interface: The name of the interface in the container.
:return: None
"""
address = check_ip_version(ip, version, IPAddress)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id)
except KeyError:
print "Failed to add IP address to container.\n"
print_container_not_in_calico_msg(container_name)
sys.exit(1)
# From here, this method starts having side effects. If something
# fails then at least try to leave the system in a clean state.
if not client.assign_address(pool, ip):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
try:
if address.version == 4:
endpoint.ipv4_nets.add(IPNetwork(address))
else:
endpoint.ipv6_nets.add(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
client.unassign_address(pool, ip)
print "Error updating datastore. Aborting."
sys.exit(1)
try:
container_pid = info["State"]["Pid"]
netns.add_ip_to_interface(container_pid,
address,
interface,
proc_alias="/proc")
except CalledProcessError:
print "Error updating networking in container. Aborting."
if address.version == 4:
endpoint.ipv4_nets.remove(IPNetwork(address))
else:
endpoint.ipv6_nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
client.unassign_address(pool, ip)
sys.exit(1)
print "IP %s added to %s" % (ip, container_id)
def container_add(container_name, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_name: The name or ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
:param interface: The name of the interface in the container.
"""
# The netns manipulations must be done as root.
enforce_root()
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print "%s has already been configured with Calico Networking." % \
container_name
sys.exit(1)
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# We can't set up Calico if the container shares the host namespace.
if info["HostConfig"]["NetworkMode"] == "host":
print "Can't add %s to Calico because it is " \
"running NetworkMode = host." % container_name
sys.exit(1)
# Check the IP is in the allocation pool. If it isn't, BIRD won't export
# it.
ip = IPAddress(ip)
pool = get_pool_or_exit(ip)
# The next hop IPs for this host are stored in etcd.
next_hops = client.get_default_next_hops(hostname)
try:
next_hops[ip.version]
except KeyError:
print "This node is not configured for IPv%d." % ip.version
sys.exit(1)
# Assign the IP
if not client.assign_address(pool, ip):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
# Get the next hop for the IP address.
next_hop = next_hops[ip.version]
network = IPNetwork(IPAddress(ip))
ep = Endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id,
endpoint_id=uuid.uuid1().hex,
state="active",
mac=None)
if network.version == 4:
ep.ipv4_nets.add(network)
ep.ipv4_gateway = next_hop
else:
ep.ipv6_nets.add(network)
ep.ipv6_gateway = next_hop
# Create the veth, move into the container namespace, add the IP and
# set up the default routes.
pid = info["State"]["Pid"]
netns.create_veth(ep.name, ep.temp_interface_name)
netns.move_veth_into_ns(pid, ep.temp_interface_name, interface)
netns.add_ip_to_ns_veth(pid, ip, interface)
netns.add_ns_default_route(pid, next_hop, interface)
# Grab the MAC assigned to the veth in the namespace.
ep.mac = netns.get_ns_veth_mac(pid, interface)
# Register the endpoint with Felix.
client.set_endpoint(ep)
# Let the caller know what endpoint was created.
return ep
