def container_remove(container_name): """ Remove a container (on this host) from Calico networking. The container may be left in a state without any working networking. If there is a network adaptor in the host namespace used by the container then it is removed. :param container_name: The name or ID of the container. """ # The netns manipulations must be done as root. enforce_root() # Resolve the name to ID. workload_id = get_container_id(container_name) # Find the endpoint ID. We need this to find any ACL rules try: endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=workload_id) except KeyError: print "Container %s doesn't contain any endpoints" % container_name sys.exit(1) # Remove any IP address assignments that this endpoint has for net in endpoint.ipv4_nets | endpoint.ipv6_nets: assert(net.size == 1) ip = net.ip pools = client.get_ip_pools("v%s" % ip.version) for pool in pools: if ip in pool: # Ignore failure to unassign address, since we're not # enforcing assignments strictly in datastore.py. client.unassign_address(pool, ip) # Remove the endpoint netns.remove_endpoint(endpoint.endpoint_id) # Remove the container from the datastore. client.remove_workload(hostname, ORCHESTRATOR_ID, workload_id) print "Removed Calico interface from %s" % container_name
def container_remove(container_name): """ Remove a container (on this host) from Calico networking. The container may be left in a state without any working networking. If there is a network adaptor in the host namespace used by the container then it is removed. :param container_name: The name or ID of the container. """ # The netns manipulations must be done as root. enforce_root() # Resolve the name to ID. workload_id = get_container_id(container_name) # Find the endpoint ID. We need this to find any ACL rules try: endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=workload_id) except KeyError: print "Container %s doesn't contain any endpoints" % container_name sys.exit(1) # Remove any IP address assignments that this endpoint has for net in endpoint.ipv4_nets | endpoint.ipv6_nets: assert(net.size == 1) ip = net.ip pools = client.get_ip_pools(ip.version) for pool in pools: if ip in pool: # Ignore failure to unassign address, since we're not # enforcing assignments strictly in datastore.py. client.unassign_address(pool, ip) # Remove the endpoint netns.remove_veth(endpoint.name) # Remove the container from the datastore. client.remove_workload(hostname, ORCHESTRATOR_ID, workload_id) print "Removed Calico interface from %s" % container_name
def container_ip_remove(container_name, ip, version, interface): """ Add an IP address to an existing Calico networked container. :param container_name: The name of the container. :param ip: The IP to add :param version: The IP version ("v4" or "v6") :param interface: The name of the interface in the container. :return: None """ address = check_ip_version(ip, version, IPAddress) # The netns manipulations must be done as root. enforce_root() pool = get_pool_or_exit(address) info = get_container_info_or_exit(container_name) container_id = info["Id"] # Check the container is actually running. if not info["State"]["Running"]: print "%s is not currently running." % container_name sys.exit(1) # Check that the container is already networked try: endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=container_id) if address.version == 4: nets = endpoint.ipv4_nets else: nets = endpoint.ipv6_nets if not IPNetwork(address) in nets: print "IP address is not assigned to container. Aborting." sys.exit(1) except KeyError: print "Container is unknown to Calico." sys.exit(1) try: nets.remove(IPNetwork(address)) client.update_endpoint(endpoint) except (KeyError, ValueError): print "Error updating datastore. Aborting." sys.exit(1) try: container_pid = info["State"]["Pid"] netns.remove_ip_from_interface(container_pid, address, interface, proc_alias="/proc") except CalledProcessError: print "Error updating networking in container. Aborting." sys.exit(1) client.unassign_address(pool, ip) print "IP %s removed from %s" % (ip, container_name)
def container_ip_add(container_name, ip, version, interface): """ Add an IP address to an existing Calico networked container. :param container_name: The name of the container. :param ip: The IP to add :param version: The IP version ("v4" or "v6") :param interface: The name of the interface in the container. :return: None """ address = check_ip_version(ip, version, IPAddress) # The netns manipulations must be done as root. enforce_root() pool = get_pool_or_exit(address) info = get_container_info_or_exit(container_name) container_id = info["Id"] # Check the container is actually running. if not info["State"]["Running"]: print "%s is not currently running." % container_name sys.exit(1) # Check that the container is already networked try: endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=container_id) except KeyError: print "Failed to add IP address to container.\n" print_container_not_in_calico_msg(container_name) sys.exit(1) # From here, this method starts having side effects. If something # fails then at least try to leave the system in a clean state. if not client.assign_address(pool, ip): print "IP address is already assigned in pool %s " % pool sys.exit(1) try: if address.version == 4: endpoint.ipv4_nets.add(IPNetwork(address)) else: endpoint.ipv6_nets.add(IPNetwork(address)) client.update_endpoint(endpoint) except (KeyError, ValueError): client.unassign_address(pool, ip) print "Error updating datastore. Aborting." sys.exit(1) try: container_pid = info["State"]["Pid"] netns.add_ip_to_interface(container_pid, address, interface, proc_alias="/proc") except CalledProcessError: print "Error updating networking in container. Aborting." if address.version == 4: endpoint.ipv4_nets.remove(IPNetwork(address)) else: endpoint.ipv6_nets.remove(IPNetwork(address)) client.update_endpoint(endpoint) client.unassign_address(pool, ip) sys.exit(1) print "IP %s added to %s" % (ip, container_id)
def container_ip_remove(container_name, ip, interface): """ Add an IP address to an existing Calico networked container. :param container_name: The name of the container. :param ip: The IP to add :param interface: The name of the interface in the container. :return: None """ address = IPAddress(ip) # The netns manipulations must be done as root. enforce_root() pool = get_pool_or_exit(address) info = get_container_info_or_exit(container_name) container_id = info["Id"] # Check the container is actually running. if not info["State"]["Running"]: print "%s is not currently running." % container_name sys.exit(1) # Check that the container is already networked try: endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=container_id) if address.version == 4: nets = endpoint.ipv4_nets else: nets = endpoint.ipv6_nets if not IPNetwork(address) in nets: print "IP address is not assigned to container. Aborting." sys.exit(1) except KeyError: print "Container is unknown to Calico." sys.exit(1) try: nets.remove(IPNetwork(address)) client.update_endpoint(endpoint) except (KeyError, ValueError): print "Error updating datastore. Aborting." sys.exit(1) try: container_pid = info["State"]["Pid"] netns.remove_ip_from_ns_veth(container_pid, address, interface) except CalledProcessError: print "Error updating networking in container. Aborting." sys.exit(1) client.unassign_address(pool, ip) print "IP %s removed from %s" % (ip, container_name)
def container_ip_add(container_name, ip, interface): """ Add an IP address to an existing Calico networked container. :param container_name: The name of the container. :param ip: The IP to add :param interface: The name of the interface in the container. :return: None """ address = IPAddress(ip) # The netns manipulations must be done as root. enforce_root() pool = get_pool_or_exit(address) info = get_container_info_or_exit(container_name) container_id = info["Id"] # Check the container is actually running. if not info["State"]["Running"]: print "%s is not currently running." % container_name sys.exit(1) # Check that the container is already networked try: endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=container_id) except KeyError: print "Failed to add IP address to container.\n" print_container_not_in_calico_msg(container_name) sys.exit(1) # From here, this method starts having side effects. If something # fails then at least try to leave the system in a clean state. if not client.assign_address(pool, ip): print "IP address is already assigned in pool %s " % pool sys.exit(1) try: if address.version == 4: endpoint.ipv4_nets.add(IPNetwork(address)) else: endpoint.ipv6_nets.add(IPNetwork(address)) client.update_endpoint(endpoint) except (KeyError, ValueError): client.unassign_address(pool, ip) print "Error updating datastore. Aborting." sys.exit(1) try: container_pid = info["State"]["Pid"] netns.add_ip_to_ns_veth(container_pid, address, interface) except CalledProcessError: print "Error updating networking in container. Aborting." if address.version == 4: endpoint.ipv4_nets.remove(IPNetwork(address)) else: endpoint.ipv6_nets.remove(IPNetwork(address)) client.update_endpoint(endpoint) client.unassign_address(pool, ip) sys.exit(1) print "IP %s added to %s" % (ip, container_id)