def _process_networking_config(self, context, container, requested_networks, host_config, container_kwargs, docker): network_api = zun_network.api(context=context, docker_api=docker) # Process the first requested network at create time. The rest # will be processed after create. requested_network = requested_networks.pop() docker_net_name = self._get_docker_network_name( context, requested_network['network']) security_group_ids = utils.get_security_group_ids( context, container.security_groups) addresses, port = network_api.create_or_update_port( container, docker_net_name, requested_network, security_group_ids) container.addresses = {requested_network['network']: addresses} ipv4_address = None ipv6_address = None for address in addresses: if address['version'] == 4: ipv4_address = address['addr'] if address['version'] == 6: ipv6_address = address['addr'] endpoint_config = docker.create_endpoint_config( ipv4_address=ipv4_address, ipv6_address=ipv6_address) network_config = docker.create_networking_config({ docker_net_name: endpoint_config}) host_config['network_mode'] = docker_net_name container_kwargs['networking_config'] = network_config container_kwargs['mac_address'] = port['mac_address']
def create_sandbox(self, context, container, requested_networks, requested_volumes, image='kubernetes/pause'): with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) self._provision_network(context, network_api, requested_networks) binds = self._get_binds(context, requested_volumes) host_config = {'binds': binds} name = self.get_sandbox_name(container) volumes = [b['bind'] for b in binds.values()] kwargs = { 'name': name, 'hostname': name[:63], 'volumes': volumes, } self._process_networking_config( context, container, requested_networks, host_config, kwargs, docker) kwargs['host_config'] = docker.create_host_config(**host_config) sandbox = docker.create_container(image, **kwargs) container.set_sandbox_id(sandbox['Id']) addresses = self._setup_network_for_container( context, container, requested_networks, network_api) if not addresses: raise exception.ZunException(_( "Unexpected missing of addresses")) container.addresses = addresses container.save(context) docker.start(sandbox['Id']) return sandbox['Id']
def remove_security_group(self, context, container, security_group): with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) network_api.remove_security_groups_from_ports(container, [security_group])
def network_attach(self, context, container, requested_network): with docker_utils.docker_client() as docker: security_group_ids = None if container.security_groups: security_group_ids = utils.get_security_group_ids( context, container.security_groups) network_api = zun_network.api(context, docker_api=docker) network = requested_network['network'] if network in container.addresses: raise exception.ZunException('Container %(container)s has' ' alreay connected to the network' '%(network)s.' % {'container': container.uuid, 'network': network}) self._get_or_create_docker_network(context, network_api, network) docker_net_name = self._get_docker_network_name(context, network) addrs = network_api.connect_container_to_network( container, docker_net_name, requested_network, security_groups=security_group_ids) if addrs is None: raise exception.ZunException(_( 'Unexpected missing of addresses')) update = {} update[network] = addrs addresses = container.addresses addresses.update(update) container.addresses = addresses container.save(context)
def create_sandbox(self, context, container, image='kubernetes/pause', requested_networks=None): with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) if not requested_networks: network = self._provision_network(context, container, network_api) requested_networks = [{'network': network['Name'], 'port': '', 'v4-fixed-ip': '', 'v6-fixed-ip': ''}] name = self.get_sandbox_name(container) sandbox = docker.create_container(image, name=name, hostname=name[:63]) container.set_sandbox_id(sandbox['Id']) addresses = self._setup_network_for_container( context, container, requested_networks, network_api) if addresses is None: raise exception.ZunException(_( "Unexpected missing of addresses")) container.addresses = addresses container.save(context) docker.start(sandbox['Id']) return sandbox['Id']
def create_network(self, context, network): with docker_utils.docker_client() as docker: network_api = zun_network.api(context, docker_api=docker) docker_net_name = self._get_docker_network_name( context, network.neutron_net_id) docker_network = network_api.create_network( neutron_net_id=network.neutron_net_id, name=docker_net_name) return docker_network
def add_security_group(self, context, container, security_group, sandbox_id=None): security_group_ids = utils.get_security_group_ids( context, [security_group]) with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) sandbox = docker.inspect_container(sandbox_id) for network in sandbox["NetworkSettings"]["Networks"]: network_api.add_security_groups_to_ports( container, security_group_ids)
def delete_sandbox(self, context, container): sandbox_id = container.get_sandbox_id() with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) self._cleanup_network_for_container(container, network_api) try: docker.remove_container(sandbox_id, force=True) except errors.APIError as api_error: if is_not_found(api_error): return raise
def delete_sandbox(self, context, container, sandbox_id): with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) sandbox = docker.inspect_container(sandbox_id) for network in sandbox["NetworkSettings"]["Networks"]: network_api.disconnect_container_from_network( container, network, sandbox_id=sandbox['Id']) try: docker.remove_container(sandbox_id, force=True) except errors.APIError as api_error: if is_not_found(api_error): return raise
def network_detach(self, context, container, network): with docker_utils.docker_client() as docker: network_api = zun_network.api(context, docker_api=docker) docker_net = self._get_docker_network_name(context, network) network_api.disconnect_container_from_network( container, docker_net, network) # Only clear network info related to this network # Cannot del container.address directly which will not update # changed fields of the container objects as the del operate on # the addresses object, only base.getter will called. update = container.addresses del update[network] container.addresses = update container.save(context)
def delete(self, context, container, force): teardown_network = True if container.get_sandbox_id(): teardown_network = False with docker_utils.docker_client() as docker: try: if teardown_network: network_api = zun_network.api(context=context, docker_api=docker) self._cleanup_network_for_container(container, network_api) if container.container_id: docker.remove_container(container.container_id, force=force) except errors.APIError as api_error: if is_not_found(api_error): return raise
def create_sandbox(self, context, container, image='kubernetes/pause', requested_networks=None): with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) if not requested_networks: # Find an available neutron net and create docker network by # wrapping the neutron net. neutron_net = self._get_available_network(context) network = self._get_or_create_docker_network( context, network_api, neutron_net['id']) requested_networks = [{ 'network': network['Name'], 'port': '', 'v4-fixed-ip': '', 'v6-fixed-ip': '' }] name = self.get_sandbox_name(container) sandbox = docker.create_container(image, name=name, hostname=name[:63]) self.set_sandbox_id(container, sandbox['Id']) security_group_ids = None if container.security_groups is not None: security_group_ids = self._get_security_group_ids( context, container.security_groups) # Container connects to the bridge network by default so disconnect # the container from it before connecting it to neutron network. # This avoids potential conflict between these two networks. network_api.disconnect_container_from_network( container, 'bridge', sandbox_id=sandbox['Id']) addresses = {} for network in requested_networks: addrs = network_api.connect_container_to_network( sandbox, network['network'], security_group_ids) addresses[network['network']] = addrs container.addresses = addresses container.save(context) docker.start(sandbox['Id']) return sandbox['Id']
def create(self, context, container, image, requested_networks, requested_volumes): sandbox_id = container.get_sandbox_id() with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) name = container.name LOG.debug('Creating container with image %(image)s name %(name)s', {'image': image['image'], 'name': name}) self._provision_network(context, network_api, requested_networks) binds = self._get_binds(context, requested_volumes) kwargs = { 'name': self.get_container_name(container), 'command': container.command, 'environment': container.environment, 'working_dir': container.workdir, 'labels': container.labels, 'tty': container.interactive, 'stdin_open': container.interactive, } if not sandbox_id: # Sandbox is not used so it is legitimate to customize # the container's hostname kwargs['hostname'] = container.hostname if not self._is_runtime_supported(): if container.runtime: raise exception.ZunException(_( 'Specifying runtime in Docker API is not supported')) runtime = None else: runtime = container.runtime or CONF.container_runtime host_config = {} host_config['privileged'] = container.privileged host_config['runtime'] = runtime host_config['binds'] = binds kwargs['volumes'] = [b['bind'] for b in binds.values()] if sandbox_id: host_config['network_mode'] = 'container:%s' % sandbox_id # TODO(hongbin): Uncomment this after docker-py add support for # container mode for pid namespace. # host_config['pid_mode'] = 'container:%s' % sandbox_id host_config['ipc_mode'] = 'container:%s' % sandbox_id else: self._process_networking_config( context, container, requested_networks, host_config, kwargs, docker) if container.auto_remove: host_config['auto_remove'] = container.auto_remove if container.memory is not None: host_config['mem_limit'] = str(container.memory) + 'M' if container.cpu is not None: host_config['cpu_quota'] = int(100000 * container.cpu) host_config['cpu_period'] = 100000 if container.restart_policy: count = int(container.restart_policy['MaximumRetryCount']) name = container.restart_policy['Name'] host_config['restart_policy'] = {'Name': name, 'MaximumRetryCount': count} if container.disk: disk_size = str(container.disk) + 'G' host_config['storage_opt'] = {'size': disk_size} # The time unit in docker of heath checking is us, and the unit # of interval and timeout is seconds. if container.healthcheck: healthcheck = {} healthcheck['test'] = container.healthcheck.get('test', '') interval = container.healthcheck.get('interval', 0) healthcheck['interval'] = interval * 10 ** 9 healthcheck['retries'] = int(container.healthcheck. get('retries', 0)) timeout = container.healthcheck.get('timeout', 0) healthcheck['timeout'] = timeout * 10 ** 9 kwargs['healthcheck'] = healthcheck kwargs['host_config'] = docker.create_host_config(**host_config) if image['tag']: image_repo = image['repo'] + ":" + image['tag'] else: image_repo = image['repo'] response = docker.create_container(image_repo, **kwargs) container.container_id = response['Id'] addresses = self._setup_network_for_container( context, container, requested_networks, network_api) container.addresses = addresses response = docker.inspect_container(container.container_id) self._populate_container(container, response) container.save(context) return container
def create(self, context, container, image, requested_networks): sandbox_id = container.get_sandbox_id() network_standalone = False if sandbox_id else True with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) name = container.name LOG.debug('Creating container with image %(image)s name %(name)s', { 'image': image['image'], 'name': name }) if network_standalone: self._provision_network(context, network_api, requested_networks) kwargs = { 'name': self.get_container_name(container), 'command': container.command, 'environment': container.environment, 'working_dir': container.workdir, 'labels': container.labels, 'tty': container.interactive, 'stdin_open': container.interactive, } runtime = container.runtime if container.runtime\ else CONF.container_runtime host_config = {} host_config['runtime'] = runtime if sandbox_id: host_config['network_mode'] = 'container:%s' % sandbox_id # TODO(hongbin): Uncomment this after docker-py add support for # container mode for pid namespace. # host_config['pid_mode'] = 'container:%s' % sandbox_id host_config['ipc_mode'] = 'container:%s' % sandbox_id host_config['volumes_from'] = sandbox_id if container.auto_remove: host_config['auto_remove'] = container.auto_remove if container.memory is not None: host_config['mem_limit'] = container.memory if container.cpu is not None: host_config['cpu_quota'] = int(100000 * container.cpu) host_config['cpu_period'] = 100000 if container.restart_policy is not None: count = int(container.restart_policy['MaximumRetryCount']) name = container.restart_policy['Name'] host_config['restart_policy'] = { 'Name': name, 'MaximumRetryCount': count } kwargs['host_config'] = docker.create_host_config(**host_config) image_repo = image['repo'] + ":" + image['tag'] response = docker.create_container(image_repo, **kwargs) container.container_id = response['Id'] if network_standalone: addresses = self._setup_network_for_container( context, container, requested_networks, network_api) container.addresses = addresses container.status = consts.CREATED container.status_reason = None container.save(context) return container
def create(self, context, container, image, requested_networks, requested_volumes): sandbox_id = container.get_sandbox_id() with docker_utils.docker_client() as docker: network_api = zun_network.api(context=context, docker_api=docker) name = container.name LOG.debug('Creating container with image %(image)s name %(name)s', { 'image': image['image'], 'name': name }) self._provision_network(context, network_api, requested_networks) binds = self._get_binds(context, requested_volumes) kwargs = { 'name': self.get_container_name(container), 'command': container.command, 'environment': container.environment, 'working_dir': container.workdir, 'labels': container.labels, 'tty': container.interactive, 'stdin_open': container.interactive, } if not sandbox_id: # Sandbox is not used so it is legitimate to customize # the container's hostname kwargs['hostname'] = container.hostname runtime = container.runtime if container.runtime\ else CONF.container_runtime host_config = {} host_config['runtime'] = runtime host_config['binds'] = binds kwargs['volumes'] = [b['bind'] for b in binds.values()] if sandbox_id: host_config['network_mode'] = 'container:%s' % sandbox_id # TODO(hongbin): Uncomment this after docker-py add support for # container mode for pid namespace. # host_config['pid_mode'] = 'container:%s' % sandbox_id host_config['ipc_mode'] = 'container:%s' % sandbox_id else: self._process_networking_config(context, container, requested_networks, host_config, kwargs, docker) if container.auto_remove: host_config['auto_remove'] = container.auto_remove if container.memory is not None: host_config['mem_limit'] = container.memory if container.cpu is not None: host_config['cpu_quota'] = int(100000 * container.cpu) host_config['cpu_period'] = 100000 if container.restart_policy: count = int(container.restart_policy['MaximumRetryCount']) name = container.restart_policy['Name'] host_config['restart_policy'] = { 'Name': name, 'MaximumRetryCount': count } if container.disk: disk_size = str(container.disk) + 'G' host_config['storage_opt'] = {'size': disk_size} kwargs['host_config'] = docker.create_host_config(**host_config) image_repo = image['repo'] + ":" + image['tag'] response = docker.create_container(image_repo, **kwargs) container.container_id = response['Id'] addresses = self._setup_network_for_container( context, container, requested_networks, network_api) container.addresses = addresses response = docker.inspect_container(container.container_id) self._populate_container(container, response) container.save(context) return container