コード例 #1
0
ファイル: docker_engine.py プロジェクト: romcheg/fuel-web 
    def clean_iptables_rules(self, container):
        """Sometimes when we run docker stop
        (version dc9c28f/0.10.0) it doesn't clean
        iptables rules, as result when we run new
        container on the same port we have two rules
        with the same port but with different IPs,
        we have to clean this rules to prevent services
        unavailability.

        Example of the problem:
          $ iptables -t nat -S
          ...
          -A DOCKER -p tcp -m tcp --dport 443 -j DNAT \
            --to-destination 172.17.0.7:443
          -A DOCKER -p tcp -m tcp --dport 443 -j DNAT \
            --to-destination 172.17.0.3:443

          -A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport \
            8777 -j DNAT --to-destination 172.17.0.10:8777
          -A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport \
            8777 -j DNAT --to-destination 172.17.0.11:8777
          -A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport \
            8777 -j DNAT --to-destination 172.17.0.11:8777
        """
        if not container.get('port_bindings'):
            return

        self._log_iptables()
        utils.safe_exec_cmd('dockerctl post_start_hooks {0}'.format(
            container['id']))
        utils.safe_exec_cmd('service iptables save')
        self._log_iptables()
コード例 #2
0
 def run(self):
     # save dhcrelay.conf to versioned folder
     copy_file(self._save_from, self._save_to)
     # remove dhcrelay.conf from global supervisor scope
     remove(self._save_from)
     # stop dhcrelay in supervisord, otherwise it will be re-ran
     # automatically
     safe_exec_cmd('supervisorctl stop dhcrelay_monitor')
コード例 #3
0
 def run(self):
     # save dhcrelay.conf to versioned folder
     copy_file(self._save_from, self._save_to)
     # remove dhcrelay.conf from global supervisor scope
     remove(self._save_from)
     # stop dhcrelay in supervisord, otherwise it will be re-ran
     # automatically
     safe_exec_cmd('supervisorctl stop dhcrelay_monitor')
コード例 #4
0
    def run(self):
        for container in self._containers:
            confname = '/etc/supervisord.d/{version}/{container}.conf'.format(
                version=self.config.from_version, container=container)

            if os.path.exists(confname):
                self._set_version_in(confname)
            else:
                logger.info('Could not find supervisor conf: "%s"', confname)

        # apply updated configurations without actual restart
        utils.safe_exec_cmd('supervisorctl update')
コード例 #5
0
    def run(self):
        for container in self._containers:
            confname = "/etc/supervisord.d/{version}/{container}.conf".format(
                version=self.config.from_version, container=container
            )

            if os.path.exists(confname):
                self._set_version_in(confname)
            else:
                logger.info('Could not find supervisor conf: "%s"', confname)

        # apply updated configurations without actual restart
        utils.safe_exec_cmd("supervisorctl update")
コード例 #6
0
    def _create_container(self):
        command = ' '.join([
            'docker run -d -t --privileged', '-p {BIND_ADMIN}:8001:8001',
            '-p {BIND_LOCAL}:8001:8001', '-v /etc/nailgun',
            '-v /var/log/docker-logs:/var/log',
            '-v /var/www/nailgun:/var/www/nailgun:rw',
            '-v /etc/yum.repos.d:/etc/yum.repos.d:rw',
            '-v /etc/fuel:/etc/fuel:ro', '-v /root/.ssh:/root/.ssh:ro',
            '--name={CONTAINER}', '{IMAGE}'
        ])

        command = command.format(BIND_ADMIN=self.config.master_ip,
                                 BIND_LOCAL='127.0.0.1',
                                 CONTAINER=self._container,
                                 IMAGE=self._image)

        safe_exec_cmd(command)
コード例 #7
0
    def _create_container(self):
        command = ' '.join([
            'docker run -d -t --privileged',
            '-p {BIND_ADMIN}:8001:8001',
            '-p {BIND_LOCAL}:8001:8001',
            '-v /etc/nailgun',
            '-v /var/log/docker-logs:/var/log',
            '-v /var/www/nailgun:/var/www/nailgun:rw',
            '-v /etc/yum.repos.d:/etc/yum.repos.d:rw',
            '-v /etc/fuel:/etc/fuel:ro',
            '-v /root/.ssh:/root/.ssh:ro',
            '--name={CONTAINER}',
            '{IMAGE}'])

        command = command.format(
            BIND_ADMIN=self.config.master_ip,
            BIND_LOCAL='127.0.0.1',
            CONTAINER=self._container,
            IMAGE=self._image)

        safe_exec_cmd(command)
コード例 #8
0
ファイル: docker_engine.py プロジェクト: romcheg/fuel-web 
    def _log_iptables(self):
        """Method for additional logging of iptables rules

        NOTE(eli): Sometimes there are problems with
        iptables rules like this
        https://bugs.launchpad.net/fuel/+bug/1349287
        """
        utils.safe_exec_cmd('iptables -t nat -S')
        utils.safe_exec_cmd('iptables -S')
        utils.safe_exec_cmd('cat /etc/sysconfig/iptables.save')
コード例 #9
0
 def test_safe_exec_cmd(self, exec_mock):
     cmd = 'some command'
     utils.safe_exec_cmd(cmd)
     exec_mock.assert_called_once_with(cmd)
コード例 #10
0
ファイル: test_utils.py プロジェクト: koder-ua/nailgun-fcert 
 def test_safe_exec_cmd(self, exec_mock):
     cmd = 'some command'
     utils.safe_exec_cmd(cmd)
     exec_mock.assert_called_once_with(cmd)
コード例 #11
0
 def _destroy_container(self):
     safe_exec_cmd('docker rm -f {0}'.format(self._container))
コード例 #12
0
 def _stop_container(self):
     safe_exec_cmd('docker stop {0}'.format(self._container))
コード例 #13
0
 def _destroy_container(self):
     safe_exec_cmd('docker rm -f {0}'.format(self._container))
コード例 #14
0
 def _stop_container(self):
     safe_exec_cmd('docker stop {0}'.format(self._container))