def provision_veth(self, namespace, veth_name_ns):
"""
Create the veth, move into the container namespace, add the IP and
set up the default routes.
Note, the endpoint will not be updated in etcd. If desired, the user
should update the endpoint mac with the mac address provided
by the function and then call update_endpoint
:param self: The endpoint object to provision the veth on
:param namespace: The namespace to operate in
:type namespace netns.Namespace
:param veth_name_ns: The name of the interface in the namespace
:return The mac address of the veth as a string
"""
assert isinstance(namespace, netns.Namespace), \
'Namespace object expected.'
netns.create_veth(self.name, self.temp_interface_name)
netns.move_veth_into_ns(namespace, self.temp_interface_name,
veth_name_ns)
for ip_net in self.ipv4_nets | self.ipv6_nets:
netns.add_ip_to_ns_veth(namespace, ip_net.ip, veth_name_ns)
netns.add_ns_default_route(namespace, self.name, veth_name_ns)
return netns.get_ns_veth_mac(namespace, veth_name_ns)
def provision_veth(self, namespace, veth_name_ns):
"""
Create the veth, move into the container namespace, add the IP and
set up the default routes.
Note, the endpoint will not be updated in etcd. If desired, the user
should update the endpoint mac with the mac address provided
by the function and then call update_endpoint
:param self: The endpoint object to provision the veth on
:param namespace: The namespace to operate in
:type namespace netns.Namespace
:param veth_name_ns: The name of the interface in the namespace
:return The mac address of the veth as a string
"""
assert isinstance(namespace, netns.Namespace), \
'Namespace object expected.'
netns.create_veth(self.name, self.temp_interface_name)
netns.move_veth_into_ns(namespace, self.temp_interface_name,
veth_name_ns)
for ip_net in self.ipv4_nets | self.ipv6_nets:
netns.add_ip_to_ns_veth(namespace, ip_net.ip, veth_name_ns)
netns.add_ns_default_route(namespace, self.name, veth_name_ns)
return netns.get_ns_veth_mac(namespace, veth_name_ns)
def provision_veth(self, ns_pid, veth_name_ns):
"""
Create the veth, move into the container namespace, add the IP and
set up the default routes.
Note, the endpoint will not be updated in etcd. If desired, the user
should update the endpoint mac with the mac address provided
by the function and then call update_endpoint
:param self: The endpoint object to provision the veth on
:param ns_pid: The PID of the namespace to operate in
:param veth_name_ns: The name of the interface in the namespace
:return The mac address of the veth as a string
"""
netns.create_veth(self.name, self.temp_interface_name)
netns.move_veth_into_ns(ns_pid, self.temp_interface_name, veth_name_ns)
for ip_net in self.ipv4_nets | self.ipv6_nets:
netns.add_ip_to_ns_veth(ns_pid, ip_net.ip, veth_name_ns)
if ip_net.ip.version == 4:
netns.add_ns_default_route(ns_pid, self.ipv4_gateway, veth_name_ns)
else:
netns.add_ns_default_route(ns_pid, self.ipv6_gateway, veth_name_ns)
return netns.get_ns_veth_mac(ns_pid, veth_name_ns)
def container_add(container_id, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_id: The namespace path or the docker name/ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
:param interface: The name of the interface in the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# TODO: This section is redundant in container_add_ip and elsewhere
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
namespace = netns.Namespace(container_id)
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
orchestrator_id = DOCKER_ORCHESTRATOR_ID
namespace = netns.PidNamespace(info["State"]["Pid"])
# Check the container is actually running.
if not info["State"]["Running"]:
print_paragraph("%s is not currently running." % container_id)
sys.exit(1)
# We can't set up Calico if the container shares the host namespace.
if info["HostConfig"]["NetworkMode"] == "host":
print_paragraph("Can't add %s to Calico because it is "
"running NetworkMode = host." % container_id)
sys.exit(1)
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print_paragraph("%s has already been configured with Calico "
"Networking." % container_id)
sys.exit(1)
ip, pool = get_ip_and_pool(ip)
try:
# The next hop IPs for this host are stored in etcd.
next_hops = client.get_default_next_hops(hostname)
next_hops[ip.version]
except KeyError:
print_paragraph("This node is not configured for IPv%d. "
"Is calico-node running?" % ip.version)
unallocated_ips = client.release_ips({ip})
if unallocated_ips:
print_paragraph("Error during cleanup. %s was already"
"unallocated." % ip)
sys.exit(1)
# Get the next hop for the IP address.
next_hop = next_hops[ip.version]
network = IPNetwork(IPAddress(ip))
ep = Endpoint(hostname=hostname,
orchestrator_id=DOCKER_ORCHESTRATOR_ID,
workload_id=workload_id,
endpoint_id=uuid.uuid1().hex,
state="active",
mac=None)
if network.version == 4:
ep.ipv4_nets.add(network)
ep.ipv4_gateway = next_hop
else:
ep.ipv6_nets.add(network)
ep.ipv6_gateway = next_hop
# Create the veth, move into the container namespace, add the IP and
# set up the default routes.
netns.increment_metrics(namespace)
netns.create_veth(ep.name, ep.temp_interface_name)
netns.move_veth_into_ns(namespace, ep.temp_interface_name, interface)
netns.add_ip_to_ns_veth(namespace, ip, interface)
netns.add_ns_default_route(namespace, next_hop, interface)
# Grab the MAC assigned to the veth in the namespace.
ep.mac = netns.get_ns_veth_mac(namespace, interface)
# Register the endpoint with Felix.
client.set_endpoint(ep)
# Let the caller know what endpoint was created.
print_paragraph("IP %s added to %s" % (str(ip), container_id))
return ep
def container_add(container_id, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_id: The namespace path or the docker name/ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
:param interface: The name of the interface in the container.
"""
# The netns manipulations must be done as root.
enforce_root()
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
namespace = netns.Namespace(container_id)
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
orchestrator_id = DOCKER_ORCHESTRATOR_ID
namespace = netns.PidNamespace(info["State"]["Pid"])
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_id
sys.exit(1)
# We can't set up Calico if the container shares the host namespace.
if info["HostConfig"]["NetworkMode"] == "host":
print "Can't add %s to Calico because it is " \
"running NetworkMode = host." % container_id
sys.exit(1)
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print "%s has already been configured with Calico Networking." % \
container_id
sys.exit(1)
# Check the IP is in the allocation pool. If it isn't, BIRD won't export
# it.
ip = IPAddress(ip)
pool = get_pool_or_exit(ip)
# The next hop IPs for this host are stored in etcd.
next_hops = client.get_default_next_hops(hostname)
try:
next_hops[ip.version]
except KeyError:
print "This node is not configured for IPv%d." % ip.version
sys.exit(1)
# Assign the IP
if not client.assign_address(pool, ip):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
# Get the next hop for the IP address.
next_hop = next_hops[ip.version]
network = IPNetwork(IPAddress(ip))
ep = Endpoint(hostname=hostname,
orchestrator_id=DOCKER_ORCHESTRATOR_ID,
workload_id=workload_id,
endpoint_id=uuid.uuid1().hex,
state="active",
mac=None)
if network.version == 4:
ep.ipv4_nets.add(network)
ep.ipv4_gateway = next_hop
else:
ep.ipv6_nets.add(network)
ep.ipv6_gateway = next_hop
# Create the veth, move into the container namespace, add the IP and
# set up the default routes.
netns.create_veth(ep.name, ep.temp_interface_name)
netns.move_veth_into_ns(namespace, ep.temp_interface_name, interface)
netns.add_ip_to_ns_veth(namespace, ip, interface)
netns.add_ns_default_route(namespace, next_hop, interface)
# Grab the MAC assigned to the veth in the namespace.
ep.mac = netns.get_ns_veth_mac(namespace, interface)
# Register the endpoint with Felix.
client.set_endpoint(ep)
# Let the caller know what endpoint was created.
return ep
def container_add(container_id, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_id: The namespace path or the docker name/ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
:param interface: The name of the interface in the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# TODO: This section is redundant in container_add_ip and elsewhere
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
namespace = netns.Namespace(container_id)
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
orchestrator_id = DOCKER_ORCHESTRATOR_ID
namespace = netns.PidNamespace(info["State"]["Pid"])
# Check the container is actually running.
if not info["State"]["Running"]:
print_paragraph("%s is not currently running." % container_id)
sys.exit(1)
# We can't set up Calico if the container shares the host namespace.
if info["HostConfig"]["NetworkMode"] == "host":
print_paragraph("Can't add %s to Calico because it is "
"running NetworkMode = host." % container_id)
sys.exit(1)
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print_paragraph("%s has already been configured with Calico "
"Networking." % container_id)
sys.exit(1)
ep = Endpoint(hostname=hostname,
orchestrator_id=DOCKER_ORCHESTRATOR_ID,
workload_id=workload_id,
endpoint_id=uuid.uuid1().hex,
state="active",
mac=None)
ip, _ = get_ip_and_pool(ip)
network = IPNetwork(ip)
if network.version == 4:
ep.ipv4_nets.add(network)
else:
ep.ipv6_nets.add(network)
# Create the veth, move into the container namespace, add the IP and
# set up the default routes.
netns.increment_metrics(namespace)
netns.create_veth(ep.name, ep.temp_interface_name)
netns.move_veth_into_ns(namespace, ep.temp_interface_name, interface)
netns.add_ip_to_ns_veth(namespace, ip, interface)
netns.add_ns_default_route(namespace, ep.name, interface)
# Grab the MAC assigned to the veth in the namespace.
ep.mac = netns.get_ns_veth_mac(namespace, interface)
# Register the endpoint with Felix.
client.set_endpoint(ep)
# Let the caller know what endpoint was created.
print_paragraph("IP %s added to %s" % (str(ip), container_id))
return ep
def container_add(container_name, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_name: The name or ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
:param interface: The name of the interface in the container.
"""
# The netns manipulations must be done as root.
enforce_root()
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print "%s has already been configured with Calico Networking." % \
container_name
sys.exit(1)
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# We can't set up Calico if the container shares the host namespace.
if info["HostConfig"]["NetworkMode"] == "host":
print "Can't add %s to Calico because it is " \
"running NetworkMode = host." % container_name
sys.exit(1)
# Check the IP is in the allocation pool. If it isn't, BIRD won't export
# it.
ip = IPAddress(ip)
pool = get_pool_or_exit(ip)
# The next hop IPs for this host are stored in etcd.
next_hops = client.get_default_next_hops(hostname)
try:
next_hops[ip.version]
except KeyError:
print "This node is not configured for IPv%d." % ip.version
sys.exit(1)
# Assign the IP
if not client.assign_address(pool, ip):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
# Get the next hop for the IP address.
next_hop = next_hops[ip.version]
network = IPNetwork(IPAddress(ip))
ep = Endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=container_id,
endpoint_id=uuid.uuid1().hex,
state="active",
mac=None)
if network.version == 4:
ep.ipv4_nets.add(network)
ep.ipv4_gateway = next_hop
else:
ep.ipv6_nets.add(network)
ep.ipv6_gateway = next_hop
# Create the veth, move into the container namespace, add the IP and
# set up the default routes.
pid = info["State"]["Pid"]
netns.create_veth(ep.name, ep.temp_interface_name)
netns.move_veth_into_ns(pid, ep.temp_interface_name, interface)
netns.add_ip_to_ns_veth(pid, ip, interface)
netns.add_ns_default_route(pid, next_hop, interface)
# Grab the MAC assigned to the veth in the namespace.
ep.mac = netns.get_ns_veth_mac(pid, interface)
# Register the endpoint with Felix.
client.set_endpoint(ep)
# Let the caller know what endpoint was created.
return ep