def _process_networking_config(self, context, container,
requested_networks, host_config,
container_kwargs, docker):
network_api = zun_network.api(context=context, docker_api=docker)
# Process the first requested network at create time. The rest
# will be processed after create.
requested_network = requested_networks.pop()
docker_net_name = self._get_docker_network_name(
context, requested_network['network'])
security_group_ids = utils.get_security_group_ids(
context, container.security_groups)
addresses, port = network_api.create_or_update_port(
container, docker_net_name, requested_network, security_group_ids)
container.addresses = {requested_network['network']: addresses}
ipv4_address = None
ipv6_address = None
for address in addresses:
if address['version'] == 4:
ipv4_address = address['addr']
if address['version'] == 6:
ipv6_address = address['addr']
endpoint_config = docker.create_endpoint_config(
ipv4_address=ipv4_address, ipv6_address=ipv6_address)
network_config = docker.create_networking_config({
docker_net_name: endpoint_config})
host_config['network_mode'] = docker_net_name
container_kwargs['networking_config'] = network_config
container_kwargs['mac_address'] = port['mac_address']
def create_sandbox(self, context, container, requested_networks,
requested_volumes,
image='kubernetes/pause'):
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
self._provision_network(context, network_api, requested_networks)
binds = self._get_binds(context, requested_volumes)
host_config = {'binds': binds}
name = self.get_sandbox_name(container)
volumes = [b['bind'] for b in binds.values()]
kwargs = {
'name': name,
'hostname': name[:63],
'volumes': volumes,
}
self._process_networking_config(
context, container, requested_networks, host_config,
kwargs, docker)
kwargs['host_config'] = docker.create_host_config(**host_config)
sandbox = docker.create_container(image, **kwargs)
container.set_sandbox_id(sandbox['Id'])
addresses = self._setup_network_for_container(
context, container, requested_networks, network_api)
if not addresses:
raise exception.ZunException(_(
"Unexpected missing of addresses"))
container.addresses = addresses
container.save(context)
docker.start(sandbox['Id'])
return sandbox['Id']
def remove_security_group(self, context, container, security_group):
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context,
docker_api=docker)
network_api.remove_security_groups_from_ports(container,
[security_group])
def network_attach(self, context, container, requested_network):
with docker_utils.docker_client() as docker:
security_group_ids = None
if container.security_groups:
security_group_ids = utils.get_security_group_ids(
context, container.security_groups)
network_api = zun_network.api(context,
docker_api=docker)
network = requested_network['network']
if network in container.addresses:
raise exception.ZunException('Container %(container)s has'
' alreay connected to the network'
'%(network)s.'
% {'container': container.uuid,
'network': network})
self._get_or_create_docker_network(context, network_api, network)
docker_net_name = self._get_docker_network_name(context, network)
addrs = network_api.connect_container_to_network(
container, docker_net_name, requested_network,
security_groups=security_group_ids)
if addrs is None:
raise exception.ZunException(_(
'Unexpected missing of addresses'))
update = {}
update[network] = addrs
addresses = container.addresses
addresses.update(update)
container.addresses = addresses
container.save(context)
def create_sandbox(self, context, container, image='kubernetes/pause',
requested_networks=None):
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
if not requested_networks:
network = self._provision_network(context, container,
network_api)
requested_networks = [{'network': network['Name'],
'port': '',
'v4-fixed-ip': '',
'v6-fixed-ip': ''}]
name = self.get_sandbox_name(container)
sandbox = docker.create_container(image, name=name,
hostname=name[:63])
container.set_sandbox_id(sandbox['Id'])
addresses = self._setup_network_for_container(
context, container, requested_networks, network_api)
if addresses is None:
raise exception.ZunException(_(
"Unexpected missing of addresses"))
container.addresses = addresses
container.save(context)
docker.start(sandbox['Id'])
return sandbox['Id']
def create_network(self, context, network):
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context,
docker_api=docker)
docker_net_name = self._get_docker_network_name(
context, network.neutron_net_id)
docker_network = network_api.create_network(
neutron_net_id=network.neutron_net_id,
name=docker_net_name)
return docker_network
def add_security_group(self, context, container, security_group,
sandbox_id=None):
security_group_ids = utils.get_security_group_ids(
context, [security_group])
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
sandbox = docker.inspect_container(sandbox_id)
for network in sandbox["NetworkSettings"]["Networks"]:
network_api.add_security_groups_to_ports(
container, security_group_ids)
def delete_sandbox(self, context, container):
sandbox_id = container.get_sandbox_id()
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
self._cleanup_network_for_container(container, network_api)
try:
docker.remove_container(sandbox_id, force=True)
except errors.APIError as api_error:
if is_not_found(api_error):
return
raise
def delete_sandbox(self, context, container, sandbox_id):
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
sandbox = docker.inspect_container(sandbox_id)
for network in sandbox["NetworkSettings"]["Networks"]:
network_api.disconnect_container_from_network(
container, network, sandbox_id=sandbox['Id'])
try:
docker.remove_container(sandbox_id, force=True)
except errors.APIError as api_error:
if is_not_found(api_error):
return
raise
def network_detach(self, context, container, network):
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context, docker_api=docker)
docker_net = self._get_docker_network_name(context, network)
network_api.disconnect_container_from_network(
container, docker_net, network)
# Only clear network info related to this network
# Cannot del container.address directly which will not update
# changed fields of the container objects as the del operate on
# the addresses object, only base.getter will called.
update = container.addresses
del update[network]
container.addresses = update
container.save(context)
def delete(self, context, container, force):
teardown_network = True
if container.get_sandbox_id():
teardown_network = False
with docker_utils.docker_client() as docker:
try:
if teardown_network:
network_api = zun_network.api(context=context,
docker_api=docker)
self._cleanup_network_for_container(container, network_api)
if container.container_id:
docker.remove_container(container.container_id,
force=force)
except errors.APIError as api_error:
if is_not_found(api_error):
return
raise
def create_sandbox(self,
context,
container,
image='kubernetes/pause',
requested_networks=None):
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
if not requested_networks:
# Find an available neutron net and create docker network by
# wrapping the neutron net.
neutron_net = self._get_available_network(context)
network = self._get_or_create_docker_network(
context, network_api, neutron_net['id'])
requested_networks = [{
'network': network['Name'],
'port': '',
'v4-fixed-ip': '',
'v6-fixed-ip': ''
}]
name = self.get_sandbox_name(container)
sandbox = docker.create_container(image,
name=name,
hostname=name[:63])
self.set_sandbox_id(container, sandbox['Id'])
security_group_ids = None
if container.security_groups is not None:
security_group_ids = self._get_security_group_ids(
context, container.security_groups)
# Container connects to the bridge network by default so disconnect
# the container from it before connecting it to neutron network.
# This avoids potential conflict between these two networks.
network_api.disconnect_container_from_network(
container, 'bridge', sandbox_id=sandbox['Id'])
addresses = {}
for network in requested_networks:
addrs = network_api.connect_container_to_network(
sandbox, network['network'], security_group_ids)
addresses[network['network']] = addrs
container.addresses = addresses
container.save(context)
docker.start(sandbox['Id'])
return sandbox['Id']
def create(self, context, container, image, requested_networks,
requested_volumes):
sandbox_id = container.get_sandbox_id()
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
name = container.name
LOG.debug('Creating container with image %(image)s name %(name)s',
{'image': image['image'], 'name': name})
self._provision_network(context, network_api, requested_networks)
binds = self._get_binds(context, requested_volumes)
kwargs = {
'name': self.get_container_name(container),
'command': container.command,
'environment': container.environment,
'working_dir': container.workdir,
'labels': container.labels,
'tty': container.interactive,
'stdin_open': container.interactive,
}
if not sandbox_id:
# Sandbox is not used so it is legitimate to customize
# the container's hostname
kwargs['hostname'] = container.hostname
if not self._is_runtime_supported():
if container.runtime:
raise exception.ZunException(_(
'Specifying runtime in Docker API is not supported'))
runtime = None
else:
runtime = container.runtime or CONF.container_runtime
host_config = {}
host_config['privileged'] = container.privileged
host_config['runtime'] = runtime
host_config['binds'] = binds
kwargs['volumes'] = [b['bind'] for b in binds.values()]
if sandbox_id:
host_config['network_mode'] = 'container:%s' % sandbox_id
# TODO(hongbin): Uncomment this after docker-py add support for
# container mode for pid namespace.
# host_config['pid_mode'] = 'container:%s' % sandbox_id
host_config['ipc_mode'] = 'container:%s' % sandbox_id
else:
self._process_networking_config(
context, container, requested_networks, host_config,
kwargs, docker)
if container.auto_remove:
host_config['auto_remove'] = container.auto_remove
if container.memory is not None:
host_config['mem_limit'] = str(container.memory) + 'M'
if container.cpu is not None:
host_config['cpu_quota'] = int(100000 * container.cpu)
host_config['cpu_period'] = 100000
if container.restart_policy:
count = int(container.restart_policy['MaximumRetryCount'])
name = container.restart_policy['Name']
host_config['restart_policy'] = {'Name': name,
'MaximumRetryCount': count}
if container.disk:
disk_size = str(container.disk) + 'G'
host_config['storage_opt'] = {'size': disk_size}
# The time unit in docker of heath checking is us, and the unit
# of interval and timeout is seconds.
if container.healthcheck:
healthcheck = {}
healthcheck['test'] = container.healthcheck.get('test', '')
interval = container.healthcheck.get('interval', 0)
healthcheck['interval'] = interval * 10 ** 9
healthcheck['retries'] = int(container.healthcheck.
get('retries', 0))
timeout = container.healthcheck.get('timeout', 0)
healthcheck['timeout'] = timeout * 10 ** 9
kwargs['healthcheck'] = healthcheck
kwargs['host_config'] = docker.create_host_config(**host_config)
if image['tag']:
image_repo = image['repo'] + ":" + image['tag']
else:
image_repo = image['repo']
response = docker.create_container(image_repo, **kwargs)
container.container_id = response['Id']
addresses = self._setup_network_for_container(
context, container, requested_networks, network_api)
container.addresses = addresses
response = docker.inspect_container(container.container_id)
self._populate_container(container, response)
container.save(context)
return container
def create(self, context, container, image, requested_networks):
sandbox_id = container.get_sandbox_id()
network_standalone = False if sandbox_id else True
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
name = container.name
LOG.debug('Creating container with image %(image)s name %(name)s',
{
'image': image['image'],
'name': name
})
if network_standalone:
self._provision_network(context, network_api,
requested_networks)
kwargs = {
'name': self.get_container_name(container),
'command': container.command,
'environment': container.environment,
'working_dir': container.workdir,
'labels': container.labels,
'tty': container.interactive,
'stdin_open': container.interactive,
}
runtime = container.runtime if container.runtime\
else CONF.container_runtime
host_config = {}
host_config['runtime'] = runtime
if sandbox_id:
host_config['network_mode'] = 'container:%s' % sandbox_id
# TODO(hongbin): Uncomment this after docker-py add support for
# container mode for pid namespace.
# host_config['pid_mode'] = 'container:%s' % sandbox_id
host_config['ipc_mode'] = 'container:%s' % sandbox_id
host_config['volumes_from'] = sandbox_id
if container.auto_remove:
host_config['auto_remove'] = container.auto_remove
if container.memory is not None:
host_config['mem_limit'] = container.memory
if container.cpu is not None:
host_config['cpu_quota'] = int(100000 * container.cpu)
host_config['cpu_period'] = 100000
if container.restart_policy is not None:
count = int(container.restart_policy['MaximumRetryCount'])
name = container.restart_policy['Name']
host_config['restart_policy'] = {
'Name': name,
'MaximumRetryCount': count
}
kwargs['host_config'] = docker.create_host_config(**host_config)
image_repo = image['repo'] + ":" + image['tag']
response = docker.create_container(image_repo, **kwargs)
container.container_id = response['Id']
if network_standalone:
addresses = self._setup_network_for_container(
context, container, requested_networks, network_api)
container.addresses = addresses
container.status = consts.CREATED
container.status_reason = None
container.save(context)
return container
def create(self, context, container, image, requested_networks,
requested_volumes):
sandbox_id = container.get_sandbox_id()
with docker_utils.docker_client() as docker:
network_api = zun_network.api(context=context, docker_api=docker)
name = container.name
LOG.debug('Creating container with image %(image)s name %(name)s',
{
'image': image['image'],
'name': name
})
self._provision_network(context, network_api, requested_networks)
binds = self._get_binds(context, requested_volumes)
kwargs = {
'name': self.get_container_name(container),
'command': container.command,
'environment': container.environment,
'working_dir': container.workdir,
'labels': container.labels,
'tty': container.interactive,
'stdin_open': container.interactive,
}
if not sandbox_id:
# Sandbox is not used so it is legitimate to customize
# the container's hostname
kwargs['hostname'] = container.hostname
runtime = container.runtime if container.runtime\
else CONF.container_runtime
host_config = {}
host_config['runtime'] = runtime
host_config['binds'] = binds
kwargs['volumes'] = [b['bind'] for b in binds.values()]
if sandbox_id:
host_config['network_mode'] = 'container:%s' % sandbox_id
# TODO(hongbin): Uncomment this after docker-py add support for
# container mode for pid namespace.
# host_config['pid_mode'] = 'container:%s' % sandbox_id
host_config['ipc_mode'] = 'container:%s' % sandbox_id
else:
self._process_networking_config(context, container,
requested_networks,
host_config, kwargs, docker)
if container.auto_remove:
host_config['auto_remove'] = container.auto_remove
if container.memory is not None:
host_config['mem_limit'] = container.memory
if container.cpu is not None:
host_config['cpu_quota'] = int(100000 * container.cpu)
host_config['cpu_period'] = 100000
if container.restart_policy:
count = int(container.restart_policy['MaximumRetryCount'])
name = container.restart_policy['Name']
host_config['restart_policy'] = {
'Name': name,
'MaximumRetryCount': count
}
if container.disk:
disk_size = str(container.disk) + 'G'
host_config['storage_opt'] = {'size': disk_size}
kwargs['host_config'] = docker.create_host_config(**host_config)
image_repo = image['repo'] + ":" + image['tag']
response = docker.create_container(image_repo, **kwargs)
container.container_id = response['Id']
addresses = self._setup_network_for_container(
context, container, requested_networks, network_api)
container.addresses = addresses
response = docker.inspect_container(container.container_id)
self._populate_container(container, response)
container.save(context)
return container
