def clean_iptables_rules(self, container): """Sometimes when we run docker stop (version dc9c28f/0.10.0) it doesn't clean iptables rules, as result when we run new container on the same port we have two rules with the same port but with different IPs, we have to clean this rules to prevent services unavailability. Example of the problem: $ iptables -t nat -S ... -A DOCKER -p tcp -m tcp --dport 443 -j DNAT \ --to-destination 172.17.0.7:443 -A DOCKER -p tcp -m tcp --dport 443 -j DNAT \ --to-destination 172.17.0.3:443 -A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport \ 8777 -j DNAT --to-destination 172.17.0.10:8777 -A DOCKER -d 127.0.0.1/32 -p tcp -m tcp --dport \ 8777 -j DNAT --to-destination 172.17.0.11:8777 -A DOCKER -d 10.108.0.2/32 -p tcp -m tcp --dport \ 8777 -j DNAT --to-destination 172.17.0.11:8777 """ if not container.get('port_bindings'): return self._log_iptables() utils.safe_exec_cmd('dockerctl post_start_hooks {0}'.format( container['id'])) utils.safe_exec_cmd('service iptables save') self._log_iptables()
def run(self): # save dhcrelay.conf to versioned folder copy_file(self._save_from, self._save_to) # remove dhcrelay.conf from global supervisor scope remove(self._save_from) # stop dhcrelay in supervisord, otherwise it will be re-ran # automatically safe_exec_cmd('supervisorctl stop dhcrelay_monitor')
def run(self): for container in self._containers: confname = '/etc/supervisord.d/{version}/{container}.conf'.format( version=self.config.from_version, container=container) if os.path.exists(confname): self._set_version_in(confname) else: logger.info('Could not find supervisor conf: "%s"', confname) # apply updated configurations without actual restart utils.safe_exec_cmd('supervisorctl update')
def run(self): for container in self._containers: confname = "/etc/supervisord.d/{version}/{container}.conf".format( version=self.config.from_version, container=container ) if os.path.exists(confname): self._set_version_in(confname) else: logger.info('Could not find supervisor conf: "%s"', confname) # apply updated configurations without actual restart utils.safe_exec_cmd("supervisorctl update")
def _create_container(self): command = ' '.join([ 'docker run -d -t --privileged', '-p {BIND_ADMIN}:8001:8001', '-p {BIND_LOCAL}:8001:8001', '-v /etc/nailgun', '-v /var/log/docker-logs:/var/log', '-v /var/www/nailgun:/var/www/nailgun:rw', '-v /etc/yum.repos.d:/etc/yum.repos.d:rw', '-v /etc/fuel:/etc/fuel:ro', '-v /root/.ssh:/root/.ssh:ro', '--name={CONTAINER}', '{IMAGE}' ]) command = command.format(BIND_ADMIN=self.config.master_ip, BIND_LOCAL='127.0.0.1', CONTAINER=self._container, IMAGE=self._image) safe_exec_cmd(command)
def _create_container(self): command = ' '.join([ 'docker run -d -t --privileged', '-p {BIND_ADMIN}:8001:8001', '-p {BIND_LOCAL}:8001:8001', '-v /etc/nailgun', '-v /var/log/docker-logs:/var/log', '-v /var/www/nailgun:/var/www/nailgun:rw', '-v /etc/yum.repos.d:/etc/yum.repos.d:rw', '-v /etc/fuel:/etc/fuel:ro', '-v /root/.ssh:/root/.ssh:ro', '--name={CONTAINER}', '{IMAGE}']) command = command.format( BIND_ADMIN=self.config.master_ip, BIND_LOCAL='127.0.0.1', CONTAINER=self._container, IMAGE=self._image) safe_exec_cmd(command)
def _log_iptables(self): """Method for additional logging of iptables rules NOTE(eli): Sometimes there are problems with iptables rules like this https://bugs.launchpad.net/fuel/+bug/1349287 """ utils.safe_exec_cmd('iptables -t nat -S') utils.safe_exec_cmd('iptables -S') utils.safe_exec_cmd('cat /etc/sysconfig/iptables.save')
def test_safe_exec_cmd(self, exec_mock): cmd = 'some command' utils.safe_exec_cmd(cmd) exec_mock.assert_called_once_with(cmd)
def _destroy_container(self): safe_exec_cmd('docker rm -f {0}'.format(self._container))
def _stop_container(self): safe_exec_cmd('docker stop {0}'.format(self._container))