def find_mesos_container(ip): mesos_state_url = app.config['MESOS_STATE_URL'] try: state = requests.get(mesos_state_url, timeout=app.config['MESOS_STATE_TIMEOUT']).json() for framework in state['frameworks']: for executor in framework['executors']: for task in executor['tasks']: for status in task['statuses']: if status['state'] == 'TASK_RUNNING': for network in status['container_status']['network_infos']: for ip_map in network['ip_addresses']: if ip_map['ip_address'] == ip: if 'labels' in task: env = [] for label in task['labels']: key = label['key'] val = label['value'] env_var = '{0}={1}'.format(key, val) env.append(env_var) container = {'Config': {'Env': env, 'Labels': env}} return container except requests.exceptions.Timeout: log.error('Timeout when trying to call the mesos http api: {0}'.format(mesos_state_url)) except requests.exceptions.RequestException: log.exception('Error while trying to call the mesos http api: {0}'.format(mesos_state_url)) except KeyError: log.exception('Error while trying to lookup the required keys in the json object') return None
def get_iam_info(api_version, junk=None): role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr) if role_name_from_ip: log.debug('Providing IAM role info for {0}'.format(role_name_from_ip)) return jsonify(roles.get_role_info_from_ip(request.remote_addr)) else: log.error('Role name not found; returning 404.') return '', 404
def get_iam_info(api_version, junk=None): role_params_from_ip = roles.get_role_params_from_ip(request.remote_addr) if role_params_from_ip['name']: log.debug('Providing IAM role info for {0}'.format(role_params_from_ip['name'])) return jsonify(roles.get_role_info_from_params(role_params_from_ip)) else: log.error('Role name not found; returning 404.') return '', 404
def iam_role_name(api_version): if not _supports_iam(api_version): return passthrough(request.path) role_params_from_ip = roles.get_role_params_from_ip(request.remote_addr) if role_params_from_ip['name']: return role_params_from_ip['name'] else: log.error('Role name not found; returning 404.') return '', 404
def iam_role_info(api_version, junk=None): if not _supports_iam(api_version): return passthrough(request.path) role_name_from_ip = roles.get_role_name_from_ip(request.remote_addr) if role_name_from_ip: log.debug('Providing IAM role info for {0}'.format(role_name_from_ip)) return jsonify(roles.get_role_info_from_ip(request.remote_addr)) else: log.error('Role name not found; returning 404.') return '', 404
def iam_role_info(api_version, junk=None): if not _supports_iam(api_version): return passthrough(request.path) role_params_from_ip = roles.get_role_params_from_ip(request.remote_addr) if role_params_from_ip['name']: log.debug('Providing IAM role info for {0}'.format( role_params_from_ip['name'])) return jsonify(roles.get_role_info_from_params(role_params_from_ip)) else: log.error('Role name not found; returning 404.') return '', 404
def iam_sts_credentials(api_version, requested_role, junk=None): if not _supports_iam(api_version): return passthrough(request.path) if not roles.check_role_name_from_ip(request.remote_addr, requested_role): msg = "Role name {0} doesn't match expected role for container" log.error(msg.format(requested_role)) return '', 404 role_name = roles.get_role_name_from_ip(request.remote_addr, stripped=False) log.debug('Providing assumed role credentials for {0}'.format(role_name)) assumed_role = roles.get_assumed_role_credentials(requested_role=role_name, api_version=api_version) return jsonify(assumed_role)
def find_container(ip): pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX']) client = docker_client() # Try looking at the container mapping cache first if ip in CONTAINER_MAPPING: log.info('Container id for IP {0} in cache'.format(ip)) try: with PrintingBlockTimer('Container inspect'): container = client.inspect_container(CONTAINER_MAPPING[ip]) return container except docker.errors.NotFound: msg = 'Container id {0} no longer mapped to {1}' log.error(msg.format(CONTAINER_MAPPING[ip], ip)) del CONTAINER_MAPPING[ip] _fqdn = None with PrintingBlockTimer('Reverse DNS'): if app.config['ROLE_REVERSE_LOOKUP']: try: _fqdn = socket.gethostbyaddr(ip)[0] except socket.error as e: log.error('gethostbyaddr failed: {0}'.format(e.args)) pass with PrintingBlockTimer('Container fetch'): _ids = [c['Id'] for c in client.containers()] for _id in _ids: try: with PrintingBlockTimer('Container inspect'): c = client.inspect_container(_id) except docker.errors.NotFound: log.error('Container id {0} not found'.format(_id)) continue # Try matching container to caller by IP address _ip = c['NetworkSettings']['IPAddress'] if ip == _ip: msg = 'Container id {0} mapped to {1} by IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Try matching container to caller by hostname match if app.config['ROLE_REVERSE_LOOKUP']: hostname = c['Config']['Hostname'] domain = c['Config']['Domainname'] fqdn = '{0}.{1}'.format(hostname, domain) # Default pattern matches _fqdn == fqdn _groups = re.match(pattern, _fqdn).groups() groups = re.match(pattern, fqdn).groups() if _groups and groups: if groups[0] == _groups[0]: msg = 'Container id {0} mapped to {1} by FQDN match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c log.error('No container found for ip {0}'.format(ip)) return None
def iam_sts_credentials(api_version, requested_role, junk=None): if not _supports_iam(api_version): return passthrough(request.path) try: role_params = roles.get_role_params_from_ip( request.remote_addr, requested_role=requested_role) except roles.UnexpectedRoleError: msg = "Role name {0} doesn't match expected role for container" log.error(msg.format(requested_role)) return '', 404 log.debug('Providing assumed role credentials for {0}'.format( role_params['name'])) assumed_role = roles.get_assumed_role_credentials(role_params=role_params, api_version=api_version) return jsonify(assumed_role)
def iam_sts_credentials(api_version, requested_role, junk=None): if not _supports_iam(api_version): return passthrough(request.path) if not roles.check_role_name_from_ip(request.remote_addr, requested_role): msg = "Role name {0} doesn't match expected role for container" log.error(msg.format(requested_role)) return '', 404 role_name = roles.get_role_name_from_ip( request.remote_addr, stripped=False ) log.debug('Providing assumed role credentials for {0}'.format(role_name)) assumed_role = roles.get_assumed_role_credentials( requested_role=role_name, api_version=api_version ) return jsonify(assumed_role)
def iam_sts_credentials(api_version, requested_role, junk=None): if not _supports_iam(api_version): return passthrough(request.path) try: role_params = roles.get_role_params_from_ip( request.remote_addr, requested_role=requested_role ) except roles.UnexpectedRoleError: msg = "Role name {0} doesn't match expected role for container" log.error(msg.format(requested_role)) return '', 404 log.debug('Providing assumed role credentials for {0}'.format(role_params['name'])) assumed_role = roles.get_assumed_role_credentials( role_params=role_params, api_version=api_version ) return jsonify(assumed_role)
def find_container(ip): pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX']) client = docker_client() # Try looking at the container mapping cache first if ip in CONTAINER_MAPPING: log.info('Container id for IP {0} in cache'.format(ip)) try: with PrintingBlockTimer('Container inspect'): container = client.inspect_container(CONTAINER_MAPPING[ip]) # Only return a cached container if it is running. if container['State']['Running']: return container else: log.error('Container id {0} is no longer running'.format(ip)) del CONTAINER_MAPPING[ip] except docker.errors.NotFound: msg = 'Container id {0} no longer mapped to {1}' log.error(msg.format(CONTAINER_MAPPING[ip], ip)) del CONTAINER_MAPPING[ip] _fqdn = None with PrintingBlockTimer('Reverse DNS'): if app.config['ROLE_REVERSE_LOOKUP']: try: _fqdn = socket.gethostbyaddr(ip)[0] except socket.error as e: log.error('gethostbyaddr failed: {0}'.format(e.args)) pass with PrintingBlockTimer('Container fetch'): _ids = [c['Id'] for c in client.containers()] for _id in _ids: try: with PrintingBlockTimer('Container inspect'): c = client.inspect_container(_id) except docker.errors.NotFound: log.error('Container id {0} not found'.format(_id)) continue # Try matching container to caller by IP address _ip = c['NetworkSettings']['IPAddress'] if ip == _ip: msg = 'Container id {0} mapped to {1} by IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Try matching container to caller by sub network IP address _networks = c['NetworkSettings']['Networks'] if _networks: for _network in _networks: if _networks[_network]['IPAddress'] == ip: msg = 'Container id {0} mapped to {1} by sub-network IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Not Found ? Let's see if we are running under rancher 1.2+,which uses a label to store the IP try: _labels = c.get('Config', {}).get('Labels', {}) except (KeyError, ValueError): _labels = {} try: if _labels.get('io.rancher.container.ip'): _ip = _labels.get('io.rancher.container.ip').split("/")[0] except docker.errors.NotFound: log.error( 'Container: {0} Label container.ip not found'.format(_id)) if ip == _ip: msg = 'Container id {0} mapped to {1} by Rancher IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Try matching container to caller by hostname match if app.config['ROLE_REVERSE_LOOKUP']: hostname = c['Config']['Hostname'] domain = c['Config']['Domainname'] fqdn = '{0}.{1}'.format(hostname, domain) # Default pattern matches _fqdn == fqdn _groups = re.match(pattern, _fqdn).groups() groups = re.match(pattern, fqdn).groups() if _groups and groups: if groups[0] == _groups[0]: msg = 'Container id {0} mapped to {1} by FQDN match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c log.error('No container found for ip {0}'.format(ip)) return None
def find_container(ip): pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX']) client = docker_client() # Try looking at the container mapping cache first container_id = CONTAINER_MAPPING.get(ip) if container_id: log.info('Container id for IP {0} in cache'.format(ip)) try: with PrintingBlockTimer('Container inspect'): container = client.inspect_container(container_id) # Only return a cached container if it is running. if container['State']['Running']: return container else: log.error('Container id {0} is no longer running'.format(ip)) if ip in CONTAINER_MAPPING: del CONTAINER_MAPPING[ip] except docker.errors.NotFound: msg = 'Container id {0} no longer mapped to {1}' log.error(msg.format(container_id, ip)) if ip in CONTAINER_MAPPING: del CONTAINER_MAPPING[ip] _fqdn = None with PrintingBlockTimer('Reverse DNS'): if app.config['ROLE_REVERSE_LOOKUP']: try: _fqdn = socket.gethostbyaddr(ip)[0] except socket.error as e: log.error('gethostbyaddr failed: {0}'.format(e.args)) pass with PrintingBlockTimer('Container fetch'): _ids = [c['Id'] for c in client.containers()] for _id in _ids: try: with PrintingBlockTimer('Container inspect'): c = client.inspect_container(_id) except docker.errors.NotFound: log.error('Container id {0} not found'.format(_id)) continue # Try matching container to caller by IP address _ip = c['NetworkSettings']['IPAddress'] if ip == _ip: msg = 'Container id {0} mapped to {1} by IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Try matching container to caller by sub network IP address _networks = c['NetworkSettings']['Networks'] if _networks: for _network in _networks: if _networks[_network]['IPAddress'] == ip: msg = 'Container id {0} mapped to {1} by sub-network IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Not Found ? Let's see if we are running under rancher 1.2+,which uses a label to store the IP try: _labels = c.get('Config', {}).get('Labels', {}) except (KeyError, ValueError): _labels = {} try: if _labels.get('io.rancher.container.ip'): _ip = _labels.get('io.rancher.container.ip').split("/")[0] except docker.errors.NotFound: log.error('Container: {0} Label container.ip not found'.format(_id)) if ip == _ip: msg = 'Container id {0} mapped to {1} by Rancher IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Try matching container to caller by hostname match if app.config['ROLE_REVERSE_LOOKUP']: hostname = c['Config']['Hostname'] domain = c['Config']['Domainname'] fqdn = '{0}.{1}'.format(hostname, domain) # Default pattern matches _fqdn == fqdn _groups = re.match(pattern, _fqdn).groups() groups = re.match(pattern, fqdn).groups() if _groups and groups: if groups[0] == _groups[0]: msg = 'Container id {0} mapped to {1} by FQDN match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c log.error('No container found for ip {0}'.format(ip)) return None
def find_container(ip): pattern = re.compile(app.config['HOSTNAME_MATCH_REGEX']) client = docker_client() # Try looking at the container mapping cache first if ip in CONTAINER_MAPPING: log.info('Container id for IP {0} in cache'.format(ip)) try: with PrintingBlockTimer('Container inspect'): container = client.inspect_container(CONTAINER_MAPPING[ip]) # Only return a cached container if it is running. if container['State']['Running']: return container else: log.error('Container id {0} is no longger running'.format(ip)) del CONTAINER_MAPPING[ip] except docker.errors.NotFound: msg = 'Container id {0} no longer mapped to {1}' log.error(msg.format(CONTAINER_MAPPING[ip], ip)) del CONTAINER_MAPPING[ip] _fqdn = None with PrintingBlockTimer('Reverse DNS'): if app.config['ROLE_REVERSE_LOOKUP']: try: _fqdn = socket.gethostbyaddr(ip)[0] except socket.error as e: log.error('gethostbyaddr failed: {0}'.format(e.args)) pass with PrintingBlockTimer('Container fetch'): _ids = [c['Id'] for c in client.containers()] for _id in _ids: try: with PrintingBlockTimer('Container inspect'): c = client.inspect_container(_id) except docker.errors.NotFound: log.error('Container id {0} not found'.format(_id)) continue # Try matching container to caller by IP address _ip = c['NetworkSettings']['IPAddress'] if ip == _ip: msg = 'Container id {0} mapped to {1} by IP match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c # Try matching container to caller by hostname match if app.config['ROLE_REVERSE_LOOKUP']: hostname = c['Config']['Hostname'] domain = c['Config']['Domainname'] fqdn = '{0}.{1}'.format(hostname, domain) # Default pattern matches _fqdn == fqdn _groups = re.match(pattern, _fqdn).groups() groups = re.match(pattern, fqdn).groups() if _groups and groups: if groups[0] == _groups[0]: msg = 'Container id {0} mapped to {1} by FQDN match' log.debug(msg.format(_id, ip)) CONTAINER_MAPPING[ip] = _id return c log.error('No container found for ip {0}'.format(ip)) return None