Browse code
Make ssd portable and usuable outside the default image. Add error check when network on a particular node has no services
Signed-off-by: Dani Louca <dani.louca@docker.com>
Dani Louca authored on 2018/02/13 07:02:01Showing 1 changed files
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
#!/usr/bin/python |
| 2 | 2 |
|
| 3 |
-import sys, signal, time |
|
| 3 |
+import sys, signal, time, os |
|
| 4 | 4 |
import docker |
| 5 | 5 |
import re |
| 6 | 6 |
import subprocess |
| ... | ... |
@@ -14,6 +14,14 @@ ipv4match = re.compile( |
| 14 | 14 |
r'(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])' |
| 15 | 15 |
) |
| 16 | 16 |
|
| 17 |
+def which(name, defaultPath=""): |
|
| 18 |
+ if defaultPath and os.path.exists(defaultPath): |
|
| 19 |
+ return defaultPath |
|
| 20 |
+ for path in os.getenv("PATH").split(os.path.pathsep):
|
|
| 21 |
+ fullPath = path + os.sep + name |
|
| 22 |
+ if os.path.exists(fullPath): |
|
| 23 |
+ return fullPath |
|
| 24 |
+ |
|
| 17 | 25 |
def check_iptables(name, plist): |
| 18 | 26 |
replace = (':', ',')
|
| 19 | 27 |
ports = [] |
| ... | ... |
@@ -26,13 +34,13 @@ def check_iptables(name, plist): |
| 26 | 26 |
|
| 27 | 27 |
# get the ingress sandbox's docker_gwbridge network IP. |
| 28 | 28 |
# published ports get DNAT'ed to this IP. |
| 29 |
- ip = subprocess.check_output(['/usr/bin/nsenter', '--net=/var/run/docker/netns/ingress_sbox', '/bin/bash', '-c', 'ifconfig eth1 | grep \"inet\\ addr\" | cut -d: -f2 | cut -d\" \" -f1']) |
|
| 29 |
+ ip = subprocess.check_output([ which("nsenter","/usr/bin/nsenter"), '--net=/var/run/docker/netns/ingress_sbox', which("bash", "/bin/bash"), '-c', 'ifconfig eth1 | grep \"inet\\ addr\" | cut -d: -f2 | cut -d\" \" -f1'])
|
|
| 30 | 30 |
ip = ip.rstrip() |
| 31 | 31 |
|
| 32 | 32 |
for p in ports: |
| 33 |
- rule = '/sbin/iptables -t nat -C DOCKER-INGRESS -p tcp --dport {0} -j DNAT --to {1}:{2}'.format(p[1], ip, p[1])
|
|
| 33 |
+ rule = which("iptables", "/sbin/iptables") + '-t nat -C DOCKER-INGRESS -p tcp --dport {0} -j DNAT --to {1}:{2}'.format(p[1], ip, p[1])
|
|
| 34 | 34 |
try: |
| 35 |
- subprocess.check_output(["/bin/bash", "-c", rule]) |
|
| 35 |
+ subprocess.check_output([which("bash", "/bin/bash"), "-c", rule])
|
|
| 36 | 36 |
except subprocess.CalledProcessError as e: |
| 37 | 37 |
print "Service {0}: host iptables DNAT rule for port {1} -> ingress sandbox {2}:{3} missing".format(name, p[1], ip, p[1])
|
| 38 | 38 |
|
| ... | ... |
@@ -58,7 +66,12 @@ def check_network(nw_name, ingress=False): |
| 58 | 58 |
|
| 59 | 59 |
data = cli.inspect_network(nw_name, verbose=True) |
| 60 | 60 |
|
| 61 |
- services = data["Services"] |
|
| 61 |
+ if "Services" in data.keys(): |
|
| 62 |
+ services = data["Services"] |
|
| 63 |
+ else: |
|
| 64 |
+ print "Network %s has no services. Skipping check" % nw_name |
|
| 65 |
+ return |
|
| 66 |
+ |
|
| 62 | 67 |
fwmarks = {str(service): str(svalue["LocalLBIndex"]) for service, svalue in services.items()}
|
| 63 | 68 |
|
| 64 | 69 |
stasks = {}
|
| ... | ... |
@@ -78,7 +91,7 @@ def check_network(nw_name, ingress=False): |
| 78 | 78 |
containers = get_namespaces(data, ingress) |
| 79 | 79 |
for container, namespace in containers.items(): |
| 80 | 80 |
print "Verifying container %s..." % container |
| 81 |
- ipvs = subprocess.check_output(['/usr/bin/nsenter', '--net=%s' % namespace, '/usr/sbin/ipvsadm', '-ln']) |
|
| 81 |
+ ipvs = subprocess.check_output([which("nsenter","/usr/bin/nsenter"), '--net=%s' % namespace, which("ipvsadm","/usr/sbin/ipvsadm"), '-ln'])
|
|
| 82 | 82 |
|
| 83 | 83 |
mark = "" |
| 84 | 84 |
realmark = {}
|