summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/templates/containers/registry.tmpl2
-rw-r--r--interface-definitions/containers.xml.in9
-rwxr-xr-xsrc/conf_mode/containers.py215
3 files changed, 108 insertions, 118 deletions
diff --git a/data/templates/containers/registry.tmpl b/data/templates/containers/registry.tmpl
index c6611ef1d..0347de673 100644
--- a/data/templates/containers/registry.tmpl
+++ b/data/templates/containers/registry.tmpl
@@ -1,5 +1,5 @@
### Autogenerated by /usr/libexec/vyos/conf_mode/containers.py ###
{% if registry is defined and registry is not none %}
- unqualified-search-registries = {{ registry }}
+unqualified-search-registries = {{ registry }}
{% endif %}
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in
index f54207936..47b41c834 100644
--- a/interface-definitions/containers.xml.in
+++ b/interface-definitions/containers.xml.in
@@ -54,7 +54,7 @@
<properties>
<help>Set IPv4 static address to container (optional)</help>
<valueHelp>
- <format>ipv4</format>
+ <format>ipv4</format>
<description>IPv4 address (x.x.x.1 reserved)</description>
</valueHelp>
<constraint>
@@ -76,16 +76,17 @@
<help>Network description</help>
</properties>
</leafNode>
- <leafNode name="ipv4-prefix">
+ <leafNode name="prefix">
<properties>
<help>Prefix which allocated to that network</help>
<valueHelp>
<format>ipv4net</format>
- <description>IPv4 network and prefix length</description>
+ <description>IPv4 network prefix</description>
</valueHelp>
<constraint>
- <validator name="ip-prefix"/>
+ <validator name="ipv4-prefix"/>
</constraint>
+ <multi/>
</properties>
</leafNode>
</children>
diff --git a/src/conf_mode/containers.py b/src/conf_mode/containers.py
index e2fa5bd44..3d5795016 100755
--- a/src/conf_mode/containers.py
+++ b/src/conf_mode/containers.py
@@ -15,65 +15,53 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
+import json
from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
-from vyos.configdict import leaf_node_changed
-from vyos import ConfigError
-from vyos.util import cmd, process_named_running
+from vyos.util import cmd
+from vyos.util import popen
from vyos.template import render
+from vyos.template import is_ipv4
+from vyos.template import is_ipv6
from vyos.xml import defaults
+from vyos import ConfigError
from vyos import airbag
-import json
airbag.enable()
config_containers_registry = '/etc/containers/registries.conf'
config_containers_storage = '/etc/containers/storage.conf'
+def _cmd(command):
+ if os.path.exists('/tmp/vyos.container.debug'):
+ print(command)
+ return cmd(command)
+
# Container management functions
def container_exists(name):
'''
- https://docs.podman.io/en/latest/_static/api.html#operation/ContainerExistsLibpod
- Check if container exists. Response codes.
- 204 - container exists
- 404 - no such container
+ https://docs.podman.io/en/latest/_static/api.html#operation/ContainerExistsLibpod
+ Check if container exists. Response codes.
+ 204 - container exists
+ 404 - no such container
'''
- c = cmd(f"curl --unix-socket /run/podman/podman.sock 'http://d/v3.0.0/libpod/containers/{name}/exists'")
- # If container exists it return status code "0"
- # This code not displayed
- if c == "":
- # Container exists
- return True
- else:
- # Container not exists
- return False
+ tmp = _cmd(f"curl --unix-socket /run/podman/podman.sock 'http://d/v3.0.0/libpod/containers/{name}/exists'")
+ # If container exists it return status code "0" - code can not be displayed
+ return (tmp == "")
def container_status(name):
'''
- https://docs.podman.io/en/latest/_static/api.html#operation/ContainerInspectLibpod
+ https://docs.podman.io/en/latest/_static/api.html#operation/ContainerInspectLibpod
'''
- c = cmd(f"curl --unix-socket /run/podman/podman.sock 'http://d/v3.0.0/libpod/containers/{name}/json'")
- data = json.loads(c)
- status = data['State']['Status']
-
- return status
-
-def container_stop(name):
- c = cmd(f'podman stop {name}')
-
-def container_start(name):
- c = cmd(f'podman start {name}')
+ tmp = _cmd(f"curl --unix-socket /run/podman/podman.sock 'http://d/v3.0.0/libpod/containers/{name}/json'")
+ data = json.loads(tmp)
+ return data['State']['Status']
def ctnr_network_exists(name):
- # Check explicit name for network.
- c = cmd(f'podman network ls --quiet --filter name=^{name}$')
- # If network name is found, return true
- if bool(c) == True:
- return True
- else:
- return False
-
+ # Check explicit name for network, returns True if network exists
+ c = _cmd(f'podman network ls --quiet --filter name=^{name}$')
+ return bool(c)
# Common functions
def get_config(config=None):
@@ -81,27 +69,21 @@ def get_config(config=None):
conf = config
else:
conf = Config()
+
base = ['container']
- container = conf.get_config_dict(base, get_first_key=True)
+ container = conf.get_config_dict(base, key_mangling=('-', '_'),
+ get_first_key=True)
# We have gathered the dict representation of the CLI, but there are default
# options which we need to update into the dictionary retrived.
default_values = defaults(base)
container = dict_merge(default_values, container)
- if 'name' in container or 'network' in container:
- container['configured'] = True
-
# Delete container network, delete containers
- dict = {}
- tmp_net = node_changed(conf, ['container', 'network'])
- if tmp_net:
- dict = dict_merge({'net_remove' : tmp_net}, dict)
- container.update(dict)
+ tmp = node_changed(conf, ['container', 'network'])
+ if tmp: container.update({'net_remove' : tmp})
- tmp_name = node_changed(conf, ['container', 'name'])
- if tmp_name:
- dict = dict_merge({'container_remove' : tmp_name}, dict)
- container.update(dict)
+ tmp = node_changed(conf, ['container', 'name'])
+ if tmp: container.update({'container_remove' : tmp})
return container
@@ -112,40 +94,53 @@ def verify(container):
# Add new container
if 'name' in container:
- for cont, container_config in container['name'].items():
- # Dont add container with wrong/undefined name network
- if 'network' in container_config and 'network' in container:
- if list(container_config['network'])[0] not in container['network']:
- # Don't allow delete network if container use this network.
- raise ConfigError('Netowrk with name: {0} shuld be specified!'.format(list(container_config['network'])[0]))
-
- # If image not defined
+ for name, container_config in container['name'].items():
+ if 'network' in container_config:
+ if len(container_config['network']) > 1:
+ raise ConfigError(f'Only one network can be specified for container "{name}"!')
+
+ # Check if the specified container network exists
+ network_name = list(container_config['network'])[0]
+ if network_name not in container_config['network']:
+ raise ConfigError('Container network "{network_name}" does not exist!')
+
+ # Container image is a mandatory option
if 'image' not in container_config:
- raise ConfigError(f'Image for container "{cont}" is required!')
+ raise ConfigError(f'Container image for "{name}" is mandatory!')
# If 'allow-host-networks' or 'network' not set.
- if 'allow-host-networks' not in container_config and 'network' not in container_config:
- raise ConfigError(f'"Network" or "allow-host-networks" for container "{cont}" is required!')
+ if 'allow_host_networks' not in container_config and 'network' not in container_config:
+ raise ConfigError(f'Must either set "network" or "allow-host-networks" for container "{name}"!')
- # If set both parameters for networks (host and user-defined). We require only one.
- if 'allow-host-networks' in container_config and 'network' in container_config:
- raise ConfigError(f'"allow-host-networks" and "network" for "{cont}" cannot be both configured at the same time!')
+ # Can not set both allow-host-networks and network at the same time
+ if {'allow_host_networks', 'network'} <= set(container_config):
+ raise ConfigError(f'"allow-host-networks" and "network" for "{name}" cannot be both configured at the same time!')
# Add new network
if 'network' in container:
- for net in container['network']:
+ v4_prefix = 0
+ v6_prefix = 0
+ for network, network_config in container['network'].items():
# If ipv4-prefix not defined for user-defined network
- if 'ipv4-prefix' not in container['network'][net]:
- raise ConfigError(f'IPv4 prefix for network "{net}" is required!')
+ if 'prefix' not in network_config:
+ raise ConfigError(f'prefix for network "{net}" must be defined!')
- # Don't allow to remove network which used for container
- if 'net_remove' in container:
- for net in container['net_remove']:
- if 'name' in container:
- for cont in container['name']:
- if 'network' in container['name'][cont]:
- if net in container['name'][cont]['network']:
- raise ConfigError(f'Can\'t remove network "{net}" used for "{cont}"')
+ for prefix in network_config['prefix']:
+ if is_ipv4(prefix): v4_prefix += 1
+ elif is_ipv6(prefix): v6_prefix += 1
+
+ if v4_prefix > 1:
+ raise ConfigError(f'Only one IPv4 prefix can be defined for network "{network}"!')
+ if v6_prefix > 1:
+ raise ConfigError(f'Only one IPv6 prefix can be defined for network "{network}"!')
+
+
+ # A network attached to a container can not be deleted
+ if {'net_remove', 'name'} <= set(container):
+ for network in container['net_remove']:
+ for container, container_config in container['name'].items():
+ if 'network' in container_config and network in container_config['network']:
+ raise ConfigError(f'Can not remove network "{network}", used by container "{container}"!')
return None
@@ -165,63 +160,57 @@ def apply(container):
if 'container_remove' in container:
for name in container['container_remove']:
if container_status(name) == 'running':
- cmd(f'podman stop {name}')
- cmd(f'podman rm --force {name}')
- print(f'Container "{name}" deleted')
+ _cmd(f'podman stop {name}')
+ _cmd(f'podman rm --force {name}')
# Delete old networks if needed
if 'net_remove' in container:
- for net in container['net_remove']:
- cmd(f'podman network rm {net}')
+ for network in container['net_remove']:
+ _cmd(f'podman network rm {network}')
# Add network
if 'network' in container:
- for net in container['network']:
+ for network, network_config in container['network'].items():
# Check if the network has already been created
- if ctnr_network_exists(net) is False:
- prefix = container['network'][net]['ipv4-prefix']
- if container['network'][net]['ipv4-prefix']:
- # Create user-defined network
- try:
- cmd(f'podman network create {net} --subnet={prefix}')
- except:
- print(f'Can\'t add network {net}')
+ if not ctnr_network_exists(network) and 'prefix' in network_config:
+ tmp = f'podman network create {network}'
+ # we can not use list comprehension here as the --ipv6 option
+ # must immediately follow the specified subnet!!!
+ for prefix in sorted(network_config['prefix']):
+ tmp += f' --subnet={prefix}'
+ if is_ipv6(prefix):
+ tmp += ' --ipv6'
+ _cmd(tmp)
# Add container
if 'name' in container:
- for name in container['name']:
+ for name, container_config in container['name'].items():
# Check if the container has already been created
- #if len(cmd(f'podman ps -a --filter "name=^{name}$" -q')) == 0:
- if container_exists(name) is False:
- image = container['name'][name]['image']
+ if not container_exists(name):
+ image = container_config['image']
+ # Currently the best way to run a command and immediately print stdout
+ print(os.system(f'podman pull {image}'))
# Check/set environment options "-e foo=bar"
env_opt = ''
- if 'environment' in container['name'][name]:
+ if 'environment' in container_config:
env_opt = '-e '
- env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container['name'][name]['environment'].items())
-
- if 'allow-host-networks' in container['name'][name]:
- try:
- cmd(f'podman run -dit --name {name} --net host {env_opt} {image}')
- except:
- print(f'Can\'t add container {name}')
+ env_opt += " -e ".join(f"{k}={v['value']}" for k, v in container_config['environment'].items())
+ if 'allow_host_networks' in container_config:
+ _cmd(f'podman run -dit --name {name} --net host {env_opt} {image}')
else:
- for net in container['name'][name]['network']:
- if container['name'][name]['image']:
- ipparam = ''
- if 'address' in container['name'][name]['network'][net]:
- ipparam = '--ip {}'.format(container['name'][name]['network'][net]['address'])
- try:
- cmd(f'podman run --name {name} -dit --net {net} {ipparam} {env_opt} {image}')
- except:
- print(f'Can\'t add container {name}')
+ for network in container_config['network']:
+ ipparam = ''
+ if 'address' in container_config['network'][network]:
+ ipparam = '--ip ' + container_config['network'][network]['address']
+ _cmd(f'podman run --name {name} -dit --net {network} {ipparam} {env_opt} {image}')
+
# Else container is already created. Just start it.
# It's needed after reboot.
- else:
- if container_status(name) != 'running':
- container_start(name)
+ elif container_status(name) != 'running':
+ _cmd(f'podman start {name}')
+
return None
if __name__ == '__main__':