// ReleaseContainerAddresses finds addresses allocated to a container
// and marks them as Dead, to be released and removed. It accepts
// container tags as arguments. If address allocation feature flag is
// not enabled, it will return a NotSupported error.
func (p *ProvisionerAPI) ReleaseContainerAddresses(args params.Entities) (params.ErrorResults, error) {
result := params.ErrorResults{
Results: make([]params.ErrorResult, len(args.Entities)),
}
canAccess, err := p.getAuthFunc()
if err != nil {
logger.Errorf("failed to get an authorisation function: %v", err)
return result, errors.Trace(err)
}
// Loop over the passed container tags.
for i, entity := range args.Entities {
tag, err := names.ParseMachineTag(entity.Tag)
if err != nil {
logger.Warningf("failed to parse machine tag %q: %v", entity.Tag, err)
result.Results[i].Error = common.ServerError(common.ErrPerm)
continue
}
// The auth function (canAccess) checks that the machine is a
// top level machine (we filter those out next) or that the
// machine has the host as a parent.
container, err := p.getMachine(canAccess, tag)
if err != nil {
logger.Warningf("failed to get machine %q: %v", tag, err)
result.Results[i].Error = common.ServerError(err)
continue
} else if !container.IsContainer() {
err = errors.Errorf("cannot mark addresses for removal for %q: not a container", tag)
result.Results[i].Error = common.ServerError(err)
continue
}
id := container.Id()
addresses, err := p.st.AllocatedIPAddresses(id)
if err != nil {
logger.Warningf("failed to get Id for container %q: %v", tag, err)
result.Results[i].Error = common.ServerError(err)
continue
}
deadErrors := []error{}
logger.Debugf("for container %q found addresses %v", tag, addresses)
for _, addr := range addresses {
err = addr.EnsureDead()
if err != nil {
deadErrors = append(deadErrors, err)
continue
}
}
if len(deadErrors) != 0 {
err = errors.Errorf("failed to mark all addresses for removal for %q: %v", tag, deadErrors)
result.Results[i].Error = common.ServerError(err)
}
}
return result, nil
}
func (s *provisionerSuite) TestReleaseContainerAddresses(c *gc.C) {
// This test exercises just the success path, all the other cases
// are already tested in the apiserver package.
template := state.MachineTemplate{
Series: "quantal",
Jobs: []state.MachineJob{state.JobHostUnits},
}
container, err := s.State.AddMachineInsideMachine(template, s.machine.Id(), instance.LXC)
// allocate some addresses to release
subInfo := state.SubnetInfo{
ProviderId: "dummy-private",
CIDR: "0.10.0.0/24",
VLANTag: 0,
AllocatableIPLow: "0.10.0.0",
AllocatableIPHigh: "0.10.0.10",
}
sub, err := s.State.AddSubnet(subInfo)
c.Assert(err, jc.ErrorIsNil)
for i := 0; i < 3; i++ {
addr := network.NewAddress(fmt.Sprintf("0.10.0.%d", i))
ipaddr, err := s.State.AddIPAddress(addr, sub.ID())
c.Check(err, jc.ErrorIsNil)
err = ipaddr.AllocateTo(container.Id(), "nic42", "aa:bb:cc:dd:ee:f0")
c.Check(err, jc.ErrorIsNil)
}
c.Assert(err, jc.ErrorIsNil)
password, err := utils.RandomPassword()
c.Assert(err, jc.ErrorIsNil)
err = container.SetPassword(password)
c.Assert(err, jc.ErrorIsNil)
err = container.SetProvisioned("foo", "fake_nonce", nil)
c.Assert(err, jc.ErrorIsNil)
err = s.provisioner.ReleaseContainerAddresses(container.MachineTag())
c.Assert(err, jc.ErrorIsNil)
addresses, err := s.State.AllocatedIPAddresses(container.Id())
c.Assert(err, jc.ErrorIsNil)
c.Assert(addresses, gc.HasLen, 3)
for _, addr := range addresses {
c.Assert(addr.Life(), gc.Equals, state.Dead)
}
}
func (s *provisionerSuite) TestWatchContainers(c *gc.C) {
apiMachine, err := s.provisioner.Machine(s.machine.Tag().(names.MachineTag))
c.Assert(err, gc.IsNil)
// Add one LXC container.
template := state.MachineTemplate{
Series: "quantal",
Jobs: []state.MachineJob{state.JobHostUnits},
}
container, err := s.State.AddMachineInsideMachine(template, s.machine.Id(), instance.LXC)
c.Assert(err, gc.IsNil)
w, err := apiMachine.WatchContainers(instance.LXC)
c.Assert(err, gc.IsNil)
defer statetesting.AssertStop(c, w)
wc := statetesting.NewStringsWatcherC(c, s.BackingState, w)
// Initial event.
wc.AssertChange(container.Id())
// Change something other than the containers and make sure it's
// not detected.
err = apiMachine.SetStatus(params.StatusStarted, "not really", nil)
c.Assert(err, gc.IsNil)
wc.AssertNoChange()
// Add a KVM container and make sure it's not detected.
container, err = s.State.AddMachineInsideMachine(template, s.machine.Id(), instance.KVM)
c.Assert(err, gc.IsNil)
wc.AssertNoChange()
// Add another LXC container and make sure it's detected.
container, err = s.State.AddMachineInsideMachine(template, s.machine.Id(), instance.LXC)
c.Assert(err, gc.IsNil)
wc.AssertChange(container.Id())
statetesting.AssertStop(c, w)
wc.AssertClosed()
}
// legacyPrepareOrGetContainerInterfaceInfo optionally allocates an address and
// returns information for configuring networking on a container. It accepts
// container tags as arguments.
func (p *ProvisionerAPI) legacyPrepareOrGetContainerInterfaceInfo(
args params.Entities,
provisionContainer bool,
) (
params.MachineNetworkConfigResults,
error,
) {
result := params.MachineNetworkConfigResults{
Results: make([]params.MachineNetworkConfigResult, len(args.Entities)),
}
// Some preparations first.
environ, host, canAccess, err := p.prepareContainerAccessEnvironment()
if err != nil {
return result, errors.Trace(err)
}
instId, err := host.InstanceId()
if err != nil && errors.IsNotProvisioned(err) {
// If the host machine is not provisioned yet, we have nothing
// to do. NotProvisionedf will append " not provisioned" to
// the message.
err = errors.NotProvisionedf("cannot allocate addresses: host machine %q", host)
return result, err
}
var subnet *state.Subnet
var subnetInfo network.SubnetInfo
var interfaceInfo network.InterfaceInfo
if environs.AddressAllocationEnabled() {
// We don't need a subnet unless we need to allocate a static IP.
subnet, subnetInfo, interfaceInfo, err = p.prepareAllocationNetwork(environ, instId)
if err != nil {
return result, errors.Annotate(err, "cannot allocate addresses")
}
} else {
var allInterfaceInfos []network.InterfaceInfo
allInterfaceInfos, err = environ.NetworkInterfaces(instId)
if err != nil {
return result, errors.Annotatef(err, "cannot instance %q interfaces", instId)
} else if len(allInterfaceInfos) == 0 {
return result, errors.New("no interfaces available")
}
// Currently we only support a single NIC per container, so we only need
// the information from the host instance's first NIC.
logger.Tracef("interfaces for instance %q: %v", instId, allInterfaceInfos)
interfaceInfo = allInterfaceInfos[0]
}
// Loop over the passed container tags.
for i, entity := range args.Entities {
tag, err := names.ParseMachineTag(entity.Tag)
if err != nil {
result.Results[i].Error = common.ServerError(err)
continue
}
// The auth function (canAccess) checks that the machine is a
// top level machine (we filter those out next) or that the
// machine has the host as a parent.
container, err := p.getMachine(canAccess, tag)
if err != nil {
result.Results[i].Error = common.ServerError(err)
continue
} else if !container.IsContainer() {
err = errors.Errorf("cannot allocate address for %q: not a container", tag)
result.Results[i].Error = common.ServerError(err)
continue
} else if ciid, cerr := container.InstanceId(); provisionContainer == true && cerr == nil {
// Since we want to configure and create NICs on the
// container before it starts, it must also be not
// provisioned yet.
err = errors.Errorf("container %q already provisioned as %q", container, ciid)
result.Results[i].Error = common.ServerError(err)
continue
} else if cerr != nil && !errors.IsNotProvisioned(cerr) {
// Any other error needs to be reported.
result.Results[i].Error = common.ServerError(cerr)
continue
}
var macAddress string
var address *state.IPAddress
if provisionContainer {
// Allocate and set an address.
macAddress = generateMACAddress()
address, err = p.allocateAddress(environ, subnet, host, container, instId, macAddress)
if err != nil {
err = errors.Annotatef(err, "failed to allocate an address for %q", container)
result.Results[i].Error = common.ServerError(err)
continue
}
} else {
id := container.Id()
addresses, err := p.st.AllocatedIPAddresses(id)
if err != nil {
logger.Warningf("failed to get Id for container %q: %v", tag, err)
result.Results[i].Error = common.ServerError(err)
continue
}
// TODO(dooferlad): if we get more than 1 address back, we ignore everything after
// the first. The calling function expects exactly one result though,
// so we don't appear to have a way of allocating >1 address to a
// container...
if len(addresses) != 1 {
logger.Warningf("got %d addresses for container %q - expected 1: %v", len(addresses), tag, err)
result.Results[i].Error = common.ServerError(err)
continue
}
address = addresses[0]
macAddress = address.MACAddress()
}
// Store it on the machine, construct and set an interface result.
dnsServers := make([]string, len(interfaceInfo.DNSServers))
for l, dns := range interfaceInfo.DNSServers {
dnsServers[l] = dns.Value
}
if macAddress == "" {
macAddress = interfaceInfo.MACAddress
}
interfaceType := string(interfaceInfo.InterfaceType)
if interfaceType == "" {
interfaceType = string(network.EthernetInterface)
}
// TODO(dimitern): Support allocating one address per NIC on
// the host, effectively creating the same number of NICs in
// the container.
result.Results[i] = params.MachineNetworkConfigResult{
Config: []params.NetworkConfig{{
DeviceIndex: interfaceInfo.DeviceIndex,
MACAddress: macAddress,
CIDR: subnetInfo.CIDR,
NetworkName: interfaceInfo.NetworkName,
ProviderId: string(interfaceInfo.ProviderId),
ProviderSubnetId: string(subnetInfo.ProviderId),
VLANTag: interfaceInfo.VLANTag,
InterfaceType: interfaceType,
InterfaceName: interfaceInfo.InterfaceName,
Disabled: interfaceInfo.Disabled,
NoAutoStart: interfaceInfo.NoAutoStart,
DNSServers: dnsServers,
ConfigType: string(network.ConfigStatic),
Address: address.Value(),
GatewayAddress: interfaceInfo.GatewayAddress.Value,
ExtraConfig: interfaceInfo.ExtraConfig,
}},
}
}
return result, nil
}