func RunCommandInContainer(client *docker.DockerClient, name string, command []string, environment []string) (int, error) {
if len(command) == 0 {
fmt.Println("No command specified")
os.Exit(3)
}
container, err := client.InspectContainer(name)
if err != nil {
fmt.Printf("Unable to locate container named %v\n", name)
os.Exit(3)
}
containerNsPID, err := client.ChildProcessForContainer(container)
if err != nil {
fmt.Println("Couldn't create child process for container")
os.Exit(3)
}
containerEnv := environment
if len(containerEnv) == 0 {
containerEnv = container.Config.Env
}
return RunIn(name, containerNsPID, command, containerEnv)
}
func GetDockerContainerPacketCounts(d *docker.DockerClient) (map[containers.Identifier]int, error) {
serviceFiles, err := filepath.Glob(filepath.Join(gearconfig.ContainerBasePath(), "units", "**", containers.IdentifierPrefix+"*.service"))
if err != nil {
return nil, err
}
ids := make([]string, 0)
packetCount := make(map[containers.Identifier]int)
for _, s := range serviceFiles {
id := filepath.Base(s)
if strings.HasPrefix(id, containers.IdentifierPrefix) && strings.HasSuffix(id, ".service") {
id = id[len(containers.IdentifierPrefix):(len(id) - len(".service"))]
if id, err := containers.NewIdentifier(id); err == nil {
ids = append(ids, string(id))
packetCount[id] = 0
}
}
}
containerIPs, err := d.GetContainerIPs(ids)
if err != nil {
return nil, err
}
cmd := exec.Command("/sbin/iptables-save", "-c")
output, err := cmd.Output()
if err != nil {
return nil, err
}
scan := bufio.NewScanner(bytes.NewBuffer(output))
for scan.Scan() {
line := scan.Text()
if strings.Contains(line, "-A DOCKER ! -i docker0") && strings.Contains(line, "-j DNAT") {
//Example: [0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 4000 -j DNAT --to-destination 172.17.0.3:8080
items := strings.Fields(line)
packets, _ := strconv.Atoi(strings.Split(items[0], ":")[0][1:])
destIp := strings.Split(items[15], ":")[0]
id, _ := containers.NewIdentifier(containerIPs[destIp])
packetCount[id] = packetCount[id] + packets
}
if strings.Contains(line, "-A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport") && strings.Contains(line, "-m comment --comment ") {
//Example: [5850:394136] -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 4000 -m comment --comment 0001 -j ACCEPT
items := strings.Fields(line)
packets, _ := strconv.Atoi(strings.Split(items[0], ":")[0][1:])
if id, err := containers.NewIdentifier(items[14]); err == nil {
packetCount[id] = packetCount[id] + packets
}
}
}
return packetCount, nil
}
func InitPostStart(dockerSocket string, id containers.Identifier) error {
var (
u *user.User
container *dc.Container
err error
d *docker.DockerClient
)
if u, err = user.Lookup(id.LoginFor()); err == nil {
if err := ssh.GenerateAuthorizedKeysFor(u, true, false); err != nil {
log.Print(err.Error())
}
} else {
log.Print(err.Error())
}
if d, err = docker.GetConnection(dockerSocket); err != nil {
return err
}
if file, err := os.Open(id.NetworkLinksPathFor()); err == nil {
defer file.Close()
const ContainerInterval = time.Second / 3
const ContainerWait = time.Second * 12
for i := 0; i < int(ContainerWait/ContainerInterval); i++ {
if container, err = d.GetContainer(id.ContainerFor(), true); err != nil {
return err
}
if container.State.Running {
break
} else {
log.Printf("Waiting for container to run.")
time.Sleep(ContainerInterval)
}
}
pid, err := d.ChildProcessForContainer(container)
if err != nil {
return err
}
if pid < 2 {
return errors.New("support: child PID is not correct")
}
log.Printf("Updating network namespaces for %d", pid)
if err := updateNamespaceNetworkLinks(pid, file); err != nil {
return err
}
}
return nil
}
func isContainerAvailable(client *docker.DockerClient, id string) (bool, error) {
container, err := client.InspectContainer(id)
if err == docker.ErrNoSuchContainer {
return false, nil
}
if err != nil {
return true, err
}
if container.State.Running && container.State.Pid != 0 {
return true, nil
}
return false, nil
}
func InitPreStart(dockerSocket string, id containers.Identifier, imageName string) error {
var (
err error
imgInfo *dc.Image
d *docker.DockerClient
)
_, socketActivationType, err := containers.GetSocketActivation(id)
if err != nil {
fmt.Printf("init_pre_start: Error while parsing unit file: %v\n", err)
return err
}
if _, err = user.Lookup(id.LoginFor()); err != nil {
if _, ok := err.(user.UnknownUserError); !ok {
return err
}
if err = createUser(id); err != nil {
return err
}
}
if d, err = docker.GetConnection(dockerSocket); err != nil {
return err
}
if imgInfo, err = d.GetImage(imageName); err != nil {
return err
}
if err := os.MkdirAll(id.HomePath(), 0700); err != nil {
return err
}
u, _ := user.Lookup(id.LoginFor())
volumes := make([]string, 0, 10)
for volPath := range imgInfo.Config.Volumes {
volumes = append(volumes, volPath)
}
user := imgInfo.Config.User
if user == "" {
user = "******"
}
ports, err := containers.GetExistingPorts(id)
if err != nil {
fmt.Printf("container init pre-start: Unable to retrieve port mapping\n")
return err
}
containerData := containers.ContainerInitScript{
imgInfo.Config.User == "",
user,
u.Uid,
u.Gid,
strings.Join(imgInfo.Config.Cmd, " "),
len(volumes) > 0,
strings.Join(volumes, " "),
ports,
socketActivationType == "proxied",
}
file, _, err := utils.OpenFileExclusive(path.Join(id.RunPathFor(), "container-init.sh"), 0700)
if err != nil {
fmt.Printf("container init pre-start: Unable to open script file: %v\n", err)
return err
}
defer file.Close()
if erre := containers.ContainerInitTemplate.Execute(file, containerData); erre != nil {
fmt.Printf("container init pre-start: Unable to output template: ", erre)
return erre
}
if err := file.Close(); err != nil {
return err
}
file, _, err = utils.OpenFileExclusive(path.Join(id.RunPathFor(), "container-cmd.sh"), 0705)
if err != nil {
fmt.Printf("container init pre-start: Unable to open cmd script file: %v\n", err)
return err
}
defer file.Close()
if erre := containers.ContainerCmdTemplate.Execute(file, containerData); erre != nil {
fmt.Printf("container init pre-start: Unable to output cmd template: ", erre)
return erre
}
if err := file.Close(); err != nil {
return err
}
return nil
}
func InitPostStart(dockerSocket string, id containers.Identifier) error {
var (
u *user.User
container *dc.Container
err error
d *docker.DockerClient
)
if u, err = user.Lookup(id.LoginFor()); err == nil {
if err := ssh.GenerateAuthorizedKeysFor(u, true, false); err != nil {
log.Print(err.Error())
}
} else {
log.Print(err.Error())
}
if d, err = docker.GetConnection(dockerSocket); err != nil {
return err
}
if file, err := os.Open(id.NetworkLinksPathFor()); err == nil {
defer file.Close()
const ContainerInterval = time.Second / 10
const ContainerWait = time.Second * 15
for i := 0; i < int(ContainerWait/ContainerInterval); i++ {
if container, err = d.InspectContainer(id.ContainerFor()); err != nil {
if err == docker.ErrNoSuchContainer {
//log.Printf("Waiting for container to be available.")
time.Sleep(ContainerInterval)
continue
}
return err
}
if container.State.Running && container.State.Pid != 0 {
break
} else {
//log.Printf("Waiting for container to report available.")
time.Sleep(ContainerInterval)
}
}
if container == nil {
return fmt.Errorf("container %s was not visible through Docker before timeout", id.ContainerFor())
}
pid, err := d.ChildProcessForContainer(container)
if err != nil {
return err
}
if pid <= 1 {
return errors.New("child PID is not correct")
}
log.Printf("Updating network namespaces for %d", pid)
if err := updateNamespaceNetworkLinks(pid, file); err != nil {
return err
}
}
return nil
}