Merge pull request #232 from ibuildthecloud/fixes-2

Set iptables for ip/mac routing on container start
rancher · Mar 25, 2016 · d69258a · d69258a
2 parents 26c0036 + 709ce04
commit d69258a
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 45 deletions.
diff --git a/cattle/plugins/conntrack/__init__.py b/cattle/plugins/conntrack/__init__.py
diff --git a/cattle/plugins/conntrack/conntrack.py b/cattle/plugins/conntrack/conntrack.py
diff --git a/cattle/plugins/conntrack/conntrack.sh b/cattle/plugins/conntrack/conntrack.sh
diff --git a/cattle/plugins/docker/compute.py b/cattle/plugins/docker/compute.py
@@ -18,7 +18,7 @@
 from cattle.progress import Progress
 from cattle.lock import lock
 from cattle.plugins.docker.network import setup_ipsec, setup_links, \
-    setup_mac_and_ip, setup_ports, setup_network_mode
+    setup_mac_and_ip, setup_ports, setup_network_mode, setup_dns
 from cattle.plugins.docker.agent import setup_cattle_config_url
 
 
@@ -727,6 +727,7 @@ def _setup_networking(self, instance, host, create_config, start_config):
         setup_ports(instance, create_config, start_config, ports_supported)
         setup_links(instance, create_config, start_config)
         setup_ipsec(instance, host, create_config, start_config)
+        setup_dns(instance)
 
     def _is_true(self, instance, key):
         try:

diff --git a/cattle/plugins/docker/network.py b/cattle/plugins/docker/network.py
@@ -3,7 +3,8 @@
 
 from cattle.plugins.docker.util import add_to_env, add_label, \
     is_nonrancher_container
-from cattle.utils import get_or_create_map, get_or_create_list
+from cattle.utils import get_or_create_map, get_or_create_list, \
+    check_output
 
 log = logging.getLogger('docker')
 
@@ -107,6 +108,46 @@ def setup_ports(instance, create_config, start_config, ports_supported=True):
             pass
 
 
+def _find_ip_and_mac(instance):
+    for nic in instance.nics:
+        for ip in nic.ipAddresses:
+            if ip.role != 'primary':
+                continue
+            subnet = '{}/{}'.format(ip.subnet.networkAddress,
+                                    ip.subnet.cidrSize)
+            return ip.address, nic.macAddress, subnet
+    return None, None, None
+
+
+def setup_dns(instance):
+    if not _has_service(instance, 'dnsService'):
+        return
+
+    ip_address, mac_address, subnet = _find_ip_and_mac(instance)
+
+    if ip_address is None or mac_address is None:
+        return
+
+    try:
+        parts = ip_address.split('.')
+        if len(parts) != 4:
+            return
+
+        mark = str(int(parts[2]) * 1000 + int(parts[3]))
+
+        check_output(['iptables', '-w', '-t', 'nat', '-A', 'CATTLE_PREROUTING',
+                      '!', '-s', subnet, '-d', '169.254.169.250', '-m', 'mac',
+                      '--mac-source', mac_address, '-j', 'MARK', '--set-mark',
+                      mark])
+        check_output(['iptables', '-w', '-t', 'nat', '-A',
+                      'CATTLE_POSTROUTING', '!', '-s', subnet, '-d',
+                      '169.254.169.250', '-m', 'mark', '--mark', mark, '-j',
+                      'SNAT', '--to', ip_address])
+    except:
+        # log exception but ignore error
+        log.exception('Failed to apply iptables')
+
+
 def setup_links(instance, create_config, start_config):
     """
     Sets up a container's config for rancher-managed links by removing the

diff --git a/cattle/plugins/host-api/host_api.py b/cattle/plugins/host-api/host_api.py
@@ -26,7 +26,3 @@ def on_startup(self):
                     '-cattle-url', Config.api_url(),
                     '-cattle-state-dir', Config.container_state_dir()],
                    env=env)
-
-
-def host_api_config():
-    return os.path.join(os.path.dirname(__file__), 'host-api.conf')