whitekid/docker_netns_sync.go

## docker_netns_sync.go
package main

import (
	"errors"
	"fmt"
	"io/ioutil"
	"log"
	"os"
	"time"

	"github.com/fsouza/go-dockerclient"
)

const connect_retry_interval = 3 * time.Second

func get_docker_client() (*docker.Client, error) {
	endpoint := os.Getenv("DOCKER_HOST")
	if endpoint == "" {
		endpoint = "unix:///var/run/docker.sock"
	}

	cert_path := os.Getenv("DOCKER_CERT_PATH")

	var client *docker.Client
	var err error

	log.Printf("Connecting %v", endpoint)
	if cert_path != "" {
		ca := fmt.Sprintf("%s/ca.pem", cert_path)
		cert := fmt.Sprintf("%s/cert.pem", cert_path)
		key := fmt.Sprintf("%s/key.pem", cert_path)
		client, err = docker.NewTLSClient(endpoint, cert, key, ca)
	} else {
		client, err = docker.NewClient(endpoint)
	}

	if err != nil {
		return nil, err
	}

	if _, err = client.ListImages(docker.ListImagesOptions{}); err != nil {
		return nil, err
	}

	log.Printf("Connected at %v", endpoint)
	return client, nil
}

func get_container_pid(client *docker.Client, id string) int {
	container, _ := client.InspectContainer(id)
	return container.State.Pid
}

func file_exists(name string) bool {
	if _, err := os.Stat(name); os.IsNotExist(err) {
		return false
	}
	return true
}

func sync_netns(client *docker.Client) {
	const netns_dir = "/var/run/netns"

	log.Printf("sync docker namespaces...")

	// delete invalid netns
	files, _ := ioutil.ReadDir(netns_dir)
	for _, f := range files {
		if f.IsDir() {
			continue
		}

		if f.Mode()&os.ModeSymlink != 0 {
			netns_file := fmt.Sprintf("/var/run/netns/%s", f.Name())
			fname, _ := os.Readlink(netns_file)
			if !file_exists(fname) {
				log.Printf("Remove staled netns file: %s", netns_file)
				err := os.Remove(netns_file)
				if err != nil {
					log.Printf("%s", err)
				}
			}
		}
	}

	// create missed netns
	containers, err := client.ListContainers(docker.ListContainersOptions{All: true})
	if err != nil {
		log.Printf("%v", err)
	}

	for _, c := range containers {
		pid := get_container_pid(client, c.ID)

		// skip stopped container
		if pid == 0 {
			continue
		}

		if !file_exists(fmt.Sprintf("/var/run/netns/%v", c.ID)) {
			create_netns(c.ID, pid)
		}
	}
}

func create_netns(id string, pid int) {
	log.Printf("Create namespace %v", id)

	err := os.Symlink(fmt.Sprintf("/proc/%v/ns/net", pid), fmt.Sprintf("/var/run/netns/%v", id))
	if err != nil {
		log.Printf(err.Error())
	}
}

func delete_netns(id string) {
	log.Printf("Delete namespace %v", id)

	err := os.Remove(fmt.Sprintf("/var/run/netns/%s", id))
	if err != nil {
		log.Printf(err.Error())
	}
}

func handle_event() error {
	client, err := get_docker_client()
	if err != nil {
		return err
	}

	sync_netns(client)

	listener := make(chan *docker.APIEvents, 10)
	err = client.AddEventListener(listener)
	if err != nil {
		log.Fatalf("AddEventListener failed: %v", err)
	}

	defer client.RemoveEventListener(listener)

	for {
		select {
		case event, ok := <-listener:
			if !ok {
				return errors.New("Docker connectin close.. retring.")
			}

			log.Printf("Event received: Status=%v, ID=%v", event.Status, event.ID)
			switch event.Status {
			case "create", "start":
				pid := get_container_pid(client, event.ID)
				create_netns(event.ID, pid)
			case "stop", "destroy":
				delete_netns(event.ID)
			}
		}
	}
}

func main() {
	for {
		err := handle_event()
		log.Printf("ERROR: %v", err.Error())

		time.Sleep(connect_retry_interval)
	}
}

## docker_netns_sync.py
#!/bin/env python
import os
import json

from requests.packages.urllib3.exceptions import ProtocolError
from docker import Client

def get_docker():
    return Client(base_url='unix:///var/run/docker.sock')

def sync_netns(dk):
    netns_dir = '/var/run/netns'

    # delete invalid netns
    for f in os.listdir(netns_dir):
        fn = os.path.join(netns_dir, f)
        if os.path.islink(fn) and not os.path.exists(os.readlink(fn)):
            os.unlink(fn)

    # create missing netns
    for c in dk.containers():
        cid = c['Id']
        pid = dk.inspect_container(c['Id'])["State"]["Pid"]
        if not os.path.islink("/var/run/netns/%s" % cid):
            os.symlink("/proc/%s/ns/net" % pid, "/var/run/netns/%s" % cid)

def main():
    while True:
        try:
            dk = get_docker()
            sync_netns(dk)
            for event_r in dk.events():
                event = json.loads(event_r)
                status, cid = event['status'], event['id']

                # get pid of container
                pid = dk.inspect_container(cid)["State"]["Pid"]

                if status == 'start':
                    os.symlink("/proc/%s/ns/net" % pid, "/var/run/netns/%s" % cid)
                elif status == 'kill':
                    os.unlink("/var/run/netns/%s" % cid)
        except ProtocolError, e:
            # restart docker
            print e

if __name__ == '__main__':
    main()

# vim: et ai ts=4 sw=4
	package main

	import (
	"errors"
	"fmt"
	"io/ioutil"
	"log"
	"os"
	"time"

	"github.com/fsouza/go-dockerclient"
	)

	const connect_retry_interval = 3 * time.Second

	func get_docker_client() (*docker.Client, error) {
	endpoint := os.Getenv("DOCKER_HOST")
	if endpoint == "" {
	endpoint = "unix:///var/run/docker.sock"
	}

	cert_path := os.Getenv("DOCKER_CERT_PATH")

	var client *docker.Client
	var err error

	log.Printf("Connecting %v", endpoint)
	if cert_path != "" {
	ca := fmt.Sprintf("%s/ca.pem", cert_path)
	cert := fmt.Sprintf("%s/cert.pem", cert_path)
	key := fmt.Sprintf("%s/key.pem", cert_path)
	client, err = docker.NewTLSClient(endpoint, cert, key, ca)
	} else {
	client, err = docker.NewClient(endpoint)
	}

	if err != nil {
	return nil, err
	}

	if _, err = client.ListImages(docker.ListImagesOptions{}); err != nil {
	return nil, err
	}

	log.Printf("Connected at %v", endpoint)
	return client, nil
	}

	func get_container_pid(client *docker.Client, id string) int {
	container, _ := client.InspectContainer(id)
	return container.State.Pid
	}

	func file_exists(name string) bool {
	if _, err := os.Stat(name); os.IsNotExist(err) {
	return false
	}
	return true
	}

	func sync_netns(client *docker.Client) {
	const netns_dir = "/var/run/netns"

	log.Printf("sync docker namespaces...")

	// delete invalid netns
	files, _ := ioutil.ReadDir(netns_dir)
	for _, f := range files {
	if f.IsDir() {
	continue
	}

	if f.Mode()&os.ModeSymlink != 0 {
	netns_file := fmt.Sprintf("/var/run/netns/%s", f.Name())
	fname, _ := os.Readlink(netns_file)
	if !file_exists(fname) {
	log.Printf("Remove staled netns file: %s", netns_file)
	err := os.Remove(netns_file)
	if err != nil {
	log.Printf("%s", err)
	}
	}
	}
	}

	// create missed netns
	containers, err := client.ListContainers(docker.ListContainersOptions{All: true})
	if err != nil {
	log.Printf("%v", err)
	}

	for _, c := range containers {
	pid := get_container_pid(client, c.ID)

	// skip stopped container
	if pid == 0 {
	continue
	}

	if !file_exists(fmt.Sprintf("/var/run/netns/%v", c.ID)) {
	create_netns(c.ID, pid)
	}
	}
	}

	func create_netns(id string, pid int) {
	log.Printf("Create namespace %v", id)

	err := os.Symlink(fmt.Sprintf("/proc/%v/ns/net", pid), fmt.Sprintf("/var/run/netns/%v", id))
	if err != nil {
	log.Printf(err.Error())
	}
	}

	func delete_netns(id string) {
	log.Printf("Delete namespace %v", id)

	err := os.Remove(fmt.Sprintf("/var/run/netns/%s", id))
	if err != nil {
	log.Printf(err.Error())
	}
	}

	func handle_event() error {
	client, err := get_docker_client()
	if err != nil {
	return err
	}

	sync_netns(client)

	listener := make(chan *docker.APIEvents, 10)
	err = client.AddEventListener(listener)
	if err != nil {
	log.Fatalf("AddEventListener failed: %v", err)
	}

	defer client.RemoveEventListener(listener)

	for {
	select {
	case event, ok := <-listener:
	if !ok {
	return errors.New("Docker connectin close.. retring.")
	}

	log.Printf("Event received: Status=%v, ID=%v", event.Status, event.ID)
	switch event.Status {
	case "create", "start":
	pid := get_container_pid(client, event.ID)
	create_netns(event.ID, pid)
	case "stop", "destroy":
	delete_netns(event.ID)
	}
	}
	}
	}

	func main() {
	for {
	err := handle_event()
	log.Printf("ERROR: %v", err.Error())

	time.Sleep(connect_retry_interval)
	}
	}
	#!/bin/env python
	import os
	import json

	from requests.packages.urllib3.exceptions import ProtocolError
	from docker import Client

	def get_docker():
	return Client(base_url='unix:///var/run/docker.sock')

	def sync_netns(dk):
	netns_dir = '/var/run/netns'

	# delete invalid netns
	for f in os.listdir(netns_dir):
	fn = os.path.join(netns_dir, f)
	if os.path.islink(fn) and not os.path.exists(os.readlink(fn)):
	os.unlink(fn)

	# create missing netns
	for c in dk.containers():
	cid = c['Id']
	pid = dk.inspect_container(c['Id'])["State"]["Pid"]
	if not os.path.islink("/var/run/netns/%s" % cid):
	os.symlink("/proc/%s/ns/net" % pid, "/var/run/netns/%s" % cid)

	def main():
	while True:
	try:
	dk = get_docker()
	sync_netns(dk)
	for event_r in dk.events():
	event = json.loads(event_r)
	status, cid = event['status'], event['id']

	# get pid of container
	pid = dk.inspect_container(cid)["State"]["Pid"]

	if status == 'start':
	os.symlink("/proc/%s/ns/net" % pid, "/var/run/netns/%s" % cid)
	elif status == 'kill':
	os.unlink("/var/run/netns/%s" % cid)
	except ProtocolError, e:
	# restart docker
	print e

	if __name__ == '__main__':
	main()

	# vim: et ai ts=4 sw=4