本文整理汇总了Python中utils.enforce_root函数的典型用法代码示例。如果您正苦于以下问题:Python enforce_root函数的具体用法?Python enforce_root怎么用?Python enforce_root使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了enforce_root函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: check_system
def check_system(quit_if_error=False, libnetwork=False, check_docker=True,
check_modules=True, check_etcd=True, check_kernel=True):
"""
Checks that the system is setup correctly.
:param check_etcd: Whether to perform etcd checks.
:param check_docker: Whether to perform docker checks.
:param check_modules: Whether to perform module checks.
:param quit_if_error: if True, quit with error code 1 if any issues are
detected.
:param libnetwork: If True, check for Docker version >= v1.21 to support libnetwork
:return: a tuple containing the results of the checks
This function will sys.exit(1) instead of returning false if
quit_if_error == True
"""
enforce_root()
modules_ok = _check_modules() if check_modules else True
docker_ok = _check_docker_version(libnetwork) if check_docker else True
etcd_ok = _check_etcd_version() if check_etcd else True
kernel_ok = _check_kernel_version() if check_kernel else True
system_ok = modules_ok and docker_ok and etcd_ok and kernel_ok
if quit_if_error and not system_ok:
sys.exit(1)
return (modules_ok, docker_ok, etcd_ok)
示例2: check_system
def check_system(fix=False, quit_if_error=False):
"""
Checks that the system is setup correctly. fix==True, this command will
attempt to fix any issues it encounters. If any fixes fail, it will
exit(1). Fix will automatically be set to True if the user specifies --fix
at the command line.
:param fix: if True, try to fix any system dependency issues that are
detected.
:param quit_if_error: if True, quit with error code 1 if any issues are
detected, or if any fixes are unsuccesful.
:return: True if all system dependencies are in the proper state, False if
they are not. This function will sys.exit(1) instead of returning false if
quit_if_error == True
"""
# modprobe and sysctl require root privileges.
enforce_root()
system_ok = (_check_kernel_modules(fix) and
_check_ip_forwarding(fix) and
_check_docker_version())
if quit_if_error and not system_ok:
sys.exit(1)
return system_ok
示例3: status
def status(arguments):
"""
Main dispatcher for status commands. Calls the corresponding helper
function.
:param arguments: A dictionary of arguments already processed through
this file's docstring with docopt
:return: None
"""
# Check runtime.
runtime = arguments.get("--runtime")
if not runtime in ["docker", "rkt"]:
print "Invalid runtime specified: '%s'" % runtime
sys.exit(1)
# Check backend
backend = arguments.get("--backend")
if not backend in [None, "bird", "gobgp", "none"]:
print "Invalid backend specified: '%s'" % backend
sys.exit(1)
# Start by locating the calico-node container and querying the package
# summary file.
if runtime == "rkt":
enforce_root()
check_container_status_rkt()
else:
check_container_status_docker()
# Now query the host BGP details. If the AS number is not specified on the
# host then it must be inheriting the default.
try:
bgp_ipv4, bgp_ipv6 = client.get_host_bgp_ips(hostname)
bgp_as = client.get_host_as(hostname)
if bgp_as is None:
bgp_as = client.get_default_node_as()
bgp_as += " (inherited)"
except DataStoreError:
print "Error connecting to etcd. Ensure ETCD_ENDPOINTS or ETCD_AUTHORITY is set properly."
bgp_ipv4 = bgp_ipv6 = "unknown"
bgp_as = "unknown"
# TODO: Add additional information to the BIRD section:
# TODO: - Include AS numbers of peers
# TODO: - Include host name of peers when the peer is a calico-node
# TODO: - Include details of peers configured multiple times
print "\nIPv4 BGP status"
if bgp_ipv4:
print "IP: %s AS Number: %s" % (bgp_ipv4, bgp_as)
pprint_bgp_protocols(4, backend)
else:
print "No IPv4 address configured.\n"
print "IPv6 BGP status"
if bgp_ipv6:
print "IP: %s AS Number: %s" % (bgp_ipv6, bgp_as)
pprint_bgp_protocols(6, backend)
else:
print "No IPv6 address configured.\n"
示例4: container_ip_remove
def container_ip_remove(container_name, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_name: The name of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
info = get_container_info_or_exit(container_name)
container_id = info["Id"]
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_name
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname, orchestrator_id=ORCHESTRATOR_ID, workload_id=container_id)
if address.version == 4:
nets = endpoint.ipv4_nets
else:
nets = endpoint.ipv6_nets
if not IPNetwork(address) in nets:
print "IP address is not assigned to container. Aborting."
sys.exit(1)
except KeyError:
print "Container is unknown to Calico."
sys.exit(1)
try:
nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
print "Error updating datastore. Aborting."
sys.exit(1)
try:
container_pid = info["State"]["Pid"]
netns.remove_ip_from_ns_veth(container_pid, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
sys.exit(1)
client.unassign_address(pool, ip)
print "IP %s removed from %s" % (ip, container_name)
示例5: container_remove
def container_remove(container_id):
"""
Remove a container (on this host) from Calico networking.
The container may be left in a state without any working networking.
If there is a network adaptor in the host namespace used by the container
then it is removed.
:param container_id: The namespace path or the ID of the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# Resolve the name to ID.
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
workload_id = get_workload_id(container_id)
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Find the endpoint ID. We need this to find any ACL rules
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
print "Container %s doesn't contain any endpoints" % container_id
sys.exit(1)
# Remove any IP address assignments that this endpoint has
for net in endpoint.ipv4_nets | endpoint.ipv6_nets:
assert(net.size == 1)
ip = net.ip
pools = client.get_ip_pools(ip.version)
for pool in pools:
if ip in pool:
# Ignore failure to unassign address, since we're not
# enforcing assignments strictly in datastore.py.
client.unassign_address(pool, ip)
try:
# Remove the interface if it exists
netns.remove_veth(endpoint.name)
except CalledProcessError:
print "Could not remove Calico interface %s" % endpoint.name
sys.exit(1)
# Remove the container from the datastore.
client.remove_workload(hostname, orchestrator_id, workload_id)
print "Removed Calico interface from %s" % container_id
示例6: container_remove
def container_remove(container_id):
"""
Remove a container (on this host) from Calico networking.
The container may be left in a state without any working networking.
If there is a network adaptor in the host namespace used by the container
then it is removed.
:param container_id: The namespace path or the ID of the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# Resolve the name to ID.
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
endpoints = client.get_endpoints(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=escape_etcd(container_id))
else:
# We know we're using "docker" as the orchestrator. If we have a direct
# hit on the container id then we can proceed. Otherwise, ask docker to
# try converting the name/id fragment into a full ID.
orchestrator_id = DOCKER_ORCHESTRATOR_ID
endpoints = client.get_endpoints(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=container_id)
if not endpoints:
container_id = get_workload_id(container_id)
endpoints = client.get_endpoints(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=container_id)
for endpoint in endpoints:
# Remove any IP address assignments that this endpoint has
client.release_ips(set(map(IPAddress,
endpoint.ipv4_nets | endpoint.ipv6_nets)))
try:
# Remove the interface if it exists
netns.remove_veth(endpoint.name)
except CalledProcessError:
print "Could not remove Calico interface %s" % endpoint.name
# Always try to remove the workload, even if we didn't find any
# endpoints.
try:
client.remove_workload(hostname, orchestrator_id, container_id)
print "Removed Calico from %s" % container_id
except KeyError:
print "Failed find Calico data for %s" % container_id
示例7: diags
def diags(arguments):
"""
Main dispatcher for diags commands. Calls the corresponding helper function.
:param arguments: A dictionary of arguments already processed through
this file's docstring with docopt
:return: None
"""
# The command has to be run as root for ipset collections (and iptables)
enforce_root()
print("Collecting diagnostics")
save_diags(arguments["--log-dir"])
sys.exit(0)
示例8: container_remove
def container_remove(container_name):
"""
Remove a container (on this host) from Calico networking.
The container may be left in a state without any working networking.
If there is a network adaptor in the host namespace used by the container
then it is removed.
:param container_name: The name or ID of the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# Resolve the name to ID.
workload_id = get_container_id(container_name)
# Find the endpoint ID. We need this to find any ACL rules
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=ORCHESTRATOR_ID,
workload_id=workload_id)
except KeyError:
print "Container %s doesn't contain any endpoints" % container_name
sys.exit(1)
# Remove any IP address assignments that this endpoint has
for net in endpoint.ipv4_nets | endpoint.ipv6_nets:
assert(net.size == 1)
ip = net.ip
pools = client.get_ip_pools(ip.version)
for pool in pools:
if ip in pool:
# Ignore failure to unassign address, since we're not
# enforcing assignments strictly in datastore.py.
client.unassign_address(pool, ip)
# Remove the endpoint
netns.remove_veth(endpoint.name)
# Remove the container from the datastore.
client.remove_workload(hostname, ORCHESTRATOR_ID, workload_id)
print "Removed Calico interface from %s" % container_name
示例9: node_stop
def node_stop(force):
"""
Stop the Calico node. This stops the containers (calico/node and
calico/node-libnetwork) that are started by calicoctl node.
"""
# The command has to be run as root to stop the calico-node service
enforce_root()
endpoints = len(client.get_endpoints(hostname=hostname))
if endpoints:
if not force:
print_paragraph("Current host has active endpoints so can't be "
"stopped. Force with --force")
print_paragraph("Note that stopping the node while there are "
"active endpoints may make it difficult to clean "
"up the endpoints: for example, Docker containers "
"networked using libnetwork with Calico will not "
"invoke network cleanup during the normal "
"container lifecycle.")
sys.exit(1)
else:
print_paragraph("Stopping node while host has active endpoints. "
"If this in error, restart the node using the "
"'calicoctl node' command.")
try:
docker_client.stop("calico-node")
except docker.errors.APIError as err:
if err.response.status_code != 404:
raise
try:
docker_client.stop("calico-libnetwork")
except docker.errors.APIError as err:
if err.response.status_code != 404:
raise
try:
call(["systemctl", "stop", "calico-node.service"])
except OSError:
# systemctl not installed, ignore error.
pass
print "Node stopped"
示例10: check_system
def check_system(quit_if_error=False, libnetwork=False):
"""
Checks that the system is setup correctly.
:param quit_if_error: if True, quit with error code 1 if any issues are
detected.
:param libnetwork: If True, check for Docker version >= v1.21 to support libnetwork
:return: True if all system dependencies are in the proper state, False if
they are not. This function will sys.exit(1) instead of returning false if
quit_if_error == True
"""
enforce_root()
modules_ok = _check_modules()
docker_ok = _check_docker_version(libnetwork)
system_ok = modules_ok and docker_ok
if quit_if_error and not system_ok:
sys.exit(1)
return system_ok
示例11: pprint_bird_protocols
def pprint_bird_protocols(version):
"""
Pretty print the output from the BIRD "show protocols". This parses the
existing output and lays it out in pretty printed table.
:param version: The IP version (4 or 6).
:return: None.
"""
# This needs to be run as root to access the bird data in /var/run/calico
enforce_root()
# Based on the IP version, run the appropriate BIRD command, and select
# the appropriate separator char for an IP address.
if getattr(sys, 'frozen', False):
# We're running under pyinstaller
birdcl = sys._MEIPASS + "/birdcl"
else:
birdcl = "birdcl"
try:
if version == 4:
results = subprocess32.check_output(
"echo show protocols | %s -s /var/run/calico/bird.ctl" % birdcl,
shell=True)
ip_sep = "."
else:
results = subprocess32.check_output(
"echo show protocols | %s -s /var/run/calico/bird6.ctl" % birdcl,
shell=True)
ip_sep = ":"
except subprocess32.CalledProcessError:
print "Couldn't connect to bird."
return
# Parse the output from BIRD to extract the values in the protocol status
# table. We'll further parse the name since that includes details about
# the type of peer and the peer IP address.
x = PrettyTable(["Peer address", "Peer type", "State",
"Since", "Info"])
lines = results.split("\n")
found_table = False
for line in lines:
# When BIRD displays its protocol table, it prints the bird> prompt and
# then shifts the cursor to print back over the prompt. However, this
# means that we get rogue prompts when parsing the output. For this
# processing just remove the prompt if it is present.
if line.startswith("bird>"):
line = line[5:]
# Skip blank lines.
line = line.strip()
if not line:
continue
# Split the line into columns based on whitespace separators. We split
# a maximum of 5 times because the 6th "info" column may contain a
# string that itself includes whitespace that should be maintained.
columns = re.split("\s+", line.strip(), 5)
# Loop until we find the table heading.
if columns == ["name", "proto", "table", "state", "since", "info"]:
found_table = True
continue
elif not found_table:
continue
# We expect either 5 or 6 columns depending on whether there was a
# value in the info column. Anything else is not handled, so revert
# to displaying the raw BIRD output.
if not (5 <= len(columns) <= 6):
found_table = False
break
# Parse the name, we name our BGP peers as "Mesh", "Node" or "Global"
# followed by the IP address. Extract the info so we can pretty
# print it.
combined = columns[0]
if combined.startswith("Mesh_"):
name = combined[5:].replace("_", ip_sep)
ptype = "node-to-node mesh"
elif combined.startswith("Node_"):
name = combined[5:].replace("_", ip_sep)
ptype = "node specific"
elif combined.startswith("Global_"):
name = combined[7:].replace("_", ip_sep)
ptype = "global"
else:
# This is not a BGP Peer, so do not include in the output.
continue
x.add_row([name, ptype, columns[3], columns[4],
columns[5] if len(columns) == 6 else ""])
# If we parsed the table then pretty print the table, otherwise just output
# the BIRD output directly. The first line of the BIRD output provides an
# overall BIRD status.
if found_table:
print str(x) + "\n"
else:
print results + "\n"
示例12: container_ip_remove
def container_ip_remove(container_id, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_id: The namespace path or container_id of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
namespace = netns.Namespace(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
namespace = netns.PidNamespace(info["State"]["Pid"])
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_id
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
if address.version == 4:
nets = endpoint.ipv4_nets
else:
nets = endpoint.ipv6_nets
if not IPNetwork(address) in nets:
print "IP address is not assigned to container. Aborting."
sys.exit(1)
except KeyError:
print "Container is unknown to Calico."
sys.exit(1)
try:
nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
print "Error updating datastore. Aborting."
sys.exit(1)
try:
netns.remove_ip_from_ns_veth(namespace, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
sys.exit(1)
client.unassign_address(pool, address)
print "IP %s removed from %s" % (ip, container_id)
示例13: container_ip_add
def container_ip_add(container_id, ip, interface):
"""
Add an IP address to an existing Calico networked container.
:param container_id: The namespace path or container_id of the container.
:param ip: The IP to add
:param interface: The name of the interface in the container.
:return: None
"""
address = IPAddress(ip)
# The netns manipulations must be done as root.
enforce_root()
pool = get_pool_or_exit(address)
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
namespace = netns.Namespace(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
namespace = netns.PidNamespace(info["State"]["Pid"])
orchestrator_id = DOCKER_ORCHESTRATOR_ID
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_id
sys.exit(1)
# Check that the container is already networked
try:
endpoint = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
print "Failed to add IP address to container.\n"
print_container_not_in_calico_msg(container_id)
sys.exit(1)
# From here, this method starts having side effects. If something
# fails then at least try to leave the system in a clean state.
if not client.assign_address(pool, address):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
try:
if address.version == 4:
endpoint.ipv4_nets.add(IPNetwork(address))
else:
endpoint.ipv6_nets.add(IPNetwork(address))
client.update_endpoint(endpoint)
except (KeyError, ValueError):
client.unassign_address(pool, ip)
print "Error updating datastore. Aborting."
sys.exit(1)
try:
netns.add_ip_to_ns_veth(namespace, address, interface)
except CalledProcessError:
print "Error updating networking in container. Aborting."
if address.version == 4:
endpoint.ipv4_nets.remove(IPNetwork(address))
else:
endpoint.ipv6_nets.remove(IPNetwork(address))
client.update_endpoint(endpoint)
client.unassign_address(pool, ip)
sys.exit(1)
print "IP %s added to %s" % (ip, container_id)
示例14: container_add
def container_add(container_id, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_id: The namespace path or the docker name/ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
:param interface: The name of the interface in the container.
"""
# The netns manipulations must be done as root.
enforce_root()
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
namespace = netns.Namespace(container_id)
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
orchestrator_id = DOCKER_ORCHESTRATOR_ID
namespace = netns.PidNamespace(info["State"]["Pid"])
# Check the container is actually running.
if not info["State"]["Running"]:
print "%s is not currently running." % container_id
sys.exit(1)
# We can't set up Calico if the container shares the host namespace.
if info["HostConfig"]["NetworkMode"] == "host":
print "Can't add %s to Calico because it is " \
"running NetworkMode = host." % container_id
sys.exit(1)
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print "%s has already been configured with Calico Networking." % \
container_id
sys.exit(1)
# Check the IP is in the allocation pool. If it isn't, BIRD won't export
# it.
ip = IPAddress(ip)
pool = get_pool_or_exit(ip)
# The next hop IPs for this host are stored in etcd.
next_hops = client.get_default_next_hops(hostname)
try:
next_hops[ip.version]
except KeyError:
print "This node is not configured for IPv%d." % ip.version
sys.exit(1)
# Assign the IP
if not client.assign_address(pool, ip):
print "IP address is already assigned in pool %s " % pool
sys.exit(1)
# Get the next hop for the IP address.
next_hop = next_hops[ip.version]
network = IPNetwork(IPAddress(ip))
ep = Endpoint(hostname=hostname,
orchestrator_id=DOCKER_ORCHESTRATOR_ID,
workload_id=workload_id,
endpoint_id=uuid.uuid1().hex,
state="active",
mac=None)
if network.version == 4:
ep.ipv4_nets.add(network)
ep.ipv4_gateway = next_hop
else:
ep.ipv6_nets.add(network)
ep.ipv6_gateway = next_hop
# Create the veth, move into the container namespace, add the IP and
# set up the default routes.
netns.create_veth(ep.name, ep.temp_interface_name)
netns.move_veth_into_ns(namespace, ep.temp_interface_name, interface)
netns.add_ip_to_ns_veth(namespace, ip, interface)
netns.add_ns_default_route(namespace, next_hop, interface)
# Grab the MAC assigned to the veth in the namespace.
ep.mac = netns.get_ns_veth_mac(namespace, interface)
# Register the endpoint with Felix.
client.set_endpoint(ep)
# Let the caller know what endpoint was created.
return ep
示例15: container_add
def container_add(container_id, ip, interface):
"""
Add a container (on this host) to Calico networking with the given IP.
:param container_id: The namespace path or the docker name/ID of the container.
:param ip: An IPAddress object with the desired IP to assign.
:param interface: The name of the interface in the container.
"""
# The netns manipulations must be done as root.
enforce_root()
# TODO: This section is redundant in container_add_ip and elsewhere
if container_id.startswith("/") and os.path.exists(container_id):
# The ID is a path. Don't do any docker lookups
workload_id = escape_etcd(container_id)
orchestrator_id = NAMESPACE_ORCHESTRATOR_ID
namespace = netns.Namespace(container_id)
else:
info = get_container_info_or_exit(container_id)
workload_id = info["Id"]
orchestrator_id = DOCKER_ORCHESTRATOR_ID
namespace = netns.PidNamespace(info["State"]["Pid"])
# Check the container is actually running.
if not info["State"]["Running"]:
print_paragraph("%s is not currently running." % container_id)
sys.exit(1)
# We can't set up Calico if the container shares the host namespace.
if info["HostConfig"]["NetworkMode"] == "host":
print_paragraph("Can't add %s to Calico because it is "
"running NetworkMode = host." % container_id)
sys.exit(1)
# Check if the container already exists
try:
_ = client.get_endpoint(hostname=hostname,
orchestrator_id=orchestrator_id,
workload_id=workload_id)
except KeyError:
# Calico doesn't know about this container. Continue.
pass
else:
# Calico already set up networking for this container. Since we got
# called with an IP address, we shouldn't just silently exit, since
# that would confuse the user: the container would not be reachable on
# that IP address.
print_paragraph("%s has already been configured with Calico "
"Networking." % container_id)
sys.exit(1)
ep = Endpoint(hostname=hostname,
orchestrator_id=DOCKER_ORCHESTRATOR_ID,
workload_id=workload_id,
endpoint_id=uuid.uuid1().hex,
state="active",
mac=None)
ip, _ = get_ip_and_pool(ip)
network = IPNetwork(ip)
if network.version == 4:
ep.ipv4_nets.add(network)
else:
ep.ipv6_nets.add(network)
# Create the veth, move into the container namespace, add the IP and
# set up the default routes.
netns.increment_metrics(namespace)
netns.create_veth(ep.name, ep.temp_interface_name)
netns.move_veth_into_ns(namespace, ep.temp_interface_name, interface)
netns.add_ip_to_ns_veth(namespace, ip, interface)
netns.add_ns_default_route(namespace, ep.name, interface)
# Grab the MAC assigned to the veth in the namespace.
ep.mac = netns.get_ns_veth_mac(namespace, interface)
# Register the endpoint with Felix.
client.set_endpoint(ep)
# Let the caller know what endpoint was created.
print_paragraph("IP %s added to %s" % (str(ip), container_id))
return ep