blob: 2fbf4782786c26c35638d935caf31dc3516e5664 [file] [log] [blame]
#!/bin/bash
iptables -L > /dev/null
ip6tables -L > /dev/null
CONTAINER={{ container_name }}
IMAGE={{ docker_image }}
function mac_to_iface {
PARENT_MAC=$1
ifconfig|grep $PARENT_MAC| awk '{print $1}'|grep -v '\.'
}
function encapsulate_stag {
LAN_IFACE=$1
STAG=$2
ifconfig $LAN_IFACE >> /dev/null
if [ "$?" == 0 ]; then
STAG_IFACE=$LAN_IFACE.$STAG
ifconfig $LAN_IFACE up
ifconfig $STAG_IFACE
if [ "$?" == 0 ]; then
echo $STAG_IFACE is already created
else
ifconfig $STAG_IFACE >> /dev/null || ip link add link $LAN_IFACE name $STAG_IFACE type vlan id $STAG
fi
ifconfig $STAG_IFACE up
else
echo There is no $LAN_IFACE. Aborting.
exit -1
fi
}
{% if volumes %}
{% for volume in volumes %}
DEST_DIR=/var/container_volumes/$CONTAINER/{{ volume }}
mkdir -p $DEST_DIR
VOLUME_ARGS="$VOLUME_ARGS -v $DEST_DIR:{{ volume }}"
{% endfor %}
{% endif %}
docker inspect $CONTAINER > /dev/null 2>&1
if [ "$?" == 1 ]
then
docker pull $IMAGE
{% if network_method=="host" %}
docker run -d --name=$CONTAINER --privileged=true --net=host $VOLUME_ARGS $IMAGE
{% elif network_method=="bridged" %}
docker run -d --name=$CONTAINER --privileged=true --net=bridge $VOLUME_ARGS $IMAGE
{% else %}
docker run -d --name=$CONTAINER --privileged=true --net=none $VOLUME_ARGS $IMAGE
{% endif %}
else
docker start $CONTAINER
fi
{% if ports %}
{% for port in ports %}
{% if port.next_hop %}
NEXTHOP_ARG="@{{ port.next_hop }}"
{% else %}
NEXTHOP_ARG=""
{% endif %}
{% if port.c_tag %}
CTAG_ARG="@{{ port.c_tag }}"
{% else %}
CTAG_ARG=""
{% endif %}
{% if port.parent_mac %}
# container-in-VM
SRC_DEV=$( mac_to_iface "{{ port.parent_mac }}" )
CMD="docker exec $CONTAINER ifconfig $SRC_DEV >> /dev/null || pipework $SRC_DEV -i {{ port.device }} $CONTAINER {{ port.ip }}/24$NEXTHOP_ARG {{ port.mac }} $CTAG_ARG"
echo $CMD
eval $CMD
{% else %}
# container-on-metal
IP="{{ port.ip }}"
{% if port.mac %}
MAC="{{ port.mac }}"
{% else %}
MAC=""
{% endif %}
DEVICE="{{ port.device }}"
BRIDGE="{{ port.bridge }}"
{% if port.s_tag %}
# This is intended for lan_network. Assume that BRIDGE is set to br_lan. We
# create a device that strips off the S-TAG.
STAG="{{ port.s_tag }}"
encapsulate_stag $BRIDGE $STAG
SRC_DEV=$STAG_IFACE
{% else %}
# This is for a standard neutron private network. We use a donor VM to setup
# openvswitch for us, and we snoop at its devices and create a tap using the
# same settings.
XOS_NETWORK_ID="{{ port.xos_network_id }}"
INSTANCE_MAC="{{ port.snoop_instance_mac }}"
INSTANCE_ID="{{ port.snoop_instance_id }}"
INSTANCE_TAP=`virsh domiflist $INSTANCE_ID | grep -i $INSTANCE_MAC | awk '{print $1}'`
INSTANCE_TAP=${INSTANCE_TAP:3}
VLAN_ID=`ovs-vsctl show | grep -i -A 1 port.*$INSTANCE_TAP | grep -i tag | awk '{print $2}'`
# One tap for all containers per XOS/neutron network. Included the VLAN_ID in the
# hash, to cover the case where XOS is reinstalled and the XOS network ids
# get reused.
TAP="con`echo ${XOS_NETWORK_ID}_$VLAN_ID|md5sum|awk '{print $1}'`"
TAP=${TAP:0:10}
echo im=$INSTANCE_MAC ii=$INSTANCE_ID it=$INSTANCE_TAP vlan=$VLAN_ID tap=$TAP con=$CONTAINER dev=$DEVICE mac=$MAC
ovs-vsctl show | grep -i $TAP
if [[ $? == 1 ]]; then
echo creating tap
ovs-vsctl add-port $BRIDGE $TAP tag=$VLAN_ID -- set interface $TAP type=internal
else
echo tap exists
fi
SRC_DEV=$TAP
{% endif %}
CMD="docker exec $CONTAINER ifconfig $DEVICE >> /dev/null || pipework $SRC_DEV -i $DEVICE $CONTAINER $IP/24$NEXTHOP_ARG $MAC $CTAG_ARG"
echo $CMD
eval $CMD
{% endif %}
{% endfor %}
{% endif %}
# Attach to container
# (this is only done when using upstart, since upstart expects to be attached
# to a running service)
if [[ "$1" == "ATTACH" ]]; then
docker start -a $CONTAINER
fi