From b0286d6b43ebec367c0d9ed87bc6566d76ece8f8 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Tue, 9 Jun 2020 17:10:37 -0400 Subject: Implement pod-network-reload This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon Signed-off-by: Paul Holzinger --- cmd/podman/networks/reload.go | 69 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 cmd/podman/networks/reload.go (limited to 'cmd/podman/networks') diff --git a/cmd/podman/networks/reload.go b/cmd/podman/networks/reload.go new file mode 100644 index 000000000..16655c18c --- /dev/null +++ b/cmd/podman/networks/reload.go @@ -0,0 +1,69 @@ +package network + +import ( + "fmt" + + "github.com/containers/podman/v2/cmd/podman/common" + "github.com/containers/podman/v2/cmd/podman/registry" + "github.com/containers/podman/v2/cmd/podman/utils" + "github.com/containers/podman/v2/cmd/podman/validate" + "github.com/containers/podman/v2/pkg/domain/entities" + "github.com/spf13/cobra" + "github.com/spf13/pflag" +) + +var ( + networkReloadDescription = `reload container networks, recreating firewall rules` + networkReloadCommand = &cobra.Command{ + Use: "reload [options] [CONTAINER...]", + Short: "Reload firewall rules for one or more containers", + Long: networkReloadDescription, + RunE: networkReload, + Args: func(cmd *cobra.Command, args []string) error { + return validate.CheckAllLatestAndCIDFile(cmd, args, false, false) + }, + ValidArgsFunction: common.AutocompleteContainers, + Example: `podman network reload --latest + podman network reload 3c13ef6dd843 + podman network reload test1 test2`, + Annotations: map[string]string{ + registry.ParentNSRequired: "", + }, + } +) + +var ( + reloadOptions entities.NetworkReloadOptions +) + +func reloadFlags(flags *pflag.FlagSet) { + flags.BoolVarP(&reloadOptions.All, "all", "a", false, "Reload network configuration of all containers") +} + +func init() { + registry.Commands = append(registry.Commands, registry.CliCommand{ + Mode: []entities.EngineMode{entities.ABIMode}, + Command: networkReloadCommand, + Parent: networkCmd, + }) + reloadFlags(networkReloadCommand.Flags()) + validate.AddLatestFlag(networkReloadCommand, &reloadOptions.Latest) +} + +func networkReload(cmd *cobra.Command, args []string) error { + responses, err := registry.ContainerEngine().NetworkReload(registry.Context(), args, reloadOptions) + if err != nil { + return err + } + + var errs utils.OutputErrors + for _, r := range responses { + if r.Err == nil { + fmt.Println(r.Id) + } else { + errs = append(errs, r.Err) + } + } + + return errs.PrintErrors() +} -- cgit v1.2.3-54-g00ecf