Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

ip.docker

Minimal configlet:

[ip#1]
type = docker
dev = eth0
netns = container#0

Minimal setup command:

om test/svc/foo set \
	--kw="type=docker" \
	--kw="dev=eth0" \
	--kw="netns=container#0"

alias

required:    false
scopable:    true
default:     true
convert:     bool

Use network interface stacking.

Modern ip stack support multiple ip addresses per interface, so alias should be set to false when possible.

blocking_post_provision

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors interrupt the action.

This trigger is only executed on leaders.

blocking_post_start

required:    false
scopable:    true

A command or script to execute after the resource start action.

Errors interrupt the action.

blocking_post_stop

required:    false
scopable:    true

A command or script to execute after the resource stop action.

Errors interrupt the action.

blocking_post_unprovision

required:    false
scopable:    true

A command or script to execute after the resource unprovision action.

Errors interrupt the action.

This trigger is only executed on leaders.

blocking_pre_provision

required:    false
scopable:    true

A command or script to execute before the resource provision action.

Errors interrupt the action.

blocking_pre_start

required:    false
scopable:    true

A command or script to execute before the resource start action.

Errors interrupt the action.

blocking_pre_stop

required:    false
scopable:    true

A command or script to execute before the resource stop action.

Errors interrupt the action.

blocking_pre_unprovision

required:    false
scopable:    true

A command or script to execute before the resource unprovision action.

Errors interrupt the action.

check_carrier

required:    false
scopable:    true
default:     true
convert:     bool

Activate the link carrier check.

Set to false if dev is a backend bridge or switch.

comment

required:    false
scopable:    false

Comments help the users understand the role of the object and its resources.

del_net_route

required:    false
scopable:    true
default:     false
convert:     bool

Some docker ip configurations require dropping the network route autoconfigured when installing the ip address.

In this case set del_net_route=true and network=<cidr>.

dev

required:    true
scopable:    true

Example:

dev=eth0

The interface name to setup the ip address on.

This interface can be different from one node to the other, in which case the dev@<nodename> scoping syntax can be used.

If the value is expressed as <intf>:<n>, the stacked interface index is forced to <n> instead of the lowest free index.

If the value is expressed as <name>@<intf>, a macvtap interface named <name> is created and attached to <intf>.

disable

required:    false
scopable:    true
convert:     bool

A disabled resource will be ignored on start, stop, provision and unprovision actions.

A disabled resource status is n/a.

If set in the DEFAULT section of an object, the object is disabled and ignores start, stop, shutdown, provision and unprovision actions.

These actions immediately return success.

om <path> disable sets DEFAULT.disable=true.

om <path> enable sets DEFAULT.disable=false.

Note: The enable and disable actions preserve the individual resource disable state.

dns_name_suffix

required:    false
scopable:    true

Example:

dns_name_suffix=-backup

Add the value as a suffix to the DNS record name. The record created is thus formatted as:

  • <name>-<dns_name_suffix>.<app>.<managed zone> in the collector managed zone
  • <name>-<dns_name_suffix>.<namespace>.<kind>.<clustername> in the cluster dns zone.

encap

required:    false
scopable:    false
convert:     bool

Set to true to ignore this resource in the nodes context and consider it in the encapnodes context. The resource is thus handled by agents deployed in the service containers.

expose

required:    false
scopable:    true
convert:     list

Example:

expose=443/tcp:8443 53/udp

A whitespace-separated list of <port>/<protocol>[:<host port>] describing socket services that mandate a SRV exposition.

gateway

required:    false
scopable:    true

The gateway to configure in the network namespace.

macaddr

required:    false
scopable:    true

Example:

macaddr=ce:32:cc:ca:41:33

The hardware address to set on the interface in the network namespace.

mode

required:    false
scopable:    true
candidates:  bridge, dedicated, macvlan, ipvlan-l2, ipvlan-l3, ipvlan-l3s, ovs
default:     bridge

Example:

mode=access

The ip link mode.

If dev is set to a bridge interface the mode defaults to bridge, else defaults to macvlan. The ipvlan mode requires a 4.2+ Linux kernel.

monitor

required:    false
scopable:    true
convert:     bool

A resource with monitor=true will trigger the monitor_action (crash or reboot the node, freezestop or switch the service) if:

  • The resource is down.

  • The instance has local_expect=started in its daemon monitor data, which means the daemon considers this instance is and should remain started.

  • All restart tentatives failed.

name

required:    false
scopable:    true

Example:

name=1.2.3.4

The DNS name or IP address of the ip resource.

Can be different from one node to the other, in which case the name@<nodename> scoping syntax can be used.

This is most useful to specify a different ip when the service starts in DRP mode, where subnets are likely to be different than those of the production datacenter.

netmask

required:    false
scopable:    true

Example:

netmask=24

The netmask to configure with the address resolved from name.

If an ip is already plumbed on the root interface, the netmask default is the netmask of this existing ip.

netmask is mandatory for interfaces dedicated to the object. Dummy interfaces are likely to be in this case.

The format is:

  • dotted or octal for IPv4, ex: 255.255.252.0 or 22.

  • octal only for IPv6, ex: 64.

netns

required:    true
scopable:    true

Example:

netns=container#0

The resource id of the container to plumb the ip into.

network

required:    false
scopable:    true

Example:

network=10.0.0.0/16

The ip address network, in dotted notation.

Used to set the network route if del_net_route=true.

nsdev

required:    false
scopable:    true

Example:

nsdev=front

The first eth<n> available in the network namespace.

optional

required:    false
scopable:    true
convert:     bool

Action errors on optional resources are logged but do not interrupt the action sequence.

The status of optional resources is not included in the instance availability status but is considered in the overall status.

The status of task and sync resources is always included in the overall status, regardless of whether they are marked as optional.

Resources tagged as noaction are considered optional by default.

Dump filesystems are a typical use case for optional=true.

post_provision

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

post_start

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

post_stop

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

post_unprovision

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

pre_provision

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

pre_start

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

pre_stop

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

pre_unprovision

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

provision

required:    false
scopable:    false
default:     true
convert:     bool

Set to false to ignore the provision and unprovision actions on the resource.

Warning: provision and unprovision use data-destructive operations like formatting.

It is recommended to set provision=false on long-lived critical objects, to force administrators to remove this setting when they really want to destroy data.

provision_requires

required:    false
scopable:    false

Example:

provision_requires=ip#0 fs#0(down,stdby down)

A whitespace-separated list of conditions to meet to accept a ‘provision’ action.

A condition is expressed as <rid>(<state>,...).

If states are omitted, up,stdby up is used as the default expected states.

restart

required:    false
scopable:    true
default:     0
convert:     int

The daemon will try to restart a resource if:

  • The resource is down, stdby down or warn.

  • The instance has local_expect=started in its daemon monitor data, which means the daemon considers this instance is and should remain started.

  • The node is not frozen

  • The instance is not frozen

In this case, the daemon try restart=<n> times before falling back to the monitor action.

The restart_delay keyword sets the interval after a failed restart before the next tentative.

Resources with standby=true have restart forced to a minimum of 2, to increase chances of a restart success.

restart_delay

required:    false
scopable:    true
default:     500ms
convert:     duration

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

shared

required:    false
scopable:    true
convert:     bool

If true, the resource will be considered shared during provision and unprovision actions.

A shared resource driver can implement a different behaviour depending on weither it is run from the leader instance, or not:

  • When --leader is set, the driver creates and configures the system objects. For example the disk.disk driver allocates a SAN disk and discover its block devices.

  • When --leader is not set, the driver does not redo the actions already done by the leader, but may do some. For example, the disk.disk driver skips the SAN disk allocation, but discovers the block devices.

The daemon takes care of setting the --leader flags on the commands it submits during deploy, purge, provision and unprovision orchestrations.

Warning: If admins want to submit --local provision or unprovision commands themselves, they have to set the --leader flag correctly.

Flex objects usually don’t use shared resources. But if they do, only the flex primary gets --leader commands.

Warning: All resources depending on a shared resource must also be flagged as shared.

standby

required:    false
scopable:    true
convert:     bool

If true, always start the resource, even on non-started instances.

The daemon is responsible for starting standby resources.

A resource can be set standby on a subset of nodes using keyword scoping.

A typical use-case is a synchronized filesystem on non-shared disks. The remote filesystem must be mounted to not overflow the underlying filesystem.

Warning: In most situation, don’t set shared resources standby, a non-clustered fs on shared disks for example.

start_requires

required:    false
scopable:    false

Example:

start_requires=ip#0 fs#0(down,stdby down)

A whitespace-separated list of conditions to meet to accept a ‘start’ action.

A condition is expressed as <rid>(<state>,...).

If states are omitted, up,stdby up is used as the default expected states.

stop_requires

required:    false
scopable:    false

Example:

stop_requires=ip#0 fs#0(down,stdby down)

A whitespace-separated list of conditions to meet to accept a ‘stop’ action.

A condition is expressed as <rid>(<state>,...).

If states are omitted, up,stdby up is used as the default expected states.

subset

required:    false
scopable:    true

A command or script to execute after the resource provision action.

Errors do not interrupt the action.

This trigger is only executed on leaders.

tags

required:    false
scopable:    true
convert:     set

A whitespace-separated list of tags.

Tags can be used for resource selection by tag.

Some tags can influence the driver behaviour:

  • noaction

    Skip any state changing action on the resource and imply optional=true.

  • nostatus

    Force the status n/a.

unprovision

required:    false
scopable:    false
default:     true
convert:     bool

Set to false to ignore the unprovision action on the resource.

Warning: unprovision use data-destructive operations like formatting.

It is recommended to set provision=false on long-lived critical objects, to force administrators to remove this setting when they really want to destroy data.

unprovision_requires

required:    false
scopable:    false

Example:

unprovision_requires=ip#0 fs#0(down,stdby down)

A whitespace-separated list of conditions to meet to accept a ‘unprovision’ action.

A condition is expressed as <rid>(<state>,...).

If states are omitted, up,stdby up is used as the default expected states.

vlan_mode

required:    false
scopable:    true
candidates:  access, native-tagged, native-untagged
depends:     .mode=ovs
default:     native-untagged

Example:

vlan_mode=access

The VLAN port mode.

vlan_tag

required:    false
scopable:    true
depends:     .mode=ovs

Example:

vlan_tag=44

The VLAN tag the switch port will relay.

wait_dns

required:    false
scopable:    true
default:     0
convert:     duration

Example:

wait_dns=10s

Wait for the cluster DNS records associated to the resource to appear after a resource start and before the next resource can be started.

This can be set when apps or containers require the ip or ip name to be resolvable to provision or start properly.