-
Notifications
You must be signed in to change notification settings - Fork 22
/
ip-util-check
executable file
·101 lines (84 loc) · 3.33 KB
/
ip-util-check
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/bin/bash
export DOCKER_CERT_PATH
export DOCKER_HOST
export DOCKER_TLS_VERIFY
set -e
# Per-network state keyed on network ID
#
declare -A NET2SUB # list of subnets for each overlay network
declare -A NET2CAP # network capacity of each overlay network
declare -A NET2NAME # network name of each overlay network
declare -A NET2NCIP # number of container IP addresses for each overlay network
declare -A NET2NVIP # number of virtuail IP addresses for each overlay network
# Report the general IP utilization status of an overlay network
# Args:
# - $1 - network ID to report on
report() {
echo "----"
if [ "${NET2CAP[$1]}" -eq 0 ] ; then
echo "Network ${NET2NAME[$1]}/$1 has no assigned IP addresses"
echo " Network OK"
else
USE=$(( ${NET2NCIP[$1]} + ${NET2NVIP[$1]} ))
SAFECAP=$(( (${NET2CAP[$1]} - ${NET2NVIP[$1]}) / 2 ))
echo "Network ${NET2NAME[$1]}/$1 has an IP address capacity of ${NET2CAP[$1]} and uses $USE addresses"
if [ $(( $USE + $NNODES )) -ge ${NET2CAP[$1]} ] ; then
echo " ERROR: network will be over capacity if upgrading Docker engine version 18.06"
echo " or later."
elif [ $(( ${NET2NCIP[$1]} * 2 )) -ge $SAFECAP ] ; then
HDRM=$(( ${NET2CAP[$1]} - ${NET2NCIP[$1]} - ${NET2NVIP[$1]} ))
echo " WARNING: network could exhaust IP addresses if the cluster scales to $HDRM or more nodes"
elif [ ${NET2NCIP[$1]} -ge $(( $SAFECAP * 8 / 10 )) ] ; then
echo " WARNING: network using more than 80% of safe IP capacity ($SAFECAP)"
else
echo " Network OK: network support up to $(( $SAFECAP - ${NET2NCIP[$1]} )) additional tasks safely"
fi
fi
}
# Gather node, overlay network and service IDs
echo "Gathering basic cluster state"
NNODES=$(docker node ls -q | wc -l)
NODEIDS=$(docker node ls -q)
NETS=$(docker network ls --filter driver=overlay | awk 'NR != 1 && $2 != "ingress" {print $1}')
SVCIDS=$(docker service ls -q)
echo "Gathering overlay network information"
for net in $NETS ; do
NET2NAME[$net]=$(docker network inspect $net | jq -r '.[].Name')
set +e
NET2SUB[$net]=$(docker network inspect $net | jq -r '.[].IPAM.Config[].Subnet' 2>/dev/null)
if [ -z "${NET2SUB[$net]}" ] ; then
NET2SUB[$net]=$(docker network inspect ${NET2NAME[$net]} | jq -r '.[].IPAM.Config[].Subnet' 2>/dev/null)
fi
set -e
NET2CAP[$net]=0
NET2NCIP[$net]=0
NET2NVIP[$net]=0
for sub in ${NET2SUB[$net]} ; do
pfxlen=$(echo $sub | awk -F / '{print $2}')
subcap=$(( (1 << (32 - $pfxlen)) - 3 ))
NET2CAP[$net]=$(( ${NET2CAP[$net]} + $subcap ))
done
done
echo "Counting container IP allocations per network"
for node in $NODEIDS ; do
for task in $(docker node ps -f 'desired-state = running' -q $node) ; do
nets=$(docker inspect $task | jq -r '.[].Spec.Networks[].Target' 2>/dev/null | cut -c 1-12)
for net in $nets; do
NET2NCIP[$net]=$((${NET2NCIP[$net]} + 1))
done
done
done
echo "Counting service VIP allocations per network"
for svc in $SVCIDS ; do
for viprec in $(docker service inspect $svc | jq -rc '.[].Endpoint.VirtualIPs[]' 2>/dev/null); do
net=$(echo "$viprec" | jq -r '.NetworkID' | cut -c 1-12)
addr=$(echo "$viprec" | jq -r '.Addr')
NET2NVIP[$net]=$((${NET2NVIP[$net]} + 1))
done
done
# Report the IP utilization for each overlay network
echo ""
echo "Overlay IP Utilization Report"
for net in $NETS ; do
report $net
done