]>
Commit | Line | Data |
---|---|---|
7af97ad5 | 1 | package PVE::LXC::Create; |
5b4657d0 DM |
2 | |
3 | use strict; | |
4 | use warnings; | |
5 | use File::Basename; | |
6 | use File::Path; | |
07084526 | 7 | use Fcntl; |
5b4657d0 | 8 | |
40761075 | 9 | use PVE::RPCEnvironment; |
99a0bcb0 | 10 | use PVE::Storage::PBSPlugin; |
5b4657d0 | 11 | use PVE::Storage; |
8b076579 | 12 | use PVE::DataCenterConfig; |
5b4657d0 | 13 | use PVE::LXC; |
7af97ad5 | 14 | use PVE::LXC::Setup; |
f507c3a7 | 15 | use PVE::VZDump::ConvertOVZ; |
580b6916 | 16 | use PVE::Tools; |
dc6e862c | 17 | use POSIX; |
5b4657d0 | 18 | |
fbb31447 TL |
19 | sub detect_architecture { |
20 | my ($rootdir) = @_; | |
dc6e862c | 21 | |
e1d54a38 DM |
22 | # see https://en.wikipedia.org/wiki/Executable_and_Linkable_Format |
23 | ||
24 | my $supported_elf_machine = { | |
25 | 0x03 => 'i386', | |
26 | 0x3e => 'amd64', | |
27 | 0x28 => 'armhf', | |
28 | 0xb7 => 'arm64', | |
c7a78752 | 29 | 0xf3 => 'riscv', |
fbb31447 | 30 | }; |
dc6e862c | 31 | |
fbb31447 TL |
32 | my $elf_fn = '/bin/sh'; # '/bin/sh' is POSIX mandatory |
33 | my $detect_arch = sub { | |
dc6e862c TL |
34 | # chroot avoids a problem where we check the binary of the host system |
35 | # if $elf_fn is an absolut symlink (e.g. $rootdir/bin/sh -> /bin/bash) | |
36 | chroot($rootdir) or die "chroot '$rootdir' failed: $!\n"; | |
37 | chdir('/') or die "failed to change to root directory\n"; | |
38 | ||
fbb31447 | 39 | open(my $fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n"; |
dc6e862c TL |
40 | binmode($fh); |
41 | ||
e1d54a38 | 42 | my $length = read($fh, my $data, 20) or die "read failed: $!\n"; |
dc6e862c | 43 | |
e1d54a38 DM |
44 | # 4 bytes ELF magic number and 1 byte ELF class, padding, machine |
45 | my ($magic, $class, undef, $machine) = unpack("A4CA12n", $data); | |
dc6e862c TL |
46 | |
47 | die "'$elf_fn' does not resolve to an ELF!\n" | |
48 | if (!defined($class) || !defined($magic) || $magic ne "\177ELF"); | |
49 | ||
e1d54a38 DM |
50 | my $arch = $supported_elf_machine->{$machine}; |
51 | die "'$elf_fn' has unknown ELF machine '$machine'!\n" | |
52 | if !defined($arch); | |
dc6e862c | 53 | |
c7a78752 WB |
54 | if ($arch eq 'riscv') { |
55 | if ($class eq 1) { | |
56 | $arch = 'riscv32'; | |
57 | } elsif ($class eq 2) { | |
58 | $arch = 'riscv64'; | |
59 | } else { | |
60 | die "'$elf_fn' has invalid class '$class'!\n"; | |
61 | } | |
62 | } | |
63 | ||
e1d54a38 | 64 | return $arch; |
fbb31447 | 65 | }; |
dc6e862c | 66 | |
91749ee9 LS |
67 | my $arch = eval { PVE::Tools::run_fork_with_timeout(10, $detect_arch); }; |
68 | my $err = $@; | |
69 | ||
70 | if (!defined($arch) && !defined($err)) { | |
71 | # on timeout | |
72 | die "Architecture detection failed: timeout\n"; | |
73 | } elsif ($err) { | |
74 | # any other error | |
fbb31447 | 75 | $arch = 'amd64'; |
91749ee9 | 76 | print "Architecture detection failed: $err\nFalling back to $arch.\n" . |
fbb31447 | 77 | "Use `pct set VMID --arch ARCH` to change.\n"; |
dc6e862c | 78 | } else { |
fbb31447 | 79 | print "Detected container architecture: $arch\n"; |
dc6e862c TL |
80 | } |
81 | ||
fbb31447 | 82 | return $arch; |
dc6e862c TL |
83 | } |
84 | ||
5b4657d0 | 85 | sub restore_archive { |
99a0bcb0 DM |
86 | my ($storage_cfg, $archive, $rootdir, $conf, $no_unpack_error, $bwlimit) = @_; |
87 | ||
88 | my ($storeid, $volname) = PVE::Storage::parse_volume_id($archive, 1); | |
89 | if (defined($storeid)) { | |
90 | my $scfg = PVE::Storage::storage_check_enabled($storage_cfg, $storeid); | |
91 | if ($scfg->{type} eq 'pbs') { | |
92 | return restore_proxmox_backup_archive($storage_cfg, $archive, $rootdir, $conf, $no_unpack_error, $bwlimit); | |
93 | } | |
94 | } | |
95 | ||
96 | $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $archive) if $archive ne '-'; | |
97 | restore_tar_archive($archive, $rootdir, $conf, $no_unpack_error, $bwlimit); | |
98 | } | |
99 | ||
100 | sub restore_proxmox_backup_archive { | |
101 | my ($storage_cfg, $archive, $rootdir, $conf, $no_unpack_error, $bwlimit) = @_; | |
102 | ||
103 | my ($storeid, $volname) = PVE::Storage::parse_volume_id($archive); | |
104 | my $scfg = PVE::Storage::storage_config($storage_cfg, $storeid); | |
105 | ||
106 | my ($vtype, $name, undef, undef, undef, undef, $format) = | |
107 | PVE::Storage::parse_volname($storage_cfg, $archive); | |
108 | ||
109 | die "got unexpected vtype '$vtype'\n" if $vtype ne 'backup'; | |
110 | ||
111 | die "got unexpected backup format '$format'\n" if $format ne 'pbs-ct'; | |
112 | ||
113 | my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf); | |
114 | my $userns_cmd = PVE::LXC::userns_command($id_map); | |
115 | ||
116 | my $cmd = "restore"; | |
117 | my $param = [$name, "root.pxar", $rootdir, '--allow-existing-dirs']; | |
118 | ||
119 | PVE::Storage::PBSPlugin::run_raw_client_cmd( | |
120 | $scfg, $storeid, $cmd, $param, userns_cmd => $userns_cmd); | |
121 | ||
122 | # if arch is set, we do not try to autodetect it | |
123 | return if defined($conf->{arch}); | |
124 | ||
125 | $conf->{arch} = detect_architecture($rootdir); | |
126 | } | |
127 | ||
128 | sub restore_tar_archive { | |
f9b4407e | 129 | my ($archive, $rootdir, $conf, $no_unpack_error, $bwlimit) = @_; |
5b4657d0 | 130 | |
c6a605f9 | 131 | my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf); |
01dce99b | 132 | my $userns_cmd = PVE::LXC::userns_command($id_map); |
5b4657d0 | 133 | |
07084526 | 134 | my $archive_fh; |
f70a3d47 WB |
135 | my $tar_input = '<&STDIN'; |
136 | my @compression_opt; | |
07084526 | 137 | if ($archive ne '-') { |
f70a3d47 WB |
138 | # GNU tar refuses to autodetect this... *sigh* |
139 | my %compression_map = ( | |
140 | '.gz' => '-z', | |
141 | '.bz2' => '-j', | |
142 | '.xz' => '-J', | |
a3bdf0c9 | 143 | '.lzo' => '--lzop', |
cef90911 | 144 | '.zst' => '--zstd', |
f70a3d47 WB |
145 | ); |
146 | if ($archive =~ /\.tar(\.[^.]+)?$/) { | |
147 | if (defined($1)) { | |
68300601 | 148 | die "unrecognized compression format: $1\n" if !defined($compression_map{$1}); |
539660e2 | 149 | @compression_opt = $compression_map{$1}; |
f70a3d47 WB |
150 | } |
151 | } else { | |
152 | die "file does not look like a template archive: $archive\n"; | |
153 | } | |
07084526 WB |
154 | sysopen($archive_fh, $archive, O_RDONLY) |
155 | or die "failed to open '$archive': $!\n"; | |
07084526 WB |
156 | my $flags = $archive_fh->fcntl(Fcntl::F_GETFD(), 0); |
157 | $archive_fh->fcntl(Fcntl::F_SETFD(), $flags & ~(Fcntl::FD_CLOEXEC())); | |
f70a3d47 | 158 | $tar_input = '<&'.fileno($archive_fh); |
07084526 WB |
159 | } |
160 | ||
f70a3d47 | 161 | my $cmd = [@$userns_cmd, 'tar', 'xpf', '-', @compression_opt, '--totals', |
5fa038ab | 162 | @PVE::Storage::Plugin::COMMON_TAR_FLAGS, |
fc4e132e | 163 | '-C', $rootdir]; |
5b4657d0 | 164 | |
112aeeb4 WB |
165 | # skip-old-files doesn't have anything to do with time (old/new), but is |
166 | # simply -k (annoyingly also called --keep-old-files) without the 'treat | |
167 | # existing files as errors' part... iow. it's bsdtar's interpretation of -k | |
168 | # *sigh*, gnu... | |
169 | push @$cmd, '--skip-old-files'; | |
5b4657d0 DM |
170 | push @$cmd, '--anchored'; |
171 | push @$cmd, '--exclude' , './dev/*'; | |
172 | ||
f9b4407e WB |
173 | if (defined($bwlimit)) { |
174 | $cmd = [ ['cstream', '-t', $bwlimit*1024], $cmd ]; | |
175 | } | |
176 | ||
6034ae50 DM |
177 | if ($archive eq '-') { |
178 | print "extracting archive from STDIN\n"; | |
27916659 | 179 | } else { |
6034ae50 | 180 | print "extracting archive '$archive'\n"; |
27916659 | 181 | } |
f70a3d47 | 182 | eval { PVE::Tools::run_command($cmd, input => $tar_input); }; |
07084526 WB |
183 | my $err = $@; |
184 | close($archive_fh) if defined $archive_fh; | |
185 | die $err if $err && !$no_unpack_error; | |
f31bd6ae DC |
186 | |
187 | # if arch is set, we do not try to autodetect it | |
188 | return if defined($conf->{arch}); | |
189 | ||
fbb31447 | 190 | $conf->{arch} = detect_architecture($rootdir); |
5b4657d0 DM |
191 | } |
192 | ||
f507c3a7 | 193 | sub recover_config { |
12aec1d2 | 194 | my ($storage_cfg, $volid, $vmid) = @_; |
99a0bcb0 DM |
195 | |
196 | my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid, 1); | |
197 | if (defined($storeid)) { | |
198 | my $scfg = PVE::Storage::storage_check_enabled($storage_cfg, $storeid); | |
199 | if ($scfg->{type} eq 'pbs') { | |
12aec1d2 | 200 | return recover_config_from_proxmox_backup($storage_cfg, $volid, $vmid); |
99a0bcb0 DM |
201 | } |
202 | } | |
203 | ||
204 | my $archive = PVE::Storage::abs_filesystem_path($storage_cfg, $volid); | |
12aec1d2 | 205 | recover_config_from_tar($archive, $vmid); |
99a0bcb0 DM |
206 | } |
207 | ||
208 | sub recover_config_from_proxmox_backup { | |
12aec1d2 FG |
209 | my ($storage_cfg, $volid, $vmid) = @_; |
210 | ||
211 | $vmid //= 0; | |
99a0bcb0 DM |
212 | |
213 | my ($storeid, $volname) = PVE::Storage::parse_volume_id($volid); | |
214 | my $scfg = PVE::Storage::storage_config($storage_cfg, $storeid); | |
215 | ||
216 | my ($vtype, $name, undef, undef, undef, undef, $format) = | |
217 | PVE::Storage::parse_volname($storage_cfg, $volid); | |
218 | ||
219 | die "got unexpected vtype '$vtype'\n" if $vtype ne 'backup'; | |
220 | ||
221 | die "got unexpected backup format '$format'\n" if $format ne 'pbs-ct'; | |
222 | ||
223 | my $cmd = "restore"; | |
224 | my $param = [$name, "pct.conf", "-"]; | |
225 | ||
226 | my $raw = ''; | |
227 | my $outfunc = sub { my $line = shift; $raw .= "$line\n"; }; | |
228 | PVE::Storage::PBSPlugin::run_raw_client_cmd( | |
229 | $scfg, $storeid, $cmd, $param, outfunc => $outfunc); | |
230 | ||
12aec1d2 | 231 | my $conf = PVE::LXC::Config::parse_pct_config("/lxc/${vmid}.conf" , $raw); |
99a0bcb0 DM |
232 | |
233 | delete $conf->{snapshots}; | |
234 | ||
235 | my $mp_param = {}; | |
015740e6 | 236 | PVE::LXC::Config->foreach_volume($conf, sub { |
99a0bcb0 DM |
237 | my ($ms, $mountpoint) = @_; |
238 | $mp_param->{$ms} = $conf->{$ms}; | |
239 | }); | |
240 | ||
241 | return wantarray ? ($conf, $mp_param) : $conf; | |
242 | } | |
243 | ||
244 | sub recover_config_from_tar { | |
12aec1d2 | 245 | my ($archive, $vmid) = @_; |
f507c3a7 | 246 | |
0550795a | 247 | my ($raw, $conf_file) = PVE::Storage::extract_vzdump_config_tar($archive, qr!(\./etc/vzdump/(pct|vps)\.conf)$!); |
effa4f43 | 248 | my $conf; |
db18c1e4 | 249 | my $mp_param = {}; |
12aec1d2 | 250 | $vmid //= 0; |
f507c3a7 | 251 | |
27916659 | 252 | if ($conf_file =~ m/pct\.conf/) { |
f507c3a7 | 253 | |
12aec1d2 | 254 | $conf = PVE::LXC::Config::parse_pct_config("/lxc/${vmid}.conf" , $raw); |
f507c3a7 | 255 | |
27916659 | 256 | delete $conf->{snapshots}; |
db18c1e4 | 257 | |
015740e6 | 258 | PVE::LXC::Config->foreach_volume($conf, sub { |
db18c1e4 FG |
259 | my ($ms, $mountpoint) = @_; |
260 | $mp_param->{$ms} = $conf->{$ms}; | |
261 | }); | |
262 | ||
effa4f43 | 263 | } elsif ($conf_file =~ m/vps\.conf/) { |
db18c1e4 FG |
264 | |
265 | ($conf, $mp_param) = PVE::VZDump::ConvertOVZ::convert_ovz($raw); | |
266 | ||
effa4f43 DM |
267 | } else { |
268 | ||
27916659 | 269 | die "internal error"; |
f507c3a7 WL |
270 | } |
271 | ||
db18c1e4 | 272 | return wantarray ? ($conf, $mp_param) : $conf; |
f507c3a7 WL |
273 | } |
274 | ||
51665c2d | 275 | sub restore_configuration { |
99a0bcb0 DM |
276 | my ($vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_; |
277 | ||
3e111b4e | 278 | my ($storeid, $volname) = PVE::Storage::parse_volume_id($archive, 1); |
99a0bcb0 DM |
279 | if (defined($storeid)) { |
280 | my $scfg = PVE::Storage::storage_config($storage_cfg, $storeid); | |
281 | if ($scfg->{type} eq 'pbs') { | |
282 | return restore_configuration_from_proxmox_backup($vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw); | |
283 | } | |
284 | } | |
285 | restore_configuration_from_etc_vzdump($vmid, $rootdir, $conf, $restricted, $unique, $skip_fw); | |
286 | } | |
287 | ||
288 | sub restore_configuration_from_proxmox_backup { | |
289 | my ($vmid, $storage_cfg, $archive, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_; | |
290 | ||
291 | my ($storeid, $volname) = PVE::Storage::parse_volume_id($archive); | |
292 | my $scfg = PVE::Storage::storage_config($storage_cfg, $storeid); | |
293 | ||
294 | my ($vtype, $name, undef, undef, undef, undef, $format) = | |
295 | PVE::Storage::parse_volname($storage_cfg, $archive); | |
296 | ||
12aec1d2 | 297 | my $oldconf = recover_config_from_proxmox_backup($storage_cfg, $archive, $vmid); |
99a0bcb0 DM |
298 | |
299 | sanitize_and_merge_config($conf, $oldconf, $restricted, $unique); | |
300 | ||
301 | my $cmd = "files"; | |
302 | ||
303 | my $list = PVE::Storage::PBSPlugin::run_client_cmd($scfg, $storeid, "files", [$name]); | |
08db7875 | 304 | my $has_fw_conf = grep { $_->{filename} eq 'fw.conf.blob' } @$list; |
99a0bcb0 DM |
305 | |
306 | if ($has_fw_conf) { | |
307 | my $pve_firewall_dir = '/etc/pve/firewall'; | |
308 | my $pct_fwcfg_target = "${pve_firewall_dir}/${vmid}.fw"; | |
309 | if ($skip_fw) { | |
310 | warn "ignoring firewall config from backup archive's 'fw.conf', lacking API permission to modify firewall.\n"; | |
311 | warn "old firewall configuration in '$pct_fwcfg_target' left in place!\n" | |
312 | if -e $pct_fwcfg_target; | |
313 | } else { | |
314 | mkdir $pve_firewall_dir; # make sure the directory exists | |
cda704c8 | 315 | unlink $pct_fwcfg_target; |
99a0bcb0 DM |
316 | |
317 | my $cmd = "restore"; | |
318 | my $param = [$name, "fw.conf", $pct_fwcfg_target]; | |
319 | PVE::Storage::PBSPlugin::run_raw_client_cmd($scfg, $storeid, $cmd, $param); | |
320 | } | |
321 | } | |
322 | } | |
323 | ||
324 | sub sanitize_and_merge_config { | |
325 | my ($conf, $oldconf, $restricted, $unique) = @_; | |
326 | ||
40761075 FE |
327 | my $rpcenv = PVE::RPCEnvironment::get(); |
328 | ||
99a0bcb0 DM |
329 | foreach my $key (keys %$oldconf) { |
330 | next if $key eq 'digest' || $key eq 'rootfs' || $key eq 'snapshots' || $key eq 'unprivileged' || $key eq 'parent'; | |
331 | next if $key =~ /^mp\d+$/; # don't recover mountpoints | |
332 | next if $key =~ /^unused\d+$/; # don't recover unused disks | |
333 | # we know if it was a template in the restore API call and check if the target | |
334 | # storage supports creating a template there | |
335 | next if $key =~ /^template$/; | |
336 | ||
e2ccfd37 DC |
337 | if ($restricted && $key eq 'features' && !$conf->{unprivileged} && $oldconf->{unprivileged}) { |
338 | warn "changing from unprivileged to privileged, skipping features\n"; | |
339 | next; | |
340 | } | |
341 | ||
99a0bcb0 DM |
342 | if ($key eq 'lxc' && $restricted) { |
343 | my $lxc_list = $oldconf->{'lxc'}; | |
40761075 FE |
344 | |
345 | my $msg = "skipping custom lxc options, restore manually as root:\n"; | |
346 | $msg .= "--------------------------------\n"; | |
99a0bcb0 | 347 | foreach my $lxc_opt (@$lxc_list) { |
40761075 | 348 | $msg .= "$lxc_opt->[0]: $lxc_opt->[1]\n" |
99a0bcb0 | 349 | } |
40761075 FE |
350 | $msg .= "--------------------------------"; |
351 | ||
352 | $rpcenv->warn($msg); | |
353 | ||
99a0bcb0 DM |
354 | next; |
355 | } | |
356 | ||
357 | if ($unique && $key =~ /^net\d+$/) { | |
358 | my $net = PVE::LXC::Config->parse_lxc_network($oldconf->{$key}); | |
359 | my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg'); | |
360 | $net->{hwaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix}); | |
361 | $conf->{$key} = PVE::LXC::Config->print_lxc_network($net); | |
362 | next; | |
363 | } | |
364 | $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key}); | |
365 | } | |
366 | } | |
367 | ||
368 | sub restore_configuration_from_etc_vzdump { | |
39170644 | 369 | my ($vmid, $rootdir, $conf, $restricted, $unique, $skip_fw) = @_; |
51665c2d FG |
370 | |
371 | # restore: try to extract configuration from archive | |
372 | ||
373 | my $pct_cfg_fn = "$rootdir/etc/vzdump/pct.conf"; | |
374 | my $pct_fwcfg_fn = "$rootdir/etc/vzdump/pct.fw"; | |
375 | my $ovz_cfg_fn = "$rootdir/etc/vzdump/vps.conf"; | |
376 | if (-f $pct_cfg_fn) { | |
377 | my $raw = PVE::Tools::file_get_contents($pct_cfg_fn); | |
378 | my $oldconf = PVE::LXC::Config::parse_pct_config("/lxc/$vmid.conf", $raw); | |
379 | ||
99a0bcb0 | 380 | sanitize_and_merge_config($conf, $oldconf, $restricted, $unique); |
82bfeccb | 381 | |
51665c2d | 382 | unlink($pct_cfg_fn); |
5b4657d0 | 383 | |
39170644 FG |
384 | # note: this file is possibly from the container itself in backups |
385 | # created prior to pve-container 2.0-40 (PVE 5.x) / 3.0-5 (PVE 6.x) | |
386 | # only copy non-empty, non-symlink files, and only if the user is | |
387 | # allowed to modify the firewall config anyways | |
388 | if (-f $pct_fwcfg_fn && ! -l $pct_fwcfg_fn && -s $pct_fwcfg_fn) { | |
51665c2d | 389 | my $pve_firewall_dir = '/etc/pve/firewall'; |
39170644 FG |
390 | my $pct_fwcfg_target = "${pve_firewall_dir}/${vmid}.fw"; |
391 | if ($skip_fw) { | |
392 | warn "ignoring firewall config from backup archive's '$pct_fwcfg_fn', lacking API permission to modify firewall.\n"; | |
393 | warn "old firewall configuration in '$pct_fwcfg_target' left in place!\n" | |
394 | if -e $pct_fwcfg_target; | |
395 | } else { | |
396 | mkdir $pve_firewall_dir; # make sure the directory exists | |
397 | PVE::Tools::file_copy($pct_fwcfg_fn, $pct_fwcfg_target); | |
398 | } | |
51665c2d | 399 | unlink $pct_fwcfg_fn; |
27916659 | 400 | } |
5b4657d0 | 401 | |
51665c2d FG |
402 | } elsif (-f $ovz_cfg_fn) { |
403 | print "###########################################################\n"; | |
404 | print "Converting OpenVZ configuration to LXC.\n"; | |
405 | print "Please check the configuration and reconfigure the network.\n"; | |
406 | print "###########################################################\n"; | |
148d1cb4 | 407 | |
51665c2d FG |
408 | my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS |
409 | $conf->{ostype} = $lxc_setup->{conf}->{ostype}; | |
410 | my $raw = PVE::Tools::file_get_contents($ovz_cfg_fn); | |
411 | my $oldconf = PVE::VZDump::ConvertOVZ::convert_ovz($raw); | |
412 | foreach my $key (keys %$oldconf) { | |
413 | $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key}); | |
414 | } | |
415 | unlink($ovz_cfg_fn); | |
148d1cb4 | 416 | |
51665c2d FG |
417 | } else { |
418 | print "###########################################################\n"; | |
419 | print "Backup archive does not contain any configuration\n"; | |
420 | print "###########################################################\n"; | |
148d1cb4 | 421 | } |
5b4657d0 DM |
422 | } |
423 | ||
424 | 1; |