]>
git.proxmox.com Git - pve-container.git/blob - src/PVE/LXC/Setup/Debian.pm
1 package PVE
::LXC
::Setup
::Debian
;
6 use PVE
::Tools
qw($IPV6RE);
11 use PVE
::LXC
::Setup
::Base
;
13 use base
qw(PVE::LXC::Setup::Base);
17 my ($class, $conf, $rootdir) = @_;
19 my $version = PVE
::Tools
::file_read_firstline
("$rootdir/etc/debian_version");
21 die "unable to read version info\n" if !defined($version);
23 # translate testing version and os-release incompat derivates names
33 $version = $version_map->{$version} if exists($version_map->{$version});
35 die "unable to parse version info '$version'\n"
36 if $version !~ m/^(\d+(\.\d+)?)(\.\d+)?/;
40 die "unsupported debian version '$version'\n" if !($version >= 4 && $version <= 13);
42 my $self = { conf
=> $conf, rootdir
=> $rootdir, version
=> $version };
44 $conf->{ostype
} = "debian";
46 return bless $self, $class;
49 # Debian doesn't support the /dev/lxc/ subdirectory.
54 my sub at_least
: prototype($$$) {
55 my ($str, $want_maj, $want_min) = @_;
56 return if !defined($str) || !defined($want_maj);
58 my ($maj, $min) = $str =~ /^(\d+)(?:\.(\d+))?/;
59 return if !defined($maj);
61 return $want_maj < $maj || $want_maj == $maj && (
62 (!defined($min) && $want_min == 0) || (defined($min) && $want_min <= $min)
66 my sub setup_inittab
{
67 my ($self, $conf) = @_;
69 my $filename = "/etc/inittab";
70 return if !$self->ct_file_exists($filename);
72 my $ttycount = PVE
::LXC
::Config-
>get_tty_count($conf);
73 my $inittab = $self->ct_file_get_contents($filename);
77 !/^\s*\d+:\d*:[^:]*:.*getty/ &&
80 } split(/\n/, $inittab);
82 $inittab = join("\n", @lines) . "\n";
84 $inittab .= "p0::powerfail:/sbin/init 0\n";
86 my $version = $self->{version
};
87 for (my $id = 1; $id <= $ttycount; $id++) {
88 next if $id == 7; # reserved for X11
89 my $levels = ($id == 1) ?
'2345' : '23';
91 $inittab .= "$id:$levels:respawn:/sbin/getty -L 38400 tty$id\n";
93 $inittab .= "$id:$levels:respawn:/sbin/getty --noclear 38400 tty$id\n";
97 $self->ct_file_set_contents($filename, $inittab);
101 my ($self, $conf) = @_;
103 my $systemd = $self->ct_readlink('/sbin/init');
104 if (defined($systemd) && $systemd =~ m
@/systemd$@) {
105 $self->setup_container_getty_service($conf);
107 my $version = $self->{version
};
108 if (at_least
($version, 12, 0)) {
109 # this only affects the first-boot (if no /etc/machine-id exists).
110 $self->setup_systemd_preset({
111 # systemd-networkd gets enabled by default, disable it, debian uses ifupdown
112 'systemd-networkd.service' => 0,
117 setup_inittab
($self, $conf);
120 sub remove_gateway_scripts
{
122 my $length = scalar(@$attr);
124 my $found_section = 0;
127 if ($_ eq '# --- BEGIN PVE ---') {
130 0; # remove this line
131 } elsif ($_ eq '# --- END PVE ---') {
134 0; # remove this line
140 return if $found_section;
141 # XXX: To deal with existing setups we perform two types of removal for
142 # now. Newly started containers have their routing sections marked with
143 # begin/end comments. For older containers we perform a strict matching on
144 # the routing rules we added. We can probably remove this part at some point
145 # when it is unlikely that old debian setups are still around.
147 for (my $i = 0; $i < $length-3; ++$i) {
148 next if $attr->[$i+0] !~ m
@^\s*post-up\s
+ip\s
+route\s
+add\s
+(\S
+)\s
+dev\s
+(\S
+)$@;
149 my ($ip, $dev) = ($1, $2);
150 if ($attr->[$i+1] =~ m
@^\s*post-up\s
+ip\s
+route\s
+add\s
+default\s
+via\s
+(\S
+)\s
+dev\s
+(\S
+)$@ &&
151 ($ip eq $1 && $dev eq $2) &&
152 $attr->[$i+2] =~ m
@^\s*pre-down\s
+ip\s
+route\s
+del\s
+default\s
+via\s
+(\S
+)\s
+dev\s
+(\S
+)$@ &&
153 ($ip eq $1 && $dev eq $2) &&
154 $attr->[$i+3] =~ m
@^\s*pre-down\s
+ip\s
+route\s
+del\s
+(\S
+)\s
+dev\s
+(\S
+)$@ &&
155 ($ip eq $1 && $dev eq $2))
157 splice @$attr, $i, 4;
164 sub make_gateway_scripts
{
165 my ($ifname, $gw) = @_;
168 \tpost-up ip route add $gw dev $ifname
169 \tpost-up ip route add default via $gw dev $ifname
170 \tpre-down ip route del default via $gw dev $ifname
171 \tpre-down ip route del $gw dev $ifname
176 # NOTE: this is re-used by Alpine Linux, please have that in mind when changing things.
178 my ($self, $conf) = @_;
181 foreach my $k (keys %$conf) {
182 next if $k !~ m/^net(\d+)$/;
184 my $d = PVE
::LXC
::Config-
>parse_lxc_network($conf->{$k});
188 if (defined($d->{ip
})) {
189 if ($d->{ip
} =~ /^(?:dhcp|manual)$/) {
190 $net->{address
} = $d->{ip
};
192 my $ipinfo = PVE
::LXC
::parse_ipv4_cidr
($d->{ip
});
193 $net->{address
} = $ipinfo->{address
};
194 $net->{netmask
} = $ipinfo->{netmask
};
195 $net->{cidr
} = $d->{ip
};
199 if (defined($d->{'gw'})) {
200 $net->{gateway
} = $d->{'gw'};
201 if (defined($cidr) && !PVE
::Network
::is_ip_in_cidr
($d->{gw
}, $cidr, 4)) {
202 # gateway is not reachable, need an extra route
203 $net->{needsroute
} = 1;
207 if (defined($d->{ip6
})) {
208 if ($d->{ip6
} =~ /^(?:auto|dhcp|manual)$/) {
209 $net->{address6
} = $d->{ip6
};
210 } elsif ($d->{ip6
} !~ /^($IPV6RE)\/(\d
+)$/) {
211 die "unable to parse ipv6 address/prefix\n";
213 $net->{address6
} = $1;
214 $net->{netmask6
} = $2;
215 $net->{cidr6
} = $d->{ip6
};
219 if (defined($d->{'gw6'})) {
220 $net->{gateway6
} = $d->{'gw6'};
221 if (defined($cidr) && !PVE
::Network
::is_ip_in_cidr
($d->{gw6
}, $cidr, 6) &&
222 !PVE
::Network
::is_ip_in_cidr
($d->{gw6
}, 'fe80::/10', 6)) {
223 # gateway is not reachable, need an extra route
224 $net->{needsroute6
} = 1;
227 $networks->{$d->{name
}} = $net if keys %$net;
231 return if !scalar(keys %$networks);
233 my $filename = "/etc/network/interfaces";
239 my $done_v4_hash = {};
240 my $done_v6_hash = {};
242 my ($os, $version) = ($conf->{ostype
}, $self->{version
});
243 my $print_section = sub {
246 my $ifname = $section->{ifname
};
247 my $net = $networks->{$ifname};
249 if (!$done_auto->{$ifname}) {
250 $interfaces .= "auto $ifname\n";
251 $done_auto->{$ifname} = 1;
254 if ($section->{type
} eq 'ipv4') {
255 $done_v4_hash->{$ifname} = 1;
257 if (!defined($net->{address
})) {
258 # no address => no iface line
259 } elsif ($net->{address
} =~ /^(dhcp|manual)$/) {
260 $interfaces .= "iface $ifname inet $1\n\n";
262 $interfaces .= "iface $ifname inet static\n";
263 if ($os eq "debian" && at_least
($version, 10, 0)
264 || $os eq "alpine" && at_least
($version, 3, 13)
266 $interfaces .= "\taddress $net->{cidr}\n" if defined($net->{cidr
});
268 $interfaces .= "\taddress $net->{address}\n" if defined($net->{address
});
269 $interfaces .= "\tnetmask $net->{netmask}\n" if defined($net->{netmask
});
271 remove_gateway_scripts
($section->{attr
});
272 if (defined(my $gw = $net->{gateway
})) {
273 if ($net->{needsroute
}) {
274 $interfaces .= make_gateway_scripts
($ifname, $gw);
276 $interfaces .= "\tgateway $gw\n";
279 foreach my $attr (@{$section->{attr
}}) {
280 $interfaces .= "\t$attr\n";
284 } elsif ($section->{type
} eq 'ipv6') {
285 $done_v6_hash->{$ifname} = 1;
287 if (!defined($net->{address6
})) {
288 # no address => no iface line
289 } elsif ($net->{address6
} =~ /^(auto|dhcp|manual)$/) {
290 $interfaces .= "iface $ifname inet6 $1\n\n";
292 $interfaces .= "iface $ifname inet6 static\n";
293 if ($os eq "debian" && at_least
($version, 10, 0)
294 || $os eq "alpine" && at_least
($version, 3, 13)
296 $interfaces .= "\taddress $net->{cidr6}\n" if defined($net->{cidr6
});
298 $interfaces .= "\taddress $net->{address6}\n" if defined($net->{address6
});
299 $interfaces .= "\tnetmask $net->{netmask6}\n" if defined($net->{netmask6
});
301 remove_gateway_scripts
($section->{attr
});
302 if (defined(my $gw = $net->{gateway6
})) {
303 if ($net->{needsroute6
}) {
304 $interfaces .= make_gateway_scripts
($ifname, $gw);
306 $interfaces .= "\tgateway $net->{gateway6}\n" if defined($net->{gateway6
});
309 foreach my $attr (@{$section->{attr
}}) {
310 $interfaces .= "\t$attr\n";
315 die "unknown section type '$section->{type}'";
321 if (my $fh = $self->ct_open_file_read($filename)) {
322 while (defined (my $line = <$fh>)) {
324 if ($line =~ m/^# --- (?:BEGIN|END) PVE ---/) {
325 # Include markers in the attribute section so
326 # remove_gateway_scripts() can find them.
327 push @{$section->{attr
}}, $line if $section;
330 if ($line =~ m/^#/) {
331 $interfaces .= "$line\n";
334 if ($line =~ m/^\s*$/) {
338 $interfaces .= "$line\n";
342 if ($line =~ m/^\s*iface\s+(\S+)\s+inet\s+(\S+)\s*$/) {
344 &$print_section(); # print previous section
345 if (!$networks->{$ifname}) {
346 $interfaces .= "$line\n";
349 $section = { type
=> 'ipv4', ifname
=> $ifname, attr
=> []};
352 if ($line =~ m/^\s*iface\s+(\S+)\s+inet6\s+(\S+)\s*$/) {
354 &$print_section(); # print previous section
355 if (!$networks->{$ifname}) {
356 $interfaces .= "$line\n";
359 $section = { type
=> 'ipv6', ifname
=> $ifname, attr
=> []};
363 if ($line =~ m/^\s*auto\s*(.*)$/) {
364 foreach my $iface (split(/\s+/, $1)) {
365 $done_auto->{$iface} = 1;
368 $interfaces .= "$line\n";
371 # Handle other section delimiters:
372 if ($line =~ m
/^\s
*(?
:mapping\s
378 $interfaces .= "$line\n";
381 if ($section && $line =~ m/^\s*((\S+)\s(.*))$/) {
382 my ($adata, $aname) = ($1, $2);
383 if ($aname eq 'address' || $aname eq 'netmask' ||
384 $aname eq 'gateway' || $aname eq 'broadcast') {
387 push @{$section->{attr
}}, $adata;
392 $interfaces .= "$line\n";
397 my $need_separator = length($interfaces) && ($interfaces !~ /\n\n$/);
398 foreach my $ifname (sort keys %$networks) {
399 my $net = $networks->{$ifname};
401 if (!$done_v4_hash->{$ifname} && defined($net->{address
})) {
402 if ($need_separator) { $interfaces .= "\n"; $need_separator = 0; };
403 $section = { type
=> 'ipv4', ifname
=> $ifname, attr
=> []};
406 if (!$done_v6_hash->{$ifname} && defined($net->{address6
})) {
407 if ($need_separator) { $interfaces .= "\n"; $need_separator = 0; };
408 $section = { type
=> 'ipv6', ifname
=> $ifname, attr
=> []};
413 # older templates (< Debian 8) do not configure the loopback interface
414 # if not explicitly told to do so
415 if (!$done_auto->{lo
}) {
416 $interfaces = "auto lo\niface lo inet loopback\n" .
417 "iface lo inet6 loopback\n\n" .
421 $self->ct_file_set_contents($filename, $interfaces);
projects / pve-container.git / blob