src/lxc-pve-mount-hook

   1 #!/usr/bin/perl
   2
   3 use strict;
   4 use warnings;
   5
   6 exit 0 if $ENV{LXC_NAME} && $ENV{LXC_NAME} !~ /^\d+$/;
   7
   8 use POSIX;
   9 use File::Path;
  10
  11 use PVE::SafeSyslog;
  12 use PVE::Tools;
  13 use PVE::Cluster;
  14 use PVE::RPCEnvironment;
  15 use PVE::JSONSchema qw(get_standard_option);
  16 use PVE::CLIHandler;
  17 use PVE::Storage;
  18 use PVE::LXC;
  19 use PVE::LXC::Setup;
  20 use Data::Dumper;
  21
  22 use base qw(PVE::CLIHandler);
  23
  24 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
  25
  26 initlog ('lxc-pve-mount-hook');
  27
  28 die "please run as root\n" if $> != 0;
  29
  30 my $rpcenv = PVE::RPCEnvironment->init('cli');
  31 $rpcenv->set_language($ENV{LANG});
  32 $rpcenv->set_user('root@pam');
  33
  34 # we cannot use cfs_read here (permission problem)
  35 # $rpcenv->init_request();
  36 # PVE::INotify::nodename() also returns wrong value!
  37
  38 __PACKAGE__->register_method ({
  39     name => 'lxc-pve-mount-hook',
  40     path => 'lxc-pve-mount-hook',
  41     method => 'GET',
  42     description => "Create a new container root directory.",
  43     parameters => {
  44         additionalProperties => 0,
  45         properties => {
  46             name => {
  47                 description => "The container name. This hook is only active for containers using numeric IDs, where configuration is stored on /etc/pve/lxc/<name>.conf (else it is just a NOP).",
  48                 type => 'string',
  49                 pattern => '\S+',
  50                 maxLength => 64,
  51             },
  52             path => {
  53                 description => "The path to the container configuration directory (LXC internal argument - do not pass manually!).",
  54                 type => 'string',
  55             },
  56             rootfs => {
  57                 description => "The path to the container's rootfs (LXC internal argument - do not pass manually!)",
  58                 type => 'string',
  59             },
  60         },
  61     },
  62     returns => { type => 'null' },
  63
  64     code => sub {
  65         my ($param) = @_;
  66
  67         my $private = $param->{rootfs};
  68
  69         return undef if $param->{name} !~ m/^\d+$/;
  70
  71         my $vmid = $param->{name};
  72
  73         # Note: PVE::INotify::nodename() returns wrong value when run
  74         # inside container mount hook, so we cannot simply
  75         # use PVE::LXC::load_conf().
  76
  77         my $config_filename = "/etc/pve/lxc/$param->{name}.conf";
  78
  79         return undef if ! -f $config_filename;
  80
  81         my $raw = PVE::Tools::file_get_contents($config_filename);
  82         my $conf = PVE::LXC::parse_pct_config($config_filename, $raw);
  83
  84         my $rootdir = $ENV{LXC_ROOTFS_MOUNT};
  85
  86         # Note: PVE::Storage::config() does not work here
  87         my $fn = "/etc/pve/storage.cfg";
  88         $raw = -f $fn ? PVE::Tools::file_get_contents($fn) : '';
  89         my $storage_cfg = PVE::Storage::Plugin->parse_config($fn, $raw);
  90
  91         my $bdevs = PVE::LXC::blockdevices_list();
  92
  93         my $setup_mountpoint = sub {
  94             my ($ms, $mountpoint) = @_;
  95
  96             return if $ms eq 'rootfs';
  97             PVE::LXC::mountpoint_mount($mountpoint, $rootdir, $storage_cfg);
  98         };
  99
 100         my $setup_cgroup_device = sub {
 101             my ($ms, $mountpoint) = @_;
 102
 103             my $volid = $mountpoint->{volume};
 104             return if !$volid || $volid =~ m|^/dev/.+|;
 105
 106             my $path = PVE::LXC::mountpoint_mount_path($mountpoint, $storage_cfg);
 107
 108             if (-l $path) {
 109                 $path = readlink($path);
 110                 $path =~ s/\.\.\/\.\.\//\/dev\//;
 111             }
 112
 113             if ($bdevs->{$path}) {
 114                 PVE::Tools::run_command(['mknod', '-m', '666', "$rootdir$path", 'b',  $bdevs->{$path}->{major}, $bdevs->{$path}->{minor}]);
 115                 PVE::LXC::write_cgroup_value("devices", $vmid, "devices.allow", "b $bdevs->{$path}->{major}:$bdevs->{$path}->{minor} rwm");
 116             }
 117         };
 118
 119         PVE::LXC::foreach_mountpoint($conf, $setup_mountpoint);
 120
 121         PVE::LXC::foreach_mountpoint($conf, $setup_cgroup_device);
 122
 123         my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir);
 124         $lxc_setup->pre_start_hook();
 125
 126         return undef;
 127     }});
 128
 129
 130 push @ARGV, 'help' if !scalar(@ARGV);
 131
 132 my $param = {};
 133
 134 if ((scalar(@ARGV) == 1) && ($ARGV[0] eq 'printmanpod') ||
 135     ($ARGV[0] eq 'verifyapi')) {
 136     # OK
 137 } elsif ((scalar(@ARGV) == 3) && ($ARGV[1] eq 'lxc') && ($ARGV[2] eq 'mount')) {
 138     $param->{name} = $ENV{'LXC_NAME'};
 139     die "got wrong name" if $param->{name} ne $ARGV[0];
 140
 141     $param->{path} = $ENV{'LXC_CONFIG_FILE'};
 142     $param->{rootfs} = $ENV{'LXC_ROOTFS_PATH'};
 143     @ARGV = ();
 144 } else {
 145     @ARGV = ('help');
 146 }
 147
 148 my $cmddef = [ __PACKAGE__, 'lxc-pve-mount-hook', [], $param];
 149
 150 PVE::CLIHandler::handle_simple_cmd($cmddef, \@ARGV, undef, $0);
 151
 152 exit 0;
 153
 154 __END__
 155
 156 =head1 NAME
 157
 158 lxc-pve - LXC mount hook for Proxmox VE
 159
 160 =head1 SYNOPSIS
 161
 162 =include synopsis
 163
 164 =head1 DESCRIPTION
 165
 166 This mount hook sets the network and hostname for pve container.
 167
 168 =head1 SEE ALSO
 169
 170 lct(1)
 171
 172 =include pve_copyright