use BEGIN/END markers for gateway scripts

remove_gateway_scripts() for debian containers can easily
match user-created scripts since it's not strict enough,
which now that we always clean up gateways appears to be an
issue for some.

To deal with this we update this portion to also use
BEGIN/END markers like we did with other files. (Note that
this means we explicitly include the BEGIN/END comment lines
in the 'attribute' list while parsing sections.)

In order to not break existing container configurations we
now remove either a begin/end marked section in
remove_gateway_scripts(), or if none was found fall back to
a much stricter variant of the old matching algorithm which
only triggers if the gateway setup lines are complete and
unmodified.

diff --git a/debian/changelog b/debian/changelog
index df2d14fd660c7764570e35075796b97a948b8566..93df673deca75f829359e096af00d45851dacb7d 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ pve-container (1.0-66) unstable; urgency=medium
 
   * Setup: add gentoo support
 
+  * Setup/Debian.pm: use BEGIN/END markers for gateway scripts
+
  -- Proxmox Support Team <support@proxmox.com>  Mon, 23 May 2016 07:04:53 +0200
 
 pve-container (1.0-65) unstable; urgency=medium

diff --git a/src/PVE/LXC/Setup/Debian.pm b/src/PVE/LXC/Setup/Debian.pm
index c6b299816d1396ab8058b2e4e76a8c499ffabc8f..e927c37c19042abaa72f2b7be5b720c25b9e6c57 100644 (file)
--- a/src/PVE/LXC/Setup/Debian.pm
+++ b/src/PVE/LXC/Setup/Debian.pm
@@ -79,32 +79,43 @@ sub setup_init {
 sub remove_gateway_scripts {
     my ($attr) = @_;
     my $length = scalar(@$attr);
-    for (my $i = 0; $i < $length; ++$i) {
-       my $a = $attr->[$i];
-       if ($a =~ m@^\s*post-up\s+.*route.*add.*default.*(?:gw|via)\s+(\S+)@) {
-           my $gw = $1;
-           if ($i > 0 && $attr->[$i-1] =~ m@^\s*post-up\s+.*route.*add.*\Q$1\E@) {
-               --$i;
-               splice @$attr, $i, 2;
-               $length -= 2;
-           } else {
-               splice @$attr, $i, 1;
-               $length -= 1;
-           }
-           --$i;
-           next;
+
+    my $found_section = 0;
+    my $keep = 1;
+    @$attr = grep {
+       if ($_ eq '# --- BEGIN PVE ---') {
+           $found_section = 1;
+           $keep = 0;
+           0; # remove this line
+       } elsif ($_ eq '# --- END PVE ---') {
+           $found_section = 1;
+           $keep = 1;
+           0; # remove this line
+       } else {
+           $keep;
        }
-       if ($a =~ m@^\s*pre-down\s+.*route.*del.*default.*(?:gw|via)\s+(\S+)@) {
-           my $gw = $1;
-           if ($attr->[$i+1] =~ m@^\s*pre-down\s+.*route.*del.*\Q$1\E@) {
-               splice @$attr, $i, 2;
-               $length -= 2;
-           } else {
-               splice @$attr, $i, 1;
-               $length -= 1;
-           }
+    } @$attr;
+
+    return if $found_section;
+    # XXX: To deal with existing setups we perform two types of removal for
+    # now. Newly started containers have their routing sections marked with
+    # begin/end comments. For older containers we perform a strict matching on
+    # the routing rules we added. We can probably remove this part at some point
+    # when it is unlikely that old debian setups are still around.
+
+    for (my $i = 0; $i < $length-3; ++$i) {
+       next if $attr->[$i+0] !~ m@^\s*post-up\s+ip\s+route\s+add\s+(\S+)\s+dev\s+(\S+)$@;
+       my ($ip, $dev) = ($1, $2);
+       if ($attr->[$i+1] =~ m@^\s*post-up\s+ip\s+route\s+add\s+default\s+via\s+(\S+)\s+dev\s+(\S+)$@ &&
+           ($ip eq $1 && $dev eq $2) &&
+           $attr->[$i+2] =~ m@^\s*pre-down\s+ip\s+route\s+del\s+default\s+via\s+(\S+)\s+dev\s+(\S+)$@ &&
+           ($ip eq $1 && $dev eq $2) &&
+           $attr->[$i+3] =~ m@^\s*pre-down\s+ip\s+route\s+del\s+(\S+)\s+dev\s+(\S+)$@ &&
+           ($ip eq $1 && $dev eq $2))
+       {
+           splice @$attr, $i, 4;
+           $length -= 4;
            --$i;
-           next;
        }
     }
 }
@@ -112,10 +123,12 @@ sub remove_gateway_scripts {
 sub make_gateway_scripts {
     my ($ifname, $gw) = @_;
     return <<"SCRIPTS";
+# --- BEGIN PVE ---
 \tpost-up ip route add $gw dev $ifname
 \tpost-up ip route add default via $gw dev $ifname
 \tpre-down ip route del default via $gw dev $ifname
 \tpre-down ip route del $gw dev $ifname
+# --- END PVE ---
 SCRIPTS
 }
 
@@ -251,6 +264,12 @@ sub setup_network {
     if (my $fh = $self->ct_open_file_read($filename)) {
        while (defined (my $line = <$fh>)) {
            chomp $line;
+           if ($line =~ m/^# --- (?:BEGIN|END) PVE ---/) {
+               # Include markers in the attribute section so
+               # remove_gateway_scripts() can find them.
+               push @{$section->{attr}}, $line if $section;
+               next;
+           }
            if ($line =~ m/^#/) {
                $interfaces .= "$line\n";
                next;

diff --git a/src/test/test-debian-012/etc/network/interfaces.exp b/src/test/test-debian-012/etc/network/interfaces.exp
index 4ce4e16dc7a93688c80cc6461d4f0512a2890211..3efa7776e743385956054dbcf81a763bf57eb11d 100644 (file)
--- a/src/test/test-debian-012/etc/network/interfaces.exp
+++ b/src/test/test-debian-012/etc/network/interfaces.exp
@@ -5,19 +5,23 @@ auto eth0
 iface eth0 inet static
        address 10.0.0.100
        netmask 255.255.255.255
+# --- BEGIN PVE ---
        post-up ip route add 11.0.0.1 dev eth0
        post-up ip route add default via 11.0.0.1 dev eth0
        pre-down ip route del default via 11.0.0.1 dev eth0
        pre-down ip route del 11.0.0.1 dev eth0
+# --- END PVE ---
 
 auto eth1
 iface eth1 inet6 static
        address fc00::1
        netmask 64
+# --- BEGIN PVE ---
        post-up ip route add fc00:1::ff dev eth1
        post-up ip route add default via fc00:1::ff dev eth1
        pre-down ip route del default via fc00:1::ff dev eth1
        pre-down ip route del fc00:1::ff dev eth1
+# --- END PVE ---
 
 auto eth2
 iface eth2 inet6 static

diff --git a/src/test/test-debian-014/config b/src/test/test-debian-014/config
index 8f09fd89d86182209b3c989752a27004aa756938..a433a9c7bc79c0062bb7e22d48d6a45799be2e54 100644 (file)
--- a/src/test/test-debian-014/config
+++ b/src/test/test-debian-014/config
@@ -1 +1,4 @@
 hostname: test9
+net0: name=eth0,hwaddr=11:22:33:44:55:66,bridge=vmbr0,ip=10.0.0.100/32,gw=11.0.0.1
+net1: name=eth1,hwaddr=22:33:44:55:66:77,bridge=vmbr1,ip6=fc00::1/64,gw6=fc00:1::ff
+net2: name=eth2,hwaddr=33:44:55:66:77:88,bridge=vmbr2,ip=192.168.0.1/24

diff --git a/src/test/test-debian-014/etc/hosts.exp b/src/test/test-debian-014/etc/hosts.exp
index ac7ee16f52f545b81e9217c7a215f282445e525d..0ae8ca15accb45439065e80e7756940d6c1d5de7 100644 (file)
--- a/src/test/test-debian-014/etc/hosts.exp
+++ b/src/test/test-debian-014/etc/hosts.exp
@@ -1,5 +1,5 @@
 # --- BEGIN PVE ---
 127.0.0.1 localhost.localnet localhost
 ::1 localhost.localnet localhost
-127.0.1.1 test9
+10.0.0.100 test9.proxmox.com test9
 # --- END PVE ---

diff --git a/src/test/test-debian-014/etc/network/interfaces b/src/test/test-debian-014/etc/network/interfaces
new file mode 100644 (file)
index 0000000..e53e80f
--- /dev/null
+++ b/src/test/test-debian-014/etc/network/interfaces
@@ -0,0 +1,29 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+       address 10.0.0.100
+       netmask 255.255.255.255
+       post-up ip route add 11.0.0.1 dev eth0
+       post-up ip route add default via 11.0.0.1 dev eth0
+       pre-down ip route del default via 11.0.0.1 dev eth0
+       pre-down ip route del 11.0.0.1 dev eth0
+
+auto eth1
+iface eth1 inet6 static
+       address fc00::1
+       netmask 64
+       post-up ip route add fc00:1::ff/64 dev eth1
+       post-up ip route add default via fc00:1::ff dev eth1
+       pre-down ip route del default via fc00:1::ff/64 dev eth1
+       pre-down ip route del fc00:1::ff dev eth1
+
+auto eth2
+iface eth2 inet static
+       address 192.168.0.1
+       netmask 255.255.255.0
+       post-up ip route add 192.168.1.1 dev eth2 table internal
+       post-up ip route add default via 192.168.1.1 dev eth2 table internal
+       pre-down ip rule add from 192.168.0.128/25 table internal
+       pre-down ip rule add to 192.168.0.128/25 table internal

diff --git a/src/test/test-debian-014/etc/network/interfaces.exp b/src/test/test-debian-014/etc/network/interfaces.exp
new file mode 100644 (file)
index 0000000..cadd621
--- /dev/null
+++ b/src/test/test-debian-014/etc/network/interfaces.exp
@@ -0,0 +1,38 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+       address 10.0.0.100
+       netmask 255.255.255.255
+# --- BEGIN PVE ---
+       post-up ip route add 11.0.0.1 dev eth0
+       post-up ip route add default via 11.0.0.1 dev eth0
+       pre-down ip route del default via 11.0.0.1 dev eth0
+       pre-down ip route del 11.0.0.1 dev eth0
+# --- END PVE ---
+
+auto eth1
+iface eth1 inet6 static
+       address fc00::1
+       netmask 64
+# --- BEGIN PVE ---
+       post-up ip route add fc00:1::ff dev eth1
+       post-up ip route add default via fc00:1::ff dev eth1
+       pre-down ip route del default via fc00:1::ff dev eth1
+       pre-down ip route del fc00:1::ff dev eth1
+# --- END PVE ---
+       post-up ip route add fc00:1::ff/64 dev eth1
+       post-up ip route add default via fc00:1::ff dev eth1
+       pre-down ip route del default via fc00:1::ff/64 dev eth1
+       pre-down ip route del fc00:1::ff dev eth1
+
+auto eth2
+iface eth2 inet static
+       address 192.168.0.1
+       netmask 255.255.255.0
+       post-up ip route add 192.168.1.1 dev eth2 table internal
+       post-up ip route add default via 192.168.1.1 dev eth2 table internal
+       pre-down ip rule add from 192.168.0.128/25 table internal
+       pre-down ip rule add to 192.168.0.128/25 table internal
+