alpine: setup net: pass whole config to parent method
We expected the whole $conf to be passed in a call to setup_network,
a bit ago it worked if their where only the netX keys present, for
some plugin that still is the case.
But, in the Debian version, reused by Alpine, we now check if the CT
distro version is recent enough to support (or need) the address in
CIDR format.
So, at least "ostype" needs to be passed to, else we get ugly
warnings in the syslog (or the recently added --debug log CLI switch)
Just pass the whole config, the setup_network method need to cope
with that anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
commit 797e12e8a5df246d8afc53b045e632977cdf0088 got rid of our "just
bind-mount the root /dev to the CT temporarily for some stuff" for
good a while ago (2015), but creating the /dev directory in the CT
root was kept, from what I can tell, by mistake.
This can be a problem if, whyever, the CT rootfs is not mounted, as
we then break a future mount as we create this /dev directory inside
what would be the CTs rootfs mount point. It is then not empty
anymore and a normal mount cannot happen, failing with "directory is
not empty"
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Since it was necessary to switch to 'Type=Simple' in the systemd
service, see 545d6f0a13ac2bf3a8d3f224c19c0e0def12116d,
'systemctl start' would not wait for the 'lxc-start' command anymore.
Thus every container start was reported as a success and the 'post-start'
hook would trigger immediately after the 'systemctl start' command.
Use the monitor socket to get the necessary information and detect
startup failure, and only run the 'post-start' hookscript after
the container is effectively running. If something goes wrong
with the monitor socket, for example if lxc-monitord is not running,
fall back to the old behavior.
currently all volumes for a container are activated in the pre-start hook,
which runs in a separate mount namespace (lxc.monitor.unshare is set to 1
in our container config). This leads to problems with ZFS:
* if a pool is imported by this call the filesystems are mounted only inside
the containers mount namespace
by running the volume activation inside vm_start, right before starting the
container via systemctl the volume activation happens before the unshare.
The other site where a container is started via systemctl is in
'pve-container-stop-wrapper' when a container is rebooted from the inside:
By activating the volumes in 'lxc-pve-poststop-hook' we avoid to try starting
a container with an inactive volume (LVM, kRBD), occuring when having a
mp-addtion pending during such a reboot
Starting a container manually using lxc-start is usually done for obtaining
debug-logs (after starting failed with our tooling) - so the potential for
regression in that case should also be small.
Thomas Lamprecht [Mon, 13 Jul 2020 16:07:33 +0000 (18:07 +0200)]
vzdump: rsync: make less verbose
most of that info we get is just plain noise, which adds 15 lines per
sync, so 30 total! Instead just pull out the total transfer info,
i.e., the delta which should be full CT size in the first sync and
the dirty delta in the second.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Oguz Bektas [Thu, 2 Jul 2020 10:10:23 +0000 (12:10 +0200)]
fix #2820: don't hotplug over existing mpX
check if the given mpX already exists in the config. if it does, then
skip hotplugging and write the changes to [pve:pending] for the next
reboot of CT.
after rebooting the CT, the preexisting mpX will be added as unused and
the mpX will be mounted.
starting with version 0.8.35 of ifupdown (shipped currently with buster)
the configuration using a separate 'netmask' line instead of providing the
cidr in the 'address' line of a interface stanza of /etc/network/interfaces
is deprecated.
This means that some software installed on newer debian versions, which
parses /etc/network/interfaces may not support the format currently written
by PVE::LXC::Setup::Debian::setup_network.
This patch changes the content of the generated file to use the newer format
only for newer versions of debian (alpine, older ubuntu versions and devuan
also rely on the sub to generate the network config)
caught by installing proxmox-backup-server on a debian buster container and
getting a parse-error in the network configuration tab in the GUI.
tested by creating a ubuntu-14.04, debian-6, debian-8 and a debian-10
container and checking the resulting /etc/network/interfaces.
The stop-mode case only worked by luck as then $snapdir == $rootdir.
But for snapshots we rsync over a clean state to a separate
directory, so this has to be used as base for the backup (just like
tar does).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Aaron Lauterer [Mon, 22 Jun 2020 14:34:38 +0000 (16:34 +0200)]
vzdump: move include logic for mountpoints to method
Move the logic which mountpoints are included in the backup job to its
own method and adapt the VZDump code accordingly. This makes it possible
to develop other features around backup jobs.
Oguz Bektas [Thu, 18 Jun 2020 14:42:55 +0000 (16:42 +0200)]
fix #2778: use vm_start instead of systemctl to start/restart container
when a backup task in 'stop' mode is executed, VZDump calls 'start_vm'
sub instead of 'PVE::LXC::vm_start'.
'start_vm' however does not follow our regular process but instead uses
systemctl to start the container, which results in the guest hookscripts
not being executed in 'pre-start' and 'post-start'.
to call the hooks correctly we can just make use of the
PVE::LXC::vm_start routine which already handles them.
Arnout Engelen [Thu, 28 May 2020 20:18:46 +0000 (20:18 +0000)]
lxc: fall back to 'unmanaged' when no OS detected
This is useful when the uploaded CT does not contain a full OS. When the
autodetection detects an OS, that OS is returned. When it does not
successfully detect a supported OS, but /etc/os-release exists and has an ID
other than 'unmanaged', then the setup fails.
Fabian Ebner [Tue, 5 May 2020 08:27:15 +0000 (10:27 +0200)]
create_vm: avoid premature write_config caused by update_pct_config
by moving the write_config calls from vmconfig_*_pending to their
call sites. The single other call site for update_pct_config in
update_vm is also adapted.
The update_pct_config call lead to a write_config call and so the
configuration file was created before it was intended to be created.
When the CFS is updated in between the write_config call and the
PVE::Cluster::check_vmid_unused call in create_and_lock_config,
the container file would already exist and so creation would
fail after writing out a basically empty config.
Even worse, a race was possible for two containers created with the
same ID at the same time:
Assuming the initial PVE::Cluster::check_vmid_unused check in the
parameter verification passes for both create_vm calls, the later one
would potentially overwrite the earlier configuration file with its
update_pct_config call.
Additionally, the file read for $old_config was always the one written
by update_pct_config. Meaning that for a create_vm call with force=1,
already existing old volumes were not removed.
When creating an unprivileged container with CentOS 6 (which will be EOL in
Nov 2020 [0]) the console does not work.
The problem is mitigated by adding the --nohangup argument to the mingetty
invocations during bootup (in /etc/init/tty.conf).
The idea for the fix is based on the legacy template builder-scripts from
lxc:
https://github.com/lxc/lxc-templates/blob/master/templates/lxc-centos.in#L308
Since '/etc/init/tty.conf' is only written during container creation/restore
and since it is guarded to CentOS versions < 7, the potential for regression
should be rather small.
Tested by creating an unprivileged and a privileged CentOS6 container and
with nesting enabled and disabled for both - the console showed up in
all cases with this fix.
And use StandardOutput/Error=null, so we can use
`Type=simple`. Because using `Type=forking` has become more
difficult with systemd & upstream lxc's cgroup layout
changes. This seems to be the path of least resistance.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>