Adjust snapshot_create and snapshot_prepare signatures
Add new save_vmstate parameter to snapshot_create and
snapshot_prepare, like in QemuServer.pm
Also make snapshot_prepare and snapshot_commit proper subs.
Add unused volumes for changed mpX and rootfs, not only for
deleted mpX.
Add check before adding to unused volumes in order to
prevent false entries (which could lead to deletion of still
used volumes!)
Since busybox' current default DHCPv6 client is unfinished
and alpine currently doesn't handle a 'dhcp' interface type
in its /etc/network/interfaces and bails out when
configuring the network with a broken config we have to make
sure we don't pass this on to debian's setup_network.
Unfortunately a warning at this point would only be visible
when creating a container because at this point no warning
makes it to the console/UI (and errors would be hidden
because the setup runs in our lxc prestart hook).
Factored the bind-mounting into a bindmount() function since
we don't want to leave a writable bind-mount behind if the
read-only remount fails.
The read-only flag is now also removed from the initial
mount flags and is added only for the remount command and is
added separately the non-bind mounts.
snapshot: replace global sync with a namespace sync
snapshot_create() called did a global 'sync' after freeze()
which syncs everything including all other containers and
the host. So if you want to snapshot container A while
container B tries to write to a broken NFS mount the
snapshot will hang in that sync call.
Instead we now enter the container's mount namespace and do
a syncfs() on all of its mountpoints.
quotactl(2) requires a path to the device node to work which
means we need to expose them to the container, luckily it
doesn't need r/w access to the device. Also, loop devices
will not detach from the images anymore with them being
still mounted in the monitor's mount namespace (which is
unshared from the host to prevent accidental unmounts via
lxc.monitor.unshare).
Note that quota manipulation currently does not work with
unprivileged containers.
Set unfreeze before trying to freeze, otherwise an aborted
or failed lxc-freeze will not be reversed by our error
handling, leaving the container in a (partially) frozen
state.
Make snapshot_create failure handling more resembling
to the QemuServer codebase and prepare for future code
convergence:
* use $drivehash parameter in snapshot_delete to bypass
check_lock() and delete config lock
* call $snapshot_commit last, it's only needed now if
there were no errors
Since VZDump was the only user of lock_aquire and
lock_release, and does not actually need this split,
we can drop lock_aquire and lock_release.
Since lock_file_full in PVE::Tools now uses the same
refcounting implementation that lock_aquire/release
had, lock_container can simply wrap lock_file_full.
Dominik Csapak [Thu, 4 Feb 2016 12:40:15 +0000 (13:40 +0100)]
improve mountpoint parsing
changes from v1:
renamed function to verify_*
added check for ../ at the beginning
cleaned up regex (\.)? -> \.?
currently we sanitize mountpoints with sanitize_mountpoint, which
tries to remove dots, double-dots and multiple slashes, but it does it
not correctly (e.g. /test/././ gets truncated to /test./ )
instead of trying to truncate the path, we create a format for mp strings
which throws an error if /./ or /../ exist (also /. and /.. at the end or
../ at the beginning) since there should be no valid use for these in
mountpoint paths anyway
with the new behaviour, we don't need sanitize_mountpoint anymore:
Since lxc.autodev defaults to 1, LXC will mount /dev as
tmpfs an populate it. The removed code was unnecessary,
since the device node was not accessable in the container
anyway. A /dev mountpoint is mounted into the rootfs and
accessable under its mountpoint, even if there is no
associated /dev node in the container.
To make matters worse, there was no cleanup for this device
node, which made all but the first boot of containers with
a configured /dev mountpoint fail until the host itself was
rebooted.
Since the memory cgroup has a memory and a "total" value
depending on whether you're increasing or decreasing the
values you have to set then in a working order. (Eg. you
can't reduce the total amount to less than the swap limit
or grow the swap limit to more than the total one.)
Like with qemu the root user can use -skiplock with 'pct
start' and 'pct stop'.
This does not alter the container's lxc config, instead we
pass PVE_SKIPLOCK=1 via the environment which will be seen
from the prestart hook but not from inside the container.
At this point the underlying file has already been
successfully resized which means it makes sense to refelct
that change in the config, but the guest will not see the
effect of it, however, a subsequent resize command will
further increase the size relative to the 'new' size, so
after such an error the best option is to manually deal with
the error and perform the necessary resize steps.
Fix #881: uninitialized value on valid lxc.cgroup keys
We have no lxc.cgroup.* keys in $valid_lxc_conf_keys so they
and unknown keys showed an uninitialized value warning for
the new 'eq' operation.
This also avoids the second hash access.
Correctly update parent relations in config file upon snapshot removal.
Previously, only the parent of the current state was updated/removed,
which led to broken parent relations if any snapshot other then the
immediate parent of the current snapshot was removed. To fix this,
the parent relation of all children snapshots of the removed snapshot
are updated/removed as well.
Based on code in qemu-server/PVE/QemuServer.pm and parts
of a patch by Gerrit Venema <gmoniker at gmail.com>
Instead of holding the flock for the whole backup operation,
release it at the end of prepare(), and use
lock_container() to remove a potential 'backup' lock
from the config file when the backup is finished.
Wolfgang Link [Fri, 15 Jan 2016 06:25:08 +0000 (07:25 +0100)]
Add mp to required in pct set mount-point.
If map is not set you get a warning of an empty variable without real information.
And when you try to start the container, it will not start without an explication.
$comp is a command string and needs to be split. The set of
possible commands is limited and known so splitting by
/\s+/ (as suggested by Marc Cousin) should be safe enough.
* Detection via /etc/SuSE-brand
* Currently only supporting version 13.1 (This apparently
ships no systemd-networkd and has no wicked yet.)
* Introduced ct_modify_file_head_portion: Both Redhat and
SuSE have separate route files for network interfaces, but
with a different formats. For consistency the SuSE code also
only changes routes between the BEGIN/END PVE comment lines.
This version also fixes a bug where the route file got
deleted instead of left untouched when no changes were made
(now caught by a testcase).