poststop: reboot: wait for lxc to exit before rebooting
otherwise it'll leak cgroup directories...
Note that we need to escape the lxc@.service context (by
entering a new scope) as well as close our ties to the lxc
monitor (the stdout pipe), otherwise this never finishes
properly.
Thomas Lamprecht [Thu, 16 Feb 2017 16:55:29 +0000 (17:55 +0100)]
Create: fix architecture detection in restore_archive
For detecting a CT templates architecture we used the `file -b -L`
output from the PVE host side.
If the container has a link:
/bin/sh -> /bin/bash
(Alpine Linux does that, for example) the '-L' flag from file
resolves the $rootfs/bin/sh to /bin/bash and thus checks the
architecture of bash on the PVE system, which is always 64 bit.
Add a helper which chroots in the rootfs to avoid problems with
absolute symlinks and use 'open' to avoid relative symlink problems
read the first 5 bytes from /bin/sh, 4 bytes for the ELF magic number
and the fifth for the ELF class, which tells us if we have a 32
(class 1) or 64 (class 2) bit ELF binary.
Return this information as an exit code to the parent.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Until now the lxc-start process was sort of a danglign
process in the pvedaemon.service cgroup when a container was
started from the web UI causing long stalls when trying to
restart pvedaemon and potential container kills. (Mostly
problematic when issuing package upgrades).
We now start containers via the lxc@ service file giving
them their own service cgroup.
The downside is that we'll have to patch the lxc@ service
file in the lxc package to Type=forking without the -F
option otherwise all of the the containers' console outputs
will end up in the logs...
according to "perldoc -f crypt", crypt() should downgrade
unicode strings anyway:
If using crypt() on a Unicode string (which potentially has
characters with codepoints above 255), Perl tries to make
sense of the situation by trying to downgrade (a copy of)
the string back to an eight-bit byte string before calling
crypt() (on that copy). If that works, good. If not,
crypt() dies with "Wide character in crypt".
login via Spice and ssh works now at least, the noVNC /
vncterm combo seems to be broken because of an unrelated
unicode issue..
This should allow vanilla lxc templates to work without the
double-console issue by removing their getty@.service
replacement. (Since we instead fixup
container-getty@.service)
Dietmar Maurer [Fri, 9 Dec 2016 07:08:11 +0000 (08:08 +0100)]
setup: more general approach to tty paths
Unprivileged containers always use an empty lxc.devttydir
option (iow. don't use the /dev/lxc/ subdirectory).
Alpine and Gentoo don't support it in general.
Define a devttydir() sub in Setup::Base which by default
returns "lxc/" or an empty string depending on whether it is
an unprivileged container. Gentoo and Alpine override it
with one which always returns an empty string.
Dominik Csapak [Fri, 2 Dec 2016 10:42:50 +0000 (11:42 +0100)]
implement lxc restart migration
this checks for the 'restart' parameter and if given, shuts down the
container with a optionally defined timeout (default 180s), and
continues the migration like an offline one.
after finishing, we start the container on the target node
this introduces a new option for non-volume mount points,
modeled after the way we define 'shared' storages: the
boolean flag 'shared' marks a mount point as available on
other nodes (default: false)
when migrating containers with non-volume mount points,
this new property is checked, and a migration is only
allowed if all such mount points are 'shared'.
setting this flag allows containers with non-volume mount
points to be migrated by the ha-manager as well, which was
previously not possible.
for backwards compatibility, the old "workaround" option
'-force' for 'pct migrate' still works, but displays a
warning pointing to the new options.
Thomas Lamprecht [Tue, 18 Oct 2016 13:35:14 +0000 (15:35 +0200)]
vmstatus: fix memory usage value including cache sizes
The cgroup value memory.usage_in_bytes includes the memory used by
file buffers and other caches, resolve this by getting the cache
value from the memory.stat file and substract it from
memory.usage_in_bytes when calculating the current memory usage of
the CT.
This results in the same value as a `free` call from the container
does (when not including the buffered data), at least with a free
version which uses data from /proc and not the sysinfo() syscall.
Addresses partly the bug #1139
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> CC: Wolfgang Bumiller <w.bumiller@proxmox.com>
While a completely unconfigured network interface is
considered manually managed, one that contains an ipv4 _or_
an ipv6 address needs to remove sections with no configured
address rather than printing the 'iface' section header with
no content.
Dominik Csapak [Thu, 11 Aug 2016 09:12:52 +0000 (11:12 +0200)]
fix #1078: accept arch parameter
we now accept the arch parameter,
when value is valid according to the JSONSchema
and skip detection on creation/restoration when we
explicitly set one
Fix #1070: vzdump: handle sparse files in suspend mode
In suspend mode we perform two rsyncs with --inplace which
is incompatible to --sparse. However, only the second one
really needs to do in-place updates, so the first stage
should use --sparse instead.
LXC doesn't reload the configuration on reboot causing
hotplugged changes to not be persistent across
container-side reboots.
Instead, let the post-stop hook return false so that lxc
stops while starting up a new instance in the background
with the updated config.
since we allow to create a container without hostname
(we are using localhost by default then) and hostname
is marked optional in the JSONSchema of the config
we should be able to delete the hostname