]>
git.proxmox.com Git - pve-container.git/log
Dietmar Maurer [Sat, 14 Nov 2015 09:27:10 +0000 (10:27 +0100)]
improve OS type detection
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:29 +0000 (14:00 +0100)]
remove --totals from COMMON_TAR_FLAGS
It's included in the places that execute tar since it's a
flag to modify the status output rather than the data.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:28 +0000 (14:00 +0100)]
vzdump: userns support
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:27 +0000 (14:00 +0100)]
unshare lxc-start into a slave mount namespace
The rationale here is simply that if the host can see all
the mounts, then any program on the host entering a new
mount namespace can keep the mountpoints active.
This can potentially lead to hard-to-track problems with
multiple mount protection or NFS storages not syncing to the
end when stop-migrating a container to another node.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:26 +0000 (14:00 +0100)]
added the unprivileged flag
This flag (like lxc.id_map entries) should only be set at
create-time in order to make sure the container's filesystem
has the correct ownerships and permissions.
For this reason modification is not allowed via the API.
An unprivileged containers defines lxc.id_map properties,
and includes $ostype.userns.conf in addition to
$ostype.common.conf in its lxc config.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:25 +0000 (14:00 +0100)]
LXC::Setup: id_map support for file wrappers
when an id_map is configured for the container or the
unprivileged flag set (which implies the default userid
map), the file access wrappers (LXC::Setup::Plugin::ct_*
functions) will use the id_map to fixup ownership of created
files.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:24 +0000 (14:00 +0100)]
mount in pre-start, unmount in post-stop
Mounting needs access to the pve storage, so when adding
userns support to containers we need to mount at a time
where we still have access.
Besides, with this change we now also mount the rootfs
ourselves which makes it a more generic solution.
Dietmar Maurer [Fri, 6 Nov 2015 15:20:03 +0000 (16:20 +0100)]
bump version to 1.0-24
Wolfgang Bumiller [Fri, 6 Nov 2015 12:09:23 +0000 (13:09 +0100)]
setup: fix ssh-key perms lost with the rewrite
Wolfgang Bumiller [Fri, 6 Nov 2015 12:09:22 +0000 (13:09 +0100)]
add perms to ct_file_set_contents
Wolfgang Bumiller [Fri, 6 Nov 2015 11:39:01 +0000 (12:39 +0100)]
create/restore: add --warning=no-xattr-write to tar
Otherwise filesystems without ACL or xattr support will
cause tar to warn about every extracted file. (Eg. ZFS by
default has acltype=noacl).
xattr-write covers both xattrs and ACLs.
Dietmar Maurer [Fri, 6 Nov 2015 10:44:38 +0000 (11:44 +0100)]
bump version to 1.0-23
Wolfgang Bumiller [Fri, 6 Nov 2015 10:27:13 +0000 (11:27 +0100)]
improve setup error message a little
Dietmar Maurer [Fri, 6 Nov 2015 10:42:04 +0000 (11:42 +0100)]
cleanup: remove unnecessary var
Wolfgang Bumiller [Fri, 6 Nov 2015 10:27:12 +0000 (11:27 +0100)]
Create: safer rewrite_ssh_host_keys
To avoid the /dev bindmount we now create the ssh keys on
the host and then copy them into the container.
Dietmar Maurer [Fri, 6 Nov 2015 09:56:46 +0000 (10:56 +0100)]
bump version to 1.0-22
Wolfgang Bumiller [Fri, 6 Nov 2015 09:05:35 +0000 (10:05 +0100)]
preserve posix capabilities
POSIX capabilities are stored as security.capability xattr.
The --xattrs option alone won't store anything outside the
usernamespace, so we have to specifically ask for this
capability to be included when calling tar.
Note that we deliberately don't store the entire security
namespace as labeling by xattr is common with some security
modules and possibly a planned apparmor feature, too, so
this way we avoid restoring arbitrary lables from dumps and
templates we might not want.
Since these flags are used in two separate files I moved
them to @$PVE::LXC::COMMON_TAR_FLAGS;
The --acls flag for tar (and -A flag for rsync) have also
been added.
Wolfgang Bumiller [Wed, 4 Nov 2015 10:29:07 +0000 (11:29 +0100)]
LXC::Setup: Load required host files in new()
The host's /etc/resolv.conf is required to take over the
host's DNS settings.
Dietmar Maurer [Wed, 4 Nov 2015 10:48:44 +0000 (11:48 +0100)]
destroy: check if container is still running
Dietmar Maurer [Wed, 4 Nov 2015 10:23:14 +0000 (11:23 +0100)]
bump version to 1.0-21
Dietmar Maurer [Wed, 4 Nov 2015 10:22:14 +0000 (11:22 +0100)]
allow debian stretch/sid containers
Dietmar Maurer [Mon, 2 Nov 2015 14:17:31 +0000 (15:17 +0100)]
correctly check storage access for all mount points
Wolfgang Bumiller [Mon, 2 Nov 2015 10:17:24 +0000 (11:17 +0100)]
Setup: fix bad /dev bindmount
Hotplug changes will create a Setup instance with a rootdir
of /proc/$pid/root. Bindmounts on directories inside there
are broken.
Also the exitstatus of Setup::protected_call used the wrong
process' $?.
Dietmar Maurer [Mon, 2 Nov 2015 10:16:40 +0000 (11:16 +0100)]
bump version to 1.0-20
Wolfgang Link [Mon, 2 Nov 2015 10:01:09 +0000 (11:01 +0100)]
fix bug #799: resize running CT with no loopdev.
now it is handeled if the mountpoint is not mounted by loopdev.
Dietmar Maurer [Sat, 31 Oct 2015 17:40:12 +0000 (18:40 +0100)]
bump version to 1.0-19
Dietmar Maurer [Sat, 31 Oct 2015 17:38:51 +0000 (18:38 +0100)]
add support for ubuntu 15.10 (wily)
Dietmar Maurer [Fri, 30 Oct 2015 09:53:46 +0000 (10:53 +0100)]
code simplifications
Dietmar Maurer [Fri, 30 Oct 2015 09:35:16 +0000 (10:35 +0100)]
get_container_disk_usage: use short timeout 1s
Wolfgang Bumiller [Fri, 30 Oct 2015 08:50:27 +0000 (09:50 +0100)]
LXC: use Tools::df for get_container_disk_usage
Run df on /proc/$pid/root instead of attaching to the
container and running its contained 'df' binary, as this
could create freezed processes of the container is frozen.
Also, since the container PIDs are now used in both loops
they're precached beforehand.
Fixes #793
Dietmar Maurer [Fri, 30 Oct 2015 09:03:26 +0000 (10:03 +0100)]
remove gzip and tar dependency, to avoid lintian error
lintian considers this an error, because those packages are
classified as essential.
Dietmar Maurer [Fri, 30 Oct 2015 09:01:12 +0000 (10:01 +0100)]
vmstatus: correctly set numver of used cpus
return the number of host cpus if cpulimit is 0. This also avoid a
division by zero error.
Dietmar Maurer [Fri, 30 Oct 2015 05:48:38 +0000 (06:48 +0100)]
bump version to 1.0-18
Dietmar Maurer [Fri, 30 Oct 2015 05:47:12 +0000 (06:47 +0100)]
depend on xz-utils, gzip and tar
so that we cab extract templates
Dietmar Maurer [Thu, 29 Oct 2015 12:25:23 +0000 (13:25 +0100)]
bump version to 1.0-17
Wolfgang Link [Thu, 29 Oct 2015 12:11:07 +0000 (13:11 +0100)]
fix bug #770: CPU usage stats for containers
Wolfgang Bumiller [Thu, 29 Oct 2015 11:02:44 +0000 (12:02 +0100)]
added symlink testcase
Dietmar Maurer [Thu, 29 Oct 2015 11:16:30 +0000 (12:16 +0100)]
update changelog
Wolfgang Link [Thu, 29 Oct 2015 10:11:06 +0000 (11:11 +0100)]
fix bug #770: Network stats for containers
Wolfgang Bumiller [Thu, 29 Oct 2015 11:00:08 +0000 (12:00 +0100)]
fix a major typo
Dietmar Maurer [Thu, 29 Oct 2015 10:43:54 +0000 (11:43 +0100)]
bump version to 1.0-16
Wolfgang Bumiller [Thu, 29 Oct 2015 10:04:02 +0000 (11:04 +0100)]
LXC::Setup: chroot into the container
In order to better deal with paths and symlinks inside
containers we now chroot() into the container's rootdir in
LXC::Setup.
Wolfgang Bumiller [Thu, 29 Oct 2015 10:04:01 +0000 (11:04 +0100)]
ArchLinux: remove unused rootdir var
Wolfgang Bumiller [Thu, 29 Oct 2015 10:04:00 +0000 (11:04 +0100)]
LXC::Setup::new: fix rootdir key name
Wolfgang Bumiller [Thu, 29 Oct 2015 10:03:59 +0000 (11:03 +0100)]
LXC::get_primary_ips: ipv6 can be 'auto'
Dietmar Maurer [Wed, 28 Oct 2015 10:27:59 +0000 (11:27 +0100)]
bump version to 1.0-15
Dietmar Maurer [Wed, 28 Oct 2015 10:26:10 +0000 (11:26 +0100)]
improve inline comment
Wolfgang Link [Wed, 28 Oct 2015 08:40:41 +0000 (09:40 +0100)]
Start a worker in lxc resize.
It is necessary because if we resize a disk it can take longer. so to prevent long waiting time fork a worker process.
Wolfgang Link [Wed, 28 Oct 2015 08:40:40 +0000 (09:40 +0100)]
move resize to have it available in the pveshell and at the rest api
Dietmar Maurer [Mon, 26 Oct 2015 11:22:32 +0000 (12:22 +0100)]
allow to mount iso images
Dietmar Maurer [Thu, 22 Oct 2015 10:11:28 +0000 (12:11 +0200)]
bump version to 1.0-14
Wolfgang Bumiller [Thu, 22 Oct 2015 09:02:01 +0000 (11:02 +0200)]
redhat: fix unused values
Move ip_is_in_cidr checks on $d->{gw} into the
defined($d->{gw}) guarded if block to avoid warnings and
useless route files being created when using dhcp.
Dietmar Maurer [Wed, 21 Oct 2015 06:31:41 +0000 (08:31 +0200)]
bump version to 1.0-13
Wolfgang Bumiller [Tue, 20 Oct 2015 08:31:25 +0000 (10:31 +0200)]
restore: delete config from container after restore
We don't need to leave /etc/vzdump/pct.conf or vps.conf in
the container's directory structure after using it, it only
causes the next backup to have the file twice in the
archive.
Wolfgang Bumiller [Tue, 20 Oct 2015 08:31:24 +0000 (10:31 +0200)]
restore: make sure only the first pct.conf is extracted
When making a stop/snapshot mode backup of a container that
was already restored from a backup, its /etc/vzdump/pct.conf
file was replacing our newly created one in the archive. We
need to prevent the duplicate file from overwriting our new
one.
Wolfgang Bumiller [Tue, 20 Oct 2015 14:50:33 +0000 (16:50 +0200)]
redhat: don't use aliases for dual stack networking
A static IPv6 as alias interface for ipv4 doesn't work (RH
has "secondaries" for that), DHCP on aliases doesn't work
either.
The only drawback of putting both in the same file is that
static addresses take longer to be configured if the DHCP
server is slow.
Wolfgang Bumiller [Mon, 19 Oct 2015 08:02:02 +0000 (10:02 +0200)]
redhat: use the fully qualified hostname
Dietmar Maurer [Mon, 19 Oct 2015 06:53:10 +0000 (08:53 +0200)]
bump version to 1.0-12
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:13 +0000 (15:57 +0200)]
hotplug: deal with gateways outside the subnet
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:12 +0000 (15:57 +0200)]
systemd: deal with gateways outside the subnet
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:11 +0000 (15:57 +0200)]
centos: deal with gateways outside the subnet
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:10 +0000 (15:57 +0200)]
debian: deal with gateways in external subnets
Wolfgang Bumiller [Fri, 16 Oct 2015 07:29:48 +0000 (09:29 +0200)]
allow /32 CIDRs and remove duplicated mask array
Dietmar Maurer [Fri, 16 Oct 2015 07:50:44 +0000 (09:50 +0200)]
bump version to 1.0-11
Wolfgang Bumiller [Fri, 16 Oct 2015 07:44:22 +0000 (09:44 +0200)]
setup/debian: remove superfluous parameter
The $new parameter only guards the output of the 'auto' line
which is now being tracked in $done_auto, so it's not
needed anymore.
Wolfgang Bumiller [Fri, 16 Oct 2015 06:32:02 +0000 (08:32 +0200)]
cleanup: reduce hash access
Wolfgang Bumiller [Fri, 16 Oct 2015 06:32:01 +0000 (08:32 +0200)]
whitespace cleanup
Wolfgang Bumiller [Fri, 16 Oct 2015 06:32:00 +0000 (08:32 +0200)]
setup/debian: guard ipv4 output
When only an ipv6 address was specified we still tried to
print an ipv4 address which warned and caused additional
newlines to be appended to the file on each start.
Wolfgang Bumiller [Fri, 16 Oct 2015 06:31:59 +0000 (08:31 +0200)]
setup/debian: avoid extra newlines
At the beginning of a file or between sections, if there
have been two newlines already we don't need to add another.
Wolfgang Bumiller [Fri, 16 Oct 2015 06:31:58 +0000 (08:31 +0200)]
setup/debian: avoid writing multiple auto lines
Dietmar Maurer [Fri, 16 Oct 2015 06:27:30 +0000 (08:27 +0200)]
bump version to 1.0-10
Dietmar Maurer [Fri, 16 Oct 2015 05:49:49 +0000 (07:49 +0200)]
improve regex to match redhat/centos OS version
Wolfgang Bumiller [Thu, 15 Oct 2015 10:18:04 +0000 (12:18 +0200)]
disk-size is a format, not a type
Dietmar Maurer [Thu, 15 Oct 2015 10:10:54 +0000 (12:10 +0200)]
code cleanup - remove dead code
volume property is not optional, so this is already verified
by PVE::JSONSchema::parse_property_string()
Wolfgang Bumiller [Thu, 15 Oct 2015 09:09:49 +0000 (11:09 +0200)]
parsing: throw by default unless $noerr is passed
parse_ct_mountpoint and parse_lxc_mountpoint are now not usd
in schema verification anymore, so instead of returning
undef on error it can now die.
parse_ct_mountpoint now also gets a $noerr parameter as it
is used in foreach_mountpoint, and to be safe we'll just
skip invalid mountpoints there to avoid unexpected
inconsistent states.
Dietmar Maurer [Thu, 15 Oct 2015 09:49:46 +0000 (11:49 +0200)]
update changelog
Dietmar Maurer [Thu, 15 Oct 2015 09:47:55 +0000 (11:47 +0200)]
revert coding style changes, skip ID 7 (reserved for X11)
Wolfgang Bumiller [Thu, 15 Oct 2015 08:46:45 +0000 (10:46 +0200)]
update inittab instead of replacing it
Dietmar Maurer [Thu, 15 Oct 2015 09:22:30 +0000 (11:22 +0200)]
add note about fsck to changelog
Dietmar Maurer [Thu, 15 Oct 2015 09:19:21 +0000 (11:19 +0200)]
fsck: simplify code
Dietmar Maurer [Thu, 15 Oct 2015 08:44:15 +0000 (10:44 +0200)]
minor cleanups
Emmanuel Kasper [Wed, 14 Oct 2015 12:47:23 +0000 (14:47 +0200)]
Add new pct fsck command to check the mountpoints of a container
* the filesystem specific command will be called automatically by fsck
* the -a flag ensures that the filesystem can be fixed without any questions
* the -f flag forces a filesystem check even if the fs seems clean
(flags similar to what the fsck systemd unit uses)
Dietmar Maurer [Thu, 15 Oct 2015 08:26:19 +0000 (10:26 +0200)]
bump version to 1.0-9
Wolfgang Link [Thu, 15 Oct 2015 07:55:56 +0000 (09:55 +0200)]
remove unused functions
Wolfgang Link [Thu, 15 Oct 2015 07:55:55 +0000 (09:55 +0200)]
change function parse_size to PVE::JSONSchema::parse_size
Wolfgang Link [Fri, 9 Oct 2015 12:13:53 +0000 (14:13 +0200)]
fix bug #750: deactivate volumes to be sure there are no volumes active on the source node
Wolfgang Link [Mon, 12 Oct 2015 09:55:25 +0000 (11:55 +0200)]
fix bug #752: correct size of mount point after resize
Dietmar Maurer [Mon, 12 Oct 2015 05:49:03 +0000 (07:49 +0200)]
fix test if storage allows containers
Dietmar Maurer [Sat, 10 Oct 2015 15:24:42 +0000 (17:24 +0200)]
bump version to 1.0-8
Dietmar Maurer [Sat, 10 Oct 2015 15:23:28 +0000 (17:23 +0200)]
make bridge parameter option - required for hotplug code
Dietmar Maurer [Thu, 8 Oct 2015 09:48:04 +0000 (11:48 +0200)]
bump version to 1.0-7
Dietmar Maurer [Thu, 8 Oct 2015 09:46:59 +0000 (11:46 +0200)]
always create /fastboot to skip run fsck
Dietmar Maurer [Wed, 7 Oct 2015 04:40:17 +0000 (06:40 +0200)]
avoid warning about uninitialized value
Emmanuel Kasper [Tue, 6 Oct 2015 09:32:14 +0000 (11:32 +0200)]
Typo in resize_vm subroutine
Dietmar Maurer [Tue, 6 Oct 2015 07:37:58 +0000 (09:37 +0200)]
bump version to 1.0-6
Wolfgang Bumiller [Tue, 6 Oct 2015 06:12:07 +0000 (08:12 +0200)]
replace disk-size calculation in pct resize
fixes a fixme
Wolfgang Bumiller [Tue, 6 Oct 2015 06:12:06 +0000 (08:12 +0200)]
remove old comment about looopdevices_list
Dietmar Maurer [Fri, 2 Oct 2015 11:47:41 +0000 (13:47 +0200)]
bump version to 1.0-5
Dietmar Maurer [Fri, 2 Oct 2015 11:46:02 +0000 (13:46 +0200)]
lxc hooks: use run_cli_handler(), remove stale docs
Dietmar Maurer [Thu, 1 Oct 2015 14:28:25 +0000 (16:28 +0200)]
bump version to 1.0-4