setup/suse: check early if setting up the ct getty service is needed
Explixitly set if we need to call setup_container_getty_service(), as
its more expressive, especially with suse version jumping in mind.
Also next patches will add support for other opensuse based releases
(tumbleweed, sles).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
setup/suse: use new os_release_var to simplify version detection
Not only simplify but also correct version detection.
Until now we checked the files 'SuSE-release' and 'SuSE-brand' for
version parsing. 'SuSE-release' is marked as obsolete and replaced by
the newer standarised 'os-release', and the fallback is plain wrong
and not guaranteed to exist or match the actual version.
'SuSE-brand' does not get supplied by the 'openSUSE-release' package
but by another package, i.e. 'branding-openSUSE' this isn't
guaranteed to be installed, at least on CT creation, and may have
another version as the actual template provides. E.g. on tumbleweed I
get version 13.3 there, while the release package tells me "20170729".
As "os-release" is available at least sine openSUSE 12.2, and we
support 13.X and newer currently, just use it instead.
Adapt the regex as the non-rolling releases have always a X.Y format.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This should exist everywhere, its content look like shell
assignments but are limited enough to not require a shell to
parse (see os-release(5) or its parts pasted as a comment to
the parse function).
Further motivation for this is the fact that in suse the
/etc/SuSE-release file is declared deprecated in favor of
/etc/os-release.
Note that we have to read the file in a protected_call to
avoid symlink issues.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Wed, 10 May 2017 13:03:46 +0000 (15:03 +0200)]
use Syscall module instead of raw syscall numbers
Raw syscall numbers were not platform independent, so replace them
with the new PVE::Syscall module which gets the syscall numbers from
syscall.ph, which provides the platform local values.
we cannot directly use syscall.ph as it is no normal perl module and
so it's usage requires special handling
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The commit changes the configuration before the VM is actually
migrated, so it is possible to have a wrong configuration when
migration fails for some reason. Also, I am quite unsure if
this automatic target change is really wanted. The patch also
contains wrong refereces to $self->{opts}->{node}.
Since the STOPPED state is set before cgroup cleanup we need
a better way to restart a container: We now install an
ExecStopPost snippet into the lxc@.service which when
encountering a reboot trigger file
(/var/lib/lxc/$vmid/reboot) performs a systemctl restart.
poststop: reboot: wait for lxc to exit before rebooting
otherwise it'll leak cgroup directories...
Note that we need to escape the lxc@.service context (by
entering a new scope) as well as close our ties to the lxc
monitor (the stdout pipe), otherwise this never finishes
properly.
Thomas Lamprecht [Thu, 16 Feb 2017 16:55:29 +0000 (17:55 +0100)]
Create: fix architecture detection in restore_archive
For detecting a CT templates architecture we used the `file -b -L`
output from the PVE host side.
If the container has a link:
/bin/sh -> /bin/bash
(Alpine Linux does that, for example) the '-L' flag from file
resolves the $rootfs/bin/sh to /bin/bash and thus checks the
architecture of bash on the PVE system, which is always 64 bit.
Add a helper which chroots in the rootfs to avoid problems with
absolute symlinks and use 'open' to avoid relative symlink problems
read the first 5 bytes from /bin/sh, 4 bytes for the ELF magic number
and the fifth for the ELF class, which tells us if we have a 32
(class 1) or 64 (class 2) bit ELF binary.
Return this information as an exit code to the parent.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Until now the lxc-start process was sort of a danglign
process in the pvedaemon.service cgroup when a container was
started from the web UI causing long stalls when trying to
restart pvedaemon and potential container kills. (Mostly
problematic when issuing package upgrades).
We now start containers via the lxc@ service file giving
them their own service cgroup.
The downside is that we'll have to patch the lxc@ service
file in the lxc package to Type=forking without the -F
option otherwise all of the the containers' console outputs
will end up in the logs...
according to "perldoc -f crypt", crypt() should downgrade
unicode strings anyway:
If using crypt() on a Unicode string (which potentially has
characters with codepoints above 255), Perl tries to make
sense of the situation by trying to downgrade (a copy of)
the string back to an eight-bit byte string before calling
crypt() (on that copy). If that works, good. If not,
crypt() dies with "Wide character in crypt".
login via Spice and ssh works now at least, the noVNC /
vncterm combo seems to be broken because of an unrelated
unicode issue..