Thomas Lamprecht [Wed, 11 May 2016 15:06:14 +0000 (17:06 +0200)]
setup: check if securetty exists
If securetty does not exists yet (e.g. some Alpine 3.2 templates do
that) this leads to an die on CT creation, although we do not need
an existing securetty file as all login devices/ttys are already
allowed if not existing.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
It seems busybox has some problems with links thus the tty dev
detection doesn't work, as workaround add also the lxc/tty[1-4] and
lxc/console devs to securetty to allow root login over the console.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
remove the calls to "ip route" in post-up and pre-down even
if no new gateway was defined for an interface, otherwise
those hooks will remain until manually removed.
Centos needs these in route6-$iface, not route-$iface.
It also seems to make sense to not include the
IPV6_DEFAULTGW when a route6-$iface file is used containing
the default gateway.
$conf->{rootfs} is supposed to be the property string value,
not the parsed property string. since this method is called
only twice (once for retrieving the rootfs information only,
once for retrieving the config only) and the second call
never needs the 'rootfs' part of the configuration, we can
safely not set it instead of introducing ugly workarounds
(e.g. setting a fake volume path or worse).
fix #942: restore ACL and other rootfs options from backup
unless overridden by explicitly setting the rootfs
parameter, restoring from a backup will now copy the rootfs
properties from the backup archive, except for 'volume' and
'ro' (for obvious reasons).
Unfortunately it can still happen that LXC's network link
deletion netlink messages get dropped/ignored. This is the
same issue as initially reported on the forums by sigxcpu in
October, however, it seems that some users hit this problem
more reliably currently.
debian: support containers upgraded to use systemd
These otherwise spawn consoles at /dev/pts%I and cause
errors in the logs about the container-getty@ services.
This happens for instance when dist-upgrading from wheezy to
jessie.
Read the container root password from stdin when creating a
container with 'pct create ... -password', instead of
providing it as command line argument. This is consistent
with 'pveum adduser' and pvesh, as described in #737 and #777.
Fix #918: add /dev/mapper symlinks for dm-* devices
Mount canonicalizes paths unless the -c option is used. This
is mostly fine but for device-mapper nodes (/dev/dm-*) it'll
fetch the /dev/mapper/* path and pass that to the mount
system call resulting in /proc/mounts showing the
/dev/mapper path. This is neither the one we provided (since
we use /dev/$vg/$lv), nor the one userspace tools will find
in /dev currently.
Since the dm-* paths are rather inconvenient to look at we
decided to keep mount's behavior and compensate by providing
the /dev/mapper symlinks for devices via the autodev hook.
Add force parameter for migration with bind/dev mp
Add a new 'force' parameter that allows to force the
migration of a container despite configured bind or device
mountpoints, which will be ignored/skipped.
this allows to set the rootfs to <storage>:<size>,
automatically creating an empty volume of the specified
size on the specified storage, like for non-rootfs mps.
the non-'rootdir' storages are filtered out in the web
interface already, but using the API/CLI it was still
possible to add volumes on storages without the 'rootdir'
content type.
this check is only used for mountpoints using our storage
backends, bind/dev mounts still work like before.
Instead of dropping the 'backup' lock early on when doing
snapshot backups, drop it temporarily for snapshot
operations that set their own 'snapshot' lock, and protect
the "unlock_vm, snapshot_XX, lock_vm" sequence by holding an
flock for the config file.
Before this change it was possible to interfere with the
backup job by setting a different lock with another
operation inbetween the call to unlock_vm and
snapshot_create (or snapshot_delete).
The final lock_vm is re-introduced in order to be more
consistent with the other backup modes and to prevent
changes to the configuration file before assemble()
reloads the configuration that is included in the backup.
With the introduction of unmanaged containers a check was
added to verify that the ostype is the same as the
autodetected one.
Since our CentOS plugin was named 'redhat' but the ostype
setting was 'centos' this error triggered and rendered
centos containers unusable.
Renamed the LXC::Setup::Redhat package LXC::Setup::CentOS
and changed the plugin name to and autodetected type from
'redhat' to 'centos' as well.
Replaced ct_modify_file_head_portion() with ct_modify_file()
taking a header and and replacing the section in-place
rather than always moving it to the top of the file.
The behavior for when a section is not defined can be
defined via the provided options (replace, prepend, or
append).
Move add_unused_volume into abstract
pve-common/src/PVE/AbstractConfig.pm, because it is
identical for LXC and Qemu.
Move classify_mountpoint, is_volume_in_use, has_dev_console,
mountpoint_names, foreach_mountpoint_XX and get_vm_volumes
to PVE::LXC::Config because they only deal with config
related matters.
(Some of) the latter methods might get moved to or become
implementations of methods in PVE::AbstractConfig in the
future.
Move snapshot_create, snapshot_delete and snapshot_rollback
into abstract pve-common/src/PVE/AbstractConfig.pm,
splitting LXC-specific parts into __snapshot_XX methods in
src/PVE/LXC/Config.pm.
check_freeze_needed, snapshot_prepare and snapshot_commit
are downgraded to private __snapshot_XX methods (in
PVE::AbstractConfig and PVE::LXC::Config).
has_feature is made an implementation of the abstract
has_feature, and thus moves into src/PVE/LXC/Config.pm