Stoiko Ivanov [Tue, 19 Mar 2019 15:34:27 +0000 (16:34 +0100)]
setup: fix alpine ipv6-slaac configuration
busybox ifupdown implementation differs from debian's - configuration type
auto is not supported. If SLAAC is selected for the ipv6 configuration of an
interface, the complete networking is not started, because of that error.
This workaround sets the interface type to 'manual' in case SLAAC is selected
(as is already done for dhcpv6 (for different reasons)). That way all other
configuration stanzas are setup correctly, and if a ipv4 configuration is
present for the same interface the SLAAC-part usually works out of the box
anyways (unless 'accept_ra' is set to 0 for the interface in the kernel).
Alwin Antreich [Fri, 8 Mar 2019 14:41:55 +0000 (15:41 +0100)]
Fix #2109: resize rbd volume for container failed
On resizing a container's disk image the filesystem is extended and in
the case of RBD the returned path of the volume was not a path to a
mapped device.
This patch uses map_volume (respectively unmap_volume) to get a device
mapped and its path returned by the storage plugin. If a path is not
returned then the path method is tried. Currently only the RBD storage
plugin returns a path on map_volume.
Oguz Bektas [Mon, 4 Mar 2019 10:02:53 +0000 (11:02 +0100)]
fix #2117: don't keep custom idmap in pct pipe restore
while doing a pct restore operation, custom id mappings were being
obtained from the archive file to be used in the newly created container.
this fails when using pipe restore, since there is no file for the
mappings to be recovered from.
Co-Authored by: Mira Limbeck <m.limbeck@proxmox.com> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Oguz Bektas [Mon, 11 Feb 2019 14:51:06 +0000 (15:51 +0100)]
fix #2086: change process checking mechanism in vmstatus
vmstatus checked if the container was running by looking at the pid,
which was not an indicator of the process being completely stopped, as
the command socket in /proc/net/unix stays a little while after the
process is dead according to lxc-info.
this resulted in destroy_vm and similar functions which use
/proc/net/unix command socket based checking mechanism to fail when
executed too fast after the vm_status reported the process as stopped.
this changes vm_status to use the same kind of command socket based
mechanism in order to avoid reporting the container as being stopped too
early.
Rhonda D'Vine [Wed, 30 Jan 2019 13:41:33 +0000 (14:41 +0100)]
Fix #1924: add snapshot parameter
The pct CLI command offer the config function. The output of that may
vary with respect to a given snapshot. This adds a switch that shows the
corresponding snapshot's config.
The code needs a newer libpve-guest-common-perl, thus bumping the
dependency.
Thomas Lamprecht [Mon, 28 Jan 2019 07:06:48 +0000 (08:06 +0100)]
fix #889: api create: reserver config with create lock early
allows to remove some checks as we can be sure the config belongs to
us once we have it resered, either for restore or new creation.
This is similar to the qemu-server approach[0][1], adapted to the
LXC code. We need to cleanup a bit less if something fails, as the
LXC code path always removed the config and all created volumes in
this case, which means the 'create' reserve lock is gone too.
The early reserve on API entry, instead of doing it after forked
worker entry, allows to workaround the issues reported in #889 as
successful return from the API call means that the VMID is locked.
Thomas Lamprecht [Mon, 28 Jan 2019 07:06:47 +0000 (08:06 +0100)]
destroy_config: die if unlink fails
We use this in two places, in the cleanup path of the create/restore
API path and indirectly through PVE::LXC::destroy_lxc_container, once
again in the restore code path of the create API call, to cleanup a
CT before overwriting it with a backup if the force flag ist set. The
second time in the destroy CT API call, both times a hard error in a
erroneous cleanup is wanted.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
close #1785: whitelist namespaced lxc.sysfs.* entries
According do namespaces(7) these should be namespaced (iow.
changing these values on the host they are not propagated to
running containers), so it makes sense to whitelist them.
Note that these only work when also using
'lxc.mount.auto: proc:rw'
That should be enough for snapd on unprivileged containers.
For privileged containers we'd also need a way to not drop
the mac_admin capability - not sure we'd want that.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Tim Marx [Tue, 9 Oct 2018 11:34:14 +0000 (13:34 +0200)]
close #1940: pct console: added ability to specify escape sequence
added clarification about behavior when passing -1 to escapechar
restored former behavior in other uses of get_console_command
added meaningful tag to commit message
Currently the autodev hook only adds device nodes, but in
order for the container to use them we also need to add
entries to the devices cgroup to both the limiting and the
namespaced devices cgroup directory.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
we use perl modules from pve-firewall and some build steps fail if
isn't installed, e.g., happening on bootstrapping.
pve-firewall includes some modules from us but does so in a way which
can cope with a not-installed pve-container (or qemu-server for that
matter).
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Our checks for .pve-ignore.* files happen at write time so
we mostly don't have to think about them within the
functions dealing with them. /etc/hosts is one of the files
we need nowhere except when updating it, and there are some
tools managing it and producing files too large for our
default file_get_contents() size limit, so here we want to
skip early to avoid an error at read time.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Upstream's templates seem to have switched to systemd-networkd for
fedora > 25. Since then various workarounds have been suggested (starting
the legacy network.service in /etc/rc.local). This patch tries to accomodate
both network-configuration options for the affected and available templates
(25, 26, 27), by configuring both services.
Wolfgang Link [Wed, 6 Jun 2018 13:21:45 +0000 (15:21 +0200)]
fix #1778: check if storage support templates
LXC can only create templates on storages which support linked clones.
To prevent this, we will check before we convert to a template if the
storage support this.
Wolfgang Link [Tue, 5 Jun 2018 10:58:47 +0000 (12:58 +0200)]
fix #1792: Do not assign vars in conditional statement
If a variable is defined and assigned in a conditional statement,
it is not defined behavior in Perl.
For more inforamtion about this behavior see
https://perldoc.perl.org/perlsyn.html#Statement-Modifiers
"NOTE: The behaviour of a my, state, or our modified with a statement
modifier conditional or loop construct (for example, my $x if ... )
is undefined.
The value of the my variable may be undef, any previously assigned
value, or possibly anything else.
Don't rely on it. Future versions of perl might do something different
from the version of perl you try it out on. Here be dragons."
we only handled the special rootfs mount so creating a template
from a container with additional mountpoint did not work correctly.
Use foreach_mountpoint to create a base vdisk for all mount points
after checking if the storage supports it