Correctly update parent relations in config file upon snapshot removal.
Previously, only the parent of the current state was updated/removed,
which led to broken parent relations if any snapshot other then the
immediate parent of the current snapshot was removed. To fix this,
the parent relation of all children snapshots of the removed snapshot
are updated/removed as well.
Based on code in qemu-server/PVE/QemuServer.pm and parts
of a patch by Gerrit Venema <gmoniker at gmail.com>
Instead of holding the flock for the whole backup operation,
release it at the end of prepare(), and use
lock_container() to remove a potential 'backup' lock
from the config file when the backup is finished.
Wolfgang Link [Fri, 15 Jan 2016 06:25:08 +0000 (07:25 +0100)]
Add mp to required in pct set mount-point.
If map is not set you get a warning of an empty variable without real information.
And when you try to start the container, it will not start without an explication.
$comp is a command string and needs to be split. The set of
possible commands is limited and known so splitting by
/\s+/ (as suggested by Marc Cousin) should be safe enough.
* Detection via /etc/SuSE-brand
* Currently only supporting version 13.1 (This apparently
ships no systemd-networkd and has no wicked yet.)
* Introduced ct_modify_file_head_portion: Both Redhat and
SuSE have separate route files for network interfaces, but
with a different formats. For consistency the SuSE code also
only changes routes between the BEGIN/END PVE comment lines.
This version also fixes a bug where the route file got
deleted instead of left untouched when no changes were made
(now caught by a testcase).
create: don't skip arch detection on unpack errors
The -ignore-unpack-errors option needs to be taken into
account in restore_archive instead of restore_and_configure
as restore_archive is also responsible for arch detection.
For now only Fedora 22 is tested. The setup routines from
the Redhat base can be kept, so the only difference for now
is the version scheme and 'ostype'.
Otherwise this runs through the code causing all kinds of
different errors like use of uninitialized values in
peculiar places or format errors trying to validate empty
string or 'missing property' errors trying to parse empty
property strings...
When using the 'storage:size' notation to allocate a disk we
only modify the volume id, so it makes sense to just update
this along with the size rather than creating a new hash
which would drop extra parameters such as 'backup=yes'.
vzdump: exclude lost+found with unprivilged containers
The lost+found directory is created by mkfs and fsck with
the absolute numeric owner of 0:0 which causes tar on an
unprivileged container to error when trying to read it, so
it needs to be excluded un-anchored.
This doesn't need to be done for rsync as rsync runs as
privileged root.
rsync treats --exclude as anchored when they start with
a slash which they do, and which is our desired behavior,
so we should also include --anchored for our tar command.
honor backup=yes/no for bind and device mountpoints
Initially we skipped bind and device mountpoints because we
didn't start out with a backup property. Now that it is
available it is more appropriate to give control back to the
user. The default is 'off' anyway.
To avoid having to use the ^/ and ^/dev/ regexes which are
easy to forget about there's now a 'type' property on
mountpoints which classify them via names, for now including
"volume", "bind" and "device".
The NETWORKING and NETWORKING_IPV6 variables are now setup
in setup_network instead of set_hostname, which now only
sets the hostname.
This changes the variable order so the testcase had to be
adapted.
Note that the HOSTNAME update s// now uses \h instead of \s
for horizontal spaces so it doesn't eat up newlines at the
end of file (caught by the testcase).
In some cases the user may genuinly want to ignore unpacking
errors. (Like permission denied errors on mknod commands in
some templates where the user might choose to work around
the problem manually in the running container.)
This was added before we had bind mounts, instead we now
change ownership when creating disks by passing the
`root_owner` option to mkfs or activating+chown()ing the
paths for subvolumes.
The rationale here is simply that if the host can see all
the mounts, then any program on the host entering a new
mount namespace can keep the mountpoints active.
This can potentially lead to hard-to-track problems with
multiple mount protection or NFS storages not syncing to the
end when stop-migrating a container to another node.
This flag (like lxc.id_map entries) should only be set at
create-time in order to make sure the container's filesystem
has the correct ownerships and permissions.
For this reason modification is not allowed via the API.
An unprivileged containers defines lxc.id_map properties,
and includes $ostype.userns.conf in addition to
$ostype.common.conf in its lxc config.
when an id_map is configured for the container or the
unprivileged flag set (which implies the default userid
map), the file access wrappers (LXC::Setup::Plugin::ct_*
functions) will use the id_map to fixup ownership of created
files.
POSIX capabilities are stored as security.capability xattr.
The --xattrs option alone won't store anything outside the
usernamespace, so we have to specifically ask for this
capability to be included when calling tar.
Note that we deliberately don't store the entire security
namespace as labeling by xattr is common with some security
modules and possibly a planned apparmor feature, too, so
this way we avoid restoring arbitrary lables from dumps and
templates we might not want.
Since these flags are used in two separate files I moved
them to @$PVE::LXC::COMMON_TAR_FLAGS;
The --acls flag for tar (and -A flag for rsync) have also
been added.