]>
git.proxmox.com Git - pve-container.git/log
Wolfgang Bumiller [Mon, 23 Nov 2015 14:19:13 +0000 (15:19 +0100)]
Redhat: handle /etc/sysconfig/network better
The NETWORKING and NETWORKING_IPV6 variables are now setup
in setup_network instead of set_hostname, which now only
sets the hostname.
This changes the variable order so the testcase had to be
adapted.
Note that the HOSTNAME update s// now uses \h instead of \s
for horizontal spaces so it doesn't eat up newlines at the
end of file (caught by the testcase).
Wolfgang Bumiller [Mon, 23 Nov 2015 13:26:53 +0000 (14:26 +0100)]
Redhat: fix ipv4 dhcp only setup
With ipv4 dhcp and no ipv6 configuration present $data is
empty and only $bootproto set to dhcp.
Wolfgang Bumiller [Fri, 20 Nov 2015 13:04:26 +0000 (14:04 +0100)]
factor query_loopdev into PVE::LXC
Dietmar Maurer [Thu, 26 Nov 2015 08:59:54 +0000 (09:59 +0100)]
bump version to 1.0-27
Wolfgang Link [Wed, 25 Nov 2015 09:18:18 +0000 (10:18 +0100)]
restore firwall settings if they exist in tar
on LXC restore import firewall settings
Wolfgang Link [Wed, 25 Nov 2015 09:18:16 +0000 (10:18 +0100)]
add firewall config to vzdump
it is necessary to copy firewall config first in tmp dir to prevent xattr warnings
Wolfgang Bumiller [Fri, 20 Nov 2015 15:37:24 +0000 (16:37 +0100)]
add -ignore-unpack-errors
In some cases the user may genuinly want to ignore unpacking
errors. (Like permission denied errors on mknod commands in
some templates where the user might choose to work around
the problem manually in the running container.)
Dirk Nilius [Thu, 19 Nov 2015 12:35:31 +0000 (13:35 +0100)]
fixed wrong parameter when force removing a vzdump snapshot
Signed-off-by: Dirk Nilius <dirk.nilius@ckc.de>
Wolfgang Bumiller [Fri, 20 Nov 2015 13:04:28 +0000 (14:04 +0100)]
fix pct resize parameter list
Resize accidentally used json_config_properties giving it
all the options of pct create (which obviously aren't
required...)
Wolfgang Bumiller [Fri, 20 Nov 2015 12:39:24 +0000 (13:39 +0100)]
error when failing to extract rather than warn
Dietmar Maurer [Fri, 20 Nov 2015 06:16:23 +0000 (07:16 +0100)]
update changelog
Wolfgang Bumiller [Thu, 19 Nov 2015 10:56:02 +0000 (11:56 +0100)]
use the unmount-namespace stop hook
Wolfgang Bumiller [Thu, 19 Nov 2015 09:55:48 +0000 (10:55 +0100)]
vzdump: warn about lack of xattr/acl support on nfs
When rsyncing to a temporary location mounted via nfs warn
about the lack of xattr and acl support and disable it.
Wolfgang Bumiller [Thu, 19 Nov 2015 09:30:35 +0000 (10:30 +0100)]
Use lxc.start.unshare and revert "unshare lxc-start ..."
This reverts commit
4162edaea3452a3ffba85db95774c3615fb47cff .
This is now controlled by lxc's lxc.start.unshare
configuration option.
Wolfgang Bumiller [Thu, 19 Nov 2015 09:19:46 +0000 (10:19 +0100)]
set memory.kmem.limit_in_bytes
Memcg/kmem reclaim support has been merged since kernel 4.1,
so it makes sense to include this.
Closes #820
Dietmar Maurer [Thu, 19 Nov 2015 11:43:22 +0000 (12:43 +0100)]
bump version to 1.0-26
Wolfgang Link [Thu, 19 Nov 2015 11:28:21 +0000 (12:28 +0100)]
Mounting of zfspool snapshots are not necessary.
zfs subvol snapshots are allays mounted on $path_of_subvol/.zfs/$snapname
Wolfgang Bumiller [Fri, 13 Nov 2015 13:10:51 +0000 (14:10 +0100)]
unprivileged: remove bad chown -R call
This was added before we had bind mounts, instead we now
change ownership when creating disks by passing the
`root_owner` option to mkfs or activating+chown()ing the
paths for subvolumes.
Dietmar Maurer [Sat, 14 Nov 2015 09:29:31 +0000 (10:29 +0100)]
bump version to 1.0-25
Dietmar Maurer [Sat, 14 Nov 2015 09:27:10 +0000 (10:27 +0100)]
improve OS type detection
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:29 +0000 (14:00 +0100)]
remove --totals from COMMON_TAR_FLAGS
It's included in the places that execute tar since it's a
flag to modify the status output rather than the data.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:28 +0000 (14:00 +0100)]
vzdump: userns support
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:27 +0000 (14:00 +0100)]
unshare lxc-start into a slave mount namespace
The rationale here is simply that if the host can see all
the mounts, then any program on the host entering a new
mount namespace can keep the mountpoints active.
This can potentially lead to hard-to-track problems with
multiple mount protection or NFS storages not syncing to the
end when stop-migrating a container to another node.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:26 +0000 (14:00 +0100)]
added the unprivileged flag
This flag (like lxc.id_map entries) should only be set at
create-time in order to make sure the container's filesystem
has the correct ownerships and permissions.
For this reason modification is not allowed via the API.
An unprivileged containers defines lxc.id_map properties,
and includes $ostype.userns.conf in addition to
$ostype.common.conf in its lxc config.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:25 +0000 (14:00 +0100)]
LXC::Setup: id_map support for file wrappers
when an id_map is configured for the container or the
unprivileged flag set (which implies the default userid
map), the file access wrappers (LXC::Setup::Plugin::ct_*
functions) will use the id_map to fixup ownership of created
files.
Wolfgang Bumiller [Thu, 12 Nov 2015 13:00:24 +0000 (14:00 +0100)]
mount in pre-start, unmount in post-stop
Mounting needs access to the pve storage, so when adding
userns support to containers we need to mount at a time
where we still have access.
Besides, with this change we now also mount the rootfs
ourselves which makes it a more generic solution.
Dietmar Maurer [Fri, 6 Nov 2015 15:20:03 +0000 (16:20 +0100)]
bump version to 1.0-24
Wolfgang Bumiller [Fri, 6 Nov 2015 12:09:23 +0000 (13:09 +0100)]
setup: fix ssh-key perms lost with the rewrite
Wolfgang Bumiller [Fri, 6 Nov 2015 12:09:22 +0000 (13:09 +0100)]
add perms to ct_file_set_contents
Wolfgang Bumiller [Fri, 6 Nov 2015 11:39:01 +0000 (12:39 +0100)]
create/restore: add --warning=no-xattr-write to tar
Otherwise filesystems without ACL or xattr support will
cause tar to warn about every extracted file. (Eg. ZFS by
default has acltype=noacl).
xattr-write covers both xattrs and ACLs.
Dietmar Maurer [Fri, 6 Nov 2015 10:44:38 +0000 (11:44 +0100)]
bump version to 1.0-23
Wolfgang Bumiller [Fri, 6 Nov 2015 10:27:13 +0000 (11:27 +0100)]
improve setup error message a little
Dietmar Maurer [Fri, 6 Nov 2015 10:42:04 +0000 (11:42 +0100)]
cleanup: remove unnecessary var
Wolfgang Bumiller [Fri, 6 Nov 2015 10:27:12 +0000 (11:27 +0100)]
Create: safer rewrite_ssh_host_keys
To avoid the /dev bindmount we now create the ssh keys on
the host and then copy them into the container.
Dietmar Maurer [Fri, 6 Nov 2015 09:56:46 +0000 (10:56 +0100)]
bump version to 1.0-22
Wolfgang Bumiller [Fri, 6 Nov 2015 09:05:35 +0000 (10:05 +0100)]
preserve posix capabilities
POSIX capabilities are stored as security.capability xattr.
The --xattrs option alone won't store anything outside the
usernamespace, so we have to specifically ask for this
capability to be included when calling tar.
Note that we deliberately don't store the entire security
namespace as labeling by xattr is common with some security
modules and possibly a planned apparmor feature, too, so
this way we avoid restoring arbitrary lables from dumps and
templates we might not want.
Since these flags are used in two separate files I moved
them to @$PVE::LXC::COMMON_TAR_FLAGS;
The --acls flag for tar (and -A flag for rsync) have also
been added.
Wolfgang Bumiller [Wed, 4 Nov 2015 10:29:07 +0000 (11:29 +0100)]
LXC::Setup: Load required host files in new()
The host's /etc/resolv.conf is required to take over the
host's DNS settings.
Dietmar Maurer [Wed, 4 Nov 2015 10:48:44 +0000 (11:48 +0100)]
destroy: check if container is still running
Dietmar Maurer [Wed, 4 Nov 2015 10:23:14 +0000 (11:23 +0100)]
bump version to 1.0-21
Dietmar Maurer [Wed, 4 Nov 2015 10:22:14 +0000 (11:22 +0100)]
allow debian stretch/sid containers
Dietmar Maurer [Mon, 2 Nov 2015 14:17:31 +0000 (15:17 +0100)]
correctly check storage access for all mount points
Wolfgang Bumiller [Mon, 2 Nov 2015 10:17:24 +0000 (11:17 +0100)]
Setup: fix bad /dev bindmount
Hotplug changes will create a Setup instance with a rootdir
of /proc/$pid/root. Bindmounts on directories inside there
are broken.
Also the exitstatus of Setup::protected_call used the wrong
process' $?.
Dietmar Maurer [Mon, 2 Nov 2015 10:16:40 +0000 (11:16 +0100)]
bump version to 1.0-20
Wolfgang Link [Mon, 2 Nov 2015 10:01:09 +0000 (11:01 +0100)]
fix bug #799: resize running CT with no loopdev.
now it is handeled if the mountpoint is not mounted by loopdev.
Dietmar Maurer [Sat, 31 Oct 2015 17:40:12 +0000 (18:40 +0100)]
bump version to 1.0-19
Dietmar Maurer [Sat, 31 Oct 2015 17:38:51 +0000 (18:38 +0100)]
add support for ubuntu 15.10 (wily)
Dietmar Maurer [Fri, 30 Oct 2015 09:53:46 +0000 (10:53 +0100)]
code simplifications
Dietmar Maurer [Fri, 30 Oct 2015 09:35:16 +0000 (10:35 +0100)]
get_container_disk_usage: use short timeout 1s
Wolfgang Bumiller [Fri, 30 Oct 2015 08:50:27 +0000 (09:50 +0100)]
LXC: use Tools::df for get_container_disk_usage
Run df on /proc/$pid/root instead of attaching to the
container and running its contained 'df' binary, as this
could create freezed processes of the container is frozen.
Also, since the container PIDs are now used in both loops
they're precached beforehand.
Fixes #793
Dietmar Maurer [Fri, 30 Oct 2015 09:03:26 +0000 (10:03 +0100)]
remove gzip and tar dependency, to avoid lintian error
lintian considers this an error, because those packages are
classified as essential.
Dietmar Maurer [Fri, 30 Oct 2015 09:01:12 +0000 (10:01 +0100)]
vmstatus: correctly set numver of used cpus
return the number of host cpus if cpulimit is 0. This also avoid a
division by zero error.
Dietmar Maurer [Fri, 30 Oct 2015 05:48:38 +0000 (06:48 +0100)]
bump version to 1.0-18
Dietmar Maurer [Fri, 30 Oct 2015 05:47:12 +0000 (06:47 +0100)]
depend on xz-utils, gzip and tar
so that we cab extract templates
Dietmar Maurer [Thu, 29 Oct 2015 12:25:23 +0000 (13:25 +0100)]
bump version to 1.0-17
Wolfgang Link [Thu, 29 Oct 2015 12:11:07 +0000 (13:11 +0100)]
fix bug #770: CPU usage stats for containers
Wolfgang Bumiller [Thu, 29 Oct 2015 11:02:44 +0000 (12:02 +0100)]
added symlink testcase
Dietmar Maurer [Thu, 29 Oct 2015 11:16:30 +0000 (12:16 +0100)]
update changelog
Wolfgang Link [Thu, 29 Oct 2015 10:11:06 +0000 (11:11 +0100)]
fix bug #770: Network stats for containers
Wolfgang Bumiller [Thu, 29 Oct 2015 11:00:08 +0000 (12:00 +0100)]
fix a major typo
Dietmar Maurer [Thu, 29 Oct 2015 10:43:54 +0000 (11:43 +0100)]
bump version to 1.0-16
Wolfgang Bumiller [Thu, 29 Oct 2015 10:04:02 +0000 (11:04 +0100)]
LXC::Setup: chroot into the container
In order to better deal with paths and symlinks inside
containers we now chroot() into the container's rootdir in
LXC::Setup.
Wolfgang Bumiller [Thu, 29 Oct 2015 10:04:01 +0000 (11:04 +0100)]
ArchLinux: remove unused rootdir var
Wolfgang Bumiller [Thu, 29 Oct 2015 10:04:00 +0000 (11:04 +0100)]
LXC::Setup::new: fix rootdir key name
Wolfgang Bumiller [Thu, 29 Oct 2015 10:03:59 +0000 (11:03 +0100)]
LXC::get_primary_ips: ipv6 can be 'auto'
Dietmar Maurer [Wed, 28 Oct 2015 10:27:59 +0000 (11:27 +0100)]
bump version to 1.0-15
Dietmar Maurer [Wed, 28 Oct 2015 10:26:10 +0000 (11:26 +0100)]
improve inline comment
Wolfgang Link [Wed, 28 Oct 2015 08:40:41 +0000 (09:40 +0100)]
Start a worker in lxc resize.
It is necessary because if we resize a disk it can take longer. so to prevent long waiting time fork a worker process.
Wolfgang Link [Wed, 28 Oct 2015 08:40:40 +0000 (09:40 +0100)]
move resize to have it available in the pveshell and at the rest api
Dietmar Maurer [Mon, 26 Oct 2015 11:22:32 +0000 (12:22 +0100)]
allow to mount iso images
Dietmar Maurer [Thu, 22 Oct 2015 10:11:28 +0000 (12:11 +0200)]
bump version to 1.0-14
Wolfgang Bumiller [Thu, 22 Oct 2015 09:02:01 +0000 (11:02 +0200)]
redhat: fix unused values
Move ip_is_in_cidr checks on $d->{gw} into the
defined($d->{gw}) guarded if block to avoid warnings and
useless route files being created when using dhcp.
Dietmar Maurer [Wed, 21 Oct 2015 06:31:41 +0000 (08:31 +0200)]
bump version to 1.0-13
Wolfgang Bumiller [Tue, 20 Oct 2015 08:31:25 +0000 (10:31 +0200)]
restore: delete config from container after restore
We don't need to leave /etc/vzdump/pct.conf or vps.conf in
the container's directory structure after using it, it only
causes the next backup to have the file twice in the
archive.
Wolfgang Bumiller [Tue, 20 Oct 2015 08:31:24 +0000 (10:31 +0200)]
restore: make sure only the first pct.conf is extracted
When making a stop/snapshot mode backup of a container that
was already restored from a backup, its /etc/vzdump/pct.conf
file was replacing our newly created one in the archive. We
need to prevent the duplicate file from overwriting our new
one.
Wolfgang Bumiller [Tue, 20 Oct 2015 14:50:33 +0000 (16:50 +0200)]
redhat: don't use aliases for dual stack networking
A static IPv6 as alias interface for ipv4 doesn't work (RH
has "secondaries" for that), DHCP on aliases doesn't work
either.
The only drawback of putting both in the same file is that
static addresses take longer to be configured if the DHCP
server is slow.
Wolfgang Bumiller [Mon, 19 Oct 2015 08:02:02 +0000 (10:02 +0200)]
redhat: use the fully qualified hostname
Dietmar Maurer [Mon, 19 Oct 2015 06:53:10 +0000 (08:53 +0200)]
bump version to 1.0-12
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:13 +0000 (15:57 +0200)]
hotplug: deal with gateways outside the subnet
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:12 +0000 (15:57 +0200)]
systemd: deal with gateways outside the subnet
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:11 +0000 (15:57 +0200)]
centos: deal with gateways outside the subnet
Wolfgang Bumiller [Fri, 16 Oct 2015 13:57:10 +0000 (15:57 +0200)]
debian: deal with gateways in external subnets
Wolfgang Bumiller [Fri, 16 Oct 2015 07:29:48 +0000 (09:29 +0200)]
allow /32 CIDRs and remove duplicated mask array
Dietmar Maurer [Fri, 16 Oct 2015 07:50:44 +0000 (09:50 +0200)]
bump version to 1.0-11
Wolfgang Bumiller [Fri, 16 Oct 2015 07:44:22 +0000 (09:44 +0200)]
setup/debian: remove superfluous parameter
The $new parameter only guards the output of the 'auto' line
which is now being tracked in $done_auto, so it's not
needed anymore.
Wolfgang Bumiller [Fri, 16 Oct 2015 06:32:02 +0000 (08:32 +0200)]
cleanup: reduce hash access
Wolfgang Bumiller [Fri, 16 Oct 2015 06:32:01 +0000 (08:32 +0200)]
whitespace cleanup
Wolfgang Bumiller [Fri, 16 Oct 2015 06:32:00 +0000 (08:32 +0200)]
setup/debian: guard ipv4 output
When only an ipv6 address was specified we still tried to
print an ipv4 address which warned and caused additional
newlines to be appended to the file on each start.
Wolfgang Bumiller [Fri, 16 Oct 2015 06:31:59 +0000 (08:31 +0200)]
setup/debian: avoid extra newlines
At the beginning of a file or between sections, if there
have been two newlines already we don't need to add another.
Wolfgang Bumiller [Fri, 16 Oct 2015 06:31:58 +0000 (08:31 +0200)]
setup/debian: avoid writing multiple auto lines
Dietmar Maurer [Fri, 16 Oct 2015 06:27:30 +0000 (08:27 +0200)]
bump version to 1.0-10
Dietmar Maurer [Fri, 16 Oct 2015 05:49:49 +0000 (07:49 +0200)]
improve regex to match redhat/centos OS version
Wolfgang Bumiller [Thu, 15 Oct 2015 10:18:04 +0000 (12:18 +0200)]
disk-size is a format, not a type
Dietmar Maurer [Thu, 15 Oct 2015 10:10:54 +0000 (12:10 +0200)]
code cleanup - remove dead code
volume property is not optional, so this is already verified
by PVE::JSONSchema::parse_property_string()
Wolfgang Bumiller [Thu, 15 Oct 2015 09:09:49 +0000 (11:09 +0200)]
parsing: throw by default unless $noerr is passed
parse_ct_mountpoint and parse_lxc_mountpoint are now not usd
in schema verification anymore, so instead of returning
undef on error it can now die.
parse_ct_mountpoint now also gets a $noerr parameter as it
is used in foreach_mountpoint, and to be safe we'll just
skip invalid mountpoints there to avoid unexpected
inconsistent states.
Dietmar Maurer [Thu, 15 Oct 2015 09:49:46 +0000 (11:49 +0200)]
update changelog
Dietmar Maurer [Thu, 15 Oct 2015 09:47:55 +0000 (11:47 +0200)]
revert coding style changes, skip ID 7 (reserved for X11)
Wolfgang Bumiller [Thu, 15 Oct 2015 08:46:45 +0000 (10:46 +0200)]
update inittab instead of replacing it
Dietmar Maurer [Thu, 15 Oct 2015 09:22:30 +0000 (11:22 +0200)]
add note about fsck to changelog
Dietmar Maurer [Thu, 15 Oct 2015 09:19:21 +0000 (11:19 +0200)]
fsck: simplify code
Dietmar Maurer [Thu, 15 Oct 2015 08:44:15 +0000 (10:44 +0200)]
minor cleanups