From 7fc1d9ebb3b6b3fb29e526d350db65a5c9e94d2b Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 18 Oct 2019 12:01:49 +0200
Subject: [PATCH] fix #2412: ct destroy: only delete config after deleted from
 pools, fw

commit message stolen from:
https://pve.proxmox.com/pipermail/pve-devel/2019-October/039594.html

Between calling destroy_lxc_container and removing the ID from
user.cfg (remove_vm_access) creating a new CT with this ID was
possible. CTs could go missing from pools as a consequence.

unlinking must happen at the very end of the deletion
process to avoid that other nodes use the ID in the meanwhile

Further lock the config after the VM was destroyed with a config lock
named, well, destroyed. This way it's easy to know that the CT was
destroyed but has still the config skelleton and FW, access etc.
stuff possible left over.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 src/PVE/API2/LXC.pm   | 6 +++++-
 src/PVE/LXC/Config.pm | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 6f47cad..3830e5e 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -671,9 +671,13 @@ __PACKAGE__->register_method({
 
 	    die $running_error_msg if PVE::LXC::check_running($vmid);
 
-	    PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf);
+	    PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf, { lock => 'destroyed' });
+
 	    PVE::AccessControl::remove_vm_access($vmid);
 	    PVE::Firewall::remove_vmfw_conf($vmid);
+
+	    # only now remove the zombie config, else we can have reuse race
+	    PVE::LXC::Config->destroy_config($vmid);
 	};
 
 	my $realcmd = sub { PVE::LXC::Config->lock_config($vmid, $code); };
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 8517de4..44330da 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -329,7 +329,7 @@ my $confdesc = {
 	optional => 1,
 	type => 'string',
 	description => "Lock/unlock the VM.",
-	enum => [qw(backup create disk fstrim migrate mounted rollback snapshot snapshot-delete)],
+	enum => [qw(backup create destroyed disk fstrim migrate mounted rollback snapshot snapshot-delete)],
     },
     onboot => {
 	optional => 1,
-- 
2.39.2