]> git.proxmox.com Git - pve-container.git/blame - src/PVE/LXC/Create.pm
create: open templates as real root
[pve-container.git] / src / PVE / LXC / Create.pm
CommitLineData
7af97ad5 1package PVE::LXC::Create;
5b4657d0
DM
2
3use strict;
4use warnings;
5use File::Basename;
6use File::Path;
7use Data::Dumper;
07084526 8use Fcntl;
5b4657d0
DM
9
10use PVE::Storage;
11use PVE::LXC;
7af97ad5 12use PVE::LXC::Setup;
f507c3a7 13use PVE::VZDump::ConvertOVZ;
580b6916 14use PVE::Tools;
dc6e862c 15use POSIX;
5b4657d0 16
dc6e862c
TL
17sub get_elf_class {
18 my ($rootdir, $elf_fn) = @_;
19
20 my $child_pid = fork();
21 die "fork failed: $!\n" if !defined($child_pid);
22
23 if (!$child_pid) {
24 # chroot avoids a problem where we check the binary of the host system
25 # if $elf_fn is an absolut symlink (e.g. $rootdir/bin/sh -> /bin/bash)
26 chroot($rootdir) or die "chroot '$rootdir' failed: $!\n";
27 chdir('/') or die "failed to change to root directory\n";
28
29 my $fh;
30 open($fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n";
31 binmode($fh);
32
33 my $data;
34 my $length = read($fh, $data, 5);
35 die "read failed: $!\n" if !defined($length);
36
37 # 4 bytes ELF magic number and 1 byte ELF class
38 my ($magic, $class) = unpack("A4C", $data);
39
40 die "'$elf_fn' does not resolve to an ELF!\n"
41 if (!defined($class) || !defined($magic) || $magic ne "\177ELF");
42
43 die "'$elf_fn' has unknown ELF class '$class'!\n"
44 if ($class != 1 && $class != 2);
45
46 POSIX::_exit($class);
47 }
48
49 while (waitpid($child_pid, 0) != $child_pid) {}
50 my $exit_code = $?;
51 if (my $sig = ($exit_code & 127)) {
52 warn "could not get architecture, got signal $sig\n";
53 } else {
54 $exit_code >>= 8;
55 }
56
57 return $exit_code;
58}
59
5b4657d0 60sub restore_archive {
9c23d567 61 my ($archive, $rootdir, $conf, $no_unpack_error) = @_;
5b4657d0 62
c6a605f9 63 my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
01dce99b 64 my $userns_cmd = PVE::LXC::userns_command($id_map);
5b4657d0 65
07084526
WB
66 my $archive_fh;
67 my $tar_input_file = '-';
68 if ($archive ne '-') {
69 sysopen($archive_fh, $archive, O_RDONLY)
70 or die "failed to open '$archive': $!\n";
71 $tar_input_file = '/proc/self/fd/'.fileno($archive_fh);
72 my $flags = $archive_fh->fcntl(Fcntl::F_GETFD(), 0);
73 $archive_fh->fcntl(Fcntl::F_SETFD(), $flags & ~(Fcntl::FD_CLOEXEC()));
74 }
75
76 my $cmd = [@$userns_cmd, 'tar', 'xpf', $tar_input_file, '--totals',
fc4e132e
WB
77 @$PVE::LXC::COMMON_TAR_FLAGS,
78 '-C', $rootdir];
5b4657d0 79
112aeeb4
WB
80 # skip-old-files doesn't have anything to do with time (old/new), but is
81 # simply -k (annoyingly also called --keep-old-files) without the 'treat
82 # existing files as errors' part... iow. it's bsdtar's interpretation of -k
83 # *sigh*, gnu...
84 push @$cmd, '--skip-old-files';
5b4657d0
DM
85 push @$cmd, '--anchored';
86 push @$cmd, '--exclude' , './dev/*';
87
6034ae50
DM
88 if ($archive eq '-') {
89 print "extracting archive from STDIN\n";
9c23d567 90 eval { PVE::Tools::run_command($cmd, input => "<&STDIN"); };
27916659 91 } else {
6034ae50 92 print "extracting archive '$archive'\n";
9c23d567 93 eval { PVE::Tools::run_command($cmd); };
27916659 94 }
07084526
WB
95 my $err = $@;
96 close($archive_fh) if defined $archive_fh;
97 die $err if $err && !$no_unpack_error;
f31bd6ae
DC
98
99 # if arch is set, we do not try to autodetect it
100 return if defined($conf->{arch});
101
dc6e862c
TL
102
103 my $elf_class = get_elf_class($rootdir, '/bin/sh'); # /bin/sh is POSIX mandatory
104
105 $conf->{'arch'} = 'amd64'; # defaults to 64bit
106 if ($elf_class == 1 || $elf_class == 2) {
107 $conf->{'arch'} = 'i386' if $elf_class == 1;
108 print "Detected container architecture: $conf->{'arch'}\n";
109 } else {
110 print "CT architecture detection failed, falling back to amd64.\n" .
111 "Edit the config in /etc/pve/nodes/{node}/lxc/{vmid}.conf " .
112 "to set another architecture.\n";
113 }
5b4657d0
DM
114}
115
f507c3a7 116sub recover_config {
effa4f43 117 my ($archive) = @_;
f507c3a7 118
0550795a 119 my ($raw, $conf_file) = PVE::Storage::extract_vzdump_config_tar($archive, qr!(\./etc/vzdump/(pct|vps)\.conf)$!);
effa4f43 120 my $conf;
db18c1e4 121 my $mp_param = {};
f507c3a7 122
27916659 123 if ($conf_file =~ m/pct\.conf/) {
f507c3a7 124
1b4cf758 125 $conf = PVE::LXC::Config::parse_pct_config("/lxc/0.conf" , $raw);
f507c3a7 126
27916659 127 delete $conf->{snapshots};
bb1ac2de 128 delete $conf->{template}; # restored CT is never a template
db18c1e4
FG
129
130 PVE::LXC::Config->foreach_mountpoint($conf, sub {
131 my ($ms, $mountpoint) = @_;
132 $mp_param->{$ms} = $conf->{$ms};
133 });
134
effa4f43 135 } elsif ($conf_file =~ m/vps\.conf/) {
db18c1e4
FG
136
137 ($conf, $mp_param) = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
138
effa4f43
DM
139 } else {
140
27916659 141 die "internal error";
f507c3a7
WL
142 }
143
db18c1e4 144 return wantarray ? ($conf, $mp_param) : $conf;
f507c3a7
WL
145}
146
51665c2d 147sub restore_configuration {
ba0e2930 148 my ($vmid, $rootdir, $conf, $restricted) = @_;
51665c2d
FG
149
150 # restore: try to extract configuration from archive
151
152 my $pct_cfg_fn = "$rootdir/etc/vzdump/pct.conf";
153 my $pct_fwcfg_fn = "$rootdir/etc/vzdump/pct.fw";
154 my $ovz_cfg_fn = "$rootdir/etc/vzdump/vps.conf";
155 if (-f $pct_cfg_fn) {
156 my $raw = PVE::Tools::file_get_contents($pct_cfg_fn);
157 my $oldconf = PVE::LXC::Config::parse_pct_config("/lxc/$vmid.conf", $raw);
158
159 foreach my $key (keys %$oldconf) {
adcaa73e 160 next if $key eq 'digest' || $key eq 'rootfs' || $key eq 'snapshots' || $key eq 'unprivileged' || $key eq 'parent';
51665c2d
FG
161 next if $key =~ /^mp\d+$/; # don't recover mountpoints
162 next if $key =~ /^unused\d+$/; # don't recover unused disks
ba0e2930
FG
163 if ($restricted && $key eq 'lxc') {
164 warn "skipping custom lxc options, restore manually as root:\n";
165 warn "--------------------------------\n";
166 my $lxc_list = $oldconf->{'lxc'};
167 foreach my $lxc_opt (@$lxc_list) {
168 warn "$lxc_opt->[0]: $lxc_opt->[1]\n"
169 }
170 warn "--------------------------------\n";
171 next;
172 }
51665c2d
FG
173 $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
174 }
175 unlink($pct_cfg_fn);
5b4657d0 176
51665c2d
FG
177 if (-f $pct_fwcfg_fn) {
178 my $pve_firewall_dir = '/etc/pve/firewall';
179 mkdir $pve_firewall_dir; # make sure the directory exists
180 PVE::Tools::file_copy($pct_fwcfg_fn, "${pve_firewall_dir}/$vmid.fw");
181 unlink $pct_fwcfg_fn;
27916659 182 }
5b4657d0 183
51665c2d
FG
184 } elsif (-f $ovz_cfg_fn) {
185 print "###########################################################\n";
186 print "Converting OpenVZ configuration to LXC.\n";
187 print "Please check the configuration and reconfigure the network.\n";
188 print "###########################################################\n";
148d1cb4 189
51665c2d
FG
190 my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
191 $conf->{ostype} = $lxc_setup->{conf}->{ostype};
192 my $raw = PVE::Tools::file_get_contents($ovz_cfg_fn);
193 my $oldconf = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
194 foreach my $key (keys %$oldconf) {
195 $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
196 }
197 unlink($ovz_cfg_fn);
148d1cb4 198
51665c2d
FG
199 } else {
200 print "###########################################################\n";
201 print "Backup archive does not contain any configuration\n";
202 print "###########################################################\n";
148d1cb4 203 }
5b4657d0
DM
204}
205
2061;