[pve-container.git] / src / PVE / LXC / Create.pm

package PVE::LXC::Create;

use strict;
use warnings;
use File::Basename;
use File::Path;
use Fcntl;

use PVE::Storage;
use PVE::LXC;
use PVE::LXC::Setup;
use PVE::VZDump::ConvertOVZ;
use PVE::Tools;
use POSIX;

sub detect_architecture {
    my ($rootdir) = @_;

    # see https://en.wikipedia.org/wiki/Executable_and_Linkable_Format

    my $supported_elf_machine = {
	0x03 => 'i386',
	0x3e => 'amd64',
	0x28 => 'armhf',
	0xb7 => 'arm64',
    };

    my $elf_fn = '/bin/sh'; # '/bin/sh' is POSIX mandatory
    my $detect_arch = sub {
	# chroot avoids a problem where we check the binary of the host system
	# if $elf_fn is an absolut symlink (e.g. $rootdir/bin/sh -> /bin/bash)
	chroot($rootdir) or die "chroot '$rootdir' failed: $!\n";
	chdir('/') or die "failed to change to root directory\n";

	open(my $fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n";
	binmode($fh);

	my $length = read($fh, my $data, 20) or die "read failed: $!\n";

	# 4 bytes ELF magic number and 1 byte ELF class, padding, machine
	my ($magic, $class, undef, $machine) = unpack("A4CA12n", $data);

	die "'$elf_fn' does not resolve to an ELF!\n"
	    if (!defined($class) || !defined($magic) || $magic ne "\177ELF");

	my $arch = $supported_elf_machine->{$machine};
	die "'$elf_fn' has unknown ELF machine '$machine'!\n"
	    if !defined($arch);

	return $arch;
    };

    my $arch = eval { PVE::Tools::run_fork_with_timeout(5, $detect_arch) };
    if (my $err = $@) {
	$arch = 'amd64';
	print "Architecture detection failed: $err\nFalling back to amd64.\n" .
	      "Use `pct set VMID --arch ARCH` to change.\n";
    } else {
	print "Detected container architecture: $arch\n";
    }

    return $arch;
}

sub restore_archive {
    my ($archive, $rootdir, $conf, $no_unpack_error, $bwlimit) = @_;

    my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
    my $userns_cmd = PVE::LXC::userns_command($id_map);

    my $archive_fh;
    my $tar_input = '<&STDIN';
    my @compression_opt;
    if ($archive ne '-') {
	# GNU tar refuses to autodetect this... *sigh*
	my %compression_map = (
	    '.gz'  => '-z',
	    '.bz2' => '-j',
	    '.xz'  => '-J',
	    '.lzo'  => '--lzop',
	);
	if ($archive =~ /\.tar(\.[^.]+)?$/) {
	    if (defined($1)) {
		die "unrecognized compression format: $1\n" if (!defined($compression_map{$1}));
		@compression_opt = $compression_map{$1};
	    }
	} else {
	    die "file does not look like a template archive: $archive\n";
	}
	sysopen($archive_fh, $archive, O_RDONLY)
	    or die "failed to open '$archive': $!\n";
	my $flags = $archive_fh->fcntl(Fcntl::F_GETFD(), 0);
	$archive_fh->fcntl(Fcntl::F_SETFD(), $flags & ~(Fcntl::FD_CLOEXEC()));
	$tar_input = '<&'.fileno($archive_fh);
    }

    my $cmd = [@$userns_cmd, 'tar', 'xpf', '-', @compression_opt, '--totals',
               @PVE::Storage::Plugin::COMMON_TAR_FLAGS,
               '-C', $rootdir];

    # skip-old-files doesn't have anything to do with time (old/new), but is
    # simply -k (annoyingly also called --keep-old-files) without the 'treat
    # existing files as errors' part... iow. it's bsdtar's interpretation of -k
    # *sigh*, gnu...
    push @$cmd, '--skip-old-files';
    push @$cmd, '--anchored';
    push @$cmd, '--exclude' , './dev/*';

    if (defined($bwlimit)) {
	$cmd = [ ['cstream', '-t', $bwlimit*1024], $cmd ];
    }

    if ($archive eq '-') {
	print "extracting archive from STDIN\n";
    } else {
	print "extracting archive '$archive'\n";
    }
    eval { PVE::Tools::run_command($cmd, input => $tar_input); };
    my $err = $@;
    close($archive_fh) if defined $archive_fh;
    die $err if $err && !$no_unpack_error;

    # if arch is set, we do not try to autodetect it
    return if defined($conf->{arch});

    $conf->{arch} = detect_architecture($rootdir);
}

sub recover_config {
    my ($archive) = @_;

    my ($raw, $conf_file) = PVE::Storage::extract_vzdump_config_tar($archive, qr!(\./etc/vzdump/(pct|vps)\.conf)$!);
    my $conf;
    my $mp_param = {};

    if ($conf_file =~ m/pct\.conf/) {

	$conf = PVE::LXC::Config::parse_pct_config("/lxc/0.conf" , $raw);

	delete $conf->{snapshots};

	PVE::LXC::Config->foreach_mountpoint($conf, sub {
	    my ($ms, $mountpoint) = @_;
	    $mp_param->{$ms} = $conf->{$ms};
	});

    } elsif ($conf_file =~ m/vps\.conf/) {

	($conf, $mp_param) = PVE::VZDump::ConvertOVZ::convert_ovz($raw);

    } else {

       die "internal error";
    }

    return wantarray ? ($conf, $mp_param) : $conf;
}

sub restore_configuration {
    my ($vmid, $rootdir, $conf, $restricted, $unique) = @_;

    # restore: try to extract configuration from archive

    my $pct_cfg_fn = "$rootdir/etc/vzdump/pct.conf";
    my $pct_fwcfg_fn = "$rootdir/etc/vzdump/pct.fw";
    my $ovz_cfg_fn = "$rootdir/etc/vzdump/vps.conf";
    if (-f $pct_cfg_fn) {
	my $raw = PVE::Tools::file_get_contents($pct_cfg_fn);
	my $oldconf = PVE::LXC::Config::parse_pct_config("/lxc/$vmid.conf", $raw);

	foreach my $key (keys %$oldconf) {
	    next if $key eq 'digest' || $key eq 'rootfs' || $key eq 'snapshots' || $key eq 'unprivileged' || $key eq 'parent';
	    next if $key =~ /^mp\d+$/; # don't recover mountpoints
	    next if $key =~ /^unused\d+$/; # don't recover unused disks
	    # we know if it was a template in the restore API call and check if the target
	    # storage supports creating a template there
	    next if $key =~ /^template$/;
	    if ($restricted && $key eq 'lxc') {
		warn "skipping custom lxc options, restore manually as root:\n";
		warn "--------------------------------\n";
		my $lxc_list = $oldconf->{'lxc'};
		foreach my $lxc_opt (@$lxc_list) {
		    warn "$lxc_opt->[0]: $lxc_opt->[1]\n"
		}
		warn "--------------------------------\n";
		next;
	    }
	    if ($unique && $key =~ /^net\d+$/) {
		my $net = PVE::LXC::Config->parse_lxc_network($oldconf->{$key});
		my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
		$net->{hwaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
		$conf->{$key} = PVE::LXC::Config->print_lxc_network($net);
		next;
	    }
	    $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	}
	unlink($pct_cfg_fn);

	if (-f $pct_fwcfg_fn) {
	    my $pve_firewall_dir = '/etc/pve/firewall';
	    mkdir $pve_firewall_dir; # make sure the directory exists
	    PVE::Tools::file_copy($pct_fwcfg_fn, "${pve_firewall_dir}/$vmid.fw");
	    unlink $pct_fwcfg_fn;
	}

    } elsif (-f $ovz_cfg_fn) {
	print "###########################################################\n";
	print "Converting OpenVZ configuration to LXC.\n";
	print "Please check the configuration and reconfigure the network.\n";
	print "###########################################################\n";

	my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
	$conf->{ostype} = $lxc_setup->{conf}->{ostype};
	my $raw = PVE::Tools::file_get_contents($ovz_cfg_fn);
	my $oldconf = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
	foreach my $key (keys %$oldconf) {
	    $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	}
	unlink($ovz_cfg_fn);

    } else {
	print "###########################################################\n";
	print "Backup archive does not contain any configuration\n";
	print "###########################################################\n";
    }
}

1;
Commit	Line	Data
7af97ad5	1	package PVE::LXC::Create;
5b4657d0 DM	2
	3	use strict;
	4	use warnings;
	5	use File::Basename;
	6	use File::Path;
07084526	7	use Fcntl;
5b4657d0 DM	8
	9	use PVE::Storage;
	10	use PVE::LXC;
7af97ad5	11	use PVE::LXC::Setup;
f507c3a7	12	use PVE::VZDump::ConvertOVZ;
580b6916	13	use PVE::Tools;
dc6e862c	14	use POSIX;
5b4657d0	15
fbb31447 TL	16	sub detect_architecture {
fbb31447 TL	17	my ($rootdir) = @_;
dc6e862c	18
e1d54a38 DM	19	# see https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
	20
	21	my $supported_elf_machine = {
	22	0x03 => 'i386',
	23	0x3e => 'amd64',
	24	0x28 => 'armhf',
	25	0xb7 => 'arm64',
fbb31447	26	};
dc6e862c	27
fbb31447 TL	28	my $elf_fn = '/bin/sh'; # '/bin/sh' is POSIX mandatory
fbb31447 TL	29	my $detect_arch = sub {
dc6e862c TL	30	# chroot avoids a problem where we check the binary of the host system
	31	# if $elf_fn is an absolut symlink (e.g. $rootdir/bin/sh -> /bin/bash)
	32	chroot($rootdir) or die "chroot '$rootdir' failed: $!\n";
	33	chdir('/') or die "failed to change to root directory\n";
	34
fbb31447	35	open(my $fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n";
dc6e862c TL	36	binmode($fh);
dc6e862c TL	37
e1d54a38	38	my $length = read($fh, my $data, 20) or die "read failed: $!\n";
dc6e862c	39
e1d54a38 DM	40	# 4 bytes ELF magic number and 1 byte ELF class, padding, machine
e1d54a38 DM	41	my ($magic, $class, undef, $machine) = unpack("A4CA12n", $data);
dc6e862c TL	42
	43	die "'$elf_fn' does not resolve to an ELF!\n"
	44	if (!defined($class) \|\| !defined($magic) \|\| $magic ne "\177ELF");
	45
e1d54a38 DM	46	my $arch = $supported_elf_machine->{$machine};
	47	die "'$elf_fn' has unknown ELF machine '$machine'!\n"
	48	if !defined($arch);
dc6e862c	49
e1d54a38	50	return $arch;
fbb31447	51	};
dc6e862c	52
fbb31447 TL	53	my $arch = eval { PVE::Tools::run_fork_with_timeout(5, $detect_arch) };
	54	if (my $err = $@) {
	55	$arch = 'amd64';
	56	print "Architecture detection failed: $err\nFalling back to amd64.\n" .
	57	"Use `pct set VMID --arch ARCH` to change.\n";
dc6e862c	58	} else {
fbb31447	59	print "Detected container architecture: $arch\n";
dc6e862c TL	60	}
dc6e862c TL	61
fbb31447	62	return $arch;
dc6e862c TL	63	}
dc6e862c TL	64
5b4657d0	65	sub restore_archive {
f9b4407e	66	my ($archive, $rootdir, $conf, $no_unpack_error, $bwlimit) = @_;
5b4657d0	67
c6a605f9	68	my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
01dce99b	69	my $userns_cmd = PVE::LXC::userns_command($id_map);
5b4657d0	70
07084526	71	my $archive_fh;
f70a3d47 WB	72	my $tar_input = '<&STDIN';
f70a3d47 WB	73	my @compression_opt;
07084526	74	if ($archive ne '-') {
f70a3d47 WB	75	# GNU tar refuses to autodetect this... sigh
	76	my %compression_map = (
	77	'.gz' => '-z',
	78	'.bz2' => '-j',
	79	'.xz' => '-J',
a3bdf0c9	80	'.lzo' => '--lzop',
f70a3d47 WB	81	);
	82	if ($archive =~ /\.tar(\.[^.]+)?$/) {
	83	if (defined($1)) {
539660e2 AA	84	die "unrecognized compression format: $1\n" if (!defined($compression_map{$1}));
539660e2 AA	85	@compression_opt = $compression_map{$1};
f70a3d47 WB	86	}
	87	} else {
	88	die "file does not look like a template archive: $archive\n";
	89	}
07084526 WB	90	sysopen($archive_fh, $archive, O_RDONLY)
07084526 WB	91	or die "failed to open '$archive': $!\n";
07084526 WB	92	my $flags = $archive_fh->fcntl(Fcntl::F_GETFD(), 0);
07084526 WB	93	$archive_fh->fcntl(Fcntl::F_SETFD(), $flags & ~(Fcntl::FD_CLOEXEC()));
f70a3d47	94	$tar_input = '<&'.fileno($archive_fh);
07084526 WB	95	}
07084526 WB	96
f70a3d47	97	my $cmd = [@$userns_cmd, 'tar', 'xpf', '-', @compression_opt, '--totals',
5fa038ab	98	@PVE::Storage::Plugin::COMMON_TAR_FLAGS,
fc4e132e	99	'-C', $rootdir];
5b4657d0	100
112aeeb4 WB	101	# skip-old-files doesn't have anything to do with time (old/new), but is
	102	# simply -k (annoyingly also called --keep-old-files) without the 'treat
	103	# existing files as errors' part... iow. it's bsdtar's interpretation of -k
	104	# sigh, gnu...
	105	push @$cmd, '--skip-old-files';
5b4657d0 DM	106	push @$cmd, '--anchored';
	107	push @$cmd, '--exclude' , './dev/*';
	108
f9b4407e WB	109	if (defined($bwlimit)) {
	110	$cmd = [ ['cstream', '-t', $bwlimit*1024], $cmd ];
	111	}
	112
6034ae50 DM	113	if ($archive eq '-') {
6034ae50 DM	114	print "extracting archive from STDIN\n";
27916659	115	} else {
6034ae50	116	print "extracting archive '$archive'\n";
27916659	117	}
f70a3d47	118	eval { PVE::Tools::run_command($cmd, input => $tar_input); };
07084526 WB	119	my $err = $@;
	120	close($archive_fh) if defined $archive_fh;
	121	die $err if $err && !$no_unpack_error;
f31bd6ae DC	122
	123	# if arch is set, we do not try to autodetect it
	124	return if defined($conf->{arch});
	125
fbb31447	126	$conf->{arch} = detect_architecture($rootdir);
5b4657d0 DM	127	}
5b4657d0 DM	128
f507c3a7	129	sub recover_config {
effa4f43	130	my ($archive) = @_;
f507c3a7	131
0550795a	132	my ($raw, $conf_file) = PVE::Storage::extract_vzdump_config_tar($archive, qr!(\./etc/vzdump/(pct\|vps)\.conf)$!);
effa4f43	133	my $conf;
db18c1e4	134	my $mp_param = {};
f507c3a7	135
27916659	136	if ($conf_file =~ m/pct\.conf/) {
f507c3a7	137
1b4cf758	138	$conf = PVE::LXC::Config::parse_pct_config("/lxc/0.conf" , $raw);
f507c3a7	139
27916659	140	delete $conf->{snapshots};
db18c1e4 FG	141
	142	PVE::LXC::Config->foreach_mountpoint($conf, sub {
	143	my ($ms, $mountpoint) = @_;
	144	$mp_param->{$ms} = $conf->{$ms};
	145	});
	146
effa4f43	147	} elsif ($conf_file =~ m/vps\.conf/) {
db18c1e4 FG	148
	149	($conf, $mp_param) = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
	150
effa4f43 DM	151	} else {
effa4f43 DM	152
27916659	153	die "internal error";
f507c3a7 WL	154	}
f507c3a7 WL	155
db18c1e4	156	return wantarray ? ($conf, $mp_param) : $conf;
f507c3a7 WL	157	}
f507c3a7 WL	158
51665c2d	159	sub restore_configuration {
43912111	160	my ($vmid, $rootdir, $conf, $restricted, $unique) = @_;
51665c2d FG	161
	162	# restore: try to extract configuration from archive
	163
	164	my $pct_cfg_fn = "$rootdir/etc/vzdump/pct.conf";
	165	my $pct_fwcfg_fn = "$rootdir/etc/vzdump/pct.fw";
	166	my $ovz_cfg_fn = "$rootdir/etc/vzdump/vps.conf";
	167	if (-f $pct_cfg_fn) {
	168	my $raw = PVE::Tools::file_get_contents($pct_cfg_fn);
	169	my $oldconf = PVE::LXC::Config::parse_pct_config("/lxc/$vmid.conf", $raw);
	170
	171	foreach my $key (keys %$oldconf) {
adcaa73e	172	next if $key eq 'digest' \|\| $key eq 'rootfs' \|\| $key eq 'snapshots' \|\| $key eq 'unprivileged' \|\| $key eq 'parent';
51665c2d FG	173	next if $key =~ /^mp\d+$/; # don't recover mountpoints
51665c2d FG	174	next if $key =~ /^unused\d+$/; # don't recover unused disks
a2d3e5c3 CE	175	# we know if it was a template in the restore API call and check if the target
	176	# storage supports creating a template there
	177	next if $key =~ /^template$/;
ba0e2930 FG	178	if ($restricted && $key eq 'lxc') {
	179	warn "skipping custom lxc options, restore manually as root:\n";
	180	warn "--------------------------------\n";
	181	my $lxc_list = $oldconf->{'lxc'};
	182	foreach my $lxc_opt (@$lxc_list) {
	183	warn "$lxc_opt->[0]: $lxc_opt->[1]\n"
	184	}
	185	warn "--------------------------------\n";
	186	next;
	187	}
1fe49f62	188	if ($unique && $key =~ /^net\d+$/) {
43912111 CE	189	my $net = PVE::LXC::Config->parse_lxc_network($oldconf->{$key});
	190	my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg');
	191	$net->{hwaddr} = PVE::Tools::random_ether_addr($dc->{mac_prefix});
	192	$conf->{$key} = PVE::LXC::Config->print_lxc_network($net);
	193	next;
	194	}
51665c2d FG	195	$conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	196	}
	197	unlink($pct_cfg_fn);
5b4657d0	198
51665c2d FG	199	if (-f $pct_fwcfg_fn) {
	200	my $pve_firewall_dir = '/etc/pve/firewall';
	201	mkdir $pve_firewall_dir; # make sure the directory exists
	202	PVE::Tools::file_copy($pct_fwcfg_fn, "${pve_firewall_dir}/$vmid.fw");
	203	unlink $pct_fwcfg_fn;
27916659	204	}
5b4657d0	205
51665c2d FG	206	} elsif (-f $ovz_cfg_fn) {
	207	print "###########################################################\n";
	208	print "Converting OpenVZ configuration to LXC.\n";
	209	print "Please check the configuration and reconfigure the network.\n";
	210	print "###########################################################\n";
148d1cb4	211
51665c2d FG	212	my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
	213	$conf->{ostype} = $lxc_setup->{conf}->{ostype};
	214	my $raw = PVE::Tools::file_get_contents($ovz_cfg_fn);
	215	my $oldconf = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
	216	foreach my $key (keys %$oldconf) {
	217	$conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	218	}
	219	unlink($ovz_cfg_fn);
148d1cb4	220
51665c2d FG	221	} else {
	222	print "###########################################################\n";
	223	print "Backup archive does not contain any configuration\n";
	224	print "###########################################################\n";
148d1cb4	225	}
5b4657d0 DM	226	}
	227
	228	1;