[pve-container.git] / src / PVE / LXC / Create.pm

package PVE::LXC::Create;

use strict;
use warnings;
use File::Basename;
use File::Path;
use Data::Dumper;
use Fcntl;

use PVE::Storage;
use PVE::LXC;
use PVE::LXC::Setup;
use PVE::VZDump::ConvertOVZ;
use PVE::Tools;
use POSIX;

sub detect_architecture {
    my ($rootdir) = @_;

    my $supported_elf_class = {
	1 => 'i386',
	2 => 'amd64',
    };

    my $elf_fn = '/bin/sh'; # '/bin/sh' is POSIX mandatory
    my $detect_arch = sub {
	# chroot avoids a problem where we check the binary of the host system
	# if $elf_fn is an absolut symlink (e.g. $rootdir/bin/sh -> /bin/bash)
	chroot($rootdir) or die "chroot '$rootdir' failed: $!\n";
	chdir('/') or die "failed to change to root directory\n";

	open(my $fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n";
	binmode($fh);

	my $length = read($fh, my $data, 5) or die "read failed: $!\n";

	# 4 bytes ELF magic number and 1 byte ELF class
	my ($magic, $class) = unpack("A4C", $data);

	die "'$elf_fn' does not resolve to an ELF!\n"
	    if (!defined($class) || !defined($magic) || $magic ne "\177ELF");

	die "'$elf_fn' has unknown ELF class '$class'!\n"
	    if !defined($supported_elf_class->{$class});

	return $supported_elf_class->{$class};
    };

    my $arch = eval { PVE::Tools::run_fork_with_timeout(5, $detect_arch) };
    if (my $err = $@) {
	$arch = 'amd64';
	print "Architecture detection failed: $err\nFalling back to amd64.\n" .
	      "Use `pct set VMID --arch ARCH` to change.\n";
    } else {
	print "Detected container architecture: $arch\n";
    }

    return $arch;
}

sub restore_archive {
    my ($archive, $rootdir, $conf, $no_unpack_error) = @_;

    my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
    my $userns_cmd = PVE::LXC::userns_command($id_map);

    my $archive_fh;
    my $tar_input = '<&STDIN';
    my @compression_opt;
    if ($archive ne '-') {
	# GNU tar refuses to autodetect this... *sigh*
	my %compression_map = (
	    '.gz'  => '-z',
	    '.bz2' => '-j',
	    '.xz'  => '-J',
	);
	if ($archive =~ /\.tar(\.[^.]+)?$/) {
	    if (defined($1)) {
		@compression_opt = $compression_map{$1}
		    or die "unrecognized compression format: $1\n";
	    }
	} else {
	    die "file does not look like a template archive: $archive\n";
	}
	sysopen($archive_fh, $archive, O_RDONLY)
	    or die "failed to open '$archive': $!\n";
	my $flags = $archive_fh->fcntl(Fcntl::F_GETFD(), 0);
	$archive_fh->fcntl(Fcntl::F_SETFD(), $flags & ~(Fcntl::FD_CLOEXEC()));
	$tar_input = '<&'.fileno($archive_fh);
    }

    my $cmd = [@$userns_cmd, 'tar', 'xpf', '-', @compression_opt, '--totals',
               @PVE::Storage::Plugin::COMMON_TAR_FLAGS,
               '-C', $rootdir];

    # skip-old-files doesn't have anything to do with time (old/new), but is
    # simply -k (annoyingly also called --keep-old-files) without the 'treat
    # existing files as errors' part... iow. it's bsdtar's interpretation of -k
    # *sigh*, gnu...
    push @$cmd, '--skip-old-files';
    push @$cmd, '--anchored';
    push @$cmd, '--exclude' , './dev/*';

    if ($archive eq '-') {
	print "extracting archive from STDIN\n";
    } else {
	print "extracting archive '$archive'\n";
    }
    eval { PVE::Tools::run_command($cmd, input => $tar_input); };
    my $err = $@;
    close($archive_fh) if defined $archive_fh;
    die $err if $err && !$no_unpack_error;

    # if arch is set, we do not try to autodetect it
    return if defined($conf->{arch});

    $conf->{arch} = detect_architecture($rootdir);
}

sub recover_config {
    my ($archive) = @_;

    my ($raw, $conf_file) = PVE::Storage::extract_vzdump_config_tar($archive, qr!(\./etc/vzdump/(pct|vps)\.conf)$!);
    my $conf;
    my $mp_param = {};

    if ($conf_file =~ m/pct\.conf/) {

	$conf = PVE::LXC::Config::parse_pct_config("/lxc/0.conf" , $raw);

	delete $conf->{snapshots};
	delete $conf->{template}; # restored CT is never a template

	PVE::LXC::Config->foreach_mountpoint($conf, sub {
	    my ($ms, $mountpoint) = @_;
	    $mp_param->{$ms} = $conf->{$ms};
	});

    } elsif ($conf_file =~ m/vps\.conf/) {

	($conf, $mp_param) = PVE::VZDump::ConvertOVZ::convert_ovz($raw);

    } else {

       die "internal error";
    }

    return wantarray ? ($conf, $mp_param) : $conf;
}

sub restore_configuration {
    my ($vmid, $rootdir, $conf, $restricted) = @_;

    # restore: try to extract configuration from archive

    my $pct_cfg_fn = "$rootdir/etc/vzdump/pct.conf";
    my $pct_fwcfg_fn = "$rootdir/etc/vzdump/pct.fw";
    my $ovz_cfg_fn = "$rootdir/etc/vzdump/vps.conf";
    if (-f $pct_cfg_fn) {
	my $raw = PVE::Tools::file_get_contents($pct_cfg_fn);
	my $oldconf = PVE::LXC::Config::parse_pct_config("/lxc/$vmid.conf", $raw);

	foreach my $key (keys %$oldconf) {
	    next if $key eq 'digest' || $key eq 'rootfs' || $key eq 'snapshots' || $key eq 'unprivileged' || $key eq 'parent';
	    next if $key =~ /^mp\d+$/; # don't recover mountpoints
	    next if $key =~ /^unused\d+$/; # don't recover unused disks
	    if ($restricted && $key eq 'lxc') {
		warn "skipping custom lxc options, restore manually as root:\n";
		warn "--------------------------------\n";
		my $lxc_list = $oldconf->{'lxc'};
		foreach my $lxc_opt (@$lxc_list) {
		    warn "$lxc_opt->[0]: $lxc_opt->[1]\n"
		}
		warn "--------------------------------\n";
		next;
	    }
	    $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	}
	unlink($pct_cfg_fn);

	if (-f $pct_fwcfg_fn) {
	    my $pve_firewall_dir = '/etc/pve/firewall';
	    mkdir $pve_firewall_dir; # make sure the directory exists
	    PVE::Tools::file_copy($pct_fwcfg_fn, "${pve_firewall_dir}/$vmid.fw");
	    unlink $pct_fwcfg_fn;
	}

    } elsif (-f $ovz_cfg_fn) {
	print "###########################################################\n";
	print "Converting OpenVZ configuration to LXC.\n";
	print "Please check the configuration and reconfigure the network.\n";
	print "###########################################################\n";

	my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
	$conf->{ostype} = $lxc_setup->{conf}->{ostype};
	my $raw = PVE::Tools::file_get_contents($ovz_cfg_fn);
	my $oldconf = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
	foreach my $key (keys %$oldconf) {
	    $conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	}
	unlink($ovz_cfg_fn);

    } else {
	print "###########################################################\n";
	print "Backup archive does not contain any configuration\n";
	print "###########################################################\n";
    }
}

1;
Commit	Line	Data
7af97ad5	1	package PVE::LXC::Create;
5b4657d0 DM	2
	3	use strict;
	4	use warnings;
	5	use File::Basename;
	6	use File::Path;
	7	use Data::Dumper;
07084526	8	use Fcntl;
5b4657d0 DM	9
	10	use PVE::Storage;
	11	use PVE::LXC;
7af97ad5	12	use PVE::LXC::Setup;
f507c3a7	13	use PVE::VZDump::ConvertOVZ;
580b6916	14	use PVE::Tools;
dc6e862c	15	use POSIX;
5b4657d0	16
fbb31447 TL	17	sub detect_architecture {
fbb31447 TL	18	my ($rootdir) = @_;
dc6e862c	19
fbb31447 TL	20	my $supported_elf_class = {
	21	1 => 'i386',
	22	2 => 'amd64',
	23	};
dc6e862c	24
fbb31447 TL	25	my $elf_fn = '/bin/sh'; # '/bin/sh' is POSIX mandatory
fbb31447 TL	26	my $detect_arch = sub {
dc6e862c TL	27	# chroot avoids a problem where we check the binary of the host system
	28	# if $elf_fn is an absolut symlink (e.g. $rootdir/bin/sh -> /bin/bash)
	29	chroot($rootdir) or die "chroot '$rootdir' failed: $!\n";
	30	chdir('/') or die "failed to change to root directory\n";
	31
fbb31447	32	open(my $fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n";
dc6e862c TL	33	binmode($fh);
dc6e862c TL	34
fbb31447	35	my $length = read($fh, my $data, 5) or die "read failed: $!\n";
dc6e862c TL	36
	37	# 4 bytes ELF magic number and 1 byte ELF class
	38	my ($magic, $class) = unpack("A4C", $data);
	39
	40	die "'$elf_fn' does not resolve to an ELF!\n"
	41	if (!defined($class) \|\| !defined($magic) \|\| $magic ne "\177ELF");
	42
	43	die "'$elf_fn' has unknown ELF class '$class'!\n"
fbb31447	44	if !defined($supported_elf_class->{$class});
dc6e862c	45
fbb31447 TL	46	return $supported_elf_class->{$class};
fbb31447 TL	47	};
dc6e862c	48
fbb31447 TL	49	my $arch = eval { PVE::Tools::run_fork_with_timeout(5, $detect_arch) };
	50	if (my $err = $@) {
	51	$arch = 'amd64';
	52	print "Architecture detection failed: $err\nFalling back to amd64.\n" .
	53	"Use `pct set VMID --arch ARCH` to change.\n";
dc6e862c	54	} else {
fbb31447	55	print "Detected container architecture: $arch\n";
dc6e862c TL	56	}
dc6e862c TL	57
fbb31447	58	return $arch;
dc6e862c TL	59	}
dc6e862c TL	60
5b4657d0	61	sub restore_archive {
9c23d567	62	my ($archive, $rootdir, $conf, $no_unpack_error) = @_;
5b4657d0	63
c6a605f9	64	my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
01dce99b	65	my $userns_cmd = PVE::LXC::userns_command($id_map);
5b4657d0	66
07084526	67	my $archive_fh;
f70a3d47 WB	68	my $tar_input = '<&STDIN';
f70a3d47 WB	69	my @compression_opt;
07084526	70	if ($archive ne '-') {
f70a3d47 WB	71	# GNU tar refuses to autodetect this... sigh
	72	my %compression_map = (
	73	'.gz' => '-z',
	74	'.bz2' => '-j',
	75	'.xz' => '-J',
	76	);
	77	if ($archive =~ /\.tar(\.[^.]+)?$/) {
	78	if (defined($1)) {
	79	@compression_opt = $compression_map{$1}
	80	or die "unrecognized compression format: $1\n";
	81	}
	82	} else {
	83	die "file does not look like a template archive: $archive\n";
	84	}
07084526 WB	85	sysopen($archive_fh, $archive, O_RDONLY)
07084526 WB	86	or die "failed to open '$archive': $!\n";
07084526 WB	87	my $flags = $archive_fh->fcntl(Fcntl::F_GETFD(), 0);
07084526 WB	88	$archive_fh->fcntl(Fcntl::F_SETFD(), $flags & ~(Fcntl::FD_CLOEXEC()));
f70a3d47	89	$tar_input = '<&'.fileno($archive_fh);
07084526 WB	90	}
07084526 WB	91
f70a3d47	92	my $cmd = [@$userns_cmd, 'tar', 'xpf', '-', @compression_opt, '--totals',
5fa038ab	93	@PVE::Storage::Plugin::COMMON_TAR_FLAGS,
fc4e132e	94	'-C', $rootdir];
5b4657d0	95
112aeeb4 WB	96	# skip-old-files doesn't have anything to do with time (old/new), but is
	97	# simply -k (annoyingly also called --keep-old-files) without the 'treat
	98	# existing files as errors' part... iow. it's bsdtar's interpretation of -k
	99	# sigh, gnu...
	100	push @$cmd, '--skip-old-files';
5b4657d0 DM	101	push @$cmd, '--anchored';
	102	push @$cmd, '--exclude' , './dev/*';
	103
6034ae50 DM	104	if ($archive eq '-') {
6034ae50 DM	105	print "extracting archive from STDIN\n";
27916659	106	} else {
6034ae50	107	print "extracting archive '$archive'\n";
27916659	108	}
f70a3d47	109	eval { PVE::Tools::run_command($cmd, input => $tar_input); };
07084526 WB	110	my $err = $@;
	111	close($archive_fh) if defined $archive_fh;
	112	die $err if $err && !$no_unpack_error;
f31bd6ae DC	113
	114	# if arch is set, we do not try to autodetect it
	115	return if defined($conf->{arch});
	116
fbb31447	117	$conf->{arch} = detect_architecture($rootdir);
5b4657d0 DM	118	}
5b4657d0 DM	119
f507c3a7	120	sub recover_config {
effa4f43	121	my ($archive) = @_;
f507c3a7	122
0550795a	123	my ($raw, $conf_file) = PVE::Storage::extract_vzdump_config_tar($archive, qr!(\./etc/vzdump/(pct\|vps)\.conf)$!);
effa4f43	124	my $conf;
db18c1e4	125	my $mp_param = {};
f507c3a7	126
27916659	127	if ($conf_file =~ m/pct\.conf/) {
f507c3a7	128
1b4cf758	129	$conf = PVE::LXC::Config::parse_pct_config("/lxc/0.conf" , $raw);
f507c3a7	130
27916659	131	delete $conf->{snapshots};
bb1ac2de	132	delete $conf->{template}; # restored CT is never a template
db18c1e4 FG	133
	134	PVE::LXC::Config->foreach_mountpoint($conf, sub {
	135	my ($ms, $mountpoint) = @_;
	136	$mp_param->{$ms} = $conf->{$ms};
	137	});
	138
effa4f43	139	} elsif ($conf_file =~ m/vps\.conf/) {
db18c1e4 FG	140
	141	($conf, $mp_param) = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
	142
effa4f43 DM	143	} else {
effa4f43 DM	144
27916659	145	die "internal error";
f507c3a7 WL	146	}
f507c3a7 WL	147
db18c1e4	148	return wantarray ? ($conf, $mp_param) : $conf;
f507c3a7 WL	149	}
f507c3a7 WL	150
51665c2d	151	sub restore_configuration {
ba0e2930	152	my ($vmid, $rootdir, $conf, $restricted) = @_;
51665c2d FG	153
	154	# restore: try to extract configuration from archive
	155
	156	my $pct_cfg_fn = "$rootdir/etc/vzdump/pct.conf";
	157	my $pct_fwcfg_fn = "$rootdir/etc/vzdump/pct.fw";
	158	my $ovz_cfg_fn = "$rootdir/etc/vzdump/vps.conf";
	159	if (-f $pct_cfg_fn) {
	160	my $raw = PVE::Tools::file_get_contents($pct_cfg_fn);
	161	my $oldconf = PVE::LXC::Config::parse_pct_config("/lxc/$vmid.conf", $raw);
	162
	163	foreach my $key (keys %$oldconf) {
adcaa73e	164	next if $key eq 'digest' \|\| $key eq 'rootfs' \|\| $key eq 'snapshots' \|\| $key eq 'unprivileged' \|\| $key eq 'parent';
51665c2d FG	165	next if $key =~ /^mp\d+$/; # don't recover mountpoints
51665c2d FG	166	next if $key =~ /^unused\d+$/; # don't recover unused disks
ba0e2930 FG	167	if ($restricted && $key eq 'lxc') {
	168	warn "skipping custom lxc options, restore manually as root:\n";
	169	warn "--------------------------------\n";
	170	my $lxc_list = $oldconf->{'lxc'};
	171	foreach my $lxc_opt (@$lxc_list) {
	172	warn "$lxc_opt->[0]: $lxc_opt->[1]\n"
	173	}
	174	warn "--------------------------------\n";
	175	next;
	176	}
51665c2d FG	177	$conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	178	}
	179	unlink($pct_cfg_fn);
5b4657d0	180
51665c2d FG	181	if (-f $pct_fwcfg_fn) {
	182	my $pve_firewall_dir = '/etc/pve/firewall';
	183	mkdir $pve_firewall_dir; # make sure the directory exists
	184	PVE::Tools::file_copy($pct_fwcfg_fn, "${pve_firewall_dir}/$vmid.fw");
	185	unlink $pct_fwcfg_fn;
27916659	186	}
5b4657d0	187
51665c2d FG	188	} elsif (-f $ovz_cfg_fn) {
	189	print "###########################################################\n";
	190	print "Converting OpenVZ configuration to LXC.\n";
	191	print "Please check the configuration and reconfigure the network.\n";
	192	print "###########################################################\n";
148d1cb4	193
51665c2d FG	194	my $lxc_setup = PVE::LXC::Setup->new($conf, $rootdir); # detect OS
	195	$conf->{ostype} = $lxc_setup->{conf}->{ostype};
	196	my $raw = PVE::Tools::file_get_contents($ovz_cfg_fn);
	197	my $oldconf = PVE::VZDump::ConvertOVZ::convert_ovz($raw);
	198	foreach my $key (keys %$oldconf) {
	199	$conf->{$key} = $oldconf->{$key} if !defined($conf->{$key});
	200	}
	201	unlink($ovz_cfg_fn);
148d1cb4	202
51665c2d FG	203	} else {
	204	print "###########################################################\n";
	205	print "Backup archive does not contain any configuration\n";
	206	print "###########################################################\n";
148d1cb4	207	}
5b4657d0 DM	208	}
	209
	210	1;