12 use Fcntl
qw(O_RDONLY);
14 use PVE
::Cluster
qw(cfs_register_file cfs_read_file);
15 use PVE
::Exception
qw(raise_perm_exc);
19 use PVE
::JSONSchema
qw(get_standard_option);
20 use PVE
::Tools
qw($IPV6RE $IPV4RE dir_glob_foreach lock_file lock_file_full);
22 use PVE
::AccessControl
;
24 use Time
::HiRes qw
(gettimeofday
);
28 my $nodename = PVE
::INotify
::nodename
();
30 my $cpuinfo= PVE
::ProcFSTools
::read_cpuinfo
();
32 our $COMMON_TAR_FLAGS = [ '--sparse', '--numeric-owner', '--acls',
34 '--xattrs-include=user.*',
35 '--xattrs-include=security.capability',
36 '--warning=no-xattr-write' ];
38 cfs_register_file
('/lxc/', \
&parse_pct_config
, \
&write_pct_config
);
44 format
=> 'pve-lxc-mp-string',
45 format_description
=> 'volume',
46 description
=> 'Volume, device or directory to mount into the container.',
50 format_description
=> '[1|0]',
51 description
=> 'Whether to include the mountpoint in backups.',
56 format
=> 'disk-size',
57 format_description
=> 'DiskSize',
58 description
=> 'Volume size (read only value).',
63 format_description
=> 'acl',
64 description
=> 'Explicitly enable or disable ACL support.',
69 format_description
=> 'ro',
70 description
=> 'Read-only mountpoint (not supported with bind mounts)',
75 format_description
=> '[0|1]',
76 description
=> 'Enable user quotas inside the container (not supported with zfs subvolumes)',
81 PVE
::JSONSchema
::register_standard_option
('pve-ct-rootfs', {
82 type
=> 'string', format
=> $rootfs_desc,
83 description
=> "Use volume as container root.",
87 PVE
::JSONSchema
::register_standard_option
('pve-lxc-snapshot-name', {
88 description
=> "The name of the snapshot.",
89 type
=> 'string', format
=> 'pve-configid',
97 description
=> "Lock/unlock the VM.",
98 enum
=> [qw(migrate backup snapshot rollback)],
103 description
=> "Specifies whether a VM will be started during system bootup.",
106 startup
=> get_standard_option
('pve-startup-order'),
110 description
=> "Enable/disable Template.",
116 enum
=> ['amd64', 'i386'],
117 description
=> "OS architecture type.",
123 enum
=> ['debian', 'ubuntu', 'centos', 'fedora', 'opensuse', 'archlinux', 'alpine', 'unmanaged'],
124 description
=> "OS type. This is used to setup configuration inside the container, and corresponds to lxc setup scripts in /usr/share/lxc/config/<ostype>.common.conf. Value 'unmanaged' can be used to skip and OS specific setup.",
129 description
=> "Attach a console device (/dev/console) to the container.",
135 description
=> "Specify the number of tty available to the container",
143 description
=> "Limit of CPU usage. Note if the computer has 2 CPUs, it has a total of '2' CPU time. Value '0' indicates no CPU limit.",
151 description
=> "CPU weight for a VM. Argument is used in the kernel fair scheduler. The larger the number is, the more CPU time this VM gets. Number is relative to the weights of all the other running VMs.\n\nNOTE: You can disable fair-scheduler configuration by setting this to 0.",
159 description
=> "Amount of RAM for the VM in MB.",
166 description
=> "Amount of SWAP for the VM in MB.",
172 description
=> "Set a host name for the container.",
173 type
=> 'string', format
=> 'dns-name',
179 description
=> "Container description. Only used on the configuration web interface.",
183 type
=> 'string', format
=> 'dns-name-list',
184 description
=> "Sets DNS search domains for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver.",
188 type
=> 'string', format
=> 'address-list',
189 description
=> "Sets DNS server IP address for a container. Create will automatically use the setting from the host if you neither set searchdomain nor nameserver.",
191 rootfs
=> get_standard_option
('pve-ct-rootfs'),
194 type
=> 'string', format
=> 'pve-configid',
196 description
=> "Parent snapshot name. This is used internally, and should not be modified.",
200 description
=> "Timestamp for snapshots.",
206 description
=> "Console mode. By default, the console command tries to open a connection to one of the available tty devices. By setting cmode to 'console' it tries to attach to /dev/console instead. If you set cmode to 'shell', it simply invokes a shell inside the container (no login).",
208 enum
=> ['shell', 'console', 'tty'],
214 description
=> "Sets the protection flag of the container. This will prevent the CT or CT's disk remove/update operation.",
220 description
=> "Makes the container run as unprivileged user. (Should not be modified manually.)",
225 my $valid_lxc_conf_keys = {
229 'lxc.haltsignal' => 1,
230 'lxc.rebootsignal' => 1,
231 'lxc.stopsignal' => 1,
233 'lxc.network.type' => 1,
234 'lxc.network.flags' => 1,
235 'lxc.network.link' => 1,
236 'lxc.network.mtu' => 1,
237 'lxc.network.name' => 1,
238 'lxc.network.hwaddr' => 1,
239 'lxc.network.ipv4' => 1,
240 'lxc.network.ipv4.gateway' => 1,
241 'lxc.network.ipv6' => 1,
242 'lxc.network.ipv6.gateway' => 1,
243 'lxc.network.script.up' => 1,
244 'lxc.network.script.down' => 1,
246 'lxc.console.logfile' => 1,
249 'lxc.devttydir' => 1,
250 'lxc.hook.autodev' => 1,
254 'lxc.mount.entry' => 1,
255 'lxc.mount.auto' => 1,
256 'lxc.rootfs' => 'lxc.rootfs is auto generated from rootfs',
257 'lxc.rootfs.mount' => 1,
258 'lxc.rootfs.options' => 'lxc.rootfs.options is not supported' .
259 ', please use mountpoint options in the "rootfs" key',
263 'lxc.aa_profile' => 1,
264 'lxc.aa_allow_incomplete' => 1,
265 'lxc.se_context' => 1,
268 'lxc.hook.pre-start' => 1,
269 'lxc.hook.pre-mount' => 1,
270 'lxc.hook.mount' => 1,
271 'lxc.hook.start' => 1,
272 'lxc.hook.stop' => 1,
273 'lxc.hook.post-stop' => 1,
274 'lxc.hook.clone' => 1,
275 'lxc.hook.destroy' => 1,
278 'lxc.start.auto' => 1,
279 'lxc.start.delay' => 1,
280 'lxc.start.order' => 1,
282 'lxc.environment' => 1,
289 description
=> "Network interface type.",
294 format_description
=> 'String',
295 description
=> 'Name of the network device as seen from inside the container. (lxc.network.name)',
296 pattern
=> '[-_.\w\d]+',
300 format_description
=> 'vmbr<Number>',
301 description
=> 'Bridge to attach the network device to.',
302 pattern
=> '[-_.\w\d]+',
307 format_description
=> 'MAC',
308 description
=> 'Bridge to attach the network device to. (lxc.network.hwaddr)',
309 pattern
=> qr/(?:[a-f0-9]{2}:){5}[a-f0-9]{2}/i,
314 format_description
=> 'Number',
315 description
=> 'Maximum transfer unit of the interface. (lxc.network.mtu)',
316 minimum
=> 64, # minimum ethernet frame is 64 bytes
321 format
=> 'pve-ipv4-config',
322 format_description
=> 'IPv4Format/CIDR',
323 description
=> 'IPv4 address in CIDR format.',
329 format_description
=> 'GatewayIPv4',
330 description
=> 'Default gateway for IPv4 traffic.',
335 format
=> 'pve-ipv6-config',
336 format_description
=> 'IPv6Format/CIDR',
337 description
=> 'IPv6 address in CIDR format.',
343 format_description
=> 'GatewayIPv6',
344 description
=> 'Default gateway for IPv6 traffic.',
349 format_description
=> '[1|0]',
350 description
=> "Controls whether this interface's firewall rules should be used.",
355 format_description
=> 'VlanNo',
358 description
=> "VLAN tag for this interface.",
363 pattern
=> qr/\d+(?:;\d+)*/,
364 format_description
=> 'vlanid[;vlanid...]',
365 description
=> "VLAN ids to pass through the interface",
369 PVE
::JSONSchema
::register_format
('pve-lxc-network', $netconf_desc);
371 my $MAX_LXC_NETWORKS = 10;
372 for (my $i = 0; $i < $MAX_LXC_NETWORKS; $i++) {
373 $confdesc->{"net$i"} = {
375 type
=> 'string', format
=> $netconf_desc,
376 description
=> "Specifies network interfaces for the container.",
380 PVE
::JSONSchema
::register_format
('pve-lxc-mp-string', \
&verify_lxc_mp_string
);
381 sub verify_lxc_mp_string
{
382 my ($mp, $noerr) = @_;
386 # /. or /.. at the end
387 # ../ at the beginning
389 if($mp =~ m
@/\.\
.?
/@ ||
392 return undef if $noerr;
393 die "$mp contains illegal character sequences\n";
402 format
=> 'pve-lxc-mp-string',
403 format_description
=> 'Path',
404 description
=> 'Path to the mountpoint as seen from inside the container.',
407 PVE
::JSONSchema
::register_format
('pve-ct-mountpoint', $mp_desc);
411 type
=> 'string', format
=> 'pve-volume-id',
412 description
=> "Reference to unused volumes.",
415 my $MAX_MOUNT_POINTS = 10;
416 for (my $i = 0; $i < $MAX_MOUNT_POINTS; $i++) {
417 $confdesc->{"mp$i"} = {
419 type
=> 'string', format
=> $mp_desc,
420 description
=> "Use volume as container mount point (experimental feature).",
425 my $MAX_UNUSED_DISKS = $MAX_MOUNT_POINTS;
426 for (my $i = 0; $i < $MAX_MOUNT_POINTS; $i++) {
427 $confdesc->{"unused$i"} = $unuseddesc;
430 sub write_pct_config
{
431 my ($filename, $conf) = @_;
433 delete $conf->{snapstate
}; # just to be sure
435 my $generate_raw_config = sub {
440 # add description as comment to top of file
441 my $descr = $conf->{description
} || '';
442 foreach my $cl (split(/\n/, $descr)) {
443 $raw .= '#' . PVE
::Tools
::encode_text
($cl) . "\n";
446 foreach my $key (sort keys %$conf) {
447 next if $key eq 'digest' || $key eq 'description' || $key eq 'pending' ||
448 $key eq 'snapshots' || $key eq 'snapname' || $key eq 'lxc';
449 my $value = $conf->{$key};
450 die "detected invalid newline inside property '$key'\n" if $value =~ m/\n/;
451 $raw .= "$key: $value\n";
454 if (my $lxcconf = $conf->{lxc
}) {
455 foreach my $entry (@$lxcconf) {
456 my ($k, $v) = @$entry;
464 my $raw = &$generate_raw_config($conf);
466 foreach my $snapname (sort keys %{$conf->{snapshots
}}) {
467 $raw .= "\n[$snapname]\n";
468 $raw .= &$generate_raw_config($conf->{snapshots
}->{$snapname});
475 my ($key, $value) = @_;
477 die "unknown setting '$key'\n" if !$confdesc->{$key};
479 my $type = $confdesc->{$key}->{type
};
481 if (!defined($value)) {
482 die "got undefined value\n";
485 if ($value =~ m/[\n\r]/) {
486 die "property contains a line feed\n";
489 if ($type eq 'boolean') {
490 return 1 if ($value eq '1') || ($value =~ m/^(on|yes|true)$/i);
491 return 0 if ($value eq '0') || ($value =~ m/^(off|no|false)$/i);
492 die "type check ('boolean') failed - got '$value'\n";
493 } elsif ($type eq 'integer') {
494 return int($1) if $value =~ m/^(\d+)$/;
495 die "type check ('integer') failed - got '$value'\n";
496 } elsif ($type eq 'number') {
497 return $value if $value =~ m/^(\d+)(\.\d+)?$/;
498 die "type check ('number') failed - got '$value'\n";
499 } elsif ($type eq 'string') {
500 if (my $fmt = $confdesc->{$key}->{format
}) {
501 PVE
::JSONSchema
::check_format
($fmt, $value);
510 sub parse_pct_config
{
511 my ($filename, $raw) = @_;
513 return undef if !defined($raw);
516 digest
=> Digest
::SHA
::sha1_hex
($raw),
520 $filename =~ m
|/lxc/(\d
+).conf
$|
521 || die "got strange filename '$filename'";
529 my @lines = split(/\n/, $raw);
530 foreach my $line (@lines) {
531 next if $line =~ m/^\s*$/;
533 if ($line =~ m/^\[([a-z][a-z0-9_\-]+)\]\s*$/i) {
535 $conf->{description
} = $descr if $descr;
537 $conf = $res->{snapshots
}->{$section} = {};
541 if ($line =~ m/^\#(.*)\s*$/) {
542 $descr .= PVE
::Tools
::decode_text
($1) . "\n";
546 if ($line =~ m/^(lxc\.[a-z0-9_\-\.]+)(:|\s*=)\s*(.*?)\s*$/) {
549 my $validity = $valid_lxc_conf_keys->{$key} || 0;
550 if ($validity eq 1 || $key =~ m/^lxc\.cgroup\./) {
551 push @{$conf->{lxc
}}, [$key, $value];
552 } elsif (my $errmsg = $validity) {
553 warn "vm $vmid - $key: $errmsg\n";
555 warn "vm $vmid - unable to parse config: $line\n";
557 } elsif ($line =~ m/^(description):\s*(.*\S)\s*$/) {
558 $descr .= PVE
::Tools
::decode_text
($2);
559 } elsif ($line =~ m/snapstate:\s*(prepare|delete)\s*$/) {
560 $conf->{snapstate
} = $1;
561 } elsif ($line =~ m/^([a-z][a-z_]*\d*):\s*(\S.*)\s*$/) {
564 eval { $value = check_type
($key, $value); };
565 warn "vm $vmid - unable to parse value of '$key' - $@" if $@;
566 $conf->{$key} = $value;
568 warn "vm $vmid - unable to parse config: $line\n";
572 $conf->{description
} = $descr if $descr;
574 delete $res->{snapstate
}; # just to be sure
580 my $vmlist = PVE
::Cluster
::get_vmlist
();
582 return $res if !$vmlist || !$vmlist->{ids
};
583 my $ids = $vmlist->{ids
};
585 foreach my $vmid (keys %$ids) {
586 next if !$vmid; # skip CT0
587 my $d = $ids->{$vmid};
588 next if !$d->{node
} || $d->{node
} ne $nodename;
589 next if !$d->{type
} || $d->{type
} ne 'lxc';
590 $res->{$vmid}->{type
} = 'lxc';
595 sub cfs_config_path
{
596 my ($vmid, $node) = @_;
598 $node = $nodename if !$node;
599 return "nodes/$node/lxc/$vmid.conf";
603 my ($vmid, $node) = @_;
605 my $cfspath = cfs_config_path
($vmid, $node);
606 return "/etc/pve/$cfspath";
610 my ($vmid, $node) = @_;
612 $node = $nodename if !$node;
613 my $cfspath = cfs_config_path
($vmid, $node);
615 my $conf = PVE
::Cluster
::cfs_read_file
($cfspath);
616 die "container $vmid does not exist\n" if !defined($conf);
622 my ($vmid, $conf) = @_;
624 my $dir = "/etc/pve/nodes/$nodename/lxc";
627 write_config
($vmid, $conf);
633 unlink config_file
($vmid, $nodename);
637 my ($vmid, $conf) = @_;
639 my $cfspath = cfs_config_path
($vmid);
641 PVE
::Cluster
::cfs_write_file
($cfspath, $conf);
644 # flock: we use one file handle per process, so lock file
645 # can be called multiple times and will succeed for the same process.
647 my $lock_handles = {};
648 my $lockdir = "/run/lock/lxc";
650 sub config_file_lock
{
653 return "$lockdir/pve-config-${vmid}.lock";
656 sub lock_config_full
{
657 my ($vmid, $timeout, $code, @param) = @_;
659 my $filename = config_file_lock
($vmid);
661 mkdir $lockdir if !-d
$lockdir;
663 my $res = lock_file
($filename, $timeout, $code, @param);
670 sub lock_config_mode
{
671 my ($vmid, $timeout, $shared, $code, @param) = @_;
673 my $filename = config_file_lock
($vmid);
675 mkdir $lockdir if !-d
$lockdir;
677 my $res = lock_file_full
($filename, $timeout, $shared, $code, @param);
685 my ($vmid, $code, @param) = @_;
687 return lock_config_full
($vmid, 10, $code, @param);
693 return defined($confdesc->{$name});
696 # add JSON properties for create and set function
697 sub json_config_properties
{
700 foreach my $opt (keys %$confdesc) {
701 next if $opt eq 'parent' || $opt eq 'snaptime';
702 next if $prop->{$opt};
703 $prop->{$opt} = $confdesc->{$opt};
709 # container status helpers
711 sub list_active_containers
{
713 my $filename = "/proc/net/unix";
715 # similar test is used by lcxcontainers.c: list_active_containers
718 my $fh = IO
::File-
>new ($filename, "r");
721 while (defined(my $line = <$fh>)) {
722 if ($line =~ m/^[a-f0-9]+:\s\S+\s\S+\s\S+\s\S+\s\S+\s\d+\s(\S+)$/) {
724 if ($path =~ m!^@/var/lib/lxc/(\d+)/command$!) {
735 # warning: this is slow
739 my $active_hash = list_active_containers
();
741 return 1 if defined($active_hash->{$vmid});
746 sub get_container_disk_usage
{
747 my ($vmid, $pid) = @_;
749 return PVE
::Tools
::df
("/proc/$pid/root/", 1);
752 my $last_proc_vmid_stat;
754 my $parse_cpuacct_stat = sub {
757 my $raw = read_cgroup_value
('cpuacct', $vmid, 'cpuacct.stat', 1);
761 if ($raw =~ m/^user (\d+)\nsystem (\d+)\n/) {
774 my $list = $opt_vmid ?
{ $opt_vmid => { type
=> 'lxc' }} : config_list
();
776 my $active_hash = list_active_containers
();
778 my $cpucount = $cpuinfo->{cpus
} || 1;
780 my $cdtime = gettimeofday
;
782 my $uptime = (PVE
::ProcFSTools
::read_proc_uptime
(1))[0];
784 foreach my $vmid (keys %$list) {
785 my $d = $list->{$vmid};
787 eval { $d->{pid
} = find_lxc_pid
($vmid) if defined($active_hash->{$vmid}); };
788 warn $@ if $@; # ignore errors (consider them stopped)
790 $d->{status
} = $d->{pid
} ?
'running' : 'stopped';
792 my $cfspath = cfs_config_path
($vmid);
793 my $conf = PVE
::Cluster
::cfs_read_file
($cfspath) || {};
795 $d->{name
} = $conf->{'hostname'} || "CT$vmid";
796 $d->{name
} =~ s/[\s]//g;
798 $d->{cpus
} = $conf->{cpulimit
} || $cpucount;
801 my $res = get_container_disk_usage
($vmid, $d->{pid
});
802 $d->{disk
} = $res->{used
};
803 $d->{maxdisk
} = $res->{total
};
806 # use 4GB by default ??
807 if (my $rootfs = $conf->{rootfs
}) {
808 my $rootinfo = parse_ct_rootfs
($rootfs);
809 $d->{maxdisk
} = int(($rootinfo->{size
} || 4)*1024*1024)*1024;
811 $d->{maxdisk
} = 4*1024*1024*1024;
817 $d->{maxmem
} = ($conf->{memory
}||512)*1024*1024;
818 $d->{maxswap
} = ($conf->{swap
}//0)*1024*1024;
829 $d->{template
} = is_template
($conf);
832 foreach my $vmid (keys %$list) {
833 my $d = $list->{$vmid};
836 next if !$pid; # skip stopped CTs
838 my $ctime = (stat("/proc/$pid"))[10]; # 10 = ctime
839 $d->{uptime
} = time - $ctime; # the method lxcfs uses
841 $d->{mem
} = read_cgroup_value
('memory', $vmid, 'memory.usage_in_bytes');
842 $d->{swap
} = read_cgroup_value
('memory', $vmid, 'memory.memsw.usage_in_bytes') - $d->{mem
};
844 my $blkio_bytes = read_cgroup_value
('blkio', $vmid, 'blkio.throttle.io_service_bytes', 1);
845 my @bytes = split(/\n/, $blkio_bytes);
846 foreach my $byte (@bytes) {
847 if (my ($key, $value) = $byte =~ /(Read|Write)\s+(\d+)/) {
848 $d->{diskread
} = $2 if $key eq 'Read';
849 $d->{diskwrite
} = $2 if $key eq 'Write';
853 my $pstat = &$parse_cpuacct_stat($vmid);
855 my $used = $pstat->{utime} + $pstat->{stime
};
857 my $old = $last_proc_vmid_stat->{$vmid};
859 $last_proc_vmid_stat->{$vmid} = {
867 my $dtime = ($cdtime - $old->{time}) * $cpucount * $cpuinfo->{user_hz
};
870 my $dutime = $used - $old->{used
};
872 $d->{cpu
} = (($dutime/$dtime)* $cpucount) / $d->{cpus
};
873 $last_proc_vmid_stat->{$vmid} = {
879 $d->{cpu
} = $old->{cpu
};
883 my $netdev = PVE
::ProcFSTools
::read_proc_net_dev
();
885 foreach my $dev (keys %$netdev) {
886 next if $dev !~ m/^veth([1-9]\d*)i/;
888 my $d = $list->{$vmid};
892 $d->{netout
} += $netdev->{$dev}->{receive
};
893 $d->{netin
} += $netdev->{$dev}->{transmit
};
900 sub classify_mountpoint
{
903 return 'device' if $vol =~ m!^/dev/!;
909 my $parse_ct_mountpoint_full = sub {
910 my ($desc, $data, $noerr) = @_;
915 eval { $res = PVE
::JSONSchema
::parse_property_string
($desc, $data) };
917 return undef if $noerr;
921 if (defined(my $size = $res->{size
})) {
922 $size = PVE
::JSONSchema
::parse_size
($size);
923 if (!defined($size)) {
924 return undef if $noerr;
925 die "invalid size: $size\n";
927 $res->{size
} = $size;
930 $res->{type
} = classify_mountpoint
($res->{volume
});
935 sub parse_ct_rootfs
{
936 my ($data, $noerr) = @_;
938 my $res = &$parse_ct_mountpoint_full($rootfs_desc, $data, $noerr);
940 $res->{mp
} = '/' if defined($res);
945 sub parse_ct_mountpoint
{
946 my ($data, $noerr) = @_;
948 return &$parse_ct_mountpoint_full($mp_desc, $data, $noerr);
951 sub print_ct_mountpoint
{
952 my ($info, $nomp) = @_;
953 my $skip = [ 'type' ];
954 push @$skip, 'mp' if $nomp;
955 return PVE
::JSONSchema
::print_property_string
($info, $mp_desc, $skip);
958 sub print_lxc_network
{
960 return PVE
::JSONSchema
::print_property_string
($net, $netconf_desc);
963 sub parse_lxc_network
{
968 return $res if !$data;
970 $res = PVE
::JSONSchema
::parse_property_string
($netconf_desc, $data);
972 $res->{type
} = 'veth';
973 $res->{hwaddr
} = PVE
::Tools
::random_ether_addr
() if !$res->{hwaddr
};
978 sub read_cgroup_value
{
979 my ($group, $vmid, $name, $full) = @_;
981 my $path = "/sys/fs/cgroup/$group/lxc/$vmid/$name";
983 return PVE
::Tools
::file_get_contents
($path) if $full;
985 return PVE
::Tools
::file_read_firstline
($path);
988 sub write_cgroup_value
{
989 my ($group, $vmid, $name, $value) = @_;
991 my $path = "/sys/fs/cgroup/$group/lxc/$vmid/$name";
992 PVE
::ProcFSTools
::write_proc_entry
($path, $value) if -e
$path;
996 sub find_lxc_console_pids
{
1000 PVE
::Tools
::dir_glob_foreach
('/proc', '\d+', sub {
1003 my $cmdline = PVE
::Tools
::file_read_firstline
("/proc/$pid/cmdline");
1004 return if !$cmdline;
1006 my @args = split(/\0/, $cmdline);
1008 # search for lxc-console -n <vmid>
1009 return if scalar(@args) != 3;
1010 return if $args[1] ne '-n';
1011 return if $args[2] !~ m/^\d+$/;
1012 return if $args[0] !~ m
|^(/usr/bin
/)?lxc-console
$|;
1014 my $vmid = $args[2];
1016 push @{$res->{$vmid}}, $pid;
1028 $pid = $1 if $line =~ m/^PID:\s+(\d+)$/;
1030 PVE
::Tools
::run_command
(['lxc-info', '-n', $vmid, '-p'], outfunc
=> $parser);
1032 die "unable to get PID for CT $vmid (not running?)\n" if !$pid;
1037 # Note: we cannot use Net:IP, because that only allows strict
1039 sub parse_ipv4_cidr
{
1040 my ($cidr, $noerr) = @_;
1042 if ($cidr =~ m!^($IPV4RE)(?:/(\d+))$! && ($2 > 7) && ($2 <= 32)) {
1043 return { address
=> $1, netmask
=> $PVE::Network
::ipv4_reverse_mask-
>[$2] };
1046 return undef if $noerr;
1048 die "unable to parse ipv4 address/mask\n";
1054 die "VM is locked ($conf->{'lock'})\n" if $conf->{'lock'};
1058 my ($conf, $lock) = @_;
1059 return $conf->{lock} && (!defined($lock) || $lock eq $conf->{lock});
1062 sub check_protection
{
1063 my ($vm_conf, $err_msg) = @_;
1065 if ($vm_conf->{protection
}) {
1066 die "$err_msg - protection mode enabled\n";
1070 sub update_lxc_config
{
1071 my ($storage_cfg, $vmid, $conf) = @_;
1073 my $dir = "/var/lib/lxc/$vmid";
1075 if ($conf->{template
}) {
1077 unlink "$dir/config";
1084 die "missing 'arch' - internal error" if !$conf->{arch
};
1085 $raw .= "lxc.arch = $conf->{arch}\n";
1087 my $unprivileged = $conf->{unprivileged
};
1088 my $custom_idmap = grep { $_->[0] eq 'lxc.id_map' } @{$conf->{lxc
}};
1090 my $ostype = $conf->{ostype
} || die "missing 'ostype' - internal error";
1091 if ($ostype =~ /^(?:debian | ubuntu | centos | fedora | opensuse | archlinux | alpine | unmanaged)$/x) {
1092 my $inc ="/usr/share/lxc/config/$ostype.common.conf";
1093 $inc ="/usr/share/lxc/config/common.conf" if !-f
$inc;
1094 $raw .= "lxc.include = $inc\n";
1095 if ($unprivileged || $custom_idmap) {
1096 $inc = "/usr/share/lxc/config/$ostype.userns.conf";
1097 $inc = "/usr/share/lxc/config/userns.conf" if !-f
$inc;
1098 $raw .= "lxc.include = $inc\n"
1101 die "implement me (ostype $ostype)";
1104 # WARNING: DO NOT REMOVE this without making sure that loop device nodes
1105 # cannot be exposed to the container with r/w access (cgroup perms).
1106 # When this is enabled mounts will still remain in the monitor's namespace
1107 # after the container unmounted them and thus will not detach from their
1108 # files while the container is running!
1109 $raw .= "lxc.monitor.unshare = 1\n";
1111 # Should we read them from /etc/subuid?
1112 if ($unprivileged && !$custom_idmap) {
1113 $raw .= "lxc.id_map = u 0 100000 65536\n";
1114 $raw .= "lxc.id_map = g 0 100000 65536\n";
1117 if (!has_dev_console
($conf)) {
1118 $raw .= "lxc.console = none\n";
1119 $raw .= "lxc.cgroup.devices.deny = c 5:1 rwm\n";
1122 my $ttycount = get_tty_count
($conf);
1123 $raw .= "lxc.tty = $ttycount\n";
1125 # some init scripts expect a linux terminal (turnkey).
1126 $raw .= "lxc.environment = TERM=linux\n";
1128 my $utsname = $conf->{hostname
} || "CT$vmid";
1129 $raw .= "lxc.utsname = $utsname\n";
1131 my $memory = $conf->{memory
} || 512;
1132 my $swap = $conf->{swap
} // 0;
1134 my $lxcmem = int($memory*1024*1024);
1135 $raw .= "lxc.cgroup.memory.limit_in_bytes = $lxcmem\n";
1137 my $lxcswap = int(($memory + $swap)*1024*1024);
1138 $raw .= "lxc.cgroup.memory.memsw.limit_in_bytes = $lxcswap\n";
1140 if (my $cpulimit = $conf->{cpulimit
}) {
1141 $raw .= "lxc.cgroup.cpu.cfs_period_us = 100000\n";
1142 my $value = int(100000*$cpulimit);
1143 $raw .= "lxc.cgroup.cpu.cfs_quota_us = $value\n";
1146 my $shares = $conf->{cpuunits
} || 1024;
1147 $raw .= "lxc.cgroup.cpu.shares = $shares\n";
1149 my $mountpoint = parse_ct_rootfs
($conf->{rootfs
});
1151 $raw .= "lxc.rootfs = $dir/rootfs\n";
1154 foreach my $k (keys %$conf) {
1155 next if $k !~ m/^net(\d+)$/;
1157 my $d = parse_lxc_network
($conf->{$k});
1159 $raw .= "lxc.network.type = veth\n";
1160 $raw .= "lxc.network.veth.pair = veth${vmid}i${ind}\n";
1161 $raw .= "lxc.network.hwaddr = $d->{hwaddr}\n" if defined($d->{hwaddr
});
1162 $raw .= "lxc.network.name = $d->{name}\n" if defined($d->{name
});
1163 $raw .= "lxc.network.mtu = $d->{mtu}\n" if defined($d->{mtu
});
1166 if (my $lxcconf = $conf->{lxc
}) {
1167 foreach my $entry (@$lxcconf) {
1168 my ($k, $v) = @$entry;
1169 $netcount++ if $k eq 'lxc.network.type';
1170 $raw .= "$k = $v\n";
1174 $raw .= "lxc.network.type = empty\n" if !$netcount;
1176 File
::Path
::mkpath
("$dir/rootfs");
1178 PVE
::Tools
::file_set_contents
("$dir/config", $raw);
1181 # verify and cleanup nameserver list (replace \0 with ' ')
1182 sub verify_nameserver_list
{
1183 my ($nameserver_list) = @_;
1186 foreach my $server (PVE
::Tools
::split_list
($nameserver_list)) {
1187 PVE
::JSONSchema
::pve_verify_ip
($server);
1188 push @list, $server;
1191 return join(' ', @list);
1194 sub verify_searchdomain_list
{
1195 my ($searchdomain_list) = @_;
1198 foreach my $server (PVE
::Tools
::split_list
($searchdomain_list)) {
1199 # todo: should we add checks for valid dns domains?
1200 push @list, $server;
1203 return join(' ', @list);
1206 sub is_volume_in_use
{
1207 my ($config, $volid, $include_snapshots) = @_;
1210 foreach_mountpoint
($config, sub {
1211 my ($ms, $mountpoint) = @_;
1213 if ($mountpoint->{type
} eq 'volume' && $mountpoint->{volume
} eq $volid) {
1218 my $snapshots = $config->{snapshots
};
1219 if ($include_snapshots && $snapshots) {
1220 foreach my $snap (keys %$snapshots) {
1221 $used ||= is_volume_in_use
($snapshots->{$snap}, $volid);
1228 sub add_unused_volume
{
1229 my ($config, $volid) = @_;
1232 for (my $ind = $MAX_UNUSED_DISKS - 1; $ind >= 0; $ind--) {
1233 my $test = "unused$ind";
1234 if (my $vid = $config->{$test}) {
1235 return if $vid eq $volid; # do not add duplicates
1241 die "Too many unused volumes - please delete them first.\n" if !$key;
1243 $config->{$key} = $volid;
1248 sub update_pct_config
{
1249 my ($vmid, $conf, $running, $param, $delete) = @_;
1254 my @deleted_volumes;
1258 my $pid = find_lxc_pid
($vmid);
1259 $rootdir = "/proc/$pid/root";
1262 my $hotplug_error = sub {
1264 push @nohotplug, @_;
1271 if (defined($delete)) {
1272 foreach my $opt (@$delete) {
1273 if (!exists($conf->{$opt})) {
1274 warn "no such option: $opt\n";
1278 if ($opt eq 'hostname' || $opt eq 'memory' || $opt eq 'rootfs') {
1279 die "unable to delete required option '$opt'\n";
1280 } elsif ($opt eq 'swap') {
1281 delete $conf->{$opt};
1282 write_cgroup_value
("memory", $vmid, "memory.memsw.limit_in_bytes", -1);
1283 } elsif ($opt eq 'description' || $opt eq 'onboot' || $opt eq 'startup') {
1284 delete $conf->{$opt};
1285 } elsif ($opt eq 'nameserver' || $opt eq 'searchdomain' ||
1286 $opt eq 'tty' || $opt eq 'console' || $opt eq 'cmode') {
1287 next if $hotplug_error->($opt);
1288 delete $conf->{$opt};
1289 } elsif ($opt =~ m/^net(\d)$/) {
1290 delete $conf->{$opt};
1293 PVE
::Network
::veth_delete
("veth${vmid}i$netid");
1294 } elsif ($opt eq 'protection') {
1295 delete $conf->{$opt};
1296 } elsif ($opt =~ m/^unused(\d+)$/) {
1297 next if $hotplug_error->($opt);
1298 check_protection
($conf, "can't remove CT $vmid drive '$opt'");
1299 push @deleted_volumes, $conf->{$opt};
1300 delete $conf->{$opt};
1301 } elsif ($opt =~ m/^mp(\d+)$/) {
1302 next if $hotplug_error->($opt);
1303 check_protection
($conf, "can't remove CT $vmid drive '$opt'");
1304 my $mp = parse_ct_mountpoint
($conf->{$opt});
1305 delete $conf->{$opt};
1306 if ($mp->{type
} eq 'volume' && !is_volume_in_use
($conf, $mp->{volume
})) {
1307 add_unused_volume
($conf, $mp->{volume
});
1309 } elsif ($opt eq 'unprivileged') {
1310 die "unable to delete read-only option: '$opt'\n";
1312 die "implement me (delete: $opt)"
1314 write_config
($vmid, $conf) if $running;
1318 # There's no separate swap size to configure, there's memory and "total"
1319 # memory (iow. memory+swap). This means we have to change them together.
1320 my $wanted_memory = PVE
::Tools
::extract_param
($param, 'memory');
1321 my $wanted_swap = PVE
::Tools
::extract_param
($param, 'swap');
1322 if (defined($wanted_memory) || defined($wanted_swap)) {
1324 my $old_memory = ($conf->{memory
} || 512);
1325 my $old_swap = ($conf->{swap
} || 0);
1327 $wanted_memory //= $old_memory;
1328 $wanted_swap //= $old_swap;
1330 my $total = $wanted_memory + $wanted_swap;
1332 my $old_total = $old_memory + $old_swap;
1333 if ($total > $old_total) {
1334 write_cgroup_value
("memory", $vmid, "memory.memsw.limit_in_bytes", int($total*1024*1024));
1335 write_cgroup_value
("memory", $vmid, "memory.limit_in_bytes", int($wanted_memory*1024*1024));
1337 write_cgroup_value
("memory", $vmid, "memory.limit_in_bytes", int($wanted_memory*1024*1024));
1338 write_cgroup_value
("memory", $vmid, "memory.memsw.limit_in_bytes", int($total*1024*1024));
1341 $conf->{memory
} = $wanted_memory;
1342 $conf->{swap
} = $wanted_swap;
1344 write_config
($vmid, $conf) if $running;
1347 my $used_volids = {};
1349 foreach my $opt (keys %$param) {
1350 my $value = $param->{$opt};
1351 if ($opt eq 'hostname') {
1352 $conf->{$opt} = $value;
1353 } elsif ($opt eq 'onboot') {
1354 $conf->{$opt} = $value ?
1 : 0;
1355 } elsif ($opt eq 'startup') {
1356 $conf->{$opt} = $value;
1357 } elsif ($opt eq 'tty' || $opt eq 'console' || $opt eq 'cmode') {
1358 next if $hotplug_error->($opt);
1359 $conf->{$opt} = $value;
1360 } elsif ($opt eq 'nameserver') {
1361 next if $hotplug_error->($opt);
1362 my $list = verify_nameserver_list
($value);
1363 $conf->{$opt} = $list;
1364 } elsif ($opt eq 'searchdomain') {
1365 next if $hotplug_error->($opt);
1366 my $list = verify_searchdomain_list
($value);
1367 $conf->{$opt} = $list;
1368 } elsif ($opt eq 'cpulimit') {
1369 next if $hotplug_error->($opt); # FIXME: hotplug
1370 $conf->{$opt} = $value;
1371 } elsif ($opt eq 'cpuunits') {
1372 $conf->{$opt} = $value;
1373 write_cgroup_value
("cpu", $vmid, "cpu.shares", $value);
1374 } elsif ($opt eq 'description') {
1375 $conf->{$opt} = PVE
::Tools
::encode_text
($value);
1376 } elsif ($opt =~ m/^net(\d+)$/) {
1378 my $net = parse_lxc_network
($value);
1380 $conf->{$opt} = print_lxc_network
($net);
1382 update_net
($vmid, $conf, $opt, $net, $netid, $rootdir);
1384 } elsif ($opt eq 'protection') {
1385 $conf->{$opt} = $value ?
1 : 0;
1386 } elsif ($opt =~ m/^mp(\d+)$/) {
1387 next if $hotplug_error->($opt);
1388 check_protection
($conf, "can't update CT $vmid drive '$opt'");
1389 my $old = $conf->{$opt};
1390 $conf->{$opt} = $value;
1391 if (defined($old)) {
1392 my $mp = parse_ct_mountpoint
($old);
1393 if ($mp->{type
} eq 'volume' && !is_volume_in_use
($conf, $mp->{volume
})) {
1394 add_unused_volume
($conf, $mp->{volume
});
1398 my $mp = parse_ct_mountpoint
($value);
1399 $used_volids->{$mp->{volume
}} = 1;
1400 } elsif ($opt eq 'rootfs') {
1401 next if $hotplug_error->($opt);
1402 check_protection
($conf, "can't update CT $vmid drive '$opt'");
1403 my $old = $conf->{$opt};
1404 $conf->{$opt} = $value;
1405 if (defined($old)) {
1406 my $mp = parse_ct_rootfs
($old);
1407 if ($mp->{type
} eq 'volume' && !is_volume_in_use
($conf, $mp->{volume
})) {
1408 add_unused_volume
($conf, $mp->{volume
});
1411 my $mp = parse_ct_rootfs
($value);
1412 $used_volids->{$mp->{volume
}} = 1;
1413 } elsif ($opt eq 'unprivileged') {
1414 die "unable to modify read-only option: '$opt'\n";
1415 } elsif ($opt eq 'ostype') {
1416 next if $hotplug_error->($opt);
1417 $conf->{$opt} = $value;
1419 die "implement me: $opt";
1421 write_config
($vmid, $conf) if $running;
1426 # Remove unused disks after re-adding
1427 foreach my $key (keys %$conf) {
1428 next if $key !~ /^unused\d+/;
1429 my $volid = $conf->{$key};
1430 if ($used_volids->{$volid}) {
1431 delete $conf->{$key};
1435 # Apply deletions and creations of new volumes
1436 if (@deleted_volumes) {
1437 my $storage_cfg = PVE
::Storage
::config
();
1438 foreach my $volume (@deleted_volumes) {
1439 next if $used_volids->{$volume}; # could have been re-added, too
1440 # also check for references in snapshots
1441 next if is_volume_in_use
($conf, $volume, 1);
1442 delete_mountpoint_volume
($storage_cfg, $vmid, $volume);
1447 my $storage_cfg = PVE
::Storage
::config
();
1448 create_disks
($storage_cfg, $vmid, $conf, $conf);
1451 # This should be the last thing we do here
1452 if ($running && scalar(@nohotplug)) {
1453 die "unable to modify " . join(',', @nohotplug) . " while container is running\n";
1457 sub has_dev_console
{
1460 return !(defined($conf->{console
}) && !$conf->{console
});
1466 return $conf->{tty
} // $confdesc->{tty
}->{default};
1472 return $conf->{cmode
} // $confdesc->{cmode
}->{default};
1475 sub get_console_command
{
1476 my ($vmid, $conf) = @_;
1478 my $cmode = get_cmode
($conf);
1480 if ($cmode eq 'console') {
1481 return ['lxc-console', '-n', $vmid, '-t', 0];
1482 } elsif ($cmode eq 'tty') {
1483 return ['lxc-console', '-n', $vmid];
1484 } elsif ($cmode eq 'shell') {
1485 return ['lxc-attach', '--clear-env', '-n', $vmid];
1487 die "internal error";
1491 sub get_primary_ips
{
1494 # return data from net0
1496 return undef if !defined($conf->{net0
});
1497 my $net = parse_lxc_network
($conf->{net0
});
1499 my $ipv4 = $net->{ip
};
1501 if ($ipv4 =~ /^(dhcp|manual)$/) {
1507 my $ipv6 = $net->{ip6
};
1509 if ($ipv6 =~ /^(auto|dhcp|manual)$/) {
1516 return ($ipv4, $ipv6);
1519 sub delete_mountpoint_volume
{
1520 my ($storage_cfg, $vmid, $volume) = @_;
1522 return if classify_mountpoint
($volume) ne 'volume';
1524 my ($vtype, $name, $owner) = PVE
::Storage
::parse_volname
($storage_cfg, $volume);
1525 PVE
::Storage
::vdisk_free
($storage_cfg, $volume) if $vmid == $owner;
1528 sub destroy_lxc_container
{
1529 my ($storage_cfg, $vmid, $conf) = @_;
1531 foreach_mountpoint
($conf, sub {
1532 my ($ms, $mountpoint) = @_;
1533 delete_mountpoint_volume
($storage_cfg, $vmid, $mountpoint->{volume
});
1536 rmdir "/var/lib/lxc/$vmid/rootfs";
1537 unlink "/var/lib/lxc/$vmid/config";
1538 rmdir "/var/lib/lxc/$vmid";
1539 destroy_config
($vmid);
1541 #my $cmd = ['lxc-destroy', '-n', $vmid ];
1542 #PVE::Tools::run_command($cmd);
1545 sub vm_stop_cleanup
{
1546 my ($storage_cfg, $vmid, $conf, $keepActive) = @_;
1551 my $vollist = get_vm_volumes
($conf);
1552 PVE
::Storage
::deactivate_volumes
($storage_cfg, $vollist);
1555 warn $@ if $@; # avoid errors - just warn
1558 my $safe_num_ne = sub {
1561 return 0 if !defined($a) && !defined($b);
1562 return 1 if !defined($a);
1563 return 1 if !defined($b);
1568 my $safe_string_ne = sub {
1571 return 0 if !defined($a) && !defined($b);
1572 return 1 if !defined($a);
1573 return 1 if !defined($b);
1579 my ($vmid, $conf, $opt, $newnet, $netid, $rootdir) = @_;
1581 if ($newnet->{type
} ne 'veth') {
1582 # for when there are physical interfaces
1583 die "cannot update interface of type $newnet->{type}";
1586 my $veth = "veth${vmid}i${netid}";
1587 my $eth = $newnet->{name
};
1589 if (my $oldnetcfg = $conf->{$opt}) {
1590 my $oldnet = parse_lxc_network
($oldnetcfg);
1592 if (&$safe_string_ne($oldnet->{hwaddr
}, $newnet->{hwaddr
}) ||
1593 &$safe_string_ne($oldnet->{name
}, $newnet->{name
})) {
1595 PVE
::Network
::veth_delete
($veth);
1596 delete $conf->{$opt};
1597 write_config
($vmid, $conf);
1599 hotplug_net
($vmid, $conf, $opt, $newnet, $netid);
1601 } elsif (&$safe_string_ne($oldnet->{bridge
}, $newnet->{bridge
}) ||
1602 &$safe_num_ne($oldnet->{tag
}, $newnet->{tag
}) ||
1603 &$safe_num_ne($oldnet->{firewall
}, $newnet->{firewall
})) {
1605 if ($oldnet->{bridge
}) {
1606 PVE
::Network
::tap_unplug
($veth);
1607 foreach (qw(bridge tag firewall)) {
1608 delete $oldnet->{$_};
1610 $conf->{$opt} = print_lxc_network
($oldnet);
1611 write_config
($vmid, $conf);
1614 PVE
::Network
::tap_plug
($veth, $newnet->{bridge
}, $newnet->{tag
}, $newnet->{firewall
}, $newnet->{trunks
});
1615 foreach (qw(bridge tag firewall)) {
1616 $oldnet->{$_} = $newnet->{$_} if $newnet->{$_};
1618 $conf->{$opt} = print_lxc_network
($oldnet);
1619 write_config
($vmid, $conf);
1622 hotplug_net
($vmid, $conf, $opt, $newnet, $netid);
1625 update_ipconfig
($vmid, $conf, $opt, $eth, $newnet, $rootdir);
1629 my ($vmid, $conf, $opt, $newnet, $netid) = @_;
1631 my $veth = "veth${vmid}i${netid}";
1632 my $vethpeer = $veth . "p";
1633 my $eth = $newnet->{name
};
1635 PVE
::Network
::veth_create
($veth, $vethpeer, $newnet->{bridge
}, $newnet->{hwaddr
});
1636 PVE
::Network
::tap_plug
($veth, $newnet->{bridge
}, $newnet->{tag
}, $newnet->{firewall
}, $newnet->{trunks
});
1638 # attach peer in container
1639 my $cmd = ['lxc-device', '-n', $vmid, 'add', $vethpeer, "$eth" ];
1640 PVE
::Tools
::run_command
($cmd);
1642 # link up peer in container
1643 $cmd = ['lxc-attach', '-n', $vmid, '-s', 'NETWORK', '--', '/sbin/ip', 'link', 'set', $eth ,'up' ];
1644 PVE
::Tools
::run_command
($cmd);
1646 my $done = { type
=> 'veth' };
1647 foreach (qw(bridge tag firewall hwaddr name)) {
1648 $done->{$_} = $newnet->{$_} if $newnet->{$_};
1650 $conf->{$opt} = print_lxc_network
($done);
1652 write_config
($vmid, $conf);
1655 sub update_ipconfig
{
1656 my ($vmid, $conf, $opt, $eth, $newnet, $rootdir) = @_;
1658 my $lxc_setup = PVE
::LXC
::Setup-
>new($conf, $rootdir);
1660 my $optdata = parse_lxc_network
($conf->{$opt});
1664 my $cmdargs = shift;
1665 PVE
::Tools
::run_command
(['lxc-attach', '-n', $vmid, '-s', 'NETWORK', '--', @_], %$cmdargs);
1667 my $ipcmd = sub { &$nscmd({}, '/sbin/ip', @_) };
1669 my $change_ip_config = sub {
1670 my ($ipversion) = @_;
1672 my $family_opt = "-$ipversion";
1673 my $suffix = $ipversion == 4 ?
'' : $ipversion;
1674 my $gw= "gw$suffix";
1675 my $ip= "ip$suffix";
1677 my $newip = $newnet->{$ip};
1678 my $newgw = $newnet->{$gw};
1679 my $oldip = $optdata->{$ip};
1681 my $change_ip = &$safe_string_ne($oldip, $newip);
1682 my $change_gw = &$safe_string_ne($optdata->{$gw}, $newgw);
1684 return if !$change_ip && !$change_gw;
1686 # step 1: add new IP, if this fails we cancel
1687 my $is_real_ip = ($newip && $newip !~ /^(?:auto|dhcp|manual)$/);
1688 if ($change_ip && $is_real_ip) {
1689 eval { &$ipcmd($family_opt, 'addr', 'add', $newip, 'dev', $eth); };
1696 # step 2: replace gateway
1697 # If this fails we delete the added IP and cancel.
1698 # If it succeeds we save the config and delete the old IP, ignoring
1699 # errors. The config is then saved.
1700 # Note: 'ip route replace' can add
1704 if ($is_real_ip && !PVE
::Network
::is_ip_in_cidr
($newgw, $newip, $ipversion)) {
1705 &$ipcmd($family_opt, 'route', 'add', $newgw, 'dev', $eth);
1707 &$ipcmd($family_opt, 'route', 'replace', 'default', 'via', $newgw);
1711 # the route was not replaced, the old IP is still available
1712 # rollback (delete new IP) and cancel
1714 eval { &$ipcmd($family_opt, 'addr', 'del', $newip, 'dev', $eth); };
1715 warn $@ if $@; # no need to die here
1720 eval { &$ipcmd($family_opt, 'route', 'del', 'default'); };
1721 # if the route was not deleted, the guest might have deleted it manually
1727 # from this point on we save the configuration
1728 # step 3: delete old IP ignoring errors
1729 if ($change_ip && $oldip && $oldip !~ /^(?:auto|dhcp)$/) {
1730 # We need to enable promote_secondaries, otherwise our newly added
1731 # address will be removed along with the old one.
1734 if ($ipversion == 4) {
1735 &$nscmd({ outfunc
=> sub { $promote = int(shift) } },
1736 'cat', "/proc/sys/net/ipv4/conf/$eth/promote_secondaries");
1737 &$nscmd({}, 'sysctl', "net.ipv4.conf.$eth.promote_secondaries=1");
1739 &$ipcmd($family_opt, 'addr', 'del', $oldip, 'dev', $eth);
1741 warn $@ if $@; # no need to die here
1743 if ($ipversion == 4) {
1744 &$nscmd({}, 'sysctl', "net.ipv4.conf.$eth.promote_secondaries=$promote");
1748 foreach my $property ($ip, $gw) {
1749 if ($newnet->{$property}) {
1750 $optdata->{$property} = $newnet->{$property};
1752 delete $optdata->{$property};
1755 $conf->{$opt} = print_lxc_network
($optdata);
1756 write_config
($vmid, $conf);
1757 $lxc_setup->setup_network($conf);
1760 &$change_ip_config(4);
1761 &$change_ip_config(6);
1765 # Internal snapshots
1767 # NOTE: Snapshot create/delete involves several non-atomic
1768 # actions, and can take a long time.
1769 # So we try to avoid locking the file and use the 'lock' variable
1770 # inside the config file instead.
1772 my $snapshot_copy_config = sub {
1773 my ($source, $dest) = @_;
1775 foreach my $k (keys %$source) {
1776 next if $k eq 'snapshots';
1777 next if $k eq 'snapstate';
1778 next if $k eq 'snaptime';
1779 next if $k eq 'vmstate';
1780 next if $k eq 'lock';
1781 next if $k eq 'digest';
1782 next if $k eq 'description';
1783 next if $k =~ m/^unused\d+$/;
1785 $dest->{$k} = $source->{$k};
1789 my $snapshot_apply_config = sub {
1790 my ($conf, $snap) = @_;
1792 # copy snapshot list
1794 snapshots
=> $conf->{snapshots
},
1797 # keep description and list of unused disks
1798 foreach my $k (keys %$conf) {
1799 next if !($k =~ m/^unused\d+$/ || $k eq 'description');
1800 $newconf->{$k} = $conf->{$k};
1803 &$snapshot_copy_config($snap, $newconf);
1808 sub snapshot_save_vmstate
{
1809 die "implement me - snapshot_save_vmstate\n";
1812 sub snapshot_prepare
{
1813 my ($vmid, $snapname, $save_vmstate, $comment) = @_;
1817 my $updatefn = sub {
1819 my $conf = load_config
($vmid);
1821 die "you can't take a snapshot if it's a template\n"
1822 if is_template
($conf);
1826 $conf->{lock} = 'snapshot';
1828 die "snapshot name '$snapname' already used\n"
1829 if defined($conf->{snapshots
}->{$snapname});
1831 my $storecfg = PVE
::Storage
::config
();
1832 die "snapshot feature is not available\n"
1833 if !has_feature
('snapshot', $conf, $storecfg, undef, undef, $snapname eq 'vzdump');
1835 $snap = $conf->{snapshots
}->{$snapname} = {};
1837 if ($save_vmstate && check_running
($vmid)) {
1838 snapshot_save_vmstate
($vmid, $conf, $snapname, $storecfg);
1841 &$snapshot_copy_config($conf, $snap);
1843 $snap->{snapstate
} = "prepare";
1844 $snap->{snaptime
} = time();
1845 $snap->{description
} = $comment if $comment;
1847 write_config
($vmid, $conf);
1850 lock_config
($vmid, $updatefn);
1855 sub snapshot_commit
{
1856 my ($vmid, $snapname) = @_;
1858 my $updatefn = sub {
1860 my $conf = load_config
($vmid);
1862 die "missing snapshot lock\n"
1863 if !($conf->{lock} && $conf->{lock} eq 'snapshot');
1865 my $snap = $conf->{snapshots
}->{$snapname};
1866 die "snapshot '$snapname' does not exist\n" if !defined($snap);
1868 die "wrong snapshot state\n"
1869 if !($snap->{snapstate
} && $snap->{snapstate
} eq "prepare");
1871 delete $snap->{snapstate
};
1872 delete $conf->{lock};
1874 my $newconf = &$snapshot_apply_config($conf, $snap);
1876 $newconf->{parent
} = $snapname;
1878 write_config
($vmid, $newconf);
1881 lock_config
($vmid, $updatefn);
1885 my ($feature, $conf, $storecfg, $snapname, $running, $backup_only) = @_;
1889 foreach_mountpoint
($conf, sub {
1890 my ($ms, $mountpoint) = @_;
1892 return if $err; # skip further test
1893 return if $backup_only && $ms ne 'rootfs' && !$mountpoint->{backup
};
1895 $err = 1 if !PVE
::Storage
::volume_has_feature
($storecfg, $feature, $mountpoint->{volume
}, $snapname, $running);
1898 return $err ?
0 : 1;
1901 my $enter_namespace = sub {
1902 my ($vmid, $pid, $which, $type) = @_;
1903 sysopen my $fd, "/proc/$pid/ns/$which", O_RDONLY
1904 or die "failed to open $which namespace of container $vmid: $!\n";
1905 PVE
::Tools
::setns
(fileno($fd), $type)
1906 or die "failed to enter $which namespace of container $vmid: $!\n";
1910 my $do_syncfs = sub {
1911 my ($vmid, $pid, $socket) = @_;
1913 &$enter_namespace($vmid, $pid, 'mnt', PVE
::Tools
::CLONE_NEWNS
);
1915 # Tell the parent process to start reading our /proc/mounts
1916 print {$socket} "go\n";
1919 # Receive /proc/self/mounts
1920 my $mountdata = do { local $/ = undef; <$socket> };
1923 # Now sync all mountpoints...
1924 my $mounts = PVE
::ProcFSTools
::parse_mounts
($mountdata);
1925 foreach my $mp (@$mounts) {
1926 my ($what, $dir, $fs) = @$mp;
1927 next if $fs eq 'fuse.lxcfs';
1928 eval { PVE
::Tools
::sync_mountpoint
($dir); };
1933 sub sync_container_namespace
{
1935 my $pid = find_lxc_pid
($vmid);
1937 # SOCK_DGRAM is nicer for barriers but cannot be slurped
1938 socketpair my $pfd, my $cfd, AF_UNIX
, SOCK_STREAM
, PF_UNSPEC
1939 or die "failed to create socketpair: $!\n";
1942 die "fork failed: $!\n" if !defined($child);
1947 &$do_syncfs($vmid, $pid, $cfd);
1957 die "failed to enter container namespace\n" if $go ne "go\n";
1959 open my $mounts, '<', "/proc/$child/mounts"
1960 or die "failed to open container's /proc/mounts: $!\n";
1961 my $mountdata = do { local $/ = undef; <$mounts> };
1963 print {$pfd} $mountdata;
1966 while (waitpid($child, 0) != $child) {}
1967 die "failed to sync container namespace\n" if $? != 0;
1970 sub check_freeze_needed
{
1971 my ($vmid, $config, $save_vmstate) = @_;
1973 my $ret = check_running
($vmid);
1974 return ($ret, $ret);
1977 sub snapshot_create
{
1978 my ($vmid, $snapname, $save_vmstate, $comment) = @_;
1980 my $snap = snapshot_prepare
($vmid, $snapname, $save_vmstate, $comment);
1982 $save_vmstate = 0 if !$snap->{vmstate
};
1984 my $conf = load_config
($vmid);
1986 my ($running, $freezefs) = check_freeze_needed
($vmid, $conf, $snap->{vmstate
});
1992 PVE
::Tools
::run_command
(['/usr/bin/lxc-freeze', '-n', $vmid]);
1993 sync_container_namespace
($vmid);
1996 my $storecfg = PVE
::Storage
::config
();
1997 foreach_mountpoint
($conf, sub {
1998 my ($ms, $mountpoint) = @_;
2000 return if $snapname eq 'vzdump' && $ms ne 'rootfs' && !$mountpoint->{backup
};
2001 PVE
::Storage
::volume_snapshot
($storecfg, $mountpoint->{volume
}, $snapname);
2002 $drivehash->{$ms} = 1;
2009 eval { PVE
::Tools
::run_command
(['/usr/bin/lxc-unfreeze', '-n', $vmid]); };
2015 warn "snapshot create failed: starting cleanup\n";
2016 eval { snapshot_delete
($vmid, $snapname, 1, $drivehash); };
2021 snapshot_commit
($vmid, $snapname);
2024 # Note: $drivehash is only set when called from snapshot_create.
2025 sub snapshot_delete
{
2026 my ($vmid, $snapname, $force, $drivehash) = @_;
2033 my $unlink_parent = sub {
2034 my ($confref, $new_parent) = @_;
2036 if ($confref->{parent
} && $confref->{parent
} eq $snapname) {
2038 $confref->{parent
} = $new_parent;
2040 delete $confref->{parent
};
2045 my $updatefn = sub {
2046 my ($remove_drive) = @_;
2048 my $conf = load_config
($vmid);
2052 die "you can't delete a snapshot if vm is a template\n"
2053 if is_template
($conf);
2056 $snap = $conf->{snapshots
}->{$snapname};
2058 die "snapshot '$snapname' does not exist\n" if !defined($snap);
2060 # remove parent refs
2062 &$unlink_parent($conf, $snap->{parent
});
2063 foreach my $sn (keys %{$conf->{snapshots
}}) {
2064 next if $sn eq $snapname;
2065 &$unlink_parent($conf->{snapshots
}->{$sn}, $snap->{parent
});
2069 if ($remove_drive) {
2070 if ($remove_drive eq 'vmstate') {
2071 die "implement me - saving vmstate\n";
2073 my $value = $snap->{$remove_drive};
2074 my $mountpoint = $remove_drive eq 'rootfs' ? parse_ct_rootfs
($value, 1) : parse_ct_mountpoint
($value, 1);
2075 delete $snap->{$remove_drive};
2076 add_unused_volume
($snap, $mountpoint->{volume
})
2077 if (!is_volume_in_use
($snap, $mountpoint->{volume
}));
2082 $snap->{snapstate
} = 'delete';
2084 delete $conf->{snapshots
}->{$snapname};
2085 delete $conf->{lock} if $drivehash;
2086 foreach my $volid (@$unused) {
2087 add_unused_volume
($conf, $volid)
2088 if (!is_volume_in_use
($conf, $volid));
2092 write_config
($vmid, $conf);
2095 lock_config
($vmid, $updatefn);
2097 # now remove vmstate file
2098 # never set for LXC!
2099 my $storecfg = PVE
::Storage
::config
();
2101 if ($snap->{vmstate
}) {
2102 die "implement me - saving vmstate\n";
2105 # now remove all volume snapshots
2106 foreach_mountpoint
($snap, sub {
2107 my ($ms, $mountpoint) = @_;
2109 return if $snapname eq 'vzdump' && $ms ne 'rootfs' && !$mountpoint->{backup
};
2110 if (!$drivehash || $drivehash->{$ms}) {
2111 eval { PVE
::Storage
::volume_snapshot_delete
($storecfg, $mountpoint->{volume
}, $snapname); };
2113 die $err if !$force;
2118 # save changes (remove mp from snapshot)
2119 lock_config
($vmid, $updatefn, $ms) if !$force;
2120 push @$unused, $mountpoint->{volume
};
2123 # now cleanup config
2125 lock_config
($vmid, $updatefn);
2128 sub snapshot_rollback
{
2129 my ($vmid, $snapname) = @_;
2133 my $storecfg = PVE
::Storage
::config
();
2135 my $conf = load_config
($vmid);
2137 my $get_snapshot_config = sub {
2139 die "you can't rollback if vm is a template\n" if is_template
($conf);
2141 my $res = $conf->{snapshots
}->{$snapname};
2143 die "snapshot '$snapname' does not exist\n" if !defined($res);
2148 my $snap = &$get_snapshot_config();
2150 foreach_mountpoint
($snap, sub {
2151 my ($ms, $mountpoint) = @_;
2153 PVE
::Storage
::volume_rollback_is_possible
($storecfg, $mountpoint->{volume
}, $snapname);
2156 my $updatefn = sub {
2158 $conf = load_config
($vmid);
2160 $snap = &$get_snapshot_config();
2162 die "unable to rollback to incomplete snapshot (snapstate = $snap->{snapstate})\n"
2163 if $snap->{snapstate
};
2167 PVE
::Tools
::run_command
(['/usr/bin/lxc-stop', '-n', $vmid, '--kill'])
2168 if check_running
($vmid);
2171 die "unable to rollback vm $vmid: vm is running\n"
2172 if check_running
($vmid);
2175 $conf->{lock} = 'rollback';
2177 die "got wrong lock\n" if !($conf->{lock} && $conf->{lock} eq 'rollback');
2178 delete $conf->{lock};
2184 # copy snapshot config to current config
2185 $conf = &$snapshot_apply_config($conf, $snap);
2186 $conf->{parent
} = $snapname;
2189 write_config
($vmid, $conf);
2191 if (!$prepare && $snap->{vmstate
}) {
2192 die "implement me - save vmstate\n";
2196 lock_config
($vmid, $updatefn);
2198 foreach_mountpoint
($snap, sub {
2199 my ($ms, $mountpoint) = @_;
2201 PVE
::Storage
::volume_snapshot_rollback
($storecfg, $mountpoint->{volume
}, $snapname);
2205 lock_config
($vmid, $updatefn);
2208 sub template_create
{
2209 my ($vmid, $conf) = @_;
2211 my $storecfg = PVE
::Storage
::config
();
2213 my $rootinfo = parse_ct_rootfs
($conf->{rootfs
});
2214 my $volid = $rootinfo->{volume
};
2216 die "Template feature is not available for '$volid'\n"
2217 if !PVE
::Storage
::volume_has_feature
($storecfg, 'template', $volid);
2219 PVE
::Storage
::activate_volumes
($storecfg, [$volid]);
2221 my $template_volid = PVE
::Storage
::vdisk_create_base
($storecfg, $volid);
2222 $rootinfo->{volume
} = $template_volid;
2223 $conf->{rootfs
} = print_ct_mountpoint
($rootinfo, 1);
2225 write_config
($vmid, $conf);
2231 return 1 if defined $conf->{template
} && $conf->{template
} == 1;
2234 sub mountpoint_names
{
2237 my @names = ('rootfs');
2239 for (my $i = 0; $i < $MAX_MOUNT_POINTS; $i++) {
2240 push @names, "mp$i";
2243 return $reverse ?
reverse @names : @names;
2247 sub foreach_mountpoint_full
{
2248 my ($conf, $reverse, $func) = @_;
2250 foreach my $key (mountpoint_names
($reverse)) {
2251 my $value = $conf->{$key};
2252 next if !defined($value);
2253 my $mountpoint = $key eq 'rootfs' ? parse_ct_rootfs
($value, 1) : parse_ct_mountpoint
($value, 1);
2254 next if !defined($mountpoint);
2256 &$func($key, $mountpoint);
2260 sub foreach_mountpoint
{
2261 my ($conf, $func) = @_;
2263 foreach_mountpoint_full
($conf, 0, $func);
2266 sub foreach_mountpoint_reverse
{
2267 my ($conf, $func) = @_;
2269 foreach_mountpoint_full
($conf, 1, $func);
2272 sub check_ct_modify_config_perm
{
2273 my ($rpcenv, $authuser, $vmid, $pool, $newconf, $delete) = @_;
2275 return 1 if $authuser eq 'root@pam';
2278 my ($opt, $delete) = @_;
2279 if ($opt eq 'cpus' || $opt eq 'cpuunits' || $opt eq 'cpulimit') {
2280 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.CPU']);
2281 } elsif ($opt eq 'rootfs' || $opt =~ /^mp\d+$/) {
2282 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Disk']);
2284 my $data = $opt eq 'rootfs' ? parse_ct_rootfs
($newconf->{$opt})
2285 : parse_ct_mountpoint
($newconf->{$opt});
2286 raise_perm_exc
("mountpoint type $data->{type}") if $data->{type
} ne 'volume';
2287 } elsif ($opt eq 'memory' || $opt eq 'swap') {
2288 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Memory']);
2289 } elsif ($opt =~ m/^net\d+$/ || $opt eq 'nameserver' ||
2290 $opt eq 'searchdomain' || $opt eq 'hostname') {
2291 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Network']);
2293 $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
2297 foreach my $opt (keys %$newconf) {
2300 foreach my $opt (@$delete) {
2308 my ($vmid, $storage_cfg, $conf, $noerr) = @_;
2310 my $rootdir = "/var/lib/lxc/$vmid/rootfs";
2311 my $volid_list = get_vm_volumes
($conf);
2313 foreach_mountpoint_reverse
($conf, sub {
2314 my ($ms, $mountpoint) = @_;
2316 my $volid = $mountpoint->{volume
};
2317 my $mount = $mountpoint->{mp
};
2319 return if !$volid || !$mount;
2321 my $mount_path = "$rootdir/$mount";
2322 $mount_path =~ s!/+!/!g;
2324 return if !PVE
::ProcFSTools
::is_mounted
($mount_path);
2327 PVE
::Tools
::run_command
(['umount', '-d', $mount_path]);
2340 my ($vmid, $storage_cfg, $conf) = @_;
2342 my $rootdir = "/var/lib/lxc/$vmid/rootfs";
2343 File
::Path
::make_path
($rootdir);
2345 my $volid_list = get_vm_volumes
($conf);
2346 PVE
::Storage
::activate_volumes
($storage_cfg, $volid_list);
2349 foreach_mountpoint
($conf, sub {
2350 my ($ms, $mountpoint) = @_;
2352 mountpoint_mount
($mountpoint, $rootdir, $storage_cfg);
2356 warn "mounting container failed\n";
2357 umount_all
($vmid, $storage_cfg, $conf, 1);
2365 sub mountpoint_mount_path
{
2366 my ($mountpoint, $storage_cfg, $snapname) = @_;
2368 return mountpoint_mount
($mountpoint, undef, $storage_cfg, $snapname);
2371 my $check_mount_path = sub {
2373 $path = File
::Spec-
>canonpath($path);
2374 my $real = Cwd
::realpath
($path);
2375 if ($real ne $path) {
2376 die "mount path modified by symlink: $path != $real";
2385 if ($line =~ m
@^(/dev/loop\d
+):@) {
2389 my $cmd = ['losetup', '--associated', $path];
2390 PVE
::Tools
::run_command
($cmd, outfunc
=> $parser);
2394 # Run a function with a file attached to a loop device.
2395 # The loop device is always detached afterwards (or set to autoclear).
2396 # Returns the loop device.
2397 sub run_with_loopdev
{
2398 my ($func, $file) = @_;
2399 my $device = query_loopdev
($file);
2400 # Try to reuse an existing device
2402 # We assume that whoever setup the loop device is responsible for
2410 if ($line =~ m
@^(/dev/loop\d
+)$@) {
2414 PVE
::Tools
::run_command
(['losetup', '--show', '-f', $file], outfunc
=> $parser);
2415 die "failed to setup loop device for $file\n" if !$device;
2416 eval { &$func($device); };
2418 PVE
::Tools
::run_command
(['losetup', '-d', $device]);
2424 my ($dir, $dest, $ro, @extra_opts) = @_;
2425 PVE
::Tools
::run_command
(['mount', '-o', 'bind', @extra_opts, $dir, $dest]);
2427 eval { PVE
::Tools
::run_command
(['mount', '-o', 'bind,remount,ro', $dest]); };
2429 warn "bindmount error\n";
2430 # don't leave writable bind-mounts behind...
2431 PVE
::Tools
::run_command
(['umount', $dest]);
2437 # use $rootdir = undef to just return the corresponding mount path
2438 sub mountpoint_mount
{
2439 my ($mountpoint, $rootdir, $storage_cfg, $snapname) = @_;
2441 my $volid = $mountpoint->{volume
};
2442 my $mount = $mountpoint->{mp
};
2443 my $type = $mountpoint->{type
};
2444 my $quota = !$snapname && !$mountpoint->{ro
} && $mountpoint->{quota
};
2447 return if !$volid || !$mount;
2451 if (defined($rootdir)) {
2452 $rootdir =~ s!/+$!!;
2453 $mount_path = "$rootdir/$mount";
2454 $mount_path =~ s!/+!/!g;
2455 &$check_mount_path($mount_path);
2456 File
::Path
::mkpath
($mount_path);
2459 my ($storage, $volname) = PVE
::Storage
::parse_volume_id
($volid, 1);
2461 die "unknown snapshot path for '$volid'" if !$storage && defined($snapname);
2464 if (defined($mountpoint->{acl
})) {
2465 $optstring .= ($mountpoint->{acl
} ?
'acl' : 'noacl');
2467 my $readonly = $mountpoint->{ro
};
2469 my @extra_opts = ('-o', $optstring);
2473 my $scfg = PVE
::Storage
::storage_config
($storage_cfg, $storage);
2474 my $path = PVE
::Storage
::path
($storage_cfg, $volid, $snapname);
2476 my ($vtype, undef, undef, undef, undef, $isBase, $format) =
2477 PVE
::Storage
::parse_volname
($storage_cfg, $volid);
2479 $format = 'iso' if $vtype eq 'iso'; # allow to handle iso files
2481 if ($format eq 'subvol') {
2484 if ($scfg->{type
} eq 'zfspool') {
2485 my $path_arg = $path;
2486 $path_arg =~ s!^/+!!;
2487 PVE
::Tools
::run_command
(['mount', '-o', 'ro', @extra_opts, '-t', 'zfs', $path_arg, $mount_path]);
2489 die "cannot mount subvol snapshots for storage type '$scfg->{type}'\n";
2492 bindmount
($path, $mount_path, $readonly, @extra_opts);
2493 warn "cannot enable quota control for bind mounted subvolumes\n" if $quota;
2496 return wantarray ?
($path, 0, $mounted_dev) : $path;
2497 } elsif ($format eq 'raw' || $format eq 'iso') {
2501 if ($format eq 'iso') {
2502 PVE
::Tools
::run_command
(['mount', '-o', 'ro', @extra_opts, $path, $mount_path]);
2503 } elsif ($isBase || defined($snapname)) {
2504 PVE
::Tools
::run_command
(['mount', '-o', 'ro,noload', @extra_opts, $path, $mount_path]);
2507 push @extra_opts, '-o', 'usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0';
2509 push @extra_opts, '-o', 'ro' if $readonly;
2510 PVE
::Tools
::run_command
(['mount', @extra_opts, $path, $mount_path]);
2514 my $use_loopdev = 0;
2515 if ($scfg->{path
}) {
2516 $mounted_dev = run_with_loopdev
($domount, $path);
2518 } elsif ($scfg->{type
} eq 'drbd' || $scfg->{type
} eq 'lvm' ||
2519 $scfg->{type
} eq 'rbd' || $scfg->{type
} eq 'lvmthin') {
2520 $mounted_dev = $path;
2523 die "unsupported storage type '$scfg->{type}'\n";
2525 return wantarray ?
($path, $use_loopdev, $mounted_dev) : $path;
2527 die "unsupported image format '$format'\n";
2529 } elsif ($type eq 'device') {
2530 push @extra_opts, '-o', 'ro' if $readonly;
2531 PVE
::Tools
::run_command
(['mount', @extra_opts, $volid, $mount_path]) if $mount_path;
2532 return wantarray ?
($volid, 0, $volid) : $volid;
2533 } elsif ($type eq 'bind') {
2534 die "directory '$volid' does not exist\n" if ! -d
$volid;
2535 &$check_mount_path($volid);
2536 bindmount
($volid, $mount_path, $readonly, @extra_opts) if $mount_path;
2537 warn "cannot enable quota control for bind mounts\n" if $quota;
2538 return wantarray ?
($volid, 0, undef) : $volid;
2541 die "unsupported storage";
2544 sub get_vm_volumes
{
2545 my ($conf, $excludes) = @_;
2549 foreach_mountpoint
($conf, sub {
2550 my ($ms, $mountpoint) = @_;
2552 return if $excludes && $ms eq $excludes;
2554 my $volid = $mountpoint->{volume
};
2556 return if !$volid || $mountpoint->{type
} ne 'volume';
2558 my ($sid, $volname) = PVE
::Storage
::parse_volume_id
($volid, 1);
2561 push @$vollist, $volid;
2568 my ($dev, $rootuid, $rootgid) = @_;
2570 PVE
::Tools
::run_command
(['mkfs.ext4', '-O', 'mmp',
2571 '-E', "root_owner=$rootuid:$rootgid",
2576 my ($storage_cfg, $volid, $rootuid, $rootgid) = @_;
2578 if ($volid =~ m!^/dev/.+!) {
2583 my ($storage, $volname) = PVE
::Storage
::parse_volume_id
($volid, 1);
2585 die "cannot format volume '$volid' with no storage\n" if !$storage;
2587 PVE
::Storage
::activate_volumes
($storage_cfg, [$volid]);
2589 my $path = PVE
::Storage
::path
($storage_cfg, $volid);
2591 my ($vtype, undef, undef, undef, undef, $isBase, $format) =
2592 PVE
::Storage
::parse_volname
($storage_cfg, $volid);
2594 die "cannot format volume '$volid' (format == $format)\n"
2595 if $format ne 'raw';
2597 mkfs
($path, $rootuid, $rootgid);
2601 my ($storecfg, $vollist) = @_;
2603 foreach my $volid (@$vollist) {
2604 eval { PVE
::Storage
::vdisk_free
($storecfg, $volid); };
2610 my ($storecfg, $vmid, $settings, $conf) = @_;
2615 my (undef, $rootuid, $rootgid) = PVE
::LXC
::parse_id_maps
($conf);
2616 my $chown_vollist = [];
2618 foreach_mountpoint
($settings, sub {
2619 my ($ms, $mountpoint) = @_;
2621 my $volid = $mountpoint->{volume
};
2622 my $mp = $mountpoint->{mp
};
2624 my ($storage, $volname) = PVE
::Storage
::parse_volume_id
($volid, 1);
2626 if ($storage && ($volid =~ m/^([^:\s]+):(\d+(\.\d+)?)$/)) {
2627 my ($storeid, $size_gb) = ($1, $2);
2629 my $size_kb = int(${size_gb
}*1024) * 1024;
2631 my $scfg = PVE
::Storage
::storage_config
($storecfg, $storage);
2632 # fixme: use better naming ct-$vmid-disk-X.raw?
2634 if ($scfg->{type
} eq 'dir' || $scfg->{type
} eq 'nfs') {
2636 $volid = PVE
::Storage
::vdisk_alloc
($storecfg, $storage, $vmid, 'raw',
2638 format_disk
($storecfg, $volid, $rootuid, $rootgid);
2640 $volid = PVE
::Storage
::vdisk_alloc
($storecfg, $storage, $vmid, 'subvol',
2642 push @$chown_vollist, $volid;
2644 } elsif ($scfg->{type
} eq 'zfspool') {
2646 $volid = PVE
::Storage
::vdisk_alloc
($storecfg, $storage, $vmid, 'subvol',
2648 push @$chown_vollist, $volid;
2649 } elsif ($scfg->{type
} eq 'drbd' || $scfg->{type
} eq 'lvm' || $scfg->{type
} eq 'lvmthin') {
2651 $volid = PVE
::Storage
::vdisk_alloc
($storecfg, $storage, $vmid, 'raw', undef, $size_kb);
2652 format_disk
($storecfg, $volid, $rootuid, $rootgid);
2654 } elsif ($scfg->{type
} eq 'rbd') {
2656 die "krbd option must be enabled on storage type '$scfg->{type}'\n" if !$scfg->{krbd
};
2657 $volid = PVE
::Storage
::vdisk_alloc
($storecfg, $storage, $vmid, 'raw', undef, $size_kb);
2658 format_disk
($storecfg, $volid, $rootuid, $rootgid);
2660 die "unable to create containers on storage type '$scfg->{type}'\n";
2662 push @$vollist, $volid;
2663 $mountpoint->{volume
} = $volid;
2664 $mountpoint->{size
} = $size_kb * 1024;
2665 $conf->{$ms} = print_ct_mountpoint
($mountpoint, $ms eq 'rootfs');
2667 # use specified/existing volid/dir/device
2668 $conf->{$ms} = print_ct_mountpoint
($mountpoint, $ms eq 'rootfs');
2672 PVE
::Storage
::activate_volumes
($storecfg, $chown_vollist, undef);
2673 foreach my $volid (@$chown_vollist) {
2674 my $path = PVE
::Storage
::path
($storecfg, $volid, undef);
2675 chown($rootuid, $rootgid, $path);
2677 PVE
::Storage
::deactivate_volumes
($storecfg, $chown_vollist, undef);
2679 # free allocated images on error
2681 destroy_disks
($storecfg, $vollist);
2687 # bash completion helper
2689 sub complete_os_templates
{
2690 my ($cmdname, $pname, $cvalue) = @_;
2692 my $cfg = PVE
::Storage
::config
();
2696 if ($cvalue =~ m/^([^:]+):/) {
2700 my $vtype = $cmdname eq 'restore' ?
'backup' : 'vztmpl';
2701 my $data = PVE
::Storage
::template_list
($cfg, $storeid, $vtype);
2704 foreach my $id (keys %$data) {
2705 foreach my $item (@{$data->{$id}}) {
2706 push @$res, $item->{volid
} if defined($item->{volid
});
2713 my $complete_ctid_full = sub {
2716 my $idlist = vmstatus
();
2718 my $active_hash = list_active_containers
();
2722 foreach my $id (keys %$idlist) {
2723 my $d = $idlist->{$id};
2724 if (defined($running)) {
2725 next if $d->{template
};
2726 next if $running && !$active_hash->{$id};
2727 next if !$running && $active_hash->{$id};
2736 return &$complete_ctid_full();
2739 sub complete_ctid_stopped
{
2740 return &$complete_ctid_full(0);
2743 sub complete_ctid_running
{
2744 return &$complete_ctid_full(1);
2754 my $lxc = $conf->{lxc
};
2755 foreach my $entry (@$lxc) {
2756 my ($key, $value) = @$entry;
2757 next if $key ne 'lxc.id_map';
2758 if ($value =~ /^([ug])\s+(\d+)\s+(\d+)\s+(\d+)\s*$/) {
2759 my ($type, $ct, $host, $length) = ($1, $2, $3, $4);
2760 push @$id_map, [$type, $ct, $host, $length];
2762 $rootuid = $host if $type eq 'u';
2763 $rootgid = $host if $type eq 'g';
2766 die "failed to parse id_map: $value\n";
2770 if (!@$id_map && $conf->{unprivileged
}) {
2771 # Should we read them from /etc/subuid?
2772 $id_map = [ ['u', '0', '100000', '65536'],
2773 ['g', '0', '100000', '65536'] ];
2774 $rootuid = $rootgid = 100000;
2777 return ($id_map, $rootuid, $rootgid);
2780 sub userns_command
{
2783 return ['lxc-usernsexec', (map { ('-m', join(':', @$_)) } @$id_map), '--'];
2789 my ($vmid, $lock) = @_;
2791 lock_config
($vmid, sub {
2792 $conf = load_config
($vmid);
2794 $conf->{lock} = $lock;
2795 write_config
($vmid, $conf);
2801 my ($vmid, $lock) = @_;
2802 lock_config
($vmid, sub {
2803 my $conf = load_config
($vmid);
2804 if (!$conf->{lock}) {
2805 die "no lock found trying to remove lock '$lock'\n";
2806 } elsif (defined($lock) && $conf->{lock} ne $lock) {
2807 die "found lock '$conf->{lock}' trying to remove lock '$lock'\n";
2809 delete $conf->{lock};
2810 write_config
($vmid, $conf);
projects / pve-container.git / blob