add pre- start/stop hookscript to containers

this adds the config (hookscript) and executes it on four points in
time for the container:

'pre-start'
'post-start'
'pre-stop'
'post-stop'

on pre-start we abort if the script fails and pre-stop will not be
called if the vm crashes or if the vm gets powered off from inside
the guest

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 450a4e55ffa81c77d72513d66e905033ba16a0fe..8f560c5708901037ac6ebe4b755e0b1f9b66a5fd 100644 (file)
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -26,6 +26,7 @@ use PVE::AccessControl;
 use PVE::ProcFSTools;
 use PVE::Syscall;
 use PVE::LXC::Config;
+use PVE::GuestHelpers;
 
 use Time::HiRes qw (gettimeofday);
 
@@ -1111,6 +1112,9 @@ sub check_ct_modify_config_perm {
        } elsif ($opt eq 'features') {
            # For now this is restricted to root@pam
            raise_perm_exc("changing feature flags is only allowed for root\@pam");
+       } elsif ($opt eq 'hookscript') {
+           # For now this is restricted to root@pam
+           raise_perm_exc("changing the hookscript is only allowed for root\@pam");
        } else {
            $rpcenv->check_vm_perm($authuser, $vmid, $pool, ['VM.Config.Options']);
        }
@@ -1913,11 +1917,13 @@ sub vm_start {
 
     my $cmd = ['systemctl', 'start', "pve-container\@$vmid"];
 
+    PVE::GuestHelpers::exec_hookscript($conf, $vmid, 'pre-start', 1);
     eval { PVE::Tools::run_command($cmd); };
     if (my $err = $@) {
        unlink $skiplock_flag_fn;
        die $err;
     }
+    PVE::GuestHelpers::exec_hookscript($conf, $vmid, 'post-start');
 
     return;
 }
@@ -1940,6 +1946,9 @@ sub vm_stop {
        die "failed to open container ${vmid}'s command socket: $!\n";
     }
 
+    my $conf = PVE::LXC::Config->load_config($vmid);
+    PVE::GuestHelpers::exec_hookscript($conf, $vmid, 'pre-stop');
+
     # Stop the container:
 
     my $cmd = ['lxc-stop', '-n', $vmid];

diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 061ec8e0702ff983d6002eca72c8387b1c2af7d1..7274e3a3b889c945b492c3e30f102f35164c37ee 100644 (file)
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -5,6 +5,7 @@ use warnings;
 
 use PVE::AbstractConfig;
 use PVE::Cluster qw(cfs_register_file);
+use PVE::GuestHelpers;
 use PVE::INotify;
 use PVE::JSONSchema qw(get_standard_option);
 use PVE::Tools;
@@ -457,6 +458,12 @@ my $confdesc = {
        format => $features_desc,
        description => "Allow containers access to advanced features.",
     },
+    hookscript => {
+       optional => 1,
+       type => 'string',
+       format => 'pve-volume-id',
+       description => 'Script that will be exectued during various steps in the containers lifetime.',
+    },
 };
 
 my $valid_lxc_conf_keys = {
@@ -896,7 +903,7 @@ sub update_pct_config {
                delete $conf->{$opt};
                PVE::LXC::write_cgroup_value("memory", $vmid,
                                             "memory.memsw.limit_in_bytes", -1);
-           } elsif ($opt eq 'description' || $opt eq 'onboot' || $opt eq 'startup') {
+           } elsif ($opt eq 'description' || $opt eq 'onboot' || $opt eq 'startup' || $opt eq 'hookscript') {
                delete $conf->{$opt};
            } elsif ($opt eq 'nameserver' || $opt eq 'searchdomain' ||
                     $opt eq 'tty' || $opt eq 'console' || $opt eq 'cmode') {
@@ -1091,6 +1098,9 @@ sub update_pct_config {
        } elsif ($opt eq 'features') {
            next if $hotplug_error->($opt);
            $conf->{$opt} = $value;
+       } elsif ($opt eq 'hookscript') {
+           PVE::GuestHelpers::check_hookscript($value);
+           $conf->{$opt} = $value;
        } else {
            die "implement me: $opt";
        }

diff --git a/src/lxc-pve-poststop-hook b/src/lxc-pve-poststop-hook
index 654aa268780c977a9e37b83c9b299162fa1d91a9..dc7938e7e8a5ae1028452577bb071f2d92457b32 100755 (executable)
--- a/src/lxc-pve-poststop-hook
+++ b/src/lxc-pve-poststop-hook
@@ -20,6 +20,7 @@ use PVE::CLIHandler;
 use PVE::Storage;
 use PVE::Storage::Plugin;
 use PVE::LXC;
+use PVE::GuestHelpers;
 use Data::Dumper;
 
 use base qw(PVE::CLIHandler);
@@ -90,6 +91,8 @@ __PACKAGE__->register_method ({
            exit(1);
        }
 
+       PVE::GuestHelpers::exec_hookscript($conf, $vmid, 'post-stop');
+
        return undef;
     }});