pve-container.git
5 days agobump version to 2.0-39 master
Thomas Lamprecht [Wed, 15 May 2019 14:38:53 +0000 (16:38 +0200)]
bump version to 2.0-39

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 days agoremove Data::Dumper usages
Thomas Lamprecht [Mon, 13 May 2019 11:45:42 +0000 (11:45 +0000)]
remove Data::Dumper usages

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 days agoapi config: cleanup indentation and whitespace issues
Thomas Lamprecht [Mon, 13 May 2019 11:45:29 +0000 (11:45 +0000)]
api config: cleanup indentation and whitespace issues

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 days agod/control: remove undefined ${shlib:depends} from arch-independent package
Thomas Lamprecht [Mon, 13 May 2019 11:41:36 +0000 (11:41 +0000)]
d/control: remove undefined ${shlib:depends} from arch-independent package

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 days agoapi status: indentation, whitespace and empty newline fixes
Thomas Lamprecht [Mon, 13 May 2019 11:40:49 +0000 (11:40 +0000)]
api status: indentation, whitespace and empty newline fixes

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 days agoapi status: code cleanup for HA calls
Thomas Lamprecht [Mon, 13 May 2019 11:39:52 +0000 (11:39 +0000)]
api status: code cleanup for HA  calls

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 days agoapi status: use own variable for frequent hash use
Thomas Lamprecht [Fri, 10 May 2019 10:04:37 +0000 (10:04 +0000)]
api status: use own variable for frequent hash use

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 days agoapi status: cleanup nested closures
Thomas Lamprecht [Fri, 10 May 2019 10:03:37 +0000 (10:03 +0000)]
api status: cleanup nested closures

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 days agoapi status: indentation cleanup
Thomas Lamprecht [Fri, 10 May 2019 10:01:44 +0000 (10:01 +0000)]
api status: indentation cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 days agofix #2200: vm_stop: add nokill-after-timeout parameter
Thomas Lamprecht [Wed, 8 May 2019 07:07:22 +0000 (07:07 +0000)]
fix #2200: vm_stop: add nokill-after-timeout parameter

This allows to have the same semantics as qemu-server:
* immediate hard-kill
* shutdown with kill after timeout
* shutdown without kill after timeout

And thus we finally can move the vm_shutdown API call to a correct
semantic, i.e., do not immediate hard kill if forceStop is not passed
but rather see it as stop after timeout knob.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
10 days agovm_stop: remove unused exit_timeout parameter
Thomas Lamprecht [Wed, 8 May 2019 06:59:40 +0000 (06:59 +0000)]
vm_stop: remove unused exit_timeout parameter

No call-site used this parameter, and thus it was dead code,
remove it not only for cleanup sake but also to make space for a new
"nokill-after-timeout" parameter, comming in a future patch.

This code was always dead since it was introduced with the addition
of vm_stop in commit b1bad293c4f7a6024bbd363b6784b3875ca5d098
so pretty safe to remove anyway.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
11 days agofix #2027: do not disable IPV6_AUTOCONF on centos
Oguz Bektas [Thu, 9 May 2019 11:57:29 +0000 (13:57 +0200)]
fix #2027: do not disable IPV6_AUTOCONF on centos

we used to disable IPV6_AUTOCONF when the DHCP option was chosen for the
container network (was only activated with SLAAC option).

however, this option is actually dependent on IPV6FORWARDING (which is
set to no by default), according to this rule:

IPV6_AUTOCONF=!IPV6FORWARDING

which enables it automatically when forwarding is disabled. this way, we
respect the defaults set by centos.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
13 days agobump version to 2.0-38
Thomas Lamprecht [Tue, 7 May 2019 11:12:14 +0000 (11:12 +0000)]
bump version to 2.0-38

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
13 days agoraise supported fedora version to 30
Stoiko Ivanov [Mon, 6 May 2019 14:27:44 +0000 (16:27 +0200)]
raise supported fedora version to 30

Tested by installing a fedora 29 container and upgrading it via dnf [0].
The upgraded container boots, but in order to get networking running (and many
warnings and errors less in the journal) 'nesting' needs to be activated both
for privileged and unprivileged containers.

[0] https://fedoraproject.org/wiki/DNF_system_upgrade

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
3 weeks agofix: #1075: Correctly restore CT templates form backup
Christian Ebner [Wed, 17 Apr 2019 14:38:28 +0000 (16:38 +0200)]
fix: #1075: Correctly restore CT templates form backup

Restoring a backup from a CT template wrongly resulted in a CT with the template
flag set in the config.
This makes sure the CT template backup gets restored to a CT and only if the
storage supports templates, the resulting CT is converted to a template.
Otherwise the backup restores simply to a CT.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
5 weeks agoadd fstrim lock to enum
Oguz Bektas [Thu, 11 Apr 2019 13:07:49 +0000 (15:07 +0200)]
add fstrim lock to enum

forgot to add this while adding 'pct fstrim' parameter

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
5 weeks agoadd create lock to enum
Dominik Csapak [Thu, 11 Apr 2019 07:16:52 +0000 (09:16 +0200)]
add create lock to enum

we use that lock on create/restoration

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
6 weeks agobump version to 2.0-37
Thomas Lamprecht [Thu, 4 Apr 2019 14:25:00 +0000 (16:25 +0200)]
bump version to 2.0-37

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agofollowup: reword bwlimit default wording
Thomas Lamprecht [Tue, 2 Apr 2019 09:29:00 +0000 (11:29 +0200)]
followup: reword bwlimit default wording

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agobwlimit: add parameter to API2 calls
Stoiko Ivanov [Mon, 1 Apr 2019 09:31:08 +0000 (11:31 +0200)]
bwlimit: add parameter to API2 calls

for migrate_vm, clone_vm and move_volume. The 'migrate_vm' call passes it to
PVE::LXC::Migrate->migrate for handling.

Additionally the bwlimit option's description of the 'create_vm' call gets
consistent capitalization of I/O.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
6 weeks agobwlimit: add parameter to rsync in copy_volume
Stoiko Ivanov [Mon, 1 Apr 2019 09:31:07 +0000 (11:31 +0200)]
bwlimit: add parameter to rsync in copy_volume

Unconditionally add a '--bwlimit' parameter to the rsync invocation, defaulting
to an argument of '0' (= unlimited - see `man rsync).
Normally this is a rate per second, with a passed unit. With no unit
passed rsync assumes "K", which is exactly what our units are in, so
make our life easy and omit it.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agostorage migrate: add bwlimit parameter
Stoiko Ivanov [Mon, 1 Apr 2019 09:31:06 +0000 (11:31 +0200)]
storage migrate: add bwlimit parameter

pass bwlimit parameter to storage_migrate

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agofix some reasonable lintian warnings on dsc
Thomas Lamprecht [Tue, 2 Apr 2019 08:06:49 +0000 (10:06 +0200)]
fix some reasonable lintian warnings on dsc

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agofollowup: remove double parenthesis and hook regex
Thomas Lamprecht [Tue, 2 Apr 2019 08:06:02 +0000 (10:06 +0200)]
followup: remove double parenthesis and hook regex

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 weeks agofix: #1218 Add flag 'unique' to pct restore in order to set new MAC addresses to...
Christian Ebner [Mon, 1 Apr 2019 15:45:24 +0000 (17:45 +0200)]
fix: #1218 Add flag 'unique' to pct restore in order to set new MAC addresses to NICs

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
7 weeks agofix #2147: re-add support for current opensuse tumbleweed
Oguz Bektas [Fri, 29 Mar 2019 16:16:33 +0000 (17:16 +0100)]
fix #2147: re-add support for current opensuse tumbleweed

this enables opensuse-tumbleweed templates to be used in Proxmox VE
_again_. It was already supported but it seems that the os-release
backed ID changed and thus our distro detection code didn't detect it
anymore.

a few things didn't work properly in my tests, so some things to consider:
* (probably) because of network configuration issues, it takes a while
for the container to start fully (~30s on my setup)
* unprivileged containers (w/ and w/o nesting enabled) had no network
after starting, and needed to be enabled manually with ip addr and
route.
* privileged containers seemed to function normally, except the
startup delay

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
7 weeks agofix #1607: implement pct fstrim
Oguz Bektas [Thu, 28 Mar 2019 13:01:44 +0000 (14:01 +0100)]
fix #1607: implement pct fstrim

runs fstrim on the rootfs and all mountpoints of a given container. this
works for both running and stopped containers.

lock the CT during this operation using a config lock as it is
potentially long running. While fstrim itself wouldn't really need
the lock, as multiple parallel fstrim calls can be made without
problems, we want to forbid migrations during it and want to avoid
that we unmount a with the CT mounted with 'mount' lock (race) -
while we could handle and allow this its just not needed and easier
this way

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 weeks agobuildsys: add dsc target
Thomas Lamprecht [Wed, 27 Mar 2019 16:21:19 +0000 (17:21 +0100)]
buildsys: add dsc target

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 weeks agodepreacate pve-lxc-snapshot-name in favor of identical pve-snapshot-name
Thomas Lamprecht [Wed, 27 Mar 2019 14:14:05 +0000 (15:14 +0100)]
depreacate pve-lxc-snapshot-name in favor of identical pve-snapshot-name

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 weeks agofollowup: which lock
Thomas Lamprecht [Thu, 21 Mar 2019 17:38:01 +0000 (18:38 +0100)]
followup: which lock

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 weeks agoadd lock to vm status
Dominik Csapak [Thu, 21 Mar 2019 09:55:19 +0000 (10:55 +0100)]
add lock to vm status

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 months agosetup: fix alpine ipv6-slaac configuration
Stoiko Ivanov [Tue, 19 Mar 2019 15:34:27 +0000 (16:34 +0100)]
setup: fix alpine ipv6-slaac configuration

busybox ifupdown implementation differs from debian's - configuration type
auto is not supported. If SLAAC is selected for the ipv6 configuration of an
interface, the complete networking is not started, because of that error.

This workaround sets the interface type to 'manual' in case SLAAC is selected
(as is already done for dhcpv6 (for different reasons)). That way all other
configuration stanzas are setup correctly, and if a ipv4 configuration is
present for the same interface the SLAAC-part usually works out of the box
anyways (unless 'accept_ra' is set to 0 for the interface in the kernel).

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2 months agobump version to 2.0-36
Thomas Lamprecht [Tue, 19 Mar 2019 11:38:17 +0000 (12:38 +0100)]
bump version to 2.0-36

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agosetup: add support for Ubuntu 19.04 Disco Dingo
Thomas Lamprecht [Tue, 19 Mar 2019 10:16:50 +0000 (11:16 +0100)]
setup: add support for Ubuntu 19.04 Disco Dingo

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agod/control: bump version dependency of libpve-common-perl
Thomas Lamprecht [Thu, 14 Mar 2019 09:05:20 +0000 (10:05 +0100)]
d/control: bump version dependency of libpve-common-perl

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoconfig: hwaddr: enforce unicast MAC addresses
Stoiko Ivanov [Tue, 12 Mar 2019 15:07:42 +0000 (16:07 +0100)]
config: hwaddr: enforce unicast MAC addresses

having a container with a multicast mac (see [1]), prevents it from starting
(see [0,3]).

This patch uses the 'mac-addr' standard_option defined in PVE::JSONSchema to
ensure only unicast macaddresses are used for netconfig.

[0] https://lists.linuxcontainers.org/pipermail/lxc-users/2010-August/000783.html
[1] https://en.wikipedia.org/wiki/MAC_address
[2] https://pve.proxmox.com/pipermail/pve-devel/2019-March/035996.html

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agotests: move multicast MACs addresses to unicast ones
Stoiko Ivanov [Tue, 12 Mar 2019 15:07:43 +0000 (16:07 +0100)]
tests: move multicast MACs addresses to unicast ones

we'll change the format to forbid MAC addresses with the I/G (group)
bit set in a future patch so lets ensure we do not run into problems
there.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agofixup: only un-map if not running and comment so
Thomas Lamprecht [Mon, 11 Mar 2019 09:37:54 +0000 (10:37 +0100)]
fixup: only un-map if not running and comment so

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agofixup: always un-map and comment more
Thomas Lamprecht [Mon, 11 Mar 2019 08:39:46 +0000 (09:39 +0100)]
fixup: always un-map and comment more

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agoFix #2109: resize rbd volume for container failed
Alwin Antreich [Fri, 8 Mar 2019 14:41:55 +0000 (15:41 +0100)]
Fix #2109: resize rbd volume for container failed

On resizing a container's disk image the filesystem is extended and in
the case of RBD the returned path of the volume was not a path to a
mapped device.

This patch uses map_volume (respectively unmap_volume) to get a device
mapped and its path returned by the storage plugin. If a path is not
returned then the path method is tried. Currently only the RBD storage
plugin returns a path on map_volume.

Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
2 months agobump version to 2.0-35
Thomas Lamprecht [Wed, 6 Mar 2019 07:23:27 +0000 (08:23 +0100)]
bump version to 2.0-35

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agofollowup: code cleanup
Thomas Lamprecht [Mon, 4 Mar 2019 11:29:03 +0000 (12:29 +0100)]
followup: code cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months agofix #2117: don't keep custom idmap in pct pipe restore
Oguz Bektas [Mon, 4 Mar 2019 10:02:53 +0000 (11:02 +0100)]
fix #2117: don't keep custom idmap in pct pipe restore

while doing a pct restore operation, custom id mappings were being
obtained from the archive file to be used in the newly created container.
this fails when using pipe restore, since there is no file for the
mappings to be recovered from.

Co-Authored by: Mira Limbeck <m.limbeck@proxmox.com>
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
2 months agod/control: bump version dependency to pve-doc-generator
Thomas Lamprecht [Fri, 22 Feb 2019 12:31:32 +0000 (13:31 +0100)]
d/control: bump version dependency to pve-doc-generator

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2 months ago1891 Add zsh command completion generation for pct
Christian Ebner [Thu, 21 Feb 2019 13:25:05 +0000 (14:25 +0100)]
1891 Add zsh command completion generation for pct

Generates the zsh command completion scripts for pct.

Signed-off-by: Christian Ebner <c.ebner@proxmox.com>
2 months agofix #2104: config "features: mount" regex pattern
Oguz Bektas [Tue, 19 Feb 2019 12:52:01 +0000 (13:52 +0100)]
fix #2104: config "features: mount" regex pattern

this adds an underscore '_' character to the regex match for "features:
mount", which allows rpc_pipefs to be parsed correctly.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
3 months agofix #2086: change process checking mechanism in vmstatus
Oguz Bektas [Mon, 11 Feb 2019 14:51:06 +0000 (15:51 +0100)]
fix #2086: change process checking mechanism in vmstatus

vmstatus checked if the container was running by looking at the pid,
which was not an indicator of the process being completely stopped, as
the command socket in /proc/net/unix stays a little while after the
process is dead according to lxc-info.

this resulted in destroy_vm and similar functions which use
/proc/net/unix command socket based checking mechanism to fail when
executed too fast after the vm_status reported the process as stopped.

this changes vm_status to use the same kind of command socket based
mechanism in order to avoid reporting the container as being stopped too
early.

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
3 months agod/control: bump version dependency of libpve-common-perl
Thomas Lamprecht [Mon, 4 Feb 2019 11:02:51 +0000 (12:02 +0100)]
d/control: bump version dependency of libpve-common-perl

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agofix #2080: fix device encoding in the prestart hook
Wolfgang Bumiller [Mon, 4 Feb 2019 09:42:02 +0000 (10:42 +0100)]
fix #2080: fix device encoding in the prestart hook

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 months agobump version to 2.0-34
Thomas Lamprecht [Fri, 1 Feb 2019 12:14:18 +0000 (13:14 +0100)]
bump version to 2.0-34

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agod/control: bump version dependency of libpve-guest-common-perl
Thomas Lamprecht [Fri, 1 Feb 2019 12:08:32 +0000 (13:08 +0100)]
d/control: bump version dependency of libpve-guest-common-perl

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoadd pre- start/stop hookscript to containers
Dominik Csapak [Thu, 31 Jan 2019 13:33:40 +0000 (14:33 +0100)]
add pre- start/stop hookscript to containers

this adds the config (hookscript) and executes it on four points in
time for the container:

'pre-start'
'post-start'
'pre-stop'
'post-stop'

on pre-start we abort if the script fails and pre-stop will not be
called if the vm crashes or if the vm gets powered off from inside
the guest

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 months agofixup: slight code cleanup
Thomas Lamprecht [Wed, 30 Jan 2019 13:53:37 +0000 (14:53 +0100)]
fixup: slight code cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agofixup indentation
Thomas Lamprecht [Wed, 30 Jan 2019 13:53:20 +0000 (14:53 +0100)]
fixup indentation

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoAdd debian/SOURCE to docs
Rhonda D'Vine [Wed, 30 Jan 2019 13:41:34 +0000 (14:41 +0100)]
Add debian/SOURCE to docs

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
3 months agoFix #1924: add snapshot parameter
Rhonda D'Vine [Wed, 30 Jan 2019 13:41:33 +0000 (14:41 +0100)]
Fix #1924: add snapshot parameter

The pct CLI command offer the config function. The output of that may
vary with respect to a given snapshot. This adds a switch that shows the
corresponding snapshot's config.

The code needs a newer libpve-guest-common-perl, thus bumping the
dependency.

Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
3 months agofix #889: api create: reserver config with create lock early
Thomas Lamprecht [Mon, 28 Jan 2019 07:06:48 +0000 (08:06 +0100)]
fix #889: api create: reserver config with create lock early

allows to remove some checks as we can be sure the config belongs to
us once we have it resered, either for restore or new creation.

This is similar to the qemu-server approach[0][1], adapted to the
LXC code. We need to cleanup a bit less if something fails, as the
LXC code path always removed the config and all created volumes in
this case, which means the 'create' reserve lock is gone too.

The early reserve on API entry, instead of doing it after forked
worker entry, allows to workaround the issues reported in #889 as
successful return from the API call means that the VMID is locked.

[0]: https://git.proxmox.com/?p=qemu-server.git;a=commit;h=8ba8418ca1d1a76a7e24c34045ca7702b0cd969d
[1]: https://git.proxmox.com/?p=qemu-server.git;a=commit;h=4fedc13b453d2011b35352df246cf9ea396e942b

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agodestroy_config: die if unlink fails
Thomas Lamprecht [Mon, 28 Jan 2019 07:06:47 +0000 (08:06 +0100)]
destroy_config: die if unlink fails

We use this in two places, in the cleanup path of the create/restore
API path and indirectly through PVE::LXC::destroy_lxc_container, once
again in the restore code path of the create API call, to cleanup a
CT before overwriting it with a backup if the force flag ist set. The
second time in the destroy CT API call, both times a hard error in a
erroneous cleanup is wanted.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoapi/create: trivial: move worker name out
Thomas Lamprecht [Sat, 26 Jan 2019 13:28:00 +0000 (14:28 +0100)]
api/create: trivial: move worker name out

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
3 months agoapi/create: empty newline cleanup
Thomas Lamprecht [Sat, 26 Jan 2019 12:27:40 +0000 (13:27 +0100)]
api/create: empty newline cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agobump version to 2.0-33
Wolfgang Bumiller [Mon, 7 Jan 2019 14:37:19 +0000 (15:37 +0100)]
bump version to 2.0-33

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 months agobuildsys: use dpkg-parsechangelog
Wolfgang Bumiller [Mon, 7 Jan 2019 14:36:11 +0000 (15:36 +0100)]
buildsys: use dpkg-parsechangelog

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 months agoonly recover id mapping on restore
Wolfgang Bumiller [Mon, 7 Jan 2019 14:32:42 +0000 (15:32 +0100)]
only recover id mapping on restore

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 months agoclose #1785: whitelist namespaced lxc.sysfs.* entries
Wolfgang Bumiller [Fri, 4 Jan 2019 11:35:27 +0000 (12:35 +0100)]
close #1785: whitelist namespaced lxc.sysfs.* entries

According do namespaces(7) these should be namespaced (iow.
changing these values on the host they are not propagated to
running containers), so it makes sense to whitelist them.

Note that these only work when also using
'lxc.mount.auto: proc:rw'

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Link: https://github.com/lxc/lxc/issues/989
4 months agobump version to 2.0-32
Thomas Lamprecht [Mon, 7 Jan 2019 12:48:35 +0000 (13:48 +0100)]
bump version to 2.0-32

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 months agoadd informative comment...
Wolfgang Bumiller [Fri, 4 Jan 2019 10:17:10 +0000 (11:17 +0100)]
add informative comment...

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 months agofixup comment about early lxc.idmap recovery
Wolfgang Bumiller [Thu, 27 Dec 2018 12:55:46 +0000 (13:55 +0100)]
fixup comment about early lxc.idmap recovery

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 months agocleanup: factor out root@pam check
Wolfgang Bumiller [Thu, 27 Dec 2018 12:53:53 +0000 (13:53 +0100)]
cleanup: factor out root@pam check

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 months agoarray usage fixup
Wolfgang Bumiller [Thu, 27 Dec 2018 13:18:49 +0000 (14:18 +0100)]
array usage fixup

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 months agofix #2028: keep custom uid mapping during restore
Oguz Bektas [Thu, 27 Dec 2018 11:52:25 +0000 (12:52 +0100)]
fix #2028: keep custom uid mapping during restore

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
5 months agofix #2014: don't check if unpriv for blkio
Oguz Bektas [Fri, 7 Dec 2018 10:34:42 +0000 (11:34 +0100)]
fix #2014: don't check if unpriv for blkio

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
5 months agobump version to 2.0-31
Thomas Lamprecht [Thu, 29 Nov 2018 11:58:25 +0000 (12:58 +0100)]
bump version to 2.0-31

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
5 months agoadd features:fuse
Wolfgang Bumiller [Wed, 28 Nov 2018 12:55:06 +0000 (13:55 +0100)]
add features:fuse

That should be enough for snapd on unprivileged containers.
For privileged containers we'd also need a way to not drop
the mac_admin capability - not sure we'd want that.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
6 months agoClose #1234: pct: implement rescan
Alwin Antreich [Mon, 12 Nov 2018 14:11:12 +0000 (15:11 +0100)]
Close #1234: pct: implement rescan

This patch implements the same feature as for qm 'rescan'.

Signed-off-by: Alwin Antreich <a.antreich@proxmox.com>
6 months agobump version to 2.0-30
Thomas Lamprecht [Fri, 9 Nov 2018 16:38:41 +0000 (17:38 +0100)]
bump version to 2.0-30

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agocall map_volume before using volumes.
Dietmar Maurer [Thu, 8 Nov 2018 13:05:16 +0000 (14:05 +0100)]
call map_volume before using volumes.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
6 months agoallow fedora 29
David Limbeck [Fri, 9 Nov 2018 12:53:30 +0000 (13:53 +0100)]
allow fedora 29

tested start/stop of container as well as ipv4 and ipv6 static addresses

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
6 months agofix #1808: readonly mount source disk
David Limbeck [Tue, 30 Oct 2018 12:06:38 +0000 (13:06 +0100)]
fix #1808: readonly mount source disk

Always readonly mount the source disk so a full clone still works with
an immutable base disk. Applies to every disk copy.

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
6 months agobump version to 2.0-29
Dietmar Maurer [Mon, 22 Oct 2018 08:24:55 +0000 (10:24 +0200)]
bump version to 2.0-29

6 months agoadd Ubuntu 18.10 (Cosmic Cuttlefish) support
Thomas Lamprecht [Wed, 17 Oct 2018 09:10:21 +0000 (11:10 +0200)]
add Ubuntu 18.10 (Cosmic Cuttlefish) support

install/start/network works for unprivileged and privileged.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 months agofollowup whitespace cleanup
Thomas Lamprecht [Tue, 9 Oct 2018 13:05:50 +0000 (15:05 +0200)]
followup whitespace cleanup

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 months agoclose #1940: pct console: added ability to specify escape sequence
Tim Marx [Tue, 9 Oct 2018 11:34:14 +0000 (13:34 +0200)]
close #1940: pct console: added ability to specify escape sequence

added clarification about behavior when passing -1 to escapechar
restored former behavior in other uses of get_console_command
added meaningful tag to commit message

Signed-off-by: Tim Marx <t.marx@proxmox.com>
7 months agobump version to 2.0-28
Thomas Lamprecht [Wed, 3 Oct 2018 14:46:54 +0000 (16:46 +0200)]
bump version to 2.0-28

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 months agoadd feature flags using apparmor profile generation
Wolfgang Bumiller [Tue, 2 Oct 2018 09:13:38 +0000 (11:13 +0200)]
add feature flags using apparmor profile generation

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
7 months agoconfig: whitelist new apparmor related config keys
Wolfgang Bumiller [Tue, 2 Oct 2018 09:13:37 +0000 (11:13 +0200)]
config: whitelist new apparmor related config keys

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
7 months agoconfigure IPv6AcceptRA in systemd-networkd files
Wolfgang Bumiller [Thu, 13 Sep 2018 07:53:42 +0000 (09:53 +0200)]
configure IPv6AcceptRA in systemd-networkd files

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
7 months agod/control: bump pve-common version dependency
Thomas Lamprecht [Thu, 20 Sep 2018 09:02:09 +0000 (11:02 +0200)]
d/control: bump pve-common version dependency

Ensure that the new, unconditional called, PVE::Tools::get_host_arch
is available

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
7 months agouse new PVE::Tools::get_host_arch
Dietmar Maurer [Thu, 20 Sep 2018 04:59:17 +0000 (06:59 +0200)]
use new PVE::Tools::get_host_arch

8 months agoenable emulation of containers using qemu-user-static
Dietmar Maurer [Fri, 14 Sep 2018 11:27:03 +0000 (13:27 +0200)]
enable emulation of containers using qemu-user-static

You need to install package qemu-user-static which provides
the emulation toolkit.

- emulate arm on x86
- emulate x86 on arm

8 months agodetect_architecture: use ELF machine header to detect ISA
Dietmar Maurer [Wed, 12 Sep 2018 07:27:35 +0000 (09:27 +0200)]
detect_architecture: use ELF machine header to detect ISA

We can now detect arm64 and armhf containers.

8 months agosnapshot_rollback_vm_start: rename $forcemachine param to $data
Dominik Csapak [Fri, 14 Sep 2018 12:08:41 +0000 (14:08 +0200)]
snapshot_rollback_vm_start: rename $forcemachine param to  $data

not used yet in container at all, so this change does not
do anything, besides keeping the interface in sync

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
8 months agobump version to 2.0-27
Thomas Lamprecht [Thu, 13 Sep 2018 09:20:55 +0000 (11:20 +0200)]
bump version to 2.0-27

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agod/control: bump version dependency on pve-storage
Thomas Lamprecht [Thu, 13 Sep 2018 09:20:04 +0000 (11:20 +0200)]
d/control: bump version dependency on pve-storage

needed for the MAX_MOUNT_POINTS bump

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agoconfig: add the rest of the missing lock types
Wolfgang Bumiller [Thu, 13 Sep 2018 07:48:13 +0000 (09:48 +0200)]
config: add the rest of the missing lock types

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
8 months agofix #1897: bump MAX_MOUNT_POINTS to 256
Fabian Grünbichler [Wed, 5 Sep 2018 09:37:09 +0000 (11:37 +0200)]
fix #1897: bump MAX_MOUNT_POINTS to 256

and filter list of possible mountpoint names by currently used ones
before iterating instead of in the loop body.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
8 months agoadd missing 'mounted' as lock type for containers
Dominik Csapak [Fri, 7 Sep 2018 12:58:13 +0000 (14:58 +0200)]
add missing 'mounted' as lock type for containers

since 'move volume' uses such a lock, and
to satisfy the result verification while moving a volume

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
8 months agofix #1874: autodev hook: setup devices cgroup
Wolfgang Bumiller [Tue, 21 Aug 2018 07:57:59 +0000 (09:57 +0200)]
fix #1874: autodev hook: setup devices cgroup

Currently the autodev hook only adds device nodes, but in
order for the container to use them we also need to add
entries to the devices cgroup to both the limiting and the
namespaced devices cgroup directory.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
8 months agofix #1885: delete old route when changing gateway
David Limbeck [Tue, 4 Sep 2018 07:24:29 +0000 (09:24 +0200)]
fix #1885: delete old route when changing gateway

if the gateway is not in the subnet of the ip a route is
added. this change enables the deletion of the old route when it
is no longer needed.

Signed-off-by: David Limbeck <d.limbeck@proxmox.com>
8 months agod/control: add pve-firewall as build dependency
Thomas Lamprecht [Tue, 4 Sep 2018 06:52:40 +0000 (08:52 +0200)]
d/control: add pve-firewall as build dependency

we use perl modules from pve-firewall and some build steps fail if
isn't installed, e.g., happening on bootstrapping.
pve-firewall includes some modules from us but does so in a way which
can cope with a not-installed pve-container (or qemu-server for that
matter).

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
8 months agobump version to 2.0-26
Thomas Lamprecht [Thu, 23 Aug 2018 11:57:59 +0000 (13:57 +0200)]
bump version to 2.0-26

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>