Read the container root password from stdin when creating a
container with 'pct create ... -password', instead of
providing it as command line argument. This is consistent
with 'pveum adduser' and pvesh, as described in #737 and #777.
Fix #918: add /dev/mapper symlinks for dm-* devices
Mount canonicalizes paths unless the -c option is used. This
is mostly fine but for device-mapper nodes (/dev/dm-*) it'll
fetch the /dev/mapper/* path and pass that to the mount
system call resulting in /proc/mounts showing the
/dev/mapper path. This is neither the one we provided (since
we use /dev/$vg/$lv), nor the one userspace tools will find
in /dev currently.
Since the dm-* paths are rather inconvenient to look at we
decided to keep mount's behavior and compensate by providing
the /dev/mapper symlinks for devices via the autodev hook.
Add force parameter for migration with bind/dev mp
Add a new 'force' parameter that allows to force the
migration of a container despite configured bind or device
mountpoints, which will be ignored/skipped.
this allows to set the rootfs to <storage>:<size>,
automatically creating an empty volume of the specified
size on the specified storage, like for non-rootfs mps.
the non-'rootdir' storages are filtered out in the web
interface already, but using the API/CLI it was still
possible to add volumes on storages without the 'rootdir'
content type.
this check is only used for mountpoints using our storage
backends, bind/dev mounts still work like before.
Instead of dropping the 'backup' lock early on when doing
snapshot backups, drop it temporarily for snapshot
operations that set their own 'snapshot' lock, and protect
the "unlock_vm, snapshot_XX, lock_vm" sequence by holding an
flock for the config file.
Before this change it was possible to interfere with the
backup job by setting a different lock with another
operation inbetween the call to unlock_vm and
snapshot_create (or snapshot_delete).
The final lock_vm is re-introduced in order to be more
consistent with the other backup modes and to prevent
changes to the configuration file before assemble()
reloads the configuration that is included in the backup.
With the introduction of unmanaged containers a check was
added to verify that the ostype is the same as the
autodetected one.
Since our CentOS plugin was named 'redhat' but the ostype
setting was 'centos' this error triggered and rendered
centos containers unusable.
Renamed the LXC::Setup::Redhat package LXC::Setup::CentOS
and changed the plugin name to and autodetected type from
'redhat' to 'centos' as well.
Replaced ct_modify_file_head_portion() with ct_modify_file()
taking a header and and replacing the section in-place
rather than always moving it to the top of the file.
The behavior for when a section is not defined can be
defined via the provided options (replace, prepend, or
append).
Move add_unused_volume into abstract
pve-common/src/PVE/AbstractConfig.pm, because it is
identical for LXC and Qemu.
Move classify_mountpoint, is_volume_in_use, has_dev_console,
mountpoint_names, foreach_mountpoint_XX and get_vm_volumes
to PVE::LXC::Config because they only deal with config
related matters.
(Some of) the latter methods might get moved to or become
implementations of methods in PVE::AbstractConfig in the
future.
Move snapshot_create, snapshot_delete and snapshot_rollback
into abstract pve-common/src/PVE/AbstractConfig.pm,
splitting LXC-specific parts into __snapshot_XX methods in
src/PVE/LXC/Config.pm.
check_freeze_needed, snapshot_prepare and snapshot_commit
are downgraded to private __snapshot_XX methods (in
PVE::AbstractConfig and PVE::LXC::Config).
has_feature is made an implementation of the abstract
has_feature, and thus moves into src/PVE/LXC/Config.pm
Refactor config-related methods into AbstractConfig
Move load_config, write_config, lock_config[_xx],
check_lock, has_lock, set_lock, remove_lock, is_template,
check_protection and config_file to pve-common/src/PVE/
AbstractConfig.pm since they are identical for LXC and
Qemu.
Move cfs_config_path and config_file_lock to implementation
of PVE::AbstractConfig in src/PVE/LXC/Config.pm
Drop create_config and replace it with write_config.
Since set_lock does the implied lock_config() and
load_config() it also returns the loaded config afterwards
as there is no other meaningful return value defined for
this function since failure to apply the lock throws an
exception.
remove_lock() also takes a lock name in order to make sure
only the correct lock is being removed.
To avoid symlink problems these implementations switch
between the host's and container's namespace to open the
corresponding file handles, then copy the data.
With unprivileged containers we also enter the container's
user-namespace with pct-push and switch to the container's
root user before opening the destination for writing in
order to create new files with the mapped root user.
add unused running flag for signature compatibility to
QemuServer.pm
add backup_only flag to replace former feature workaround,
needed to skip backup=no mountpoints if called from VZDump.
Adjust snapshot_create and snapshot_prepare signatures
Add new save_vmstate parameter to snapshot_create and
snapshot_prepare, like in QemuServer.pm
Also make snapshot_prepare and snapshot_commit proper subs.
Add unused volumes for changed mpX and rootfs, not only for
deleted mpX.
Add check before adding to unused volumes in order to
prevent false entries (which could lead to deletion of still
used volumes!)
Since busybox' current default DHCPv6 client is unfinished
and alpine currently doesn't handle a 'dhcp' interface type
in its /etc/network/interfaces and bails out when
configuring the network with a broken config we have to make
sure we don't pass this on to debian's setup_network.
Unfortunately a warning at this point would only be visible
when creating a container because at this point no warning
makes it to the console/UI (and errors would be hidden
because the setup runs in our lxc prestart hook).
Factored the bind-mounting into a bindmount() function since
we don't want to leave a writable bind-mount behind if the
read-only remount fails.
The read-only flag is now also removed from the initial
mount flags and is added only for the remount command and is
added separately the non-bind mounts.
snapshot: replace global sync with a namespace sync
snapshot_create() called did a global 'sync' after freeze()
which syncs everything including all other containers and
the host. So if you want to snapshot container A while
container B tries to write to a broken NFS mount the
snapshot will hang in that sync call.
Instead we now enter the container's mount namespace and do
a syncfs() on all of its mountpoints.
quotactl(2) requires a path to the device node to work which
means we need to expose them to the container, luckily it
doesn't need r/w access to the device. Also, loop devices
will not detach from the images anymore with them being
still mounted in the monitor's mount namespace (which is
unshared from the host to prevent accidental unmounts via
lxc.monitor.unshare).
Note that quota manipulation currently does not work with
unprivileged containers.
Set unfreeze before trying to freeze, otherwise an aborted
or failed lxc-freeze will not be reversed by our error
handling, leaving the container in a (partially) frozen
state.
Make snapshot_create failure handling more resembling
to the QemuServer codebase and prepare for future code
convergence:
* use $drivehash parameter in snapshot_delete to bypass
check_lock() and delete config lock
* call $snapshot_commit last, it's only needed now if
there were no errors
Since VZDump was the only user of lock_aquire and
lock_release, and does not actually need this split,
we can drop lock_aquire and lock_release.
Since lock_file_full in PVE::Tools now uses the same
refcounting implementation that lock_aquire/release
had, lock_container can simply wrap lock_file_full.
Dominik Csapak [Thu, 4 Feb 2016 12:40:15 +0000 (13:40 +0100)]
improve mountpoint parsing
changes from v1:
renamed function to verify_*
added check for ../ at the beginning
cleaned up regex (\.)? -> \.?
currently we sanitize mountpoints with sanitize_mountpoint, which
tries to remove dots, double-dots and multiple slashes, but it does it
not correctly (e.g. /test/././ gets truncated to /test./ )
instead of trying to truncate the path, we create a format for mp strings
which throws an error if /./ or /../ exist (also /. and /.. at the end or
../ at the beginning) since there should be no valid use for these in
mountpoint paths anyway
with the new behaviour, we don't need sanitize_mountpoint anymore:
projects / pve-container.git / log