Hi, Please note that even though Serge acked most of this patchset, I won't be pushing it until it's re-sent with all commits including the required Signed-off-by line.
Thanks! On Wed, Sep 23, 2015 at 04:12:05PM +0200, Wolfgang Bumiller wrote: > As I mentioned in an earlier email (sorry it took a little longer as > we were still going through some options), we'd like to have the > possibility to deal with mountpoints after the container has stopped. > > This series adds an `lxc.hook.stop` option, and passes handles to the > container namespaces to it. The hook is executed between the STOPPING > and STOPPED states, which means the container processes are already > gone, and to be able to access the mount namespace the preserve_ns > function is used which opens the ns files. (They're closed in > lxc_fini.) > > As for how they're passed to the hook: you might have a different > idea about how to do that better. Currently they're passed as paths to > the '/proc/*/fd' entry prefixed with their 'proc_name' (from ns_info). > (I did think about just passing the numbers and disabling CLOEXEC, but > that would mean stop-hooks are always forced to deal with them, even > if someone doesn't care, otherwise they might be leaked to other > processes.) > Environment variables would also be a possibility. > But this way the hook has the option to enter the namespaces by > opening the filedescriptors of the lxc process itself. > > If you want the patches squashed/changed/... just say so. If you > decide they're worth adding I'll happily supplement them with patches > for the documentation (lxc.hook.stop man page entry). > > Here's again our use-case summarized: When migrating a container from > one node to another, there's a chance that they might be accessing a > network filesystem (eg we can have the root disk as an image file on > an NFS share), and we need to know that the filesystems were unmounted > successfully before starting the container on another node (as NFS may > still be syncing, or worse: hanging due to a lost connection, which we > want to catch and prevent the container from starting with a broken > filesystem without user-intervention). > > Wolfgang Bumiller (5): > start.c:preserve_ns: added pid parameter > preserve container namespace > added stop-hook entries > run stop hook between STOPPING and STOPPED states > pass namespace handles to the stop hook > > src/lxc/conf.c | 4 +++- > src/lxc/conf.h | 2 +- > src/lxc/confile.c | 3 +++ > src/lxc/start.c | 44 ++++++++++++++++++++++++++++++++++++++++---- > src/lxc/start.h | 1 + > 5 files changed, 48 insertions(+), 6 deletions(-) > > -- > 2.1.4 > > > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel