[pve-devel] applied: [PATCH container 1/2] fix #2412: ct destroy: only delete config after deleted from pools, fw

Fri, 18 Oct 2019 03:54:02 -0700 

commit message stolen from:
https://pve.proxmox.com/pipermail/pve-devel/2019-October/039594.html

Between calling destroy_lxc_container and removing the ID from
user.cfg (remove_vm_access) creating a new CT with this ID was
possible. CTs could go missing from pools as a consequence.

unlinking must happen at the very end of the deletion
process to avoid that other nodes use the ID in the meanwhile

Further lock the config after the VM was destroyed with a config lock
named, well, destroyed. This way it's easy to know that the CT was
destroyed but has still the config skelleton and FW, access etc.
stuff possible left over.

Signed-off-by: Thomas Lamprecht <t.lampre...@proxmox.com>
---
 src/PVE/API2/LXC.pm   | 6 +++++-
 src/PVE/LXC/Config.pm | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index 6f47cad..3830e5e 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -671,9 +671,13 @@ __PACKAGE__->register_method({
 
            die $running_error_msg if PVE::LXC::check_running($vmid);
 
-           PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf);
+           PVE::LXC::destroy_lxc_container($storage_cfg, $vmid, $conf, { lock 
=> 'destroyed' });
+
            PVE::AccessControl::remove_vm_access($vmid);
            PVE::Firewall::remove_vmfw_conf($vmid);
+
+           # only now remove the zombie config, else we can have reuse race
+           PVE::LXC::Config->destroy_config($vmid);
        };
 
        my $realcmd = sub { PVE::LXC::Config->lock_config($vmid, $code); };
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index 8517de4..44330da 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -329,7 +329,7 @@ my $confdesc = {
        optional => 1,
        type => 'string',
        description => "Lock/unlock the VM.",
-       enum => [qw(backup create disk fstrim migrate mounted rollback snapshot 
snapshot-delete)],
+       enum => [qw(backup create destroyed disk fstrim migrate mounted 
rollback snapshot snapshot-delete)],
     },
     onboot => {
        optional => 1,
-- 
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to