[lxc-devel] [lxc/lxc] bf5afa: doc: Update Japanese lxc-clone(1) and lxc-start-ep...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: bf5afa6e6b681d1f5cf3ac6fd4ebc855b0a8f5dc https://github.com/lxc/lxc/commit/bf5afa6e6b681d1f5cf3ac6fd4ebc855b0a8f5dc Author: KATOH Yasufumi Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M doc/ja/lxc-clone.sgml.in M doc/ja/lxc-start-ephemeral.sgml.in Log Message: --- doc: Update Japanese lxc-clone(1) and lxc-start-ephemeral(1) describe that lxc-clone and lxc-start-ephemeral have been deprecated in those man pages. Update for commit 2ae6732. Signed-off-by: KATOH Yasufumi Commit: cd548c9d861481a723d091a622ff321e70737cce https://github.com/lxc/lxc/commit/cd548c9d861481a723d091a622ff321e70737cce Author: KATOH Yasufumi Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M doc/ja/lxc.container.conf.sgml.in Log Message: --- doc: Update Japanese lxc.container.conf(5) - Add the description that automount is ignored when cgroup namespaces are supported. Update for commit 4608594. - Unify terminology of translation Signed-off-by: KATOH Yasufumi Commit: fa79f0a4e3fc3a99cf806f3076baa640709ba06d https://github.com/lxc/lxc/commit/fa79f0a4e3fc3a99cf806f3076baa640709ba06d Author: Christian Brauner Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M doc/ja/lxc-clone.sgml.in M doc/ja/lxc-start-ephemeral.sgml.in M doc/ja/lxc.container.conf.sgml.in Log Message: --- Merge pull request #847 from tenforward/japanese_man Update Japanese man Compare: https://github.com/lxc/lxc/compare/9e89a0ba52db...fa79f0a4e3fc___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] Update Japanese man
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/847 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === * Update lxc-clone(1) and lxc-start-ephemeral(1) as those have been deprecated. * Update lxc.container.conf(5) about cgroup namespace. From bf5afa6e6b681d1f5cf3ac6fd4ebc855b0a8f5dc Mon Sep 17 00:00:00 2001 From: KATOH Yasufumi Date: Thu, 25 Feb 2016 15:15:41 +0900 Subject: [PATCH 1/2] doc: Update Japanese lxc-clone(1) and lxc-start-ephemeral(1) describe that lxc-clone and lxc-start-ephemeral have been deprecated in those man pages. Update for commit 2ae6732. Signed-off-by: KATOH Yasufumi --- doc/ja/lxc-clone.sgml.in | 5 +++-- doc/ja/lxc-start-ephemeral.sgml.in | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/ja/lxc-clone.sgml.in b/doc/ja/lxc-clone.sgml.in index ef6bdf7..9e68910 100644 --- a/doc/ja/lxc-clone.sgml.in +++ b/doc/ja/lxc-clone.sgml.in @@ -352,9 +352,10 @@ by KATOH Yasufumi 注意 - lxc-copy が lxc-clone の後継コマンドとなります。 + lxc-clone は lxc-copy に置き換えられ、廃止される予定です。 diff --git a/doc/ja/lxc-start-ephemeral.sgml.in b/doc/ja/lxc-start-ephemeral.sgml.in index b54a06f..0124f48 100644 --- a/doc/ja/lxc-start-ephemeral.sgml.in +++ b/doc/ja/lxc-start-ephemeral.sgml.in @@ -283,10 +283,10 @@ by KATOH Yasufumi 注意 - lxc-copy が lxc-start-ephemeral コマンドの後継コマンドとなります。 + lxc-start-ephemeral は lxc-copy に置き換えられ、廃止される予定です。 From cd548c9d861481a723d091a622ff321e70737cce Mon Sep 17 00:00:00 2001 From: KATOH Yasufumi Date: Thu, 25 Feb 2016 15:38:30 +0900 Subject: [PATCH 2/2] doc: Update Japanese lxc.container.conf(5) - Add the description that automount is ignored when cgroup namespaces are supported. Update for commit 4608594. - Unify terminology of translation Signed-off-by: KATOH Yasufumi --- doc/ja/lxc.container.conf.sgml.in | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in index b28d37e..467c1f7 100644 --- a/doc/ja/lxc.container.conf.sgml.in +++ b/doc/ja/lxc.container.conf.sgml.in @@ -1401,6 +1401,15 @@ proc proc proc nodev,noexec,nosuid 0 0 + + + cgroup 名前空間が有効の場合、cgroup の自動マウントの指定はどれも無視されます。これは、コンテナが自身でファイルシステムをマウントするため、自動マウントがコンテナの init を混乱させる可能性があるためです。 + lxc が apparmor サポートでコンパイルされ、インストールされている場合で、ホストで apparmor が有効な場合、コンテナが従って動くべき apparmor プロファイルは、コンテナの設定で指定することが可能です。 -デフォルトは、ホストのカーネルで cgroup namespace が使える場合は lxc-container-default-cgnsです。使えない場合は lxc-container-default です。 +デフォルトは、ホストのカーネルで cgroup 名前空間が使える場合は lxc-container-default-cgnsです。使えない場合は lxc-container-default です。 @@ -2269,8 +2278,8 @@ mknod errno 0 cgroup namespaces are enabled in the kernel. This is used by the lxcfs mount hook. --> - この変数が設定されていない場合、お使いのバージョンの LXC は cgroup namespace を扱えません。設定されている場合、この値は 1 に設定されています。そして、cgroup namespace を扱えます。 - この変数はカーネルで cgroup namespace が有効であることは保証しません。この変数は lxcfs のマウントフックが使います。 + この変数が設定されていない場合、お使いのバージョンの LXC は cgroup 名前空間を扱えません。設定されている場合、この値は 1 に設定されています。そして、cgroup 名前空間を扱えます。 + この変数はカーネルで cgroup 名前空間が有効であることは保証しません。この変数は lxcfs のマウントフックが使います。 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] cgroup V2 and LXC
Quoting Christian Brauner (christianvanbrau...@gmail.com): > On Mon, Feb 15, 2016 at 07:48:05PM +, Serge Hallyn wrote: > > Quoting Christian Brauner (christian.brau...@mailbox.org): > > > On Wed, Feb 10, 2016 at 05:45:48PM +, Serge Hallyn wrote: > > > > Quoting Christian Brauner (christian.brau...@mailbox.org): > > > > > On Mon, Feb 01, 2016 at 04:56:08AM +, Serge Hallyn wrote: > > > > > > Quoting Kevin Wilson (wkev...@gmail.com): > > > > > > > Hi, LXC developers, > > > > > > > > > > > > > > The latest kernel release (4.4) includes initial support to > > > > > > > cgroup v2 > > > > > > > with 2 controllers (memory and io). Also it seems that the PIDs > > > > > > > controller works in cgroup v2, but I do not know if it is > > > > > > > officially > > > > > > > supported in v2. > > > > > > > > > > > > > > Is there any intention to replace the existing cgroup v1 usage in > > > > > > > LXC > > > > > > > by cgroup v2 ? or at least to enable working with both of them ? > > > > > > > > > > > > > > Regards, > > > > > > > Kevin > > > > > > > > > > > > Replace, no, support, yes. I've added support for it to cgmanager, > > > > > > and have > > > > > > used lxc with the unified hierarchy through cgmanager. Without > > > > > > cgmanager > > > > > > it will currently definately not work. It's worth discussing how > > > > > > we should > > > > > > handle it - and how init wants us to handle it. With cgmanager I > > > > > > actually > > > > > > built in the support so that you could treat it as a legacy > > > > > > hierarchy, and > > > > > > upstart was happy with that since it used cgmanager. Systemd will > > > > > > not be > > > > > > happy with that, and it will be a problem. The only exception to > > > > > > the "no > > > > > > tasks in a non-leaf node" rule is for the / cgroup. So lxc would > > > > > > need to > > > > > > place init in say /lxc/c1/.leaf, and systemd would have to accept > > > > > > that > > > > > > /lxc/c1 is the container's cgroup. A few possibilities: > > > > > > > > > > > > 1. maybe if we place systemd in /lxc/c1/init.scope it will be happy > > > > > Well, here is how I thought it could go (sticking to systemd > > > > > specifics here): > > > > > - create a slice for all lxc "lxc.slice" (similar to > > > > > "machine.slice" of > > > > > systemd-nspawn backed containers) > > > > > - "lxc.slice" contains a scope for each container (e.g. > > > > > "c1.scope" > > > > > - "c1.scope" contains an "init.scope" > > > > > - "init.scope" only contains the PID of "/sbin/init" as seen > > > > > from the > > > > > host (obviously) > > > > > > > > So if we are creating container c1, are you talking about > > > > > > > > /lxc/c1/lxc.slice/c1.scope/init.scope > > > > > > > > or are you talking about a host-global > > > > > > > > /lxc.slice > > > Yes, you have lxc.slice then you have all your machines under this. This > > > is what > > > systemd-nspawn does if I'm not mistaken. > > > > with container-specific > > > > > > > > /lxc.slice/c1.scope > > > > > > > > per container? > > > > > > > > ? > > > Yes. > > > > This doesn't seem to address the problem. Where we put these on the host > > doesn't > > matter. The question is, we create container c1, in which cgroup do we put > > the > > init process? > > > > Assume we create /lxc/c1 on the host as we do now. This becomes / in the > > container's > > cgroup namespace. Where do we put init? If we put it into (namespaced) /, > > then > > systemd will not be able to create any cgroups. So we should probably put > > it into > > /init.scope. This is fine with cgroup namespaces since it can see it is in > > '/init.scope' > > (or '/' if an unprivileged container couldn't create a cgroup for some > > controllers). > > But if we do not have cgroup namespaces, systemd sees it is running in > > perhaps > > /user.slice/user-1000.slice/session-c6.scope/lxc/lxdvm1/lxc/c1/init.scope. > > In that > > case we want systemd to recognize init.scope and create services under > > /user.slice/user-1000.slice/session-c6.scope/lxc/lxdvm1/lxc/c1. > > > > > > > - All other processes are put in another slice > > > > > "c1-something.slice" > > > > > > > > Which other processes? > > > Well, all processes, systemd starts are either put in system.slice or > > > user.slice. All other things we start in the container (let it be e.g. > > > vim) is > > > put in a session.slice (e.g. session-0.slice, session-1000.slice). > > > > wc -l /sys/fs/cgroup/memory/tasks > > 548 > This is output from a legacy cgroup. (The tasks file is removed in cgroup > unified hierarchy, no?) I was talking about unified cgroups. Oh, of course. > A typical layout for a container BB running a unified cgroup system inside on > a > host running a unified cgroup system with systemd-nspawn: > > /sys/fs/cgroup/machine.slice/: > - non-leaf node --> cgroup.procs empty > > /sys/fs/cgroup/machi
[lxc-devel] Passed: lxc/lxc#1733 (lxc-2.0.0.rc3 - 9e89a0b)
Build Update for lxc/lxc - Build: #1733 Status: Passed Duration: 1 minute and 7 seconds Commit: 9e89a0b (lxc-2.0.0.rc3) Author: Stéphane Graber Message: change version to 2.0.0.rc3 in configure.ac Signed-off-by: Stéphane Graber View the changeset: https://github.com/lxc/lxc/compare/lxc-2.0.0.rc3 View the full build log and details: https://travis-ci.org/lxc/lxc/builds/111649748 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/tags/lxc-2.0.0.rc3 Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 9e89a0: change version to 2.0.0.rc3 in configure.ac
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 9e89a0ba52dbfaae38c80ae19a26e51c0031d53e https://github.com/lxc/lxc/commit/9e89a0ba52dbfaae38c80ae19a26e51c0031d53e Author: Stéphane Graber Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M configure.ac Log Message: --- change version to 2.0.0.rc3 in configure.ac Signed-off-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 460859: cgfs: do not automount if cgroup namespaces are su...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 4608594e1dce0efdf3412103d95d31763598ea0d https://github.com/lxc/lxc/commit/4608594e1dce0efdf3412103d95d31763598ea0d Author: Serge Hallyn Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M doc/lxc.container.conf.sgml.in M src/lxc/cgfs.c Log Message: --- cgfs: do not automount if cgroup namespaces are supported In that case containers will be able to mount cgroup filesystems for themselves as they do on a host. This fixes inability to start systemd based containers on cgns-enabled kernels with cgmanager not running. I've tested debian jessie, busybox, ubuntu trusty and xenial, all of which booted ok. However if there are some setups which require premounted cgroupfs (i.e. they don't mount if they detect being in a container), this may cause trouble. Signed-off-by: Serge Hallyn Commit: e80ca772adc7791a858120249cf9b7a82a3d6579 https://github.com/lxc/lxc/commit/e80ca772adc7791a858120249cf9b7a82a3d6579 Author: Stéphane Graber Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M doc/lxc.container.conf.sgml.in M src/lxc/cgfs.c Log Message: --- Merge pull request #846 from hallyn/2016-02-24/cgns.auto cgfs: do not automount if cgroup namespaces are supported Compare: https://github.com/lxc/lxc/compare/4f97fce4b370...e80ca772adc7___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 2ae673: mark lxc-clone & lxc-start-ephemeral as deprecated
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 2ae6732f6b351ddbd299678fec2c43d02faef5e0 https://github.com/lxc/lxc/commit/2ae6732f6b351ddbd299678fec2c43d02faef5e0 Author: Christian Brauner Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M doc/lxc-clone.sgml.in M doc/lxc-start-ephemeral.sgml.in M src/lxc/lxc-start-ephemeral.in M src/lxc/lxc_clone.c Log Message: --- mark lxc-clone & lxc-start-ephemeral as deprecated - add deprecation not to man pages - print deprecation info to stderr when the executables are invoked Signed-off-by: Christian Brauner Commit: d0a6bd39400a6d14cfec94ad647f3af1bda1e321 https://github.com/lxc/lxc/commit/d0a6bd39400a6d14cfec94ad647f3af1bda1e321 Author: Christian Brauner Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M config/bash/lxc.in M configure.ac M doc/Makefile.am M doc/ja/Makefile.am M doc/ko/Makefile.am M src/lxc/Makefile.am M src/lxc/arguments.h M src/tests/lxc-test-cloneconfig M src/tests/lxc-test-snapdeps M src/tests/lxc-test-unpriv Log Message: --- configure.ac: add --enable-deprecated flag - lxc-clone and lxc-start-ephemeral are marked deprecated. We add a --enable-deprecated flag to configure.ac allowing us to enable these deprecated executables - update tests to use lxc-copy instead of lxc-clone Signed-off-by: Christian Brauner Commit: 4f97fce4b3701b206a0033f2477d7cfc2bde5e14 https://github.com/lxc/lxc/commit/4f97fce4b3701b206a0033f2477d7cfc2bde5e14 Author: Stéphane Graber Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M config/bash/lxc.in M configure.ac M doc/Makefile.am M doc/ja/Makefile.am M doc/ko/Makefile.am M doc/lxc-clone.sgml.in M doc/lxc-start-ephemeral.sgml.in M src/lxc/Makefile.am M src/lxc/arguments.h M src/lxc/lxc-start-ephemeral.in M src/lxc/lxc_clone.c M src/tests/lxc-test-cloneconfig M src/tests/lxc-test-snapdeps M src/tests/lxc-test-unpriv Log Message: --- Merge pull request #844 from brauner/2016-02-22/manpage_update configure.ac: add --enable-deprecated flag Compare: https://github.com/lxc/lxc/compare/55290b833352...4f97fce4b370___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] cgfs: do not automount if cgroup namespaces are supported
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/846 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === In that case containers will be able to mount cgroup filesystems for themselves as they do on a host. This fixes inability to start systemd based containers on cgns-enabled kernels with cgmanager not running. I've tested debianjessie, busybox, ubuntu trusty and xenial, all of which booted ok. However if there are some setups which require premounted cgroupfs (i.e. they don't mount if they detect being in a container), this may cause trouble. Signed-off-by: Serge Hallyn From f48ef3ae257e98834d2aa2a98c302316bd5adcd3 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Wed, 24 Feb 2016 17:00:35 -0800 Subject: [PATCH] cgfs: do not automount if cgroup namespaces are supported In that case containers will be able to mount cgroup filesystems for themselves as they do on a host. This fixes inability to start systemd based containers on cgns-enabled kernels with cgmanager not running. I've tested debianjessie, busybox, ubuntu trusty and xenial, all of which booted ok. However if there are some setups which require premounted cgroupfs (i.e. they don't mount if they detect being in a container), this may cause trouble. Signed-off-by: Serge Hallyn --- src/lxc/cgfs.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/lxc/cgfs.c b/src/lxc/cgfs.c index d41e74c..97a4e6d 100644 --- a/src/lxc/cgfs.c +++ b/src/lxc/cgfs.c @@ -1356,6 +1356,9 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type) struct cgroup_process_info *info, *base_info; int r, saved_errno = 0; + if (cgns_supported()) + return true; + cgfs_d = hdata; if (!cgfs_d) return false; ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] websocket: fix panic() on concurrent writes
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1651
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
We were panic()ing sometimes (see below) on current writes. Let's not do
that.
panic: concurrent write to websocket connection
goroutine 429 [running]:
github.com/gorilla/websocket.(*Conn).flushFrame(0x504d5a70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/gorilla/websocket/conn.go:450 +0x516
github.com/gorilla/websocket.(*Conn).NextWriter(0x504d5a70, 0x8, 0x0, 0x0, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/gorilla/websocket/conn.go:378 +0x7c
github.com/gorilla/websocket.(*Conn).WriteMessage(0x504d5a70, 0x8, 0x509ac9e0, 0x2, 0x2, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/gorilla/websocket/conn.go:585 +0x37
main.(*migrationFields).disconnect(0x505755c0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/migrate.go:93 +0x1ba
main.(*migrationSink).do(0x505755c0, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/migrate.go:638 +0x6ae
main.(*migrationSink).(main.do)-fm(0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/migrate.go:442 +0x2c
main.createFromMigration.func1(0x50890070, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/containers_post.go:244 +0x3e3
main.(*operation).Run.func1(0x50890070, 0x50650300)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/operations.go:110 +0x31
created by main.(*operation).Run
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/operations.go:135 +0xe2
Signed-off-by: Tycho Andersen
From 83b3ae5be39d461cb58fa1d01067e5e2b0646464 Mon Sep 17 00:00:00 2001
From: Tycho Andersen
Date: Wed, 24 Feb 2016 16:18:15 -0700
Subject: [PATCH] websocket: fix panic() on concurrent writes
We were panic()ing sometimes (see below) on current writes. Let's not do
that.
panic: concurrent write to websocket connection
goroutine 429 [running]:
github.com/gorilla/websocket.(*Conn).flushFrame(0x504d5a70, 0x1, 0x0, 0x0, 0x0,
0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/gorilla/websocket/conn.go:450
+0x516
github.com/gorilla/websocket.(*Conn).NextWriter(0x504d5a70, 0x8, 0x0, 0x0, 0x0,
0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/gorilla/websocket/conn.go:378
+0x7c
github.com/gorilla/websocket.(*Conn).WriteMessage(0x504d5a70, 0x8, 0x509ac9e0,
0x2, 0x2, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/gorilla/websocket/conn.go:585
+0x37
main.(*migrationFields).disconnect(0x505755c0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/migrate.go:93 +0x1ba
main.(*migrationSink).do(0x505755c0, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/migrate.go:638 +0x6ae
main.(*migrationSink).(main.do)-fm(0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/migrate.go:442 +0x2c
main.createFromMigration.func1(0x50890070, 0x0, 0x0)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/containers_post.go:244
+0x3e3
main.(*operation).Run.func1(0x50890070, 0x50650300)
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/operations.go:110
+0x31
created by main.(*operation).Run
/lxd/build/tmp.39Rjv1YQMz/go/src/github.com/lxc/lxd/lxd/operations.go:135
+0xe2
Signed-off-by: Tycho Andersen
---
lxd/migrate.go | 31 +--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/lxd/migrate.go b/lxd/migrate.go
index 254ad4d..e6ec1a1 100644
--- a/lxd/migrate.go
+++ b/lxd/migrate.go
@@ -16,6 +16,7 @@ import (
"path"
"path/filepath"
"strings"
+ "sync"
"time"
"github.com/golang/protobuf/proto"
@@ -31,6 +32,7 @@ type migrationFields struct {
controlSecret string
controlConn *websocket.Conn
+ controlLock sync.Mutex
criuSecret string
criuConn *websocket.Conn
@@ -42,6 +44,19 @@ type migrationFields struct {
}
func (c *migrationFields) send(m proto.Message) error {
+ /* gorilla websocket doesn't allow concurrent writes, and
+* panic()s if it sees them (which is reasonable). If e.g. we
+* happen to fail, get scheduled, start our write, then get
+* unscheduled before the write is bit to a new thread which is
+* receiving an error from the other side (due to our previous
+* close), we can engage in these concurrent writes, which
+* casuses the whole daemon to panic.
+*
+* Instead, let's lock sends to the controlConn so that we only ever
+* write one message at the time.
+*/
+ c.controlLock.Lock()
+ defer c.controlLock.Unlock()
w, err := c.controlConn.NextWriter(websocket.BinaryMessage)
if err != nil {
return err
@@ -85,16 +100,28 @@ func (c *migrationFields) recv(m
[lxc-devel] [lxd/master] Go tool vet lxc/*.
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1650
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Rene Jochum
From a8cb69735dafbd4468cc731c81ac6e27d02553fa Mon Sep 17 00:00:00 2001
From: Rene Jochum
Date: Thu, 25 Feb 2016 00:02:04 +0100
Subject: [PATCH] Go tool vet lxc/*.
Signed-off-by: Rene Jochum
---
lxc/copy.go | 116 +-
lxc/list.go | 38 +--
lxc/remote.go | 58 ++---
3 files changed, 106 insertions(+), 106 deletions(-)
diff --git a/lxc/copy.go b/lxc/copy.go
index 39e4651..a451919 100644
--- a/lxc/copy.go
+++ b/lxc/copy.go
@@ -84,82 +84,82 @@ func (c *copyCmd) copyContainer(config *lxd.Config,
sourceResource string, destR
}
return source.WaitForSuccess(cp.Operation)
- } else {
- dest, err := lxd.NewClient(config, destRemote)
- if err != nil {
- return err
- }
+ }
+
+ dest, err := lxd.NewClient(config, destRemote)
+ if err != nil {
+ return err
+ }
+
+ sourceProfs := shared.NewStringSet(status.Profiles)
+ destProfs, err := dest.ListProfiles()
+ if err != nil {
+ return err
+ }
+
+ if !sourceProfs.IsSubset(shared.NewStringSet(destProfs)) {
+ return fmt.Errorf(i18n.G("not all the profiles from the source
exist on the target"))
+ }
- sourceProfs := shared.NewStringSet(status.Profiles)
- destProfs, err := dest.ListProfiles()
+ if ephemeral == -1 {
+ ct, err := source.ContainerInfo(sourceName)
if err != nil {
return err
}
- if !sourceProfs.IsSubset(shared.NewStringSet(destProfs)) {
- return fmt.Errorf(i18n.G("not all the profiles from the
source exist on the target"))
+ if ct.Ephemeral {
+ ephemeral = 1
+ } else {
+ ephemeral = 0
}
+ }
- if ephemeral == -1 {
- ct, err := source.ContainerInfo(sourceName)
- if err != nil {
- return err
- }
-
- if ct.Ephemeral {
- ephemeral = 1
- } else {
- ephemeral = 0
- }
- }
+ sourceWSResponse, err := source.GetMigrationSourceWS(sourceName)
+ if err != nil {
+ return err
+ }
- sourceWSResponse, err := source.GetMigrationSourceWS(sourceName)
- if err != nil {
- return err
- }
+ secrets := map[string]string{}
- secrets := map[string]string{}
+ op, err := sourceWSResponse.MetadataAsOperation()
+ if err != nil {
+ return err
+ }
- op, err := sourceWSResponse.MetadataAsOperation()
- if err != nil {
- return err
- }
+ for k, v := range *op.Metadata {
+ secrets[k] = v.(string)
+ }
- for k, v := range *op.Metadata {
- secrets[k] = v.(string)
- }
+ addresses, err := source.Addresses()
+ if err != nil {
+ return err
+ }
- addresses, err := source.Addresses()
+ /* Since we're trying a bunch of different network ports that
+* may be invalid, we can get "bad handshake" errors when the
+* websocket code tries to connect. If the first error is a
+* real error, but the subsequent errors are only network
+* errors, we should try to report the first real error. Of
+* course, if all the errors are websocket errors, let's just
+* report that.
+*/
+ for _, addr := range addresses {
+ var migration *lxd.Response
+
+ sourceWSUrl := "https://"; + addr + sourceWSResponse.Operation
+ migration, err = dest.MigrateFrom(destName, sourceWSUrl,
source.Certificate, secrets, status.Architecture, status.Config,
status.Devices, status.Profiles, baseImage, ephemeral == 1)
if err != nil {
- return err
+ continue
}
- /* Since we're trying a bunch of different network ports that
-* may be invalid, we can get "bad handshake" errors when the
-* websocket code tries to connect. If the first error is a
-* real error, but the sub
[lxc-devel] [lxd/master] Add upgrade procedure to README
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1649 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Wording can be changed. This was just confusing for me since I thought both binaries ship together in the `lxd` package, however `lxc` is a separate package `lxd-client`. From d8f070310d5e2c303cba838ef417dd7740e4b515 Mon Sep 17 00:00:00 2001 From: Jaime Pillora Date: Thu, 25 Feb 2016 09:30:58 +1100 Subject: [PATCH] Add upgrade procedure to README --- README.md | 7 +++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 378c264..5ef61c1 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,13 @@ this by: lxc remote add local 127.0.0.1:8443 wget --no-check-certificate https://127.0.0.1:8443/1.0 --certificate=$HOME/.config/lxc/client.crt --private-key=$HOME/.config/lxc/client.key -O - -q +## Upgrading + +The `lxd` and `lxc` (`lxd-client`) binaries should be upgraded at the same time with: + +apt-get update +apt-get install lxd lxd-client + ## Support and discussions We use the LXC mailing-lists for developer and user discussions, you can ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Export and use the address scope
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1648
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber
From ba613e076ca598a16cc2a7262289c8c8273a31a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?=
Date: Wed, 24 Feb 2016 15:26:45 -0500
Subject: [PATCH] Export and use the address scope
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber
---
lxc/list.go | 8
lxd/main.go | 18 ++
shared/container.go | 1 +
specs/rest-api.md | 27 ++-
4 files changed, 45 insertions(+), 9 deletions(-)
diff --git a/lxc/list.go b/lxc/list.go
index 949222e..06b227e 100644
--- a/lxc/list.go
+++ b/lxc/list.go
@@ -374,6 +374,10 @@ func (c *listCmd) IP4ColumnData(cInfo
shared.ContainerInfo, cState *shared.Conta
}
for _, addr := range net.Addresses {
+ if shared.StringInSlice(addr.Scope,
[]string{"link", "local"}) {
+ continue
+ }
+
if addr.Family == "inet" {
ipv4s = append(ipv4s, fmt.Sprintf("%s
(%s)", addr.Address, netName))
}
@@ -394,6 +398,10 @@ func (c *listCmd) IP6ColumnData(cInfo
shared.ContainerInfo, cState *shared.Conta
}
for _, addr := range net.Addresses {
+ if shared.StringInSlice(addr.Scope,
[]string{"link", "local"}) {
+ continue
+ }
+
if addr.Family == "inet6" {
ipv6s = append(ipv6s, fmt.Sprintf("%s
(%s)", addr.Address, netName))
}
diff --git a/lxd/main.go b/lxd/main.go
index 2a49ecd..5446033 100644
--- a/lxd/main.go
+++ b/lxd/main.go
@@ -871,10 +871,28 @@ func printnet() error {
family = "inet6"
}
+ scope := "global"
+ if strings.HasPrefix(fields[0], "127") {
+ scope = "local"
+ }
+
+ if fields[0] == "::1" {
+ scope = "local"
+ }
+
+ if strings.HasPrefix(fields[0], "169.254") {
+ scope = "link"
+ }
+
+ if strings.HasPrefix(fields[0], "fe80:") {
+ scope = "link"
+ }
+
address := shared.ContainerStateNetworkAddress{}
address.Family = family
address.Address = fields[0]
address.Netmask = fields[1]
+ address.Scope = scope
network.Addresses = append(network.Addresses,
address)
}
diff --git a/shared/container.go b/shared/container.go
index b7605b6..58bcd8d 100644
--- a/shared/container.go
+++ b/shared/container.go
@@ -39,6 +39,7 @@ type ContainerStateNetworkAddress struct {
Family string `json:"family"`
Address string `json:"address"`
Netmask string `json:"netmask"`
+ Scope string `json:"scope"`
}
type ContainerStateNetworkCounters struct {
diff --git a/specs/rest-api.md b/specs/rest-api.md
index fe4b4b5..621aca4 100644
--- a/specs/rest-api.md
+++ b/specs/rest-api.md
@@ -643,12 +643,14 @@ HTTP code for this should be 202 (Accepted).
{
"family": "inet",
"address": "10.0.3.27",
-"netmask": "24"
+"netmask": "24",
+"scope": "global"
},
{
"family": "inet6",
"address": "fe80::216:3eff:feec:65a8",
-"netmask": "64"
+"netmask": "64",
+"scope": "link"
}
],
"counters": {
@@ -668,12 +670,14 @@ HTTP code for this should be 202 (Accepted).
{
"family": "inet",
"address": "127.0.0.1",
-"netmask": "8
[lxc-devel] [lxc/master] configure.ac: add --enable-deprecated flag
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/844
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
From 880dd6a5f96a222a06d9b803fcb5947e0dec2aa7 Mon Sep 17 00:00:00 2001
From: Christian Brauner
Date: Wed, 24 Feb 2016 00:02:49 +0100
Subject: [PATCH 1/2] mark lxc-clone & lxc-start-ephemeral as deprecated
- add deprecation not to man pages
- print deprecation info to stderr when the executables are invoked
Signed-off-by: Christian Brauner
---
doc/lxc-clone.sgml.in | 3 ++-
doc/lxc-start-ephemeral.sgml.in | 2 +-
src/lxc/lxc-start-ephemeral.in | 4
src/lxc/lxc_clone.c | 2 ++
4 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/doc/lxc-clone.sgml.in b/doc/lxc-clone.sgml.in
index 42c119c..f134b80 100644
--- a/doc/lxc-clone.sgml.in
+++ b/doc/lxc-clone.sgml.in
@@ -278,7 +278,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301 USA
Notes
-lxc-clone is superseded by lxc-copy.
+lxc-clone is deprecated in favor of
+lxc-copy.
diff --git a/doc/lxc-start-ephemeral.sgml.in b/doc/lxc-start-ephemeral.sgml.in
index 6db4059..6831578 100644
--- a/doc/lxc-start-ephemeral.sgml.in
+++ b/doc/lxc-start-ephemeral.sgml.in
@@ -230,7 +230,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301 USA
Notes
-lxc-start-ephemeral is superseded by
+lxc-start-ephemeral is deprecated in favor of
lxc-copy.
diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
index 8d33775..b39aaba 100644
--- a/src/lxc/lxc-start-ephemeral.in
+++ b/src/lxc/lxc-start-ephemeral.in
@@ -36,6 +36,10 @@ import tempfile
_ = gettext.gettext
gettext.textdomain("lxc-start-ephemeral")
+def printstderr(*args):
+print("lxc-start-ephemeral is deprecated in favor of lxc-copy\n", *args,
file = sys.stderr)
+
+printstderr()
# Other functions
def randomMAC():
diff --git a/src/lxc/lxc_clone.c b/src/lxc/lxc_clone.c
index e88c18b..6bd2226 100644
--- a/src/lxc/lxc_clone.c
+++ b/src/lxc/lxc_clone.c
@@ -121,6 +121,8 @@ int main(int argc, char *argv[])
int c;
bool ret;
+ fprintf(stderr, "lxc-clone is deprecated in favor of lxc-copy.\n\n");
+
if (argc < 3)
usage(argv[0]);
From 2fb8e25d77c9962cc707b9d5de4f61fd23a7c265 Mon Sep 17 00:00:00 2001
From: Christian Brauner
Date: Wed, 24 Feb 2016 19:28:12 +0100
Subject: [PATCH 2/2] configure.ac: add --enable-deprecated flag
- lxc-clone and lxc-start-ephemeral are marked deprecated. We add a
--enable-deprecated flag to configure.ac allowing us to enable these
deprecated executables
- update tests to use lxc-copy instead of lxc-clone
Signed-off-by: Christian Brauner
---
config/bash/lxc.in | 2 +-
configure.ac | 7 +++
doc/Makefile.am| 5 +++--
doc/ja/Makefile.am | 5 +++--
doc/ko/Makefile.am | 5 +++--
src/lxc/Makefile.am| 12 ++--
src/lxc/arguments.h| 2 +-
src/tests/lxc-test-cloneconfig | 2 +-
src/tests/lxc-test-snapdeps| 4 ++--
src/tests/lxc-test-unpriv | 2 +-
10 files changed, 32 insertions(+), 14 deletions(-)
diff --git a/config/bash/lxc.in b/config/bash/lxc.in
index 344d5cb..7dcf302 100644
--- a/config/bash/lxc.in
+++ b/config/bash/lxc.in
@@ -98,6 +98,6 @@ _have lxc-start && {
complete -o default -F _lxc_generic_t lxc-create
-complete -o default -F _lxc_generic_o lxc-clone
+complete -o default -F _lxc_generic_o lxc-copy
complete -o default -F _lxc_generic_o lxc-start-ephemeral
}
diff --git a/configure.ac b/configure.ac
index 68d89b2..fd2c569 100644
--- a/configure.ac
+++ b/configure.ac
@@ -147,6 +147,13 @@ if test "x$with_systemdsystemunitdir" != "xno"; then
AC_SUBST([SYSTEMD_UNIT_DIR], [$with_systemdsystemunitdir])
fi
+# Allow enabling deprecated executables
+AC_ARG_ENABLE([deprecated],
+ [AC_HELP_STRING([--enable-deprecated],
+ [enable deprecated executables [default=no]])],
+ [], [enable_deprecated=false])
+AM_CONDITIONAL([ENABLE_DEPRECATED], [test "x$enable_deprecated" = "xyes"])
+
# Allow disabling rpath
AC_ARG_ENABLE([rpath],
[AC_HELP_STRING([--enable-rpath], [set rpath in executables
[default=no]])],
diff --git a/doc/Makefile.am b/doc/Makefile.am
index c309ef8..09ded03 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -21,7 +21,6 @@ man_MANS = \
lxc-cgroup.1 \
lxc-checkconfig.1 \
lxc-checkpoint.1 \
- lxc-clone.1 \
lxc-config.1 \
lxc-console.1 \
lxc-copy.1 \
@@ -50,8 +49,10 @@ man_MANS = \
\
lxc.7
+if ENABLE_DEPRECATED
if ENABLE_PYTHON
-man_MANS += lxc-start-ephemeral.1
+man_MANS += lxc-start-ephemeral.1 lxc-clone.
[lxc-devel] [lxd/master] Update lxc.mount.auto based on situation
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1646
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber
From 1373eae0dc7cf1c4638be6a0f9e0ed6809c17441 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?=
Date: Wed, 24 Feb 2016 13:41:45 -0500
Subject: [PATCH] Update lxc.mount.auto based on situation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber
---
lxd/container_lxc.go | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 08fd352..f2a8dd2 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -285,7 +285,21 @@ func (c *containerLXC) initLXC() error {
return err
}
- err = lxcSetConfigItem(cc, "lxc.mount.auto", "cgroup:mixed proc:mixed
sys:mixed")
+ // Set an appropriate /proc, /sys/ and /sys/fs/cgroup
+ mounts := []string{}
+ if c.IsPrivileged() && !runningInUserns {
+ mounts = append(mounts, "proc:mixed")
+ mounts = append(mounts, "sys:mixed")
+ } else {
+ mounts = append(mounts, "proc:rw")
+ mounts = append(mounts, "sys:rw")
+ }
+
+ if !shared.PathExists("/proc/self/ns/cgroup") {
+ mounts = append(mounts, "cgroup:mixed")
+ }
+
+ err = lxcSetConfigItem(cc, "lxc.mount.auto", strings.Join(mounts, " "))
if err != nil {
return err
}
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] shared: export limit parsing function
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1647
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
For other golang clients who want to figure out the memory from a LXD limit
in string format from the config, this is useful.
Signed-off-by: Tycho Andersen
From 83af6cf8a98cff8750085a69951d125648684d36 Mon Sep 17 00:00:00 2001
From: Tycho Andersen
Date: Wed, 24 Feb 2016 11:45:21 -0700
Subject: [PATCH] shared: export limit parsing function
For other golang clients who want to figure out the memory from a LXD limit
in string format from the config, this is useful.
Signed-off-by: Tycho Andersen
---
lxd/container.go | 2 +-
lxd/container_lxc.go | 6 +++---
lxd/db_update.go | 4 ++--
lxd/devices.go | 51 +++
shared/util.go | 47 +++
5 files changed, 56 insertions(+), 54 deletions(-)
diff --git a/lxd/container.go b/lxd/container.go
index 9dc714e..df99790 100644
--- a/lxd/container.go
+++ b/lxd/container.go
@@ -618,7 +618,7 @@ func containerConfigureInternal(c container) error {
continue
}
- size, err := deviceParseBytes(m["size"])
+ size, err := shared.ParseSizeString(m["size"])
if err != nil {
return err
}
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 9983067..241f5fc 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -470,7 +470,7 @@ func (c *containerLXC) initLXC() error {
valueInt = int64((memoryTotal / 100) * percent)
} else {
- valueInt, err = deviceParseBytes(memory)
+ valueInt, err = shared.ParseSizeString(memory)
if err != nil {
return err
}
@@ -1883,7 +1883,7 @@ func (c *containerLXC) Update(args containerArgs,
userRequested bool) error {
}
if m["size"] != oldRootfsSize {
- size, err := deviceParseBytes(m["size"])
+ size, err := shared.ParseSizeString(m["size"])
if err != nil {
undoChanges()
return err
@@ -1986,7 +1986,7 @@ func (c *containerLXC) Update(args containerArgs,
userRequested bool) error {
memory = fmt.Sprintf("%d",
int64((memoryTotal/100)*percent))
} else {
- valueInt, err :=
deviceParseBytes(memory)
+ valueInt, err :=
shared.ParseSizeString(memory)
if err != nil {
undoChanges()
return err
diff --git a/lxd/db_update.go b/lxd/db_update.go
index 579825c..c43ade8 100644
--- a/lxd/db_update.go
+++ b/lxd/db_update.go
@@ -84,7 +84,7 @@ func dbUpdateFromV18(db *sql.DB) error {
value += "B"
// Deal with completely broken values
- _, err = deviceParseBytes(value)
+ _, err = shared.ParseSizeString(value)
if err != nil {
shared.Debugf("Invalid container memory limit, id=%d
value=%s, removing.", id, value)
_, err = db.Exec("DELETE FROM containers_config WHERE
id=?;", id)
@@ -121,7 +121,7 @@ func dbUpdateFromV18(db *sql.DB) error {
value += "B"
// Deal with completely broken values
- _, err = deviceParseBytes(value)
+ _, err = shared.ParseSizeString(value)
if err != nil {
shared.Debugf("Invalid profile memory limit, id=%d
value=%s, removing.", id, value)
_, err = db.Exec("DELETE FROM profiles_config WHERE
id=?;", id)
diff --git a/lxd/devices.go b/lxd/devices.go
index 9f54271..770a5dc 100644
--- a/lxd/devices.go
+++ b/lxd/devices.go
@@ -656,51 +656,6 @@ func deviceParseBits(input string) (int64, error) {
return valueInt * multiplicator, nil
}
-func deviceParseBytes(input string) (int64, error) {
- if input == "" {
- return 0, nil
- }
-
- if len(input) < 3 {
- return -1, fmt.Errorf("Invalid value: %s", input)
- }
-
- // Extract the suffix
- suffix := input[len(input)-2:]
-
- // Extract the value
- value := input[0 : len(input)-2]
- valueInt, err := strconv.ParseInt(value, 10, 64)
- if err != nil {
- return -1,
[lxc-devel] [lxd/master] Allow setting lxc.network.X.ipv{4, 6}[.gateway]
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1645
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
This is absolutely unsupported (just like anything through raw.lxc) but
when restricted to only numbered interface and only those two keys, this
shouldn't conflict with LXD's one network handling.
Note that finding the right interface index is left to the user to
figure out, LXD doesn't in any way guarantee LXC configuration ordering
to be consistent across restarts.
Closes #1259
Signed-off-by: Stéphane Graber
From 43aad2f61f3b90633d919379ec86b2b1f8f1939b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?=
Date: Wed, 24 Feb 2016 12:25:19 -0500
Subject: [PATCH] Allow setting lxc.network.X.ipv{4,6}[.gateway]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is absolutely unsupported (just like anything through raw.lxc) but
when restricted to only numbered interface and only those two keys, this
shouldn't conflict with LXD's one network handling.
Note that finding the right interface index is left to the user to
figure out, LXD doesn't in any way guarantee LXC configuration ordering
to be consistent across restarts.
Closes #1259
Signed-off-by: Stéphane Graber
---
lxd/container_lxc.go | 23 ---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 9983067..08fd352 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -63,13 +63,24 @@ func lxcValidConfig(rawLxc string) error {
return fmt.Errorf("Invalid raw.lxc line: %s", line)
}
+ key := strings.ToLower(strings.Trim(membs[0], " \t"))
+
// Blacklist some keys
- if strings.ToLower(strings.Trim(membs[0], " \t")) ==
"lxc.logfile" {
+ if key == "lxc.logfile" {
return fmt.Errorf("Setting lxc.logfile is not allowed")
}
- if strings.HasPrefix(strings.ToLower(strings.Trim(membs[0], "
\t")), "lxc.network.") {
- return fmt.Errorf("Setting lxc.network keys is not
allowed")
+ if strings.HasPrefix(key, "lxc.network.") {
+ fields := strings.Split(key, ".")
+ if len(fields) == 4 && shared.StringInSlice(fields[3],
[]string{"ipv4", "ipv6"}) {
+ continue
+ }
+
+ if len(fields) == 5 && shared.StringInSlice(fields[3],
[]string{"ipv4", "ipv6"}) && fields[4] == "gateway" {
+ continue
+ }
+
+ return fmt.Errorf("Only interface-specific ipv4/ipv6
lxc.network keys are allowed")
}
}
@@ -675,6 +686,12 @@ func (c *containerLXC) initLXC() error {
return err
}
}
+
+ err = lxcSetConfigItem(cc, "lxc.network.flags", "up")
+ if err != nil {
+ return err
+ }
+
if shared.StringInSlice(m["nictype"],
[]string{"bridged", "physical", "macvlan"}) {
err = lxcSetConfigItem(cc, "lxc.network.link",
m["parent"])
if err != nil {
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] run lxc with another kernel
On Wed, Feb 24, 2016 at 02:25:36PM +, mansour amini wrote: > HelloI want to run my lxc machine with another kernel that my host have > it.Can I do that? > Thanks No, the definition of a container is specifically that it's a system sharing the host's kernel. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] run lxc with another kernel
HelloI want to run my lxc machine with another kernel that my host have it.Can I do that? Thanks___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] LXD client API tweaks
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1644
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
This is a bugfix version of @tych0's rebase of @jameinel's branch.
Closes #1633
Closes #1643
From d4d4c43397d39921b029785bf5b0158434a5f87f Mon Sep 17 00:00:00 2001
From: John Arbash Meinel
Date: Tue, 23 Feb 2016 18:25:13 +0400
Subject: [PATCH 1/7] Rework lxd.NewClient so we don't need a disk cache.
This adds a new interface NewClientFromInfo which lets API clients
decide how they want to track the information that they need, and
just supply that information when they go to connect.
NewClient still uses the disk cache, but shares all of the actual
setting up of connections via NewClientFromInfo.
Signed-off-by: John Arbash Meinel
---
client.go | 231 +-
shared/network.go | 63 ---
2 files changed, 210 insertions(+), 84 deletions(-)
diff --git a/client.go b/client.go
index d63c75d..97e2099 100644
--- a/client.go
+++ b/client.go
@@ -142,7 +142,7 @@ func HoistResponse(r *http.Response, rtype ResponseType)
(*Response, error) {
return resp, nil
}
-func readMyCert(configDir string) (string, string, error) {
+func ensureMyCert(configDir string) (string, string, error) {
certf := path.Join(configDir, "client.crt")
keyf := path.Join(configDir, "client.key")
@@ -153,94 +153,181 @@ func readMyCert(configDir string) (string, string,
error) {
// NewClient returns a new LXD client.
func NewClient(config *Config, remote string) (*Client, error) {
- c := Client{
- Config: *config,
- Http: http.Client{},
- }
-
- c.Name = remote
-
if remote == "" {
return nil, fmt.Errorf("A remote name must be provided.")
}
- if r, ok := config.Remotes[remote]; ok {
- if r.Addr[0:5] == "unix:" {
- if r.Addr == "unix://" {
- r.Addr = fmt.Sprintf("unix:%s",
shared.VarPath("unix.socket"))
- }
-
- c.BaseURL = "http://unix.socket";
- c.BaseWSURL = "ws://unix.socket"
- c.Transport = "unix"
- uDial := func(networ, addr string) (net.Conn, error) {
- var err error
- var raddr *net.UnixAddr
- if r.Addr[7:] == "unix://" {
- raddr, err =
net.ResolveUnixAddr("unix", r.Addr[7:])
- } else {
- raddr, err =
net.ResolveUnixAddr("unix", r.Addr[5:])
- }
- if err != nil {
- return nil, err
- }
- return net.DialUnix("unix", nil, raddr)
- }
- c.Http.Transport = &http.Transport{Dial: uDial}
- c.websocketDialer.NetDial = uDial
- c.Remote = &r
-
- st, err := c.ServerStatus()
+ r, ok := config.Remotes[remote]
+ if !ok {
+ return nil, fmt.Errorf("unknown remote name: %q", remote)
+ }
+ info := ConnectInfo{
+ Name: remote,
+ Addr: r.Addr,
+ }
+ if r.Addr[0:5] != "unix:" {
+ certf, keyf, err := ensureMyCert(config.ConfigDir)
+ if err != nil {
+ return nil, err
+ }
+ certBytes, err := ioutil.ReadFile(certf)
+ if err != nil {
+ return nil, err
+ }
+ keyBytes, err := ioutil.ReadFile(keyf)
+ if err != nil {
+ return nil, err
+ }
+ info.ClientPEMCert = string(certBytes)
+ info.ClientPEMKey = string(keyBytes)
+ serverCertPath := config.ServerCertPath(remote)
+ if shared.PathExists(serverCertPath) {
+ cert, err := shared.ReadCert(serverCertPath)
if err != nil {
return nil, err
}
- c.Certificate = st.Environment.Certificate
+
+ info.ServerPEMCert =
string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}))
+ }
+ }
+ c, err := NewClientFromInfo(info)
+ if err != nil {
+ return nil, err
+ }
+ c.Config = *config
+ return c, nil
+}
+
+// ConnectInfo contains the information we need to connect to a specific LXD
se
[lxc-devel] [lxd/master] Lxd simple client nomerge
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1643
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
This is just a rebase instead of a merge of #1633 :)
From 57d5b5c3b36175425037c13ec123a64099acce8e Mon Sep 17 00:00:00 2001
From: John Arbash Meinel
Date: Tue, 23 Feb 2016 18:25:13 +0400
Subject: [PATCH 1/6] Rework lxd.NewClient so we don't need a disk cache.
This adds a new interface NewClientFromInfo which lets API clients
decide how they want to track the information that they need, and
just supply that information when they go to connect.
NewClient still uses the disk cache, but shares all of the actual
setting up of connections via NewClientFromInfo.
Signed-off-by: John Arbash Meinel
---
client.go | 231 +-
shared/network.go | 63 ---
2 files changed, 210 insertions(+), 84 deletions(-)
diff --git a/client.go b/client.go
index d63c75d..97e2099 100644
--- a/client.go
+++ b/client.go
@@ -142,7 +142,7 @@ func HoistResponse(r *http.Response, rtype ResponseType)
(*Response, error) {
return resp, nil
}
-func readMyCert(configDir string) (string, string, error) {
+func ensureMyCert(configDir string) (string, string, error) {
certf := path.Join(configDir, "client.crt")
keyf := path.Join(configDir, "client.key")
@@ -153,94 +153,181 @@ func readMyCert(configDir string) (string, string,
error) {
// NewClient returns a new LXD client.
func NewClient(config *Config, remote string) (*Client, error) {
- c := Client{
- Config: *config,
- Http: http.Client{},
- }
-
- c.Name = remote
-
if remote == "" {
return nil, fmt.Errorf("A remote name must be provided.")
}
- if r, ok := config.Remotes[remote]; ok {
- if r.Addr[0:5] == "unix:" {
- if r.Addr == "unix://" {
- r.Addr = fmt.Sprintf("unix:%s",
shared.VarPath("unix.socket"))
- }
-
- c.BaseURL = "http://unix.socket";
- c.BaseWSURL = "ws://unix.socket"
- c.Transport = "unix"
- uDial := func(networ, addr string) (net.Conn, error) {
- var err error
- var raddr *net.UnixAddr
- if r.Addr[7:] == "unix://" {
- raddr, err =
net.ResolveUnixAddr("unix", r.Addr[7:])
- } else {
- raddr, err =
net.ResolveUnixAddr("unix", r.Addr[5:])
- }
- if err != nil {
- return nil, err
- }
- return net.DialUnix("unix", nil, raddr)
- }
- c.Http.Transport = &http.Transport{Dial: uDial}
- c.websocketDialer.NetDial = uDial
- c.Remote = &r
-
- st, err := c.ServerStatus()
+ r, ok := config.Remotes[remote]
+ if !ok {
+ return nil, fmt.Errorf("unknown remote name: %q", remote)
+ }
+ info := ConnectInfo{
+ Name: remote,
+ Addr: r.Addr,
+ }
+ if r.Addr[0:5] != "unix:" {
+ certf, keyf, err := ensureMyCert(config.ConfigDir)
+ if err != nil {
+ return nil, err
+ }
+ certBytes, err := ioutil.ReadFile(certf)
+ if err != nil {
+ return nil, err
+ }
+ keyBytes, err := ioutil.ReadFile(keyf)
+ if err != nil {
+ return nil, err
+ }
+ info.ClientPEMCert = string(certBytes)
+ info.ClientPEMKey = string(keyBytes)
+ serverCertPath := config.ServerCertPath(remote)
+ if shared.PathExists(serverCertPath) {
+ cert, err := shared.ReadCert(serverCertPath)
if err != nil {
return nil, err
}
- c.Certificate = st.Environment.Certificate
+
+ info.ServerPEMCert =
string(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}))
+ }
+ }
+ c, err := NewClientFromInfo(info)
+ if err != nil {
+ return nil, err
+ }
+ c.Config = *config
+ return c, nil
+}
+
+// ConnectInfo contains the information we need to connect to a specific LXD
server
+type ConnectInfo struct {
+ //
[lxc-devel] [lxd/master] tests: get rid of commented out code
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1642
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Rather than go through another reivew cycle, here's my only comment for
PR #1641.
Signed-off-by: Tycho Andersen
From b4aa90acd2de296a5941b0eb4b475ef6c32a7629 Mon Sep 17 00:00:00 2001
From: Tycho Andersen
Date: Wed, 24 Feb 2016 07:45:36 -0700
Subject: [PATCH] tests: get rid of commented out code
Rather than go through another reivew cycle, here's my only comment for
PR #1641.
Signed-off-by: Tycho Andersen
---
shared/util_test.go | 1 -
1 file changed, 1 deletion(-)
diff --git a/shared/util_test.go b/shared/util_test.go
index ef0209a..33e12b7 100644
--- a/shared/util_test.go
+++ b/shared/util_test.go
@@ -91,7 +91,6 @@ func TestReadLastNLines(t *testing.T) {
t.Error(err)
return
}
- // fmt.Println(lines)
split = strings.Split(lines, "\n")
for i := 0; i < 100; i++ {
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] b6acc6: doc: Update Japanese lxc-attach(1)
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: b6acc629c0094fed0e451694e7a07a926847972b https://github.com/lxc/lxc/commit/b6acc629c0094fed0e451694e7a07a926847972b Author: KATOH Yasufumi Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M doc/ja/lxc-attach.sgml.in Log Message: --- doc: Update Japanese lxc-attach(1) Update for commit e986ea3 Signed-off-by: KATOH Yasufumi Commit: 23a3ea07e85565e2280a86fbbfe2dc6bc955c6ac https://github.com/lxc/lxc/commit/23a3ea07e85565e2280a86fbbfe2dc6bc955c6ac Author: KATOH Yasufumi Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M doc/ja/lxc-clone.sgml.in M doc/ja/lxc-start-ephemeral.sgml.in Log Message: --- doc: Update Japanese lxc-clone(1) and lxc-start-ephemeral(1) Update for commit 02e5d92 Signed-off-by: KATOH Yasufumi Commit: 55290b833352eed66ff48dc3925955e14436ea05 https://github.com/lxc/lxc/commit/55290b833352eed66ff48dc3925955e14436ea05 Author: Christian Brauner Date: 2016-02-24 (Wed, 24 Feb 2016) Changed paths: M doc/ja/lxc-attach.sgml.in M doc/ja/lxc-clone.sgml.in M doc/ja/lxc-start-ephemeral.sgml.in Log Message: --- Merge pull request #843 from tenforward/japanese_man Update Japanese man Compare: https://github.com/lxc/lxc/compare/e60242adf9c7...55290b833352___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] Update Japanese man
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/843 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Update * lxc-attach(1) * lxc-clone(1) * lxc-start-ephemeral(1) From b6acc629c0094fed0e451694e7a07a926847972b Mon Sep 17 00:00:00 2001 From: KATOH Yasufumi Date: Wed, 24 Feb 2016 18:04:05 +0900 Subject: [PATCH 1/2] doc: Update Japanese lxc-attach(1) Update for commit e986ea3 Signed-off-by: KATOH Yasufumi --- doc/ja/lxc-attach.sgml.in | 39 +++ 1 file changed, 39 insertions(+) diff --git a/doc/ja/lxc-attach.sgml.in b/doc/ja/lxc-attach.sgml.in index 6ebc03c..7c668ee 100644 --- a/doc/ja/lxc-attach.sgml.in +++ b/doc/ja/lxc-attach.sgml.in @@ -91,6 +91,30 @@ by KATOH Yasufumi もし command が指定されていない場合、lxc-attach コマンドを実行したユーザのデフォルトシェルをコンテナ内で調べて実行します。 もしコンテナ内にユーザが存在しない場合や、コンテナで nsswitch 機構が働いていない場合はこの動作は失敗します。 + + + 前のバージョンの lxc-attach は、単に指定したコンテナの名前空間にアタッチし、擬似端末 (pseudo terminal) なしで、シェルもしくは指定したコマンドを実行しました。 + これは、異なる特権レベルを持つユーザ空間の実行コンテキストを切り替えた後に、TIOCSTI ioctl の呼び出し経由で擬似入力を行うことに対して脆弱となります。 + 新しいバージョンの lxc-attach は、擬似端末のマスター/スレーブのペアを割り当てようとします。そしてシェルやコマンドを実行する前に、擬似端末のスレーブ側に対して、ターミナルを参照する標準ファイルディスクリプタをアタッチします。 + lxc-attach は、最初にコンテナ内の擬似端末を割り当てようとします。これが失敗した場合、最終的に処理を諦める前に、ホスト上の擬似端末を割り当てようとします。 + ターミナルを参照する標準ファイルディスクリプタがない場合は、lxc-attach は擬似端末の割り当てを行わないことに注意してください。代わりに、単にコンテナの名前空間にアタッチし、シェルや指定したコマンドを実行します。 + @@ -418,6 +442,21 @@ by KATOH Yasufumi これにより、アタッチするプロセスのネットワーク/pid 名前空間のコンテキストを反映させることができます。ホストの実際のファイルシステムに影響を与えないために、実行前にはマウント名前空間は unshare されます (lxc-unshare のように)。 これは、/proc と /sys ファイルシステム以外はホストのマウント名前空間と同じである、新しいマウント名前空間がプロセスに与えられるということです。 + + + 以前のバージョンの lxc-attach は、いくつかの重要なサブシステムに対して、書き込み可能な cgroup 内に配置することなしに、ユーザがコンテナの名前空間にアタッチできたバグがありました。 + 新しいバージョンの lxc-attach は、このような重要なサブシステムに対して、ユーザが書き込み可能な cgroup 内にいるかどうかをチェックします。 + したがって、ユーザによっては lxc-attach は不意に失敗するかもしれません (例えば、非特権ユーザが、ログイン時に重要であるサブシステムの書き込み可能な cgroup に配置されていないようなシステムで)。しかし、この振る舞いは正しく、よりセキュアです。 + From 23a3ea07e85565e2280a86fbbfe2dc6bc955c6ac Mon Sep 17 00:00:00 2001 From: KATOH Yasufumi Date: Wed, 24 Feb 2016 18:04:40 +0900 Subject: [PATCH 2/2] doc: Update Japanese lxc-clone(1) and lxc-start-ephemeral(1) Update for commit 02e5d92 Signed-off-by: KATOH Yasufumi --- doc/ja/lxc-clone.sgml.in | 10 ++ doc/ja/lxc-start-ephemeral.sgml.in | 11 +++ 2 files changed, 21 insertions(+) diff --git a/doc/ja/lxc-clone.sgml.in b/doc/ja/lxc-clone.sgml.in index 23e5dc7..ef6bdf7 100644 --- a/doc/ja/lxc-clone.sgml.in +++ b/doc/ja/lxc-clone.sgml.in @@ -348,6 +348,16 @@ by KATOH Yasufumi + +注意 + + + lxc-copy が lxc-clone の後継コマンドとなります。 + + + &seealso; diff --git a/doc/ja/lxc-start-ephemeral.sgml.in b/doc/ja/lxc-start-ephemeral.sgml.in index 0fb6738..b54a06f 100644 --- a/doc/ja/lxc-start-ephemeral.sgml.in +++ b/doc/ja/lxc-start-ephemeral.sgml.in @@ -279,6 +279,17 @@ by KATOH Yasufumi + +注意 + + + lxc-copy が lxc-start-ephemeral コマンドの後継コマンドとなります。 + + + &seealso; ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
