[lxc-devel] [lxd/master] Support GVRP on macvlan Networks
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8325 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes #8318 Signed-off-by: Tim Rots From 274d307a71bddc084f0d6f4a86bb99d8d6f1f41a Mon Sep 17 00:00:00 2001 From: Tim Rots Date: Wed, 13 Jan 2021 00:07:32 +0100 Subject: [PATCH] Support GVRP on macvlan Networks Fixes #8318 Signed-off-by: Tim Rots --- lxd/device/device_utils_network.go | 8 ++-- lxd/device/nic_macvlan.go | 7 --- lxd/network/driver_physical.go | 2 +- lxd/network/network_utils.go | 10 -- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/lxd/device/device_utils_network.go b/lxd/device/device_utils_network.go index 80aa53262f..6e89fa673d 100644 --- a/lxd/device/device_utils_network.go +++ b/lxd/device/device_utils_network.go @@ -101,9 +101,13 @@ func networkRemoveInterfaceIfNeeded(state *state.State, nic string, current inst } // networkCreateVlanDeviceIfNeeded creates a VLAN device if doesn't already exist. -func networkCreateVlanDeviceIfNeeded(state *state.State, parent string, vlanDevice string, vlanID string) (string, error) { +func networkCreateVlanDeviceIfNeeded(state *state.State, parent string, vlanDevice string, vlanID string, gvrp string) (string, error) { if vlanID != "" { - created, err := network.VLANInterfaceCreate(parent, vlanDevice, vlanID) + + if gvrp != "" { + gvrp = "gvrp on" + } + created, err := network.VLANInterfaceCreate(parent, vlanDevice, vlanID, gvrp) if err != nil { return "", err } diff --git a/lxd/device/nic_macvlan.go b/lxd/device/nic_macvlan.go index c389eb2d51..4f33874034 100644 --- a/lxd/device/nic_macvlan.go +++ b/lxd/device/nic_macvlan.go @@ -36,13 +36,14 @@ func (d *nicMACVLAN) validateConfig(instConf instance.ConfigReader) error { "maas.subnet.ipv4", "maas.subnet.ipv6", "boot.priority", + "gvrp", } // Check that if network proeperty is set that conflicting keys are not present. if d.config["network"] != "" { requiredFields = append(requiredFields, "network") - bannedKeys := []string{"nictype", "parent", "mtu", "vlan", "maas.subnet.ipv4", "maas.subnet.ipv6"} + bannedKeys := []string{"nictype", "parent", "mtu", "vlan", "maas.subnet.ipv4", "maas.subnet.ipv6", "gvrp"} for _, bannedKey := range bannedKeys { if d.config[bannedKey] != "" { return fmt.Errorf("Cannot use %q property in conjunction with %q property", bannedKey, "network") @@ -70,7 +71,7 @@ func (d *nicMACVLAN) validateConfig(instConf instance.ConfigReader) error { d.config["parent"] = netConfig["parent"] // Copy certain keys verbatim from the network's settings. - inheritKeys := []string{"mtu", "vlan", "maas.subnet.ipv4", "maas.subnet.ipv6"} + inheritKeys := []string{"mtu", "vlan", "maas.subnet.ipv4", "maas.subnet.ipv6", "gvrp"} for _, inheritKey := range inheritKeys { if _, found := netConfig[inheritKey]; found { d.config[inheritKey] = netConfig[inheritKey] @@ -125,7 +126,7 @@ func (d *nicMACVLAN) Start() (*deviceConfig.RunConfig, error) { saveData["host_name"] = network.RandomDevName("mac") // Create VLAN parent device if needed. - statusDev, err := networkCreateVlanDeviceIfNeeded(d.state, d.config["parent"], actualParentName, d.config["vlan"]) + statusDev, err := networkCreateVlanDeviceIfNeeded(d.state, d.config["parent"], actualParentName, d.config["vlan"], d.config["gvrp"]) if err != nil { return nil, err } diff --git a/lxd/network/driver_physical.go b/lxd/network/driver_physical.go index 57c654b507..f24695a112 100644 --- a/lxd/network/driver_physical.go +++ b/lxd/network/driver_physical.go @@ -152,7 +152,7 @@ func (n *physical) Start() error { defer revert.Fail() hostName := GetHostDevice(n.config["parent"], n.config["vlan"]) - created, err := VLANInterfaceCreate(n.config["parent"], hos
[lxc-devel] [lxd/master] test/suites/static/analysis: Fixes ineffassign usage due to upstream changes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8299 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Caused by https://github.com/gordonklaus/ineffassign/commit/664217a59c00a74b4491898ca757d3f711fff321 Signed-off-by: Thomas Parrott From ca4b23fa20e7a2219ccd191bb9419bf73584b5a3 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 4 Jan 2021 16:54:44 + Subject: [PATCH] test/suites/static/analysis: Fixes ineffassign usage due to upstream changes Caused by https://github.com/gordonklaus/ineffassign/commit/664217a59c00a74b4491898ca757d3f711fff321 Signed-off-by: Thomas Parrott --- test/suites/static_analysis.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/suites/static_analysis.sh b/test/suites/static_analysis.sh index 3fd192bd1c..699a2e6d13 100644 --- a/test/suites/static_analysis.sh +++ b/test/suites/static_analysis.sh @@ -161,7 +161,7 @@ test_static_analysis() { ## ineffassign if which ineffassign >/dev/null 2>&1; then - ineffassign ./ + ineffassign ./... fi # Skip the tests which require git ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] QMP: Fix race in Disconnect
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8298 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Can end up calling close() on the chDisconnect channel multiple times if called concurrently. Fixes #8294 Signed-off-by: Thomas Parrott From 32fbbdcc9ddd9738b1eff6935e496d2d31ff6da1 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 4 Jan 2021 14:53:24 + Subject: [PATCH] lxd/instance/drivers/qmp: Fix race in Disconnect Can end up calling close() on the chDisconnect channel multiple times if called concurrently. Fixes #8294 Signed-off-by: Thomas Parrott --- lxd/instance/drivers/qmp/monitor.go | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lxd/instance/drivers/qmp/monitor.go b/lxd/instance/drivers/qmp/monitor.go index 00d2453ad0..72950e093c 100644 --- a/lxd/instance/drivers/qmp/monitor.go +++ b/lxd/instance/drivers/qmp/monitor.go @@ -171,16 +171,17 @@ func (m *Monitor) Wait() (chan struct{}, error) { // Disconnect forces a disconnection from QEMU. func (m *Monitor) Disconnect() { + // Remove from the map. + monitorsLock.Lock() + defer monitorsLock.Unlock() + // Stop all go routines and disconnect from socket. if !m.disconnected { close(m.chDisconnect) + m.disconnected = true + m.qmp.Disconnect() } - m.disconnected = true - m.qmp.Disconnect() - // Remove from the map. - monitorsLock.Lock() - defer monitorsLock.Unlock() delete(monitors, m.path) } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] simplestreams: Drop duplicated slash
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8296 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Could be better in the near future to use url.Parse but i will review the code with the integration of the RFC changes. From e44862532a416041ac6818f197e75f1205319580 Mon Sep 17 00:00:00 2001 From: Daniele Rondina Date: Mon, 4 Jan 2021 13:10:14 +0100 Subject: [PATCH] simplestreams: Drop duplicated slash Signed-off-by: Daniele Rondina --- shared/simplestreams/simplestreams.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/simplestreams/simplestreams.go b/shared/simplestreams/simplestreams.go index 4d623f6eb2..a459eaac00 100644 --- a/shared/simplestreams/simplestreams.go +++ b/shared/simplestreams/simplestreams.go @@ -98,7 +98,7 @@ func (s *SimpleStreams) cachedDownload(path string) ([]byte, error) { } // Download from the source - uri := fmt.Sprintf("%s/%s", s.url, path) + uri := fmt.Sprintf("%s/%s", strings.TrimRight(s.url, "/"), strings.TrimLeft(path, "/")) req, err := http.NewRequest("GET", uri, nil) if err != nil { return nil, err ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] capability fixes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3614 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From 24b77f47ad4cc791f6be0221b53cc791951a0ee5 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 4 Jan 2021 10:45:44 +0100 Subject: [PATCH 1/6] macro: use ascending order for capabilities Signed-off-by: Christian Brauner --- src/lxc/macro.h | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lxc/macro.h b/src/lxc/macro.h index 3dff019416..7a8e15f384 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -37,6 +37,14 @@ #endif /* capabilities */ +#ifndef CAP_SETGID +#define CAP_SETGID 6 +#endif + +#ifndef CAP_SETUID +#define CAP_SETUID 7 +#endif + #ifndef CAP_SYS_ADMIN #define CAP_SYS_ADMIN 21 #endif @@ -53,14 +61,6 @@ #define CAP_MAC_ADMIN 33 #endif -#ifndef CAP_SETUID -#define CAP_SETUID 7 -#endif - -#ifndef CAP_SETGID -#define CAP_SETGID 6 -#endif - /* prctl */ #ifndef PR_CAPBSET_READ #define PR_CAPBSET_READ 23 From f2da98c04597cc55c84da67fca6ae54ee68e119d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 4 Jan 2021 10:50:07 +0100 Subject: [PATCH 2/6] conf: define missing capabilities Signed-off-by: Christian Brauner --- src/lxc/conf.c | 12 src/lxc/macro.h | 24 2 files changed, 24 insertions(+), 12 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index d5c069553a..bc0d01463c 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -210,28 +210,16 @@ static struct caps_opt caps_opt[] = { { "sys_tty_config", CAP_SYS_TTY_CONFIG }, { "mknod",CAP_MKNOD}, { "lease",CAP_LEASE}, -#ifdef CAP_AUDIT_READ { "audit_read", CAP_AUDIT_READ }, -#endif -#ifdef CAP_AUDIT_WRITE { "audit_write", CAP_AUDIT_WRITE }, -#endif -#ifdef CAP_AUDIT_CONTROL { "audit_control",CAP_AUDIT_CONTROL}, -#endif { "setfcap", CAP_SETFCAP }, { "mac_override", CAP_MAC_OVERRIDE }, { "mac_admin",CAP_MAC_ADMIN}, -#ifdef CAP_SYSLOG { "syslog", CAP_SYSLOG }, -#endif -#ifdef CAP_WAKE_ALARM { "wake_alarm", CAP_WAKE_ALARM }, -#endif -#ifdef CAP_BLOCK_SUSPEND { "block_suspend",CAP_BLOCK_SUSPEND}, #endif -#endif }; static struct limit_opt limit_opt[] = { diff --git a/src/lxc/macro.h b/src/lxc/macro.h index 7a8e15f384..4882b1781e 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -49,6 +49,14 @@ #define CAP_SYS_ADMIN 21 #endif +#ifndef CAP_AUDIT_WRITE +#define CAP_AUDIT_WRITE 29 +#endif + +#ifndef CAP_AUDIT_CONTROL +#define CAP_AUDIT_CONTROL 30 +#endif + #ifndef CAP_SETFCAP #define CAP_SETFCAP 31 #endif @@ -61,6 +69,22 @@ #define CAP_MAC_ADMIN 33 #endif +#ifndef CAP_SYSLOG +#define CAP_SYSLOG 34 +#endif + +#ifndef CAP_WAKE_ALARM +#define CAP_WAKE_ALARM 35 +#endif + +#ifndef CAP_BLOCK_SUSPEND +#define CAP_BLOCK_SUSPEND 36 +#endif + +#ifndef CAP_AUDIT_READ +#define CAP_AUDIT_READ 37 +#endif + /* prctl */ #ifndef PR_CAPBSET_READ #define PR_CAPBSET_READ 23 From 7b4cd4681da399acc1775773d7967a3c94635346 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 4 Jan 2021 10:53:19 +0100 Subject: [PATCH 3/6] conf: add new capabilities CAP_{BLOCK_SUSPEND,PERFMON,BPF,CAP_CHECKPOINT_RESTORE} Signed-off-by: Christian Brauner --- src/lxc/conf.c | 79 + src/lxc/macro.h | 12 2 files changed, 53 insertions(+), 38 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index bc0d01463c..30870aa5b3 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -181,44 +181,47 @@ static struct mount_opt propagation_opt[] = { static struct caps_opt caps_opt[] = { #if HAVE_LIBCAP - { "chown",CAP_CHOWN}, - { "dac_override", CAP_DAC_OVERRIDE }, - { "dac_read_search", CAP_DAC_READ_SEARCH }, - { "fowner", CAP_FOWNER }, - { "fsetid", CAP_FSETID }, - { "kill", CAP_KILL }, - { "setgid", CAP_SETGID }, - { "setuid", CAP_SETUID }, - { "setpcap", CAP_SETPCAP }, - { "linux_immutable", CAP_LINUX_IMMUTABLE }, - { "net_bind_service", CAP_NET_BIND_SERVICE }, - { "net_broadcast",CAP_NET_BROADCAST}, - { "net_
[lxc-devel] [linuxcontainers.org/master] Add Japanese release announcement of LXD 4.9
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/linuxcontainers.org/pull/467 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From b670269e26fe758572f651bae7b0c6421a0c4401 Mon Sep 17 00:00:00 2001 From: KATOH Yasufumi Date: Mon, 21 Dec 2020 23:12:13 +0900 Subject: [PATCH 1/3] Add Japanese release announcement of LXD 4.9 Signed-off-by: KATOH Yasufumi --- content/lxd/news.ja/lxd-4.9.yaml | 780 +++ 1 file changed, 780 insertions(+) create mode 100644 content/lxd/news.ja/lxd-4.9.yaml diff --git a/content/lxd/news.ja/lxd-4.9.yaml b/content/lxd/news.ja/lxd-4.9.yaml new file mode 100644 index 000..8a6b454 --- /dev/null +++ b/content/lxd/news.ja/lxd-4.9.yaml @@ -0,0 +1,780 @@ +title: LXD 4.9 リリースのお知らせ +date: 2020/12/11 19:12 +origin: https://discuss.linuxcontainers.org/t/lxd-4-9-has-been-released/9673 +content: |- + ### はじめに + + LXD チームは LXD 4.9 のリリースをお知らせできることにとてもワクワクしています! + + + このリリースには、オースティンにあるテキサス大学の学生からの次のコントリビューションが含まれています: + + - プロジェクトに対する `limits.instances` 設定 + - サーバー情報に qemu ドライバーとバージョンを表示 + - リソース API 内に `IOMMU` グループを表示 + - サーバー設定内の `user.` 設定 + + + それに加えて、GPU の媒介(mediated)デバイスのパススルーが使えるようになり、ライフサイクルイベントにいくつか改良をほどこし、リソース API へいくつか追加を行い、zstd 圧縮が使えるようになり、OVN ユーザーのための様々な新しいオプションを追加しています。 + + Enjoy! + + ### 新機能とハイライト + 仮想マシンに対する GPU 媒介デバイス + + LXDで、媒介デバイス(mediated device)をサポートしているGPUから媒介デバイスを割り当てることができるようになり、それを仮想マシンにアタッチできるようになりました。 + + + これは、新たに導入された `gpu` のための設定 `gputype` によって行います。設定値は現時点では次の値をサポートしています: + + - `physical` (全 GPU。従来のデフォルトの動作) + - `mdev` プロファイルを指定するための追加の `mdev` キーと組み合わせて使います + + + `lxc info --resources` でも `mdev` プロファイルが表示されるようになりました。 + + GPU: +NUMA node: 0 +Vendor: Intel Corporation (8086) +Product: HD Graphics 620 (5916) +PCI address: :00:02.0 +Driver: i915 (5.8.0-29-generic) +DRM: + ID: 0 + Card: card0 (226:0) + Control: controlD64 (226:0) + Render: renderD128 (226:128) +Mdev profiles: + - i915-GVTg_V5_4 (1 available) + low_gm_size: 128MB + high_gm_size: 512MB + fence: 4 + resolution: 1920x1200 + weight: 4 + - i915-GVTg_V5_8 (2 available) + low_gm_size: 64MB + high_gm_size: 384MB + fence: 4 + resolution: 1024x768 + weight: 2 + + PCI デバイスの IOMMU グループ + + リソース API(`/1.0/resources`)の `PCI` セクションのデバイスそれぞれには、IOMMU グループの ID を示す `iommu_group` が表示されるようになりました。 + + + これは、パススルーネットワークや GPU デバイスを仮想マシンに追加する前に IOMMU トポロジーを確認するのにとても役立ちます。 + + stgraber@castiana:~$ lxc query /1.0/resources | jq .pci.devices[-1] + { +"driver": "xhci_hcd", +"driver_version": "5.8.0-29-generic", +"iommu_group": 16, +"numa_node": 0, +"pci_address": ":3c:00.0", +"product": "JHL6540 Thunderbolt 3 USB Controller (C step) [Alpine Ridge 4C 2016]", +"product_id": "15d4", +"vendor": "Intel Corporation", +"vendor_id": "8086" + } + + サーバ環境情報内の QEMU バージョン表示 + + 次の `lxc info` の実行例に表示されているように、システムの QEMU のバージョンが `driver` と `driver_version` に含まれるようになりました。 + + stgraber@castiana:~$ lxc info | grep " driver" +driver: lxc | qemu +driver_version: 4.0.0 (devel) | 5.2.0 + + ライフサイクルイベントの改良 + + ライフサイクルイベントを実装しなおして拡張しました。 + + + 現時点の完全なリストは次のとおりです: + + - instance-created + - instance-renamed + - instance-deleted + - instance-updated + - instance-started + - instance-stopped + - instance-shutdown + - instance-restarted + - instance-paused + - instance-resumed + - instance-snapshot-create + - instance-snapshot-renamed + - instance-snapshot-deleted + - instance-restored + - instance-backup-created (new) + - instance-backup-renamed (new) + - instance-backup-deleted (new) + - network-created (new) + - network-updated (new) + - network-renamed (new) + - network-deleted (new) + + + お気づきのように、従来の `container` と `virtual-machine` のプレフィックスが混じった状態ではなく、一貫して `instance` が使われるようになりました。バックアップのためにイベントが不足していた問題がいくつか解消され、ネットワークイベントの初期カバレッジも追加されました。 + + `user.` キーがすべてのオブジェクトで使用可能に + + このリリースで、設定を保持するすべての LXD オブジェクト内で `user.` キーが使えるようになりました。これらのキーは、追加のコンテキストを保存する必要がある外部のオーケストレーションシステムやモニタリングシステムで特に役に立ちます。 + + + 最近、これらのキーはサーバ自身を除くすべてのオブジェクトで使えましたが、これが解決されました。 + + stgraber@castiana:~$ lxc config set user.foo bar + stgraber@castiana:~$ lxc config get user.foo + bar + + USB・ネットワークリソースの `usb_address` と `pci_address` プロパティ + + `usb_address` フィール
[lxc-devel] [lxd/master] Network: Make OVN updates more nuanced and less destructive
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8276 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Don't tear down all OVN config and rebuild, instead try and apply only changes, so as to reduce impact on instance port config. From cba9502715754f6ae05cfa8bb4a4dae4e62c8465 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 11:45:16 + Subject: [PATCH 01/16] lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterAdd Signed-off-by: Thomas Parrott --- lxd/network/openvswitch/ovn.go | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lxd/network/openvswitch/ovn.go b/lxd/network/openvswitch/ovn.go index d7ad3079ee..86625846c2 100644 --- a/lxd/network/openvswitch/ovn.go +++ b/lxd/network/openvswitch/ovn.go @@ -125,8 +125,14 @@ func (o *OVN) nbctl(args ...string) (string, error) { } // LogicalRouterAdd adds a named logical router. -func (o *OVN) LogicalRouterAdd(routerName OVNRouter) error { - _, err := o.nbctl("lr-add", string(routerName)) +func (o *OVN) LogicalRouterAdd(routerName OVNRouter, mayExist bool) error { + args := []string{} + + if mayExist { + args = append(args, "--may-exist") + } + + _, err := o.nbctl(append(args, "lr-add", string(routerName))...) if err != nil { return err } From a67d1ed533580a1e7829ca9afd7a99363eba4ce4 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 11:46:13 + Subject: [PATCH 02/16] lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterSNATAdd Signed-off-by: Thomas Parrott --- lxd/network/openvswitch/ovn.go | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lxd/network/openvswitch/ovn.go b/lxd/network/openvswitch/ovn.go index 86625846c2..f529d39394 100644 --- a/lxd/network/openvswitch/ovn.go +++ b/lxd/network/openvswitch/ovn.go @@ -151,8 +151,14 @@ func (o OVN) LogicalRouterDelete(routerName OVNRouter) error { } // LogicalRouterSNATAdd adds an SNAT rule to a logical router to translate packets from intNet to extIP. -func (o *OVN) LogicalRouterSNATAdd(routerName OVNRouter, intNet *net.IPNet, extIP net.IP) error { - _, err := o.nbctl("lr-nat-add", string(routerName), "snat", extIP.String(), intNet.String()) +func (o *OVN) LogicalRouterSNATAdd(routerName OVNRouter, intNet *net.IPNet, extIP net.IP, mayExist bool) error { + args := []string{} + + if mayExist { + args = append(args, "--may-exist") + } + + _, err := o.nbctl(append(args, "lr-nat-add", string(routerName), "snat", extIP.String(), intNet.String())...) if err != nil { return err } From 94fdc43a5e424d0a9ec4d35e70f12af2a1a5dd65 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 11:46:41 + Subject: [PATCH 03/16] lxd/network/openvswitch/ovn: Simplifies LogicalRouterRouteAdd Signed-off-by: Thomas Parrott --- lxd/network/openvswitch/ovn.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lxd/network/openvswitch/ovn.go b/lxd/network/openvswitch/ovn.go index f529d39394..fa6a409b6c 100644 --- a/lxd/network/openvswitch/ovn.go +++ b/lxd/network/openvswitch/ovn.go @@ -204,8 +204,7 @@ func (o *OVN) LogicalRouterRouteAdd(routerName OVNRouter, destination *net.IPNet args = append(args, "--may-exist") } - args = append(args, "lr-route-add", string(routerName), destination.String(), nextHop.String()) - _, err := o.nbctl(args...) + _, err := o.nbctl(append(args, "lr-route-add", string(routerName), destination.String(), nextHop.String())...) if err != nil { return err } From e47204f3c35bc466639591ff1b13d6302e4d6a21 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 11:46:57 + Subject: [PATCH 04/16] lxd/network/openvswitch/ovn: Adds mayExist argument to LogicalRouterPortAdd Signed-off-by: Thomas Parrott --- lxd/network/openvswitch/ovn.go | 24 +++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/lxd/network/openvswitch/ovn.go b/lxd/network/openvswitch/ovn.go index fa6a409b6c..f4bd7f186f 100644 --- a/lxd/network/openvswitch/ovn.go +++ b/lxd/network/openvswitch/ovn.go @@ -230,7 +230,29 @@ func (o *OVN) LogicalRouterRouteDelete(routerName OVNRouter, destination *net.IP } // LogicalRouterPortAdd adds a named logical router port to a logical router. -func (o *OVN) LogicalRouterPortAdd(routerName OVNRouter, portName OVNRouterPort, mac net.HardwareAddr, ipAddr ...*net.IPNet) error { +func (o *OVN) LogicalRouterPortAdd(routerName OVNRouter,
[lxc-devel] [lxd/master] Instance: Fix copying snapshot to new instance in different project
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8275 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes https://github.com/lxc/lxd/issues/8273 Adds test for this scenario. From 954eadfa158f37860127f06422658a6d73ced0a0 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 14:02:06 + Subject: [PATCH 1/5] lxd/instances/post: Use source.Project when loading instance to get instance type in containersPost Fixes #8273 Signed-off-by: Thomas Parrott --- lxd/instances_post.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/instances_post.go b/lxd/instances_post.go index 92047db448..e10f4d79e1 100644 --- a/lxd/instances_post.go +++ b/lxd/instances_post.go @@ -838,7 +838,7 @@ func containersPost(d *Daemon, r *http.Request) response.Response { return fmt.Errorf("Must specify a source instance") } - source, err := instance.LoadInstanceDatabaseObject(tx, project, req.Source.Source) + source, err := instance.LoadInstanceDatabaseObject(tx, req.Source.Project, req.Source.Source) if err != nil { return errors.Wrap(err, "Load source instance from database") } From 48df8c87eef5e4e106d1f8f740464773541d9233 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 14:06:24 + Subject: [PATCH 2/5] lxd/instances/post: Rename project to targetProject to differentiate between source.Project in containersPost Signed-off-by: Thomas Parrott --- lxd/instances_post.go | 22 +++--- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/lxd/instances_post.go b/lxd/instances_post.go index e10f4d79e1..edc32e78ba 100644 --- a/lxd/instances_post.go +++ b/lxd/instances_post.go @@ -722,12 +722,12 @@ func createFromBackup(d *Daemon, projectName string, data io.Reader, pool string } func containersPost(d *Daemon, r *http.Request) response.Response { - project := projectParam(r) + targetProject := projectParam(r) logger.Debugf("Responding to instance create") // If we're getting binary content, process separately if r.Header.Get("Content-Type") == "application/octet-stream" { - return createFromBackup(d, project, r.Body, r.Header.Get("X-LXD-pool"), r.Header.Get("X-LXD-name")) + return createFromBackup(d, targetProject, r.Body, r.Header.Get("X-LXD-pool"), r.Header.Get("X-LXD-name")) } // Parse the request @@ -754,7 +754,7 @@ func containersPost(d *Daemon, r *http.Request) response.Response { // the selected node is the local one, this is effectively a // no-op, since GetNodeWithLeastInstances() will return an empty // string. - architectures, err := instance.SuitableArchitectures(d.State(), project, req) + architectures, err := instance.SuitableArchitectures(d.State(), targetProject, req) if err != nil { return response.BadRequest(err) } @@ -780,7 +780,7 @@ func containersPost(d *Daemon, r *http.Request) response.Response { return response.SmartError(err) } - client = client.UseProject(project) + client = client.UseProject(targetProject) client = client.UseTarget(targetNode) logger.Debugf("Forward instance post request to %s", address) @@ -790,7 +790,7 @@ func containersPost(d *Daemon, r *http.Request) response.Response { } opAPI := op.Get() - return operations.ForwardedOperationResponse(project, ) + return operations.ForwardedOperationResponse(targetProject, ) } } @@ -849,13 +849,13 @@ func containersPost(d *Daemon, r *http.Request) response.Response { } } - err := projecthelpers.AllowInstanceCreation(tx, project, req) + err := projecthelpers.AllowInstanceCreation(tx, targetProject, req) if err != nil { return err } if req.Name == "" { - names, err := tx.GetInstanceNames(project) + names, err := tx.GetInstanceNames(targetProject) if err != nil { return err
[lxc-devel] [lxd/master] Storage: Fix snapshot remove subsequent
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8274 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === When setting `volume.zfs.remove_snapshots=true` on a ZFS storage pool, this fixes several issues: - The wrong snapshot was being checked for deletion suitability (resulting in not deleting any snapshots). - Once that was fixed, there was also an issue with only the storage volume and storage volume DB record of the snapshot being deleted, not the instance snapshot record as well. Leaving orphaned snapshots in `lxc info ` output and preventing deletion of instance (because snapshot volume DB record had been removed). - Because of the scope of the `err` being returned, it was likely that as a new `err` was created inside the subsequent snapshot deletion block, that the original error would be returned even on successful restore. Added `return nil` after successful restore. - Modified `DeleteInstanceSnapshot` to not fail if the storage volume DB record has already been removed (as that is the desired result anyway). Fixes https://discuss.linuxcontainers.org/t/snapshot-c1-20201218-03-cannot-be-restored-due-to-subsequent-snapshot-s-set-zfs-remove-snapshots-to-override/9742 From 35398d973bb5e87d12a40fe46449a7da849c7f7d Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 12:13:10 + Subject: [PATCH 1/3] lxd/storage/drivers/driver/zfs/volumes: Error quoting in RestoreVolume Signed-off-by: Thomas Parrott --- lxd/storage/drivers/driver_zfs_volumes.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxd/storage/drivers/driver_zfs_volumes.go b/lxd/storage/drivers/driver_zfs_volumes.go index 29e38998d8..cec417f814 100644 --- a/lxd/storage/drivers/driver_zfs_volumes.go +++ b/lxd/storage/drivers/driver_zfs_volumes.go @@ -1788,14 +1788,14 @@ func (d *zfs) RestoreVolume(vol Volume, snapshotName string, op *operations.Oper if strings.HasPrefix(entry, "@") { // Located an internal snapshot. - return fmt.Errorf("Snapshot '%s' cannot be restored due to subsequent internal snapshot(s) (from a copy)", snapshotName) + return fmt.Errorf("Snapshot %q cannot be restored due to subsequent internal snapshot(s) (from a copy)", snapshotName) } } // Check if snapshot removal is allowed. if len(snapshots) > 0 { if !shared.IsTrue(vol.ExpandedConfig("zfs.remove_snapshots")) { - return fmt.Errorf("Snapshot '%s' cannot be restored due to subsequent snapshot(s). Set zfs.remove_snapshots to override", snapshotName) + return fmt.Errorf("Snapshot %q cannot be restored due to subsequent snapshot(s). Set zfs.remove_snapshots to override", snapshotName) } // Setup custom error to tell the backend what to delete. From 4efdfbc4fc20fdca860f99e9ac55d0948c3bd8ca Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 12:13:35 + Subject: [PATCH 2/3] lxd/storage/backend/lxd: Don't fail in DeleteInstanceSnapshot if volume DB record already deleted Signed-off-by: Thomas Parrott --- lxd/storage/backend_lxd.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go index 2ca935dc0c..8d3358b2ca 100644 --- a/lxd/storage/backend_lxd.go +++ b/lxd/storage/backend_lxd.go @@ -1996,9 +1996,9 @@ func (b *lxdBackend) DeleteInstanceSnapshot(inst instance.Instance, op *operatio return err } - // Remove the snapshot volume record from the database. + // Remove the snapshot volume record from the database if exists. err = b.state.Cluster.RemoveStoragePoolVolume(inst.Project(), drivers.GetSnapshotVolumeName(parentName, snapName), volDBType, b.ID()) - if err != nil { + if err != nil && err != db.ErrNoSuchObject { return err } From 841fcd1491216e470944a6c087a2e6fb61988e30 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 18 Dec 2020 12:14:16 + Subject: [PATCH 3/3] lxd/storage/backend/lxd: Fix deleting subsequent snapshots for ZFS in RestoreInstanceSnapshot Signed-off-by: Thomas Parrott --- lxd/storage/backend_lxd.go | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go index 8d3358b2ca..09ff3c95c5 100644 --- a/lxd/storage/backend_lxd.go +++ b/lxd/storage/backend_lxd.go @@ -2064,23 +2064,25 @@ func (b *lxdBackend) RestoreInstanceSnapshot(inst instance.Instance, src instanc // Go through all the snapshots. f
[lxc-devel] [lxc-ci/master] bin/test-lxd-ovn: Fix tests in environments with multiple bridges
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/225 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Parrott From 1ae71ffa80b1dc5fd59e598ee9b67f50db69b620 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 23:32:28 + Subject: [PATCH] bin/test-lxd-ovn: Fix tests in environments with multiple bridges Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index 1788d7f..e254c4c 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -397,7 +397,7 @@ lxc network create dummy --type=physical \ ipv6.gateway=2001:db8:1:1::1/64 \ ipv4.ovn.ranges=192.0.2.10-192.0.2.19 lxc network create ovn-virtual-network --type=ovn network=dummy -bridge link show dev dummybr0 | wc -l | grep 1 # Check we have one port connected to the uplink bridge. +bridge link show | grep dummybr0 | wc -l | grep 1 # Check we have one port connected to the uplink bridge. ovs-vsctl list-br | grep ovn | wc -l | grep 1 # Check we have one OVS bridge. ovnIPv4="$(lxc network get ovn-virtual-network volatile.network.ipv4.address)" ovnIPv6="$(lxc network get ovn-virtual-network volatile.network.ipv6.address)" @@ -405,7 +405,7 @@ ping -c1 -4 "${ovnIPv4}" # Check IPv4 connectivity over dummy bridge to OVN rout ping -c1 -6 "${ovnIPv6}" # Check IPv6 connectivity over dummy bridge to OVN router. lxc network delete ovn-virtual-network lxc network delete dummy -bridge link show dev dummybr0 | wc -l | grep 0 # Check the port is removed from the uplink bridge. +bridge link show | grep dummybr0 | wc -l | grep 0 # Check the port is removed from the uplink bridge. ovs-vsctl list-br | grep ovn | wc -l | grep 0 # Check the OVS bridge is removed. ip link delete dummybr0 # Remove dummy uplink bridge. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] lxd/instance/qemu: Use a minimum of 2 network queues
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8272 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Otherwise qemu expects a single queue TAP device which isn't what we're preparing these days :) Signed-off-by: Stéphane Graber From 43799cb6446543aaf347324f07909d330866633f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Thu, 17 Dec 2020 16:59:48 -0500 Subject: [PATCH] lxd/instance/qemu: Use a minimum of 2 network queues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise qemu expects a single queue TAP device which isn't what we're preparing these days :) Signed-off-by: Stéphane Graber --- lxd/instance/drivers/driver_qemu.go | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 6acec3b51e..48afeace3f 100644 --- a/lxd/instance/drivers/driver_qemu.go +++ b/lxd/instance/drivers/driver_qemu.go @@ -2380,11 +2380,17 @@ func (d *qemu) addNetDevConfig(sb *strings.Builder, cpuCount int, bus *qemuBus, // Detect TAP (via TUN driver) device. tplFields["ifName"] = nicName + // Run with a minimum of two queues. + queueCount := cpuCount + if queueCount < 2 { + queueCount = 2 + } + // Number of queues is the same as number of vCPUs. - tplFields["queues"] = cpuCount + tplFields["queues"] = queueCount // Number of vectors is number of vCPUs * 2 (RX/TX) + 2 (config/control MSI-X). - tplFields["vectors"] = 2*cpuCount + 2 + tplFields["vectors"] = 2*queueCount + 2 tpl = qemuNetDevTapTun } else if pciSlotName != "" { ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] lxd/instance/qemu: Enable multiqueue on tap NICs
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8271 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Stéphane Graber From dac33675626fb7b04ff6d2af9b0809ee776cbea7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Thu, 17 Dec 2020 12:28:08 -0500 Subject: [PATCH] lxd/instance/qemu: Enable multiqueue on tap NICs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/device/device_utils_network.go| 2 +- lxd/instance/drivers/driver_qemu.go | 22 +++ lxd/instance/drivers/driver_qemu_templates.go | 7 ++ 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/lxd/device/device_utils_network.go b/lxd/device/device_utils_network.go index 74483dbce1..986222a124 100644 --- a/lxd/device/device_utils_network.go +++ b/lxd/device/device_utils_network.go @@ -260,7 +260,7 @@ func networkCreateVethPair(hostName string, m deviceConfig.Device) (string, erro // networkCreateTap creates and configures a TAP device. func networkCreateTap(hostName string, m deviceConfig.Device) error { - _, err := shared.RunCommand("ip", "tuntap", "add", "name", hostName, "mode", "tap") + _, err := shared.RunCommand("ip", "tuntap", "add", "name", hostName, "mode", "tap", "multi_queue") if err != nil { return errors.Wrapf(err, "Failed to create the tap interfaces %s", hostName) } diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 287073a2f1..4e0dd2eb2a 100644 --- a/lxd/instance/drivers/driver_qemu.go +++ b/lxd/instance/drivers/driver_qemu.go @@ -1805,7 +1805,7 @@ func (d *qemu) generateQemuConfigFile(mountInfo *storagePools.MountInfo, busName return "", err } - err = d.addCPUMemoryConfig(sb) + cpuCount, err := d.addCPUMemoryConfig(sb) if err != nil { return "", err } @@ -2008,7 +2008,7 @@ func (d *qemu) generateQemuConfigFile(mountInfo *storagePools.MountInfo, busName // Add network device. if len(runConf.NetworkInterface) > 0 { - err = d.addNetDevConfig(sb, bus, bootIndexes, runConf.NetworkInterface, fdFiles) + err = d.addNetDevConfig(sb, cpuCount, bus, bootIndexes, runConf.NetworkInterface, fdFiles) if err != nil { return "", err } @@ -2058,7 +2058,7 @@ func (d *qemu) generateQemuConfigFile(mountInfo *storagePools.MountInfo, busName } // addCPUMemoryConfig adds the qemu config required for setting the number of virtualised CPUs and memory. -func (d *qemu) addCPUMemoryConfig(sb *strings.Builder) error { +func (d *qemu) addCPUMemoryConfig(sb *strings.Builder) (int, error) { // Default to a single core. cpus := d.expandedConfig["limits.cpu"] if cpus == "" { @@ -2082,7 +2082,7 @@ func (d *qemu) addCPUMemoryConfig(sb *strings.Builder) error { // Expand to a set of CPU identifiers and get the pinning map. nrSockets, nrCores, nrThreads, vcpus, numaNodes, err := d.cpuTopology(cpus) if err != nil { - return err + return -1, err } // Figure out socket-id/core-id/thread-id for all vcpus. @@ -2139,14 +2139,14 @@ func (d *qemu) addCPUMemoryConfig(sb *strings.Builder) error { memSizeBytes, err := units.ParseByteSizeString(memSize) if err != nil { - return fmt.Errorf("limits.memory invalid: %v", err) + return -1, fmt.Errorf("limits.memory invalid: %v", err) } ctx["hugepages"] = "" if shared.IsTrue(d.expandedConfig["limits.memory.hugepages"]) { hugetlb, err := util.HugepagesPath() if err != nil { - return err + return -1, err } ctx["hugepages"] = hugetlb @@ -2163,11 +2163,11 @@ func (d *qemu) addCPUMemoryConfig(sb *strings.Builder) error { "memSizeBytes": memSizeBytes, }) if err != nil { - return err + return -1, err } // Configure the CPU limit. - return qemuCPU.Execute(sb, ctx) + return ctx["cpuCount"].(int), qemuCPU.Execute(sb, ctx) } // addFileDescriptor adds a fil
[lxc-devel] [lxd/master] Device: Improves readability of disk device validation
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8270 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Implements suggestion from https://github.com/lxc/lxd/pull/8161#discussion_r524643693 From 354df8872444809406ccfd14bff49401b07e52de Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 15:08:34 + Subject: [PATCH 1/6] lxd/db/cluster/update: Modifies updateFromV43 and updateFromV42 to use IFNULL(node_id, -1) to avoid nodes with 0 ID Signed-off-by: Thomas Parrott --- lxd/db/cluster/update.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxd/db/cluster/update.go b/lxd/db/cluster/update.go index 614f4845a9..9dbf256818 100644 --- a/lxd/db/cluster/update.go +++ b/lxd/db/cluster/update.go @@ -88,7 +88,7 @@ var updates = map[int]schema.Update{ // This can occur when multiple create requests have been issued when setting up a clustered storage pool. func updateFromV42(tx *sql.Tx) error { // Find all duplicated config rows and return comma delimited list of affected row IDs for each dupe set. - stmt, err := tx.Prepare(`SELECT storage_pool_id, COALESCE(node_id,0), key, value, COUNT(*) AS rowCount, GROUP_CONCAT(id, ",") AS dupeRowIDs + stmt, err := tx.Prepare(`SELECT storage_pool_id, IFNULL(node_id, -1), key, value, COUNT(*) AS rowCount, GROUP_CONCAT(id, ",") AS dupeRowIDs FROM storage_pools_config GROUP BY storage_pool_id, node_id, key, value HAVING rowCount > 1 @@ -157,7 +157,7 @@ func updateFromV42(tx *sql.Tx) error { // This can occur when multiple create requests have been issued when setting up a clustered network. func updateFromV41(tx *sql.Tx) error { // Find all duplicated config rows and return comma delimited list of affected row IDs for each dupe set. - stmt, err := tx.Prepare(`SELECT network_id, COALESCE(node_id,0), key, value, COUNT(*) AS rowCount, GROUP_CONCAT(id, ",") AS dupeRowIDs + stmt, err := tx.Prepare(`SELECT network_id, IFNULL(node_id, -1), key, value, COUNT(*) AS rowCount, GROUP_CONCAT(id, ",") AS dupeRowIDs FROM networks_config GROUP BY network_id, node_id, key, value HAVING rowCount > 1 From 245c92e80fa301ee429ec700aa800d97e357ff30 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 14:55:57 + Subject: [PATCH 2/6] lxd/db/cluster: Adds updateFromV43 patch that adds unique index to storage_pools_config and networks_config table Prevents duplicate config rows for the same node and key being inserted. Fixes #8260 Signed-off-by: Thomas Parrott --- lxd/db/cluster/schema.go | 4 +++- lxd/db/cluster/update.go | 13 + 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lxd/db/cluster/schema.go b/lxd/db/cluster/schema.go index 897ea06d22..c0165dd17c 100644 --- a/lxd/db/cluster/schema.go +++ b/lxd/db/cluster/schema.go @@ -304,6 +304,7 @@ CREATE TABLE "networks_nodes" ( FOREIGN KEY (network_id) REFERENCES "networks" (id) ON DELETE CASCADE, FOREIGN KEY (node_id) REFERENCES nodes (id) ON DELETE CASCADE ); +CREATE UNIQUE INDEX networks_unique_network_id_node_id_key ON networks_config (network_id, IFNULL(node_id, -1), key); CREATE TABLE nodes ( id INTEGER PRIMARY KEY, name TEXT NOT NULL, @@ -495,6 +496,7 @@ CREATE TABLE storage_pools_nodes ( FOREIGN KEY (storage_pool_id) REFERENCES storage_pools (id) ON DELETE CASCADE, FOREIGN KEY (node_id) REFERENCES nodes (id) ON DELETE CASCADE ); +CREATE UNIQUE INDEX storage_pools_unique_storage_pool_id_node_id_key ON storage_pools_config (storage_pool_id, IFNULL(node_id, -1), key); CREATE TABLE "storage_volumes" ( id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, name TEXT NOT NULL, @@ -591,5 +593,5 @@ CREATE TABLE storage_volumes_snapshots_config ( UNIQUE (storage_volume_snapshot_id, key) ); -INSERT INTO schema (version, updated_at) VALUES (43, strftime("%s")) +INSERT INTO schema (version, updated_at) VALUES (44, strftime("%s")) ` diff --git a/lxd/db/cluster/update.go b/lxd/db/cluster/update.go index 9dbf256818..a64fefc1a7 100644 --- a/lxd/db/cluster/update.go +++ b/lxd/db/cluster/update.go @@ -82,6 +82,19 @@ var updates = map[int]schema.Update{ 41: updateFromV40, 42: updateFromV41, 43: updateFromV42, + 44: updateFromV43, +} + +// updateFromV43 adds a unique index to the storage_pools_config and networks_config tables. +func updateFromV43(tx *sql.Tx) error { + _, err := tx.Exec(`CREATE UNIQUE INDEX storage_pools_unique_storage_pool_id_node_id_key ON storage_pools_config (storage_pool_id, IFNUL
[lxc-devel] [lxd/master] doc: features.networks is not enabled by default for projects
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8269 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From df84fc868205fc77de7ac84f724e79b0ec43fec9 Mon Sep 17 00:00:00 2001 From: Simon Fels Date: Thu, 17 Dec 2020 17:17:26 +0100 Subject: [PATCH] doc: features.networks is not enabled by default for projects --- doc/projects.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/projects.md b/doc/projects.md index 1610575dce..65d0b887e5 100644 --- a/doc/projects.md +++ b/doc/projects.md @@ -18,7 +18,7 @@ currently supported: Key | Type | Condition | Default | Description :-- | :-- | :-- | :-- | :-- features.images | boolean | - | true | Separate set of images and image aliases for the project -features.networks| boolean | - | true | Separate set of networks for the project +features.networks| boolean | - | false | Separate set of networks for the project features.profiles| boolean | - | true | Separate set of profiles for the project features.storage.volumes | boolean | - | true | Separate set of storage volumes for the project limits.instances | integer | - | - | Maximum number of total instances that can be created in the project ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [pylxd/master] Correct a typo in the integration test
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/445 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === I think we can be confident that Pythons dict implementation is correct. From 084fd69374224a29ef060e0faf6f4d9c26f652a9 Mon Sep 17 00:00:00 2001 From: Dougal Matthews Date: Thu, 17 Dec 2020 15:59:01 + Subject: [PATCH] Correct a typo in the integration test I think we can be confident that Pythons dict implementation is correct. --- integration/test_projects.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integration/test_projects.py b/integration/test_projects.py index a8d91087..8d126faa 100644 --- a/integration/test_projects.py +++ b/integration/test_projects.py @@ -65,7 +65,7 @@ def test_create(self): self.assertEqual(name, project.name) self.assertEqual(description, project.description) for key, value in config.items(): -self.assertEqual(config[key], value) +self.assertEqual(project.config[key], value) class TestProject(BaseTestProject): ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] DB: Adds updateFromV43 patch that adds unique index to storage_pools_config and networks_config table
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8268 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Prevents duplicate config rows for the same node and key being inserted. Uses `ifnull(node_id,-1)` to ensure unique index is still enforced for non-node specific config keys where node_id is NULL, and uses `-1` as the pseudo value in order to avoid issues where the node ID is genuinely `0` which @stgraber advises is potentially possible on DBs from older installations. Fixes #8260 Signed-off-by: Thomas Parrott From b1b875018f7954b51057492962b0882136665b68 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 14:55:57 + Subject: [PATCH] lxd/db/cluster: Adds updateFromV43 patch that adds unique index to storage_pools_config and networks_config table Prevents duplicate config rows for the same node and key being inserted. Fixes #8260 Signed-off-by: Thomas Parrott --- lxd/db/cluster/schema.go | 4 +++- lxd/db/cluster/update.go | 13 + 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lxd/db/cluster/schema.go b/lxd/db/cluster/schema.go index 897ea06d22..ca5d4d448e 100644 --- a/lxd/db/cluster/schema.go +++ b/lxd/db/cluster/schema.go @@ -276,6 +276,7 @@ CREATE VIEW instances_snapshots_devices_ref ( JOIN instances ON instances.id=instances_snapshots.instance_id JOIN projects ON projects.id=instances.project_id JOIN instances_snapshots ON instances_snapshots.id=instances_snapshots_devices.instance_snapshot_id; +CREATE UNIQUE INDEX network_id_node_id_key ON networks_config (network_id,ifnull(node_id, -1),key); CREATE TABLE "networks" ( id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, project_id INTEGER NOT NULL, @@ -468,6 +469,7 @@ CREATE VIEW projects_used_by_ref (name, networks.name, projects.name) FROM networks JOIN projects ON project_id=projects.id; +CREATE UNIQUE INDEX storage_pool_id_node_id_key ON storage_pools_config (storage_pool_id,ifnull(node_id, -1),key); CREATE TABLE storage_pools ( id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, name TEXT NOT NULL, @@ -591,5 +593,5 @@ CREATE TABLE storage_volumes_snapshots_config ( UNIQUE (storage_volume_snapshot_id, key) ); -INSERT INTO schema (version, updated_at) VALUES (43, strftime("%s")) +INSERT INTO schema (version, updated_at) VALUES (44, strftime("%s")) ` diff --git a/lxd/db/cluster/update.go b/lxd/db/cluster/update.go index 614f4845a9..e4f13e077a 100644 --- a/lxd/db/cluster/update.go +++ b/lxd/db/cluster/update.go @@ -82,6 +82,19 @@ var updates = map[int]schema.Update{ 41: updateFromV40, 42: updateFromV41, 43: updateFromV42, + 44: updateFromV43, +} + +// updateFromV43 adds a unique index to the storage_pools_config and networks_config tables. +func updateFromV43(tx *sql.Tx) error { + _, err := tx.Exec(`CREATE UNIQUE INDEX storage_pool_id_node_id_key ON storage_pools_config (storage_pool_id,ifnull(node_id, -1),key);; + CREATE UNIQUE INDEX network_id_node_id_key ON networks_config (network_id,ifnull(node_id, -1),key);; + `) + if err != nil { + return errors.Wrapf(err, "Failed adding unique index to storage_pools_config and networks_config tables") + } + + return nil } // updateFromV42 removes any duplicated storage pool config rows that have the same value. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/stable-2.1] fix: gcc8.3.0 and memset overflow
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3604 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 94e56bd5b79e48b793041ebcac3f2b527050151c Mon Sep 17 00:00:00 2001 From: liuyujun Date: Thu, 17 Dec 2020 22:08:43 +0800 Subject: [PATCH] fix: gcc8.3.0 and memset overflow --- src/lxc/af_unix.c | 4 ++-- src/lxc/confile_utils.c | 2 +- src/lxc/lxccontainer.c | 3 +-- src/lxc/network.c | 4 ++-- src/lxc/utils.c | 7 +-- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 9fba0ee15c..8146ebd4a9 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -62,7 +62,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags) return -1; } /* addr.sun_path[0] has already been set to 0 by memset() */ - strncpy(_path[1], [1], len); + memcpy(_path[1], [1], len); ret = bind(fd, (struct sockaddr *), offsetof(struct sockaddr_un, sun_path) + len + 1); @@ -115,7 +115,7 @@ int lxc_abstract_unix_connect(const char *path) return -1; } /* addr.sun_path[0] has already been set to 0 by memset() */ - strncpy(_path[1], [1], strlen([1])); + memcpy(_path[1], [1], len); ret = connect(fd, (struct sockaddr *), offsetof(struct sockaddr_un, sun_path) + len + 1); diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c index 612f53f1e7..dde5a78342 100644 --- a/src/lxc/confile_utils.c +++ b/src/lxc/confile_utils.c @@ -616,7 +616,7 @@ int lxc_get_conf_str(char *retv, int inlen, const char *value) if (!value) return 0; if (retv && inlen >= strlen(value) + 1) - strncpy(retv, value, strlen(value) + 1); + strncpy(retv, value, inlen); return strlen(value); } diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 745941cdd2..d87e0a3d84 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -673,8 +673,7 @@ static char **split_init_cmd(const char *incmd) len = strlen(incmd) + 1; copy = alloca(len); - strncpy(copy, incmd, len); - copy[len-1] = '\0'; + memcpy(copy, incmd, len); do { argv = malloc(sizeof(char *)); diff --git a/src/lxc/network.c b/src/lxc/network.c index 240d09337a..b3608ed785 100644 --- a/src/lxc/network.c +++ b/src/lxc/network.c @@ -2151,8 +2151,8 @@ static int lxc_create_network_unpriv_exec(const char *lxcpath, const char *lxcna return -1; } - memset(netdev->name, 0, IFNAMSIZ + 1); - strncpy(netdev->name, token, IFNAMSIZ); + memset(netdev->name, 0, IFNAMSIZ); + strncpy(netdev->name, token, IFNAMSIZ - 1); /* netdev->ifindex */ token = strtok_r(NULL, ":", ); diff --git a/src/lxc/utils.c b/src/lxc/utils.c index df4439549a..8139987c54 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -2340,13 +2340,16 @@ int parse_byte_size_string(const char *s, int64_t *converted) char *end; char dup[LXC_NUMSTRLEN64 + 2]; char suffix[3]; + size_t s_len; if (!s || !strcmp(s, "")) return -EINVAL; - end = stpncpy(dup, s, sizeof(dup)); - if (*end != '\0') + s_len = strlen(s); + if (s_len >= sizeof(dup)) return -EINVAL; + memcpy(dup, s, s_len + 1); + end = dup + s_len; if (isdigit(*(end - 1))) suffix_len = 0; ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] Fix IPv6 for Oracle and CentOS cloud images
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/224 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 13e8de160b5a79968917ee49a7ae6562f8126077 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Thu, 17 Dec 2020 13:04:47 +0100 Subject: [PATCH 1/2] images/centos: Fix IPv6 for cloud images Signed-off-by: Thomas Hipp --- images/centos.yaml | 13 + 1 file changed, 13 insertions(+) diff --git a/images/centos.yaml b/images/centos.yaml index db08e09..d871f35 100644 --- a/images/centos.yaml +++ b/images/centos.yaml @@ -422,8 +422,21 @@ files: - name: network-config generator: cloud-init + content: |- +{% if config_get("user.network-config", "") == "" %}version: 1 +config: + - type: physical +name: {% if instance.type == "virtual-machine" %}enp5s0{% else %}eth0{% endif %} +subnets: + - type: {% if config_get("user.network_mode", "") == "link-local" %}manual{% else %}dhcp{% endif %} +control: auto + - type: dhcp6 +control: auto{% else %}{{ config_get("user.network-config", "") }}{% endif %} variants: - cloud + releases: + - 8 + - 8-Stream - name: user-data generator: cloud-init From cc9bde04c1c00163326abee9e79e7fba4b323165 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Thu, 17 Dec 2020 13:11:43 +0100 Subject: [PATCH 2/2] images/oracle: Fix IPv6 for cloud images Signed-off-by: Thomas Hipp --- images/oracle.yaml | 12 1 file changed, 12 insertions(+) diff --git a/images/oracle.yaml b/images/oracle.yaml index 705f496..c2fbb5e 100644 --- a/images/oracle.yaml +++ b/images/oracle.yaml @@ -182,8 +182,20 @@ files: - name: network-config generator: cloud-init + content: |- +{% if config_get("user.network-config", "") == "" %}version: 1 +config: + - type: physical +name: {% if instance.type == "virtual-machine" %}enp5s0{% else %}eth0{% endif %} +subnets: + - type: {% if config_get("user.network_mode", "") == "link-local" %}manual{% else %}dhcp{% endif %} +control: auto + - type: dhcp6 +control: auto{% else %}{{ config_get("user.network-config", "") }}{% endif %} variants: - cloud + releases: + - 8 - name: user-data generator: cloud-init ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/stable-4.0] Network: Don't apply update changes to node when network is pending
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8267 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === And don't allow re-create attempts on errored networks, as we don't track per-node state and so cannot tell which nodes have successfully been setup and which ones haven't. So the only valid approach is to require the user to delete and start again. From ae88adbb97e31c12e6b5ac569ffe539372c3229c Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 09:23:21 + Subject: [PATCH 1/2] lxd/networks: Prevent re-create attempts on errored networks This is because the stable-4.0 branch does not have per-node state and so we cannot track which nodes have been successfully setup and which are still pending. Signed-off-by: Thomas Parrott --- lxd/networks.go | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lxd/networks.go b/lxd/networks.go index 03acf7aac3..cdf15b2386 100644 --- a/lxd/networks.go +++ b/lxd/networks.go @@ -203,6 +203,12 @@ func networksPost(d *Daemon, r *http.Request) response.Response { return response.InternalError(err) } + // If the network has previously had a create attempt that failed, then because we cannot track per-node + // status, we need to prevent any further create attempts and require the user to delete and re-create. + if netInfo != nil && netInfo.Status == api.NetworkStatusErrored { + return response.BadRequest(fmt.Errorf("Network is in errored state, please delete and re-create")) + } + // Check if we're clustered. count, err := cluster.Count(d.State()) if err != nil { From 642de5bf4f34b888f44f762f88a16cfeb8419ba2 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 09:25:43 + Subject: [PATCH 2/2] lxd/network/driver/bridge: Don't apply updates to node when network is pending If no network create attempt has been attempted then we should just update the DB and await the global create attempt. Signed-off-by: Thomas Parrott --- lxd/network/driver_bridge.go | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go index 74d3e107e3..c55644cced 100644 --- a/lxd/network/driver_bridge.go +++ b/lxd/network/driver_bridge.go @@ -1497,8 +1497,10 @@ func (n *bridge) Update(newNetwork api.NetworkPut, targetNode string, clientType return nil // Nothing changed. } - if n.LocalStatus() == api.NetworkStatusPending { - // Apply DB change to local node only. + // If the network as a whole has not had any previous creation attempts, or the node itself is still + // pending, then don't apply the new settings to the node, just to the database record (ready for the + // actual global create request to be initiated). + if n.Status() == api.NetworkStatusPending || n.LocalStatus() == api.NetworkStatusPending { return n.common.update(newNetwork, targetNode, clientType) } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Don't apply node changes when network is in pending state
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8266 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Only apply to DB. This is a commit from the stable-4.0 branch ported to the master branch for the bridge driver, and then a subsequent commit to align the non-stable-4.0 drivers with the bridge driver. From 5409511b8014938594684d4d5625a31e6f1415ed Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 09:25:43 + Subject: [PATCH 1/2] lxd/network/driver/bridge: Don't apply updates to node when network is pending If no network create attempt has been attempted then we should just update the DB and await the global create attempt. Signed-off-by: Thomas Parrott --- lxd/network/driver_bridge.go | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go index a733e5afc1..440b97dc35 100644 --- a/lxd/network/driver_bridge.go +++ b/lxd/network/driver_bridge.go @@ -1557,8 +1557,10 @@ func (n *bridge) Update(newNetwork api.NetworkPut, targetNode string, clientType return nil // Nothing changed. } - if n.LocalStatus() == api.NetworkStatusPending { - // Apply DB change to local node only. + // If the network as a whole has not had any previous creation attempts, or the node itself is still + // pending, then don't apply the new settings to the node, just to the database record (ready for the + // actual global create request to be initiated). + if n.Status() == api.NetworkStatusPending || n.LocalStatus() == api.NetworkStatusPending { return n.common.update(newNetwork, targetNode, clientType) } From f0a4beb75365d2e5e78ab596aa2602cc5edc5c66 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 17 Dec 2020 09:28:50 + Subject: [PATCH 2/2] lxd/network/driver: Don't apply changes to node if network is pending Aligns with 5409511b8 change for bridge driver from stable-4.0 branch. Signed-off-by: Thomas Parrott --- lxd/network/driver_macvlan.go | 6 -- lxd/network/driver_ovn.go | 6 -- lxd/network/driver_physical.go | 6 -- lxd/network/driver_sriov.go| 6 -- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/lxd/network/driver_macvlan.go b/lxd/network/driver_macvlan.go index bba6d06369..7dededfd83 100644 --- a/lxd/network/driver_macvlan.go +++ b/lxd/network/driver_macvlan.go @@ -90,8 +90,10 @@ func (n *macvlan) Update(newNetwork api.NetworkPut, targetNode string, clientTyp return nil // Nothing changed. } - if n.LocalStatus() == api.NetworkStatusPending { - // Apply DB change to local node only. + // If the network as a whole has not had any previous creation attempts, or the node itself is still + // pending, then don't apply the new settings to the node, just to the database record (ready for the + // actual global create request to be initiated). + if n.Status() == api.NetworkStatusPending || n.LocalStatus() == api.NetworkStatusPending { return n.common.update(newNetwork, targetNode, clientType) } diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index 3e68e6018d..db9b7366d2 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -2002,8 +2002,10 @@ func (n *ovn) Update(newNetwork api.NetworkPut, targetNode string, clientType re return nil // Nothing changed. } - if n.LocalStatus() == api.NetworkStatusPending { - // Apply DB change to local node only. + // If the network as a whole has not had any previous creation attempts, or the node itself is still + // pending, then don't apply the new settings to the node, just to the database record (ready for the + // actual global create request to be initiated). + if n.Status() == api.NetworkStatusPending || n.LocalStatus() == api.NetworkStatusPending { return n.common.update(newNetwork, targetNode, clientType) } diff --git a/lxd/network/driver_physical.go b/lxd/network/driver_physical.go index 173fbfc774..6c019c628b 100644 --- a/lxd/network/driver_physical.go +++ b/lxd/network/driver_physical.go @@ -232,8 +232,10 @@ func (n *physical) Update(newNetwork api.NetworkPut, targetNode string, clientTy return nil // Nothing changed. } - if n.LocalStatus() == api.NetworkStatusPending { - // Apply DB change to local node only. + // If the network as a whole has not had any previous creation attempts, or the node itself is still + // pending, then don't apply the new settings to the node, just to the database record (ready for the + // actual global
[lxc-devel] [lxcfs/master] docs: fix simple typo, throuh -> through
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxcfs/pull/441 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === There is a small typo in src/proc_cpuview.c. Should read `through` rather than `throuh`. Semi-automated pull request generated by https://github.com/timgates42/meticulous/blob/master/docs/NOTE.md From ae2487f2b16ed9b906aa55cd3c5669078fbd059c Mon Sep 17 00:00:00 2001 From: Tim Gates Date: Thu, 17 Dec 2020 20:13:31 +1100 Subject: [PATCH] docs: fix simple typo, throuh -> through There is a small typo in src/proc_cpuview.c. Should read `through` rather than `throuh`. --- src/proc_cpuview.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/proc_cpuview.c b/src/proc_cpuview.c index b004663..c5bf9f9 100644 --- a/src/proc_cpuview.c +++ b/src/proc_cpuview.c @@ -411,7 +411,7 @@ static uint64_t diff_cpu_usage(struct cpuacct_usage *older, /* * Read cgroup CPU quota parameters from `cpu.cfs_quota_us` or * `cpu.cfs_period_us`, depending on `param`. Parameter value is returned - * throuh `value`. + * through `value`. */ static bool read_cpu_cfs_param(const char *cg, const char *param, int64_t *value) { ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] Update images
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/223 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 047234b0847e5582addc599ea4c5385163bea630 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Thu, 17 Dec 2020 07:58:01 +0100 Subject: [PATCH 1/2] jenkins/jobs: Update Apertis releases Signed-off-by: Thomas Hipp --- jenkins/jobs/image-apertis.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jenkins/jobs/image-apertis.yaml b/jenkins/jobs/image-apertis.yaml index 1202851..42224b2 100644 --- a/jenkins/jobs/image-apertis.yaml +++ b/jenkins/jobs/image-apertis.yaml @@ -18,8 +18,8 @@ name: release type: user-defined values: -- 'v2019.4' -- 'v2020.2' +- 'v2019.5' +- 'v2020.3' - axis: name: variant From 6f4c058d630bb3d8bf89f5733a5d3739a5572a79 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Thu, 17 Dec 2020 08:04:35 +0100 Subject: [PATCH 2/2] jenkins/jobs: Add Linux Mint 20.1 Signed-off-by: Thomas Hipp --- jenkins/jobs/image-mint.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/jenkins/jobs/image-mint.yaml b/jenkins/jobs/image-mint.yaml index 6f2a6a7..3a55334 100644 --- a/jenkins/jobs/image-mint.yaml +++ b/jenkins/jobs/image-mint.yaml @@ -26,6 +26,7 @@ - tina - tricia - ulyana +- ulyssa - axis: name: variant ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] images/fedora: Override cloud-init network config
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/222 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 0448d5662e4eb0499cfb365698d7f9975fd7f7ba Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Wed, 16 Dec 2020 20:42:33 +0100 Subject: [PATCH] images/fedora: Override cloud-init network config This overrides the default cloud-init network config, and adds dhcp6. Signed-off-by: Thomas Hipp --- images/fedora.yaml | 10 ++ 1 file changed, 10 insertions(+) diff --git a/images/fedora.yaml b/images/fedora.yaml index 95c002b..b28a503 100644 --- a/images/fedora.yaml +++ b/images/fedora.yaml @@ -144,6 +144,16 @@ files: - name: network-config generator: cloud-init + content: |- +{% if config_get("user.network-config", "") == "" %}version: 1 +config: + - type: physical +name: {% if instance.type == "virtual-machine" %}enp5s0{% else %}eth0{% endif %} +subnets: + - type: {% if config_get("user.network_mode", "") == "link-local" %}manual{% else %}dhcp{% endif %} +control: auto + - type: dhcp6 +control: auto{% else %}{{ config_get("user.network-config", "") }}{% endif %} variants: - cloud ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] images/oracle: Explicitly enable IPv6
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/221 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 3f4f3dce6ff1099907022564e6c4062a0513a583 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Wed, 16 Dec 2020 20:33:08 +0100 Subject: [PATCH] images/oracle: Explicitly enable IPv6 Signed-off-by: Thomas Hipp --- images/oracle.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/images/oracle.yaml b/images/oracle.yaml index ea34050..705f496 100644 --- a/images/oracle.yaml +++ b/images/oracle.yaml @@ -102,6 +102,7 @@ files: TYPE=Ethernet MTU= DHCP_HOSTNAME=`cat /proc/sys/kernel/hostname` +IPV6INIT=yes releases: - 8 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] images/centos: Explicitly enable IPv6
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/220 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 71a96141ed0858f75bea3d9f64ee003e86eac728 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Wed, 16 Dec 2020 19:45:30 +0100 Subject: [PATCH] images/centos: Explicitly enable IPv6 Signed-off-by: Thomas Hipp --- images/centos.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/images/centos.yaml b/images/centos.yaml index 0c85a12..db08e09 100644 --- a/images/centos.yaml +++ b/images/centos.yaml @@ -307,6 +307,7 @@ files: TYPE=Ethernet MTU= DHCP_HOSTNAME={{ container.name }} +IPV6INIT=yes releases: - 8 - 8-Stream ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Clarify error when changing physical parent interface when in use
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8264 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Parrott From a6117fba820ee013e9c645f54078766b8466fe38 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 16 Dec 2020 16:54:26 + Subject: [PATCH] lxd/network/driver/physical: Clarify error when changing parent interface when in use Signed-off-by: Thomas Parrott --- lxd/network/driver_physical.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/network/driver_physical.go b/lxd/network/driver_physical.go index 51d5f16b8c..173fbfc774 100644 --- a/lxd/network/driver_physical.go +++ b/lxd/network/driver_physical.go @@ -247,7 +247,7 @@ func (n *physical) Update(newNetwork api.NetworkPut, targetNode string, clientTy if hostNameChanged { isUsed, err := n.IsUsed() if isUsed || err != nil { - return fmt.Errorf("Cannot update network host name when in use") + return fmt.Errorf("Cannot update network parent interface when in use") } inUse, err := n.checkParentUse(newNetwork.Config) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] bin/test-lxd-ovn: Adds tests for using a physical bridge uplink
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/219 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Parrott From 2a082c21078b1646928c5d6b19fdf32ed59e21d9 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 16 Dec 2020 16:42:41 + Subject: [PATCH] bin/test-lxd-ovn: Adds tests for using a physical bridge uplink Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 45 + 1 file changed, 45 insertions(+) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index 2256cac..f1be7fa 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -385,6 +385,51 @@ lxc delete -f u2 u3 lxc network delete ovn-virtual-network lxc network delete lxdbr0 --project default +# Test physical uplinks using native bridge. +lxc project switch default +ip link add dummybr0 type bridge # Create dummy uplink bridge. +ip address add 192.0.2.1/24 dev dummybr0 +ip address add 2001:db8:1:1::1/64 dev dummybr0 +ip link set dummybr0 up +lxc network create dummy --type=physical \ +parent=dummybr0 \ +ipv4.gateway=192.0.2.1/24 \ +ipv6.gateway=2001:db8:1:1::1/64 \ +ipv4.ovn.ranges=192.0.2.10-192.0.2.19 +lxc network create ovn-virtual-network --type=ovn network=dummy +bridge link show dummybr0 | wc -l | grep 1 # Check we have one port connected to the uplink bridge. +ovs-vsctl list-br | grep ovn | wc -l | grep 1 # Check we have one OVS bridge. +ovnIPv4="$(lxc network get ovn-virtual-network volatile.network.ipv4.address)" +ovnIPv6="$(lxc network get ovn-virtual-network volatile.network.ipv6.address)" +ping -c1 -4 "${ovnIPv4}" # Check IPv4 connectivity over dummy bridge to OVN router. +ping -c1 -6 "${ovnIPv6}" # Check IPv6 connectivity over dummy bridge to OVN router. +lxc network delete ovn-virtual-network +lxc network delete dummy +bridge link show dummybr0 | wc -l | grep 0 # Check the port is removed from the uplink bridge. +ovs-vsctl list-br | grep ovn | wc -l | grep 0 # Check the OVS bridge is removed. +ip link delete dummybr0 # Remove dummy uplink bridge. + +# Test physical uplinks using OVS bridge. +ovs-vsctl add-br dummybr0 # Create dummy uplink bridge. +ip address add 192.0.2.1/24 dev dummybr0 +ip address add 2001:db8:1:1::1/64 dev dummybr0 +ip link set dummybr0 up +lxc network create dummy --type=physical \ +parent=dummybr0 \ +ipv4.gateway=192.0.2.1/24 \ +ipv6.gateway=2001:db8:1:1::1/64 \ +ipv4.ovn.ranges=192.0.2.10-192.0.2.19 +lxc network create ovn-virtual-network --type=ovn network=dummy +ovs-vsctl list-ports dummybr0 | grep patch-lxd-net | wc -l | grep 1 # Check bridge has an OVN patch port connected. +ovnIPv4="$(lxc network get ovn-virtual-network volatile.network.ipv4.address)" +ovnIPv6="$(lxc network get ovn-virtual-network volatile.network.ipv6.address)" +ping -c1 -4 "${ovnIPv4}" # Check IPv4 connectivity over dummy bridge to OVN router. +ping -c1 -6 "${ovnIPv6}" # Check IPv6 connectivity over dummy bridge to OVN router. +lxc network delete ovn-virtual-network +lxc network delete dummy +ovs-vsctl list-ports dummybr0 | grep patch-lxd-net | wc -l | grep 0 # Check bridge has no OVN patch port connected. +ovs-vsctl del-br dummybr0 # Remove dummy uplink bridge. + lxc image delete "${FINGERPRINT}" --project testovn lxc image delete "${FINGERPRINT}" --project default lxc profile device remove default root --project testovn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] DB: Corrects comment on GetCreatedNetworks
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8263 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Parrott From c83abda1839a80b74b60d6a238b7e84968fd0eea Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 16 Dec 2020 15:55:53 + Subject: [PATCH] lxd/db/networks: Corrects comment on GetCreatedNetworks Signed-off-by: Thomas Parrott --- lxd/db/networks.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/db/networks.go b/lxd/db/networks.go index be30549ed8..bca1e1ea4f 100644 --- a/lxd/db/networks.go +++ b/lxd/db/networks.go @@ -422,7 +422,7 @@ func (c *Cluster) GetNetworks(project string) ([]string, error) { return c.networks(project, "") } -// GetCreatedNetworks returns the names of all networks that are not in state networkCreated. +// GetCreatedNetworks returns the names of all networks that are in state networkCreated. func (c *Cluster) GetCreatedNetworks(project string) ([]string, error) { return c.networks(project, "state=?", networkCreated) } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] bin/test-lxd-ovn: Check DHCP can be disabled selectively and instances can still start
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/218 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Parrott From b4b698ccb02d0626b48563734fe9f45a8afd095a Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 16 Dec 2020 14:16:29 + Subject: [PATCH] bin/test-lxd-ovn: Check DHCP can be disabled selectively and instances can still start Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 23 ++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index 6d904dc..d622cae 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -272,7 +272,28 @@ lxc network set ovn-virtual-network dns.domain=testdhcp --project testovn # Look for DHCP options mentioning our testdhcp domain name, there should be two. ovn-nbctl --format=csv --no-headings --data=bare --colum=_uuid,options find dhcp_options | grep testdhcp | wc -l | grep 2 -# Check DHCP can be disabled. +# Only enable IPv6 DHCP. +lxc init images:ubuntu/20.04 u1 --project testovn +lxc network set ovn-virtual-network ipv4.dhcp=false ipv6.dhcp=true --project testovn + +# Look for DHCP options mentioning our testdhcp domain name, there should be one. +ovn-nbctl --format=csv --no-headings --data=bare --colum=_uuid,options find dhcp_options | grep testdhcp | wc -l | grep 1 + +# Check container can start with IPv4 DHCP disabled. +lxc start u1 --project testovn +lxc stop -f u1 --project testovn + +# Only enable IPv6 DHCP. +lxc network set ovn-virtual-network ipv4.dhcp=true ipv6.dhcp=false --project testovn + +# Look for DHCP options mentioning our testdhcp domain name, there should be one. +ovn-nbctl --format=csv --no-headings --data=bare --colum=_uuid,options find dhcp_options | grep testdhcp | wc -l | grep 1 + +# Check container can start with IPv6 DHCP disabled. +lxc start u1 --project testovn +lxc delete -f u1 --project testovn + +# Disable both IPv4 and IPv6 DHCP. lxc network set ovn-virtual-network ipv4.dhcp=false ipv6.dhcp=false --project testovn # Look for DHCP options mentioning our testdhcp domain name, there shouldn't be any. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Adds support for OVN physical uplink interface to be a bridge
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8262 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Supports either native or OVS bridges. And then uses the existing connection functions used for managed bridge uplinks to connect OVN router to uplink. Signed-off-by: Thomas Parrott From 12ae61c323fd04f2b18a9076c88e2ca545484d93 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 16 Dec 2020 12:12:41 + Subject: [PATCH] lxd/network/driver/ovn: Adds support for physical uplink interface to be a bridge Either native or OVS. And then uses the existing connection functions used for managed bridge uplinks to connect OVN router to uplink. Signed-off-by: Thomas Parrott --- lxd/network/driver_ovn.go | 313 +++--- 1 file changed, 188 insertions(+), 125 deletions(-) diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index 8b17895a8c..3e68e6018d 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -878,88 +878,118 @@ func (n *ovn) uplinkPortBridgeVars(uplinkNet Network) *ovnUplinkPortBridgeVars { // startUplinkPortBridge creates veth pair (if doesn't exist), creates OVS bridge (if doesn't exist) and // connects veth pair to uplink bridge and OVS bridge. func (n *ovn) startUplinkPortBridge(uplinkNet Network) error { + if uplinkNet.Config()["bridge.driver"] != "openvswitch" { + return n.startUplinkPortBridgeNative(uplinkNet, uplinkNet.Name()) + } + + return n.startUplinkPortBridgeOVS(uplinkNet, uplinkNet.Name()) +} + +// startUplinkPortBridgeNative connects an OVN logical router to an uplink native bridge. +func (n *ovn) startUplinkPortBridgeNative(uplinkNet Network, bridgeDevice string) error { // Do this after gaining lock so that on failure we revert before release locking. revert := revert.New() defer revert.Fail() - ovs := openvswitch.NewOVS() - // If uplink is a native bridge, then use a separate OVS bridge with veth pair connection to native bridge. - if uplinkNet.Config()["bridge.driver"] != "openvswitch" { - vars := n.uplinkPortBridgeVars(uplinkNet) - - // Create veth pair if needed. - if !InterfaceExists(vars.uplinkEnd) && !InterfaceExists(vars.ovsEnd) { - _, err := shared.RunCommand("ip", "link", "add", "dev", vars.uplinkEnd, "type", "veth", "peer", "name", vars.ovsEnd) - if err != nil { - return errors.Wrapf(err, "Failed to create the uplink veth interfaces %q and %q", vars.uplinkEnd, vars.ovsEnd) - } + vars := n.uplinkPortBridgeVars(uplinkNet) - revert.Add(func() { shared.RunCommand("ip", "link", "delete", vars.uplinkEnd) }) + // Create veth pair if needed. + if !InterfaceExists(vars.uplinkEnd) && !InterfaceExists(vars.ovsEnd) { + _, err := shared.RunCommand("ip", "link", "add", "dev", vars.uplinkEnd, "type", "veth", "peer", "name", vars.ovsEnd) + if err != nil { + return errors.Wrapf(err, "Failed to create the uplink veth interfaces %q and %q", vars.uplinkEnd, vars.ovsEnd) } - // Ensure that the veth interfaces inherit the uplink bridge's MTU (which the OVS bridge also inherits). - uplinkNetConfig := uplinkNet.Config() - if uplinkNetConfig["bridge.mtu"] != "" { - err := InterfaceSetMTU(vars.uplinkEnd, uplinkNetConfig["bridge.mtu"]) - if err != nil { - return err - } - - err = InterfaceSetMTU(vars.ovsEnd, uplinkNetConfig["bridge.mtu"]) - if err != nil { - return err - } - } + revert.Add(func() { shared.RunCommand("ip", "link", "delete", vars.uplinkEnd) }) + } - // Ensure correct sysctls are set on uplink veth interfaces to avoid getting IPv6 link-local addresses. - err := util.SysctlSet( - fmt.Sprintf("net/ipv6/conf/%s/disable_ipv6", vars.uplinkEnd), "1", - fmt.Sprintf("net/ipv6/conf/%s/disable_ipv6", vars.ovsEnd), "1", - fmt.Sprintf("net/i
[lxc-devel] [lxd/master] Tp instance nic routed cleanup
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8261 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Addresses https://discuss.linuxcontainers.org/t/unknown-error-17-failed-to-setup-ipv4-address-route-for-network-device/9718 From fc834648941c72b9e09d1c9cb220d8da0e060bea Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 16 Dec 2020 09:39:19 + Subject: [PATCH 1/2] lxd/device/nic/routed: Switches to network.InterfaceExists for clarity Makes error quoting consistent. Signed-off-by: Thomas Parrott --- lxd/device/nic_routed.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lxd/device/nic_routed.go b/lxd/device/nic_routed.go index ed47d9dbd3..0a9ec6cbc0 100644 --- a/lxd/device/nic_routed.go +++ b/lxd/device/nic_routed.go @@ -81,8 +81,8 @@ func (d *nicRouted) validateEnvironment() error { return fmt.Errorf("Requires liblxc has following API extensions: network_veth_router, network_l2proxy") } - if d.config["parent"] != "" && !shared.PathExists(fmt.Sprintf("/sys/class/net/%s", d.config["parent"])) { - return fmt.Errorf("Parent device '%s' doesn't exist", d.config["parent"]) + if d.config["parent"] != "" && !network.InterfaceExists(d.config["parent"]) { + return fmt.Errorf("Parent device %q doesn't exist", d.config["parent"]) } if d.config["parent"] == "" && d.config["vlan"] != "" { @@ -119,7 +119,7 @@ func (d *nicRouted) validateEnvironment() error { // If the effective parent doesn't exist and the vlan option is specified, it means we are going to create // the VLAN parent at start, and we will configure the needed sysctls so don't need to check them yet. - if d.config["vlan"] != "" && !shared.PathExists(fmt.Sprintf("/sys/class/net/%s", effectiveParentName)) { + if d.config["vlan"] != "" && network.InterfaceExists(effectiveParentName) { return nil } From 8069dc8a371b1ce642c457be162b9838249d9f7d Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 16 Dec 2020 10:02:06 + Subject: [PATCH 2/2] lxd/device/nic/routed: Remove host side veth interface if exists in postStop Signed-off-by: Thomas Parrott --- lxd/device/nic_routed.go | 10 ++ 1 file changed, 10 insertions(+) diff --git a/lxd/device/nic_routed.go b/lxd/device/nic_routed.go index 0a9ec6cbc0..197972ad9d 100644 --- a/lxd/device/nic_routed.go +++ b/lxd/device/nic_routed.go @@ -414,8 +414,18 @@ func (d *nicRouted) postStop() error { v := d.volatileGet() + networkVethFillFromVolatile(d.config, v) + errs := []error{} + if network.InterfaceExists(d.config["host_name"]) { + // Removing host-side end of veth pair will delete the peer end too. + err := network.InterfaceRemove(d.config["host_name"]) + if err != nil { + errs = append(errs, errors.Wrapf(err, "Failed to remove interface %q", d.config["host_name"])) + } + } + // This will delete the parent interface if we created it for VLAN parent. if shared.IsTrue(v["last_state.created"]) { parentName := network.GetHostDevice(d.config["parent"], d.config["vlan"]) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] lxc/image: Add support for directly getting, setting and unsetting im…
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8259 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === …age properties Signed-off-by: Tate Song From 92c6b68379fb97f027aa440e157ce8b727b15d7f Mon Sep 17 00:00:00 2001 From: Tate Song Date: Tue, 15 Dec 2020 20:35:51 -0600 Subject: [PATCH] lxc/image: Add support for directly getting, setting and unsetting image properties Signed-off-by: Tate Song --- lxc/image.go | 149 +++ 1 file changed, 149 insertions(+) diff --git a/lxc/image.go b/lxc/image.go index 8d3332ac53..9849a3ec79 100644 --- a/lxc/image.go +++ b/lxc/image.go @@ -92,6 +92,18 @@ hash or alias name (if one is set).`)) imageShowCmd := cmdImageShow{global: c.global, image: c} cmd.AddCommand(imageShowCmd.Command()) + // Get-property + imageGetPropCmd := cmdImageGetProp{global: c.global, image: c} + cmd.AddCommand(imageGetPropCmd.Command()) + + // Set-property + imageSetPropCmd := cmdImageSetProp{global: c.global, image: c} + cmd.AddCommand(imageSetPropCmd.Command()) + + // Unset-property + imageUnsetPropCmd := cmdImageUnsetProp{global: c.global, image: c, imageSetProp: } + cmd.AddCommand(imageUnsetPropCmd.Command()) + return cmd } @@ -1396,3 +1408,140 @@ func (c *cmdImageShow) Run(cmd *cobra.Command, args []string) error { return nil } + +type cmdImageGetProp struct { + global *cmdGlobal + image *cmdImage +} + +func (c *cmdImageGetProp) Command() *cobra.Command { + cmd := {} + cmd.Use = usage("get-property", i18n.G("[:] ")) + cmd.Short = i18n.G("Get image properties") + cmd.Long = cli.FormatSection(i18n.G("Description"), i18n.G( + `Get image properties`)) + + cmd.RunE = c.Run + + return cmd +} + +func (c *cmdImageGetProp) Run(cmd *cobra.Command, args []string) error { + // Sanity checks + exit, err := c.global.CheckArgs(cmd, args, 2, 2) + if exit { + return err + } + + // Parse remote + remoteName, name, err := c.global.conf.ParseRemote(args[0]) + if err != nil { + return err + } + + remoteServer, err := c.global.conf.GetImageServer(remoteName) + if err != nil { + return err + } + + // Get the corresponding property + image := c.image.dereferenceAlias(remoteServer, "", name) + info, _, err := remoteServer.GetImage(image) + if err != nil { + return err + } + + properties := info.Writable() + prop, propFound := properties.Properties[args[1]] + if !propFound { + return fmt.Errorf(i18n.G("Property not found")) + } + + fmt.Println(prop) + + return nil +} + +type cmdImageSetProp struct { + global *cmdGlobal + image *cmdImage +} + +func (c *cmdImageSetProp) Command() *cobra.Command { + cmd := {} + cmd.Use = usage("set-property", i18n.G("[:] ")) + cmd.Short = i18n.G("Set image properties") + cmd.Long = cli.FormatSection(i18n.G("Description"), i18n.G( + `Set image properties`)) + + cmd.RunE = c.Run + + return cmd +} + +func (c *cmdImageSetProp) Run(cmd *cobra.Command, args []string) error { + // Sanity checks + exit, err := c.global.CheckArgs(cmd, args, 3, 3) + if exit { + return err + } + + // Parse remote + resources, err := c.global.ParseServers(args[0]) + if err != nil { + return err + } + + resource := resources[0] + + if resource.name == "" { + return fmt.Errorf(i18n.G("Image identifier missing: %s"), args[0]) + } + + // Show properties + image := c.image.dereferenceAlias(resource.server, "", resource.name) + info, etag, err := resource.server.GetImage(image) + if err != nil { + return err + } + + properties := info.Writable() + properties.Properties[args[1]] = args[2] + + // Update image + err = resource.server.UpdateImage(image, properties, etag) + if err != nil { + return err + } + + return nil +} + +type cmdImageUnsetProp struct { + global *cmdGlobal + image*cmdImage + imageSetProp *cmdImageSetProp +} + +func (c *cmdImageUnsetProp) Command() *cobra.Command { + cmd := {} + cmd.Use = usage("unset-property", i18n.G("[:] ")) + cmd.Short = i18n.G("Unset image properties") + cmd.Long = cli.FormatSection(i18n.G("Descr
[lxc-devel] [lxd/master] lxd/network/driver/ovn: Detect IPv6 DHCP options correctly
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8257 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Parrott From 5e507626b07034e4479ed3729152b2cc2cdd7e8d Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 15 Dec 2020 19:11:31 + Subject: [PATCH] lxd/network/driver/ovn: Detect IPv6 DHCP options correctly Signed-off-by: Thomas Parrott --- lxd/network/driver_ovn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index 0339cd3732..8b17895a8c 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -2163,7 +2163,7 @@ func (n *ovn) InstanceDevicePortAdd(instanceUUID string, instanceName string, de return "", err } - if dhcpV4ID == "" { + if dhcpv6ID == "" { return "", fmt.Errorf("Could not find DHCPv6 options for instance port") } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Instance: Fix deadlock in instance operationlock package
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8255 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Calling `Reset()` from `Create()` was causing a deadlock causing `lxc stop -f` requests to hang if initiated while an `lxc stop` was in progress. From 678cfbde4804df2c7d50f73b66c03b0be4491fb6 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 15 Dec 2020 16:22:56 + Subject: [PATCH 1/3] lxd/instance/operationlock: Fixes deadlock caused by call to Reset in Create Both try to aquire lock and so can deadlock each other. By pushing to the reset channel directly from Create we avoid the deadlock. Signed-off-by: Thomas Parrott --- lxd/instance/operationlock/operationlock.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lxd/instance/operationlock/operationlock.go b/lxd/instance/operationlock/operationlock.go index faab4c5982..a3bbd74e04 100644 --- a/lxd/instance/operationlock/operationlock.go +++ b/lxd/instance/operationlock/operationlock.go @@ -37,7 +37,8 @@ func Create(instanceID int, action string, reusable bool, reuse bool) (*Instance op := instanceOperations[instanceID] if op != nil { if op.reusable && reuse { - op.Reset() + // Reset operation timeout without releasing lock or deadlocking using Reset() function. + op.chanReset <- true return op, nil } From b8d7f56488219f0dfd3cb0e6076ea9b3b506863e Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 15 Dec 2020 16:23:45 + Subject: [PATCH 2/3] lxd/instance/operationlock: Store operation in instanceOperations before calling go routine As the go routine can call functions on the operation (such as op.Done) which rely on the instanceOperations map being populated it seems appropriate to ensure it has been populated with the new operation before starting the go routine. Even though the only current use of the operation inside the go routine is after 30s. Signed-off-by: Thomas Parrott --- lxd/instance/operationlock/operationlock.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxd/instance/operationlock/operationlock.go b/lxd/instance/operationlock/operationlock.go index a3bbd74e04..b7e6504961 100644 --- a/lxd/instance/operationlock/operationlock.go +++ b/lxd/instance/operationlock/operationlock.go @@ -52,6 +52,8 @@ func Create(instanceID int, action string, reusable bool, reuse bool) (*Instance op.chanDone = make(chan error, 0) op.chanReset = make(chan bool, 0) + instanceOperations[instanceID] = op + go func(op *InstanceOperation) { for { select { @@ -64,8 +66,6 @@ func Create(instanceID int, action string, reusable bool, reuse bool) (*Instance } }(op) - instanceOperations[instanceID] = op - return op, nil } From 18ace0e0607b0b0f15bf9dc28c6355f57bb66fde Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 15 Dec 2020 16:25:13 + Subject: [PATCH 3/3] lxd/instance/operationlock: Exit go routine started in Create when the operation is done Otherwise I have observed that go routines can hang around for up to 30s after operation is completed. Signed-off-by: Thomas Parrott --- lxd/instance/operationlock/operationlock.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lxd/instance/operationlock/operationlock.go b/lxd/instance/operationlock/operationlock.go index b7e6504961..49dab48b1a 100644 --- a/lxd/instance/operationlock/operationlock.go +++ b/lxd/instance/operationlock/operationlock.go @@ -57,6 +57,8 @@ func Create(instanceID int, action string, reusable bool, reuse bool) (*Instance go func(op *InstanceOperation) { for { select { + case <-op.chanDone: + return case <-op.chanReset: continue case <-time.After(time.Second * 30): ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] images/centos: Fix CentOS 8-Stream networking issue
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/216 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From bb0024cd9b81d3ecb81d51cf8fa1786e4378ffd9 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Tue, 15 Dec 2020 15:52:35 +0100 Subject: [PATCH] images/centos: Fix CentOS 8-Stream networking issue Signed-off-by: Thomas Hipp --- images/centos.yaml | 10 +++--- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/images/centos.yaml b/images/centos.yaml index 6cedf9b..4346144 100644 --- a/images/centos.yaml +++ b/images/centos.yaml @@ -399,15 +399,11 @@ files: - 8 - 8-Stream -- name: override.conf - path: /etc/systemd/system/NetworkManager.service.d/override.conf +- name: 86-nm-unmanaged.rules + path: /usr/lib/udev/rules.d/86-nm-unmanaged.rules generator: dump content: |- -[Service] -ExecStartPost=/usr/sbin/dhclient - - types: - - container +ENV{ID_NET_DRIVER}=="veth", ENV{NM_UNMANAGED}="0" releases: - 8-Stream ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] images/centos: Fix CentOS 8-Stream networking
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/215 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 226f9bc51f1886a3f87f46ea0f8518f38a41831b Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Tue, 15 Dec 2020 14:06:49 +0100 Subject: [PATCH] images/centos: Fix CentOS 8-Stream networking Signed-off-by: Thomas Hipp --- images/centos.yaml | 12 1 file changed, 12 insertions(+) diff --git a/images/centos.yaml b/images/centos.yaml index 21bd1aa..6cedf9b 100644 --- a/images/centos.yaml +++ b/images/centos.yaml @@ -399,6 +399,18 @@ files: - 8 - 8-Stream +- name: override.conf + path: /etc/systemd/system/NetworkManager.service.d/override.conf + generator: dump + content: |- +[Service] +ExecStartPost=/usr/sbin/dhclient + + types: + - container + releases: + - 8-Stream + - name: network path: /etc/sysconfig/network generator: dump ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] VM: Don't spin when Qemu QMP event channel is closed.
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8254 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes 8253 From 1f8d31f61d7f375b5fd8029d4d79d4ce6da8292e Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 15 Dec 2020 12:41:08 + Subject: [PATCH 1/2] lxd/instance/drivers/qmp/monitor: Handle closed event channel from qmp package in run Fixes #8253 Signed-off-by: Thomas Parrott --- lxd/instance/drivers/qmp/monitor.go | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/lxd/instance/drivers/qmp/monitor.go b/lxd/instance/drivers/qmp/monitor.go index 20c6dd4d01..ea564e6080 100644 --- a/lxd/instance/drivers/qmp/monitor.go +++ b/lxd/instance/drivers/qmp/monitor.go @@ -12,6 +12,7 @@ import ( "github.com/digitalocean/go-qemu/qmp" "github.com/lxc/lxd/shared" + "github.com/lxc/lxd/shared/logger" ) var monitors = map[string]*Monitor{} @@ -126,13 +127,22 @@ func (m *Monitor) run() error { select { case <-m.chDisconnect: return - case e := <-chEvents: - if e.Event == "" { - continue + case e, more := <-chEvents: + // Deliver non-empty events to the event handler. + if m.eventHandler != nil && e.Event != "" { + go m.eventHandler(e.Event, e.Data) } - if m.eventHandler != nil { - go m.eventHandler(e.Event, e.Data) + // Event channel is closed, lets disconnect. + if !more { + m.Disconnect() + return + } + + if e.Event == "" { + logger.Warnf("Unexpected empty event received from qmp event channel") + time.Sleep(time.Second) // Don't busy wait if we receive a lot of these. + continue } // Check if the ringbuffer was updated (non-blocking). From 2ab69cfc1fa49211b3fb3de0ed9ed29ac78c6e0a Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 15 Dec 2020 12:41:56 + Subject: [PATCH 2/2] lxd/instance/drivers/driver/qemu: Logs when instance is stopped in getMonitorEventHandler And removes some references to the instance in the function returned from getMonitorEventHandler so they are not kept in memory. Signed-off-by: Thomas Parrott --- lxd/instance/drivers/driver_qemu.go | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index d01f47a3f7..b6168a3f6e 100644 --- a/lxd/instance/drivers/driver_qemu.go +++ b/lxd/instance/drivers/driver_qemu.go @@ -343,9 +343,12 @@ func (d *qemu) getStoragePool() (storagePools.Pool, error) { } func (d *qemu) getMonitorEventHandler() func(event string, data map[string]interface{}) { + // Create local variables from device properties we need so as not to keep references to device around + // after we have returned the callback function. projectName := d.Project() instanceName := d.Name() state := d.state + logger := d.logger return func(event string, data map[string]interface{}) { if !shared.StringInSlice(event, []string{"SHUTDOWN"}) { @@ -354,11 +357,13 @@ func (d *qemu) getMonitorEventHandler() func(event string, data map[string]inter inst, err := instance.LoadByProjectAndName(state, projectName, instanceName) if err != nil { - d.logger.Error("Failed to load instance", log.Ctx{"err": err}) + logger.Error("Failed to load instance", log.Ctx{"err": err}) return } if event == "SHUTDOWN" { + logger.Debug("Instance stopped") + target := "stop" entry, ok := data["reason"] if ok && entry == "guest-reset" { @@ -367,7 +372,7 @@ func (d *qemu) getMonitorEventHandler() func(event string, data map[string]inter err = inst.(*qemu).onStop(target)
[lxc-devel] [pylxd/master] make AttributeDict iterable, drop special method
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/444 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From f41d4edc862697c6ae6b0a88942d8fe78b92b5b1 Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Tue, 15 Dec 2020 12:39:21 +0100 Subject: [PATCH] make AttributeDict iterable, drop special method --- pylxd/models/_model.py | 5 ++--- pylxd/tests/models/test_model.py | 4 ++-- pylxd/tests/models/test_network.py | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/pylxd/models/_model.py b/pylxd/models/_model.py index 65d3a11d..f2c8260c 100644 --- a/pylxd/models/_model.py +++ b/pylxd/models/_model.py @@ -13,7 +13,6 @@ #under the License. import os import warnings -from copy import deepcopy from pylxd import exceptions @@ -27,8 +26,8 @@ def __init__(self, dct): for key, value in dct.items(): setattr(self, key, value) -def _asdict(self): -return deepcopy(self.__dict__) +def __iter__(self): +return iter(self.__dict__.items()) class Attribute: diff --git a/pylxd/tests/models/test_model.py b/pylxd/tests/models/test_model.py index cda5182f..5ef514b6 100644 --- a/pylxd/tests/models/test_model.py +++ b/pylxd/tests/models/test_model.py @@ -39,10 +39,10 @@ def test_from_dict(self): assert a.foo == "bar" assert a.baz == "bza" -def test_as_dict(self): +def test_iterable(self): d = {"foo": "bar", "baz": "bza"} a = model.AttributeDict(d) -assert a._asdict() == d +assert dict(a) == d class TestModel(testing.PyLXDTestCase): diff --git a/pylxd/tests/models/test_network.py b/pylxd/tests/models/test_network.py index 148950f6..a6431c09 100644 --- a/pylxd/tests/models/test_network.py +++ b/pylxd/tests/models/test_network.py @@ -254,7 +254,7 @@ def test_state(self): } ) network = models.Network.get(self.client, "eth0") -assert network.state()._asdict() == state +assert dict(network.state()) == state def test_str(self): """Network is printed in JSON format.""" ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] confile: don't accidently alter lxc.cgroup.dir
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3603 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Cc: stable-4.0 Signed-off-by: Christian Brauner From 667fcc0e3ca733c62fc0f68606b437225b3287d5 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 15 Dec 2020 11:54:34 +0100 Subject: [PATCH 1/2] confile: cleanup set_config_hooks() Signed-off-by: Christian Brauner --- src/lxc/confile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index a5cb64e506..b52bd11b44 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1214,7 +1214,7 @@ static int set_config_hooks(const char *key, const char *value, else if (strcmp(key + 9, "destroy") == 0) return add_hook(lxc_conf, LXCHOOK_DESTROY, move_ptr(copy)); - return -1; + return ret_errno(EINVAL); } static int set_config_hooks_version(const char *key, const char *value, From c583072d67e3079f9dc4b4b78c141190cd30a6cc Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 15 Dec 2020 11:56:50 +0100 Subject: [PATCH 2/2] confile: don't accidently alter lxc.cgroup.dir Cc: stable-4.0 Signed-off-by: Christian Brauner --- src/lxc/confile.c | 9 + 1 file changed, 9 insertions(+) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index b52bd11b44..bcf50ad3c4 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1759,6 +1759,9 @@ static int set_config_cgroup2_controller(const char *key, const char *value, static int set_config_cgroup_dir(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + if (strcmp(key, "lxc.cgroup.dir") != 0) + return ret_errno(EINVAL); + if (lxc_config_value_empty(value)) return clr_config_cgroup_dir(key, lxc_conf, NULL); @@ -3688,6 +3691,9 @@ static int get_config_cgroup_dir(const char *key, char *retv, int inlen, int len; int fulllen = 0; + if (strcmp(key, "lxc.cgroup.dir") != 0) + return ret_errno(EINVAL); + if (!retv) inlen = 0; else @@ -4607,6 +4613,9 @@ static inline int clr_config_cgroup2_controller(const char *key, static int clr_config_cgroup_dir(const char *key, struct lxc_conf *lxc_conf, void *data) { + if (strcmp(key, "lxc.cgroup.dir") != 0) + return ret_errno(EINVAL); + if (lxc_conf->cgroup_meta.dir) free_disarm(lxc_conf->cgroup_meta.dir); ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [pylxd/master] fix manifest, cleanup .gitignore
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/443 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Alberto Donato From e6a8f13e47bdf636d346e71cc927b9680bd1bdd7 Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Tue, 15 Dec 2020 09:48:23 +0100 Subject: [PATCH] fix manifest, cleanup .gitignore Signed-off-by: Alberto Donato --- .gitignore | 43 ++- .mailmap| 3 --- MANIFEST.in | 10 +++--- 3 files changed, 5 insertions(+), 51 deletions(-) delete mode 100644 .mailmap diff --git a/.gitignore b/.gitignore index 185c3b90..f4848296 100644 --- a/.gitignore +++ b/.gitignore @@ -1,59 +1,20 @@ *.py[cod] - -# C extensions -*.so - -# Packages -*.egg -.eggs *.egg-info -dist -build -eggs -parts -bin -var -sdist -develop-eggs -.installed.cfg -lib -lib64 - -# Installer logs -pip-log.txt +dist/ # Unit test / coverage reports .coverage .tox -nosetests.xml -.testrepository -.venv -htmlcov/ # Translations *.mo -# Mr Developer -.mr.developer.cfg -.project -.pydevproject - -# Pycharm -.idea/ - -# Complexity -output/*.html -output/*/index.html - # Sphinx doc/build -# pbr generates these -AUTHORS -ChangeLog - # Editors *~ .*.swp .*sw? +.idea/ *.sublime-* diff --git a/.mailmap b/.mailmap deleted file mode 100644 index cc92f17b.. --- a/.mailmap +++ /dev/null @@ -1,3 +0,0 @@ -# Format is: -# -# \ No newline at end of file diff --git a/MANIFEST.in b/MANIFEST.in index 09defacf..1b4bfe0e 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,7 +1,3 @@ -include AUTHORS -include ChangeLog -exclude .gitignore -exclude .gitreview -exclude contrib_testing - -global-exclude *.pyc +include CONTRIBUTORS.rst +include README.rst +include LICENSE ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] Support nftables using symbolic links to run nftables commands in legacy mode
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3602 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This implementation uses the update-alternatives command to set nftables to be running in legacy mode when iptables commands need to be run. Then unsets the symbolic link after finishing the ensure there's no unintended behavior afterwards. From ed53286daf4dec3668fa23410d2aeaff2e5498a8 Mon Sep 17 00:00:00 2001 From: Kyle Colburn Date: Mon, 14 Dec 2020 19:24:30 -0600 Subject: [PATCH] Used symbolic links to run nftables in legacy mode to support iptables commands when nftables is present. Signed-off-by: Kyle Colburn --- config/init/common/lxc-net.in | 19 +++ 1 file changed, 19 insertions(+) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index a7dfa6f199..ea4732669a 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -91,6 +91,11 @@ start() { _ifup +nftables_ver_output=$(nft --version) +if [$nftables_ver_output != *"not found"*]; then +update-alternatives --set iptables /usr/sbin/iptables-legacy +fi + LXC_IPV6_ARG="" if [ -n "$LXC_IPV6_ADDR" ] && [ -n "$LXC_IPV6_MASK" ] && [ -n "$LXC_IPV6_NETWORK" ]; then echo 1 > /proc/sys/net/ipv6/conf/all/forwarding @@ -110,6 +115,10 @@ start() { iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill +if [$nftables_ver_output != *"not found"*]; then +update-alternatives --remove iptables /usr/sbin/iptables-legacy +fi + LXC_DOMAIN_ARG="" if [ -n "$LXC_DOMAIN" ]; then LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" @@ -152,6 +161,12 @@ stop() { if [ -d /sys/class/net/${LXC_BRIDGE} ]; then _ifdown + +nftables_ver_output=$(nft --version) +if [$nftables_ver_output != *"not found"*]; then +update-alternatives --set iptables /usr/sbin/iptables-legacy +fi + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT @@ -165,6 +180,10 @@ stop() { ip6tables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE fi +if [$nftables_ver_output != *"not found"*]; then +update-alternatives --remove iptables /usr/sbin/iptables-legacy +fi + pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid rm -f "${varrun}"/dnsmasq.pid # if $LXC_BRIDGE has attached interfaces, don't destroy the bridge ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [pylxd/master] Update version to 2.3.0a1
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/442 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Alberto Donato From 2a9d182ae3239fa59a883f10caa04c932c77839e Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Mon, 14 Dec 2020 18:18:59 +0100 Subject: [PATCH] Update version to 2.3.0a1 Signed-off-by: Alberto Donato --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index 994ee92c..f41812f9 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,6 @@ [metadata] name = pylxd -version = 2.2.12 +version = 2.3.0a1 description = python library for LXD long_description = file: README.rst author = Paul Hummer and others (see CONTRIBUTORS.rst) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] conf: fix block-device based rootfs mounting
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3601 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes: #3598 Cc: stable-4.0 Signed-off-by: Christian Brauner From 26ea5533c941baee14923dfc3edfb9c91666d245 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 14 Dec 2020 17:52:44 +0100 Subject: [PATCH] conf: fix block-device based rootfs mounting Fixes: #3598 Cc: stable-4.0 Signed-off-by: Christian Brauner --- src/lxc/conf.c | 4 1 file changed, 4 insertions(+) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 9f631e0c23..27f9706687 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -3135,6 +3135,10 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name, if (ret < 0) return log_error(-1, "Failed to bind mount container / onto itself"); + conf->rootfs.mntpt_fd = openat(-EBADF, path, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH | O_NOCTTY); + if (conf->rootfs.mntpt_fd < 0) + return log_error_errno(-errno, errno, "Failed to open file descriptor for container rootfs"); + return log_trace(0, "Bind mounted container / onto itself"); } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Fixes to code quality
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8251 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Hey folks, I recently ran the [DeepSource](https://deepsource.io) static analyser on the lxd code repository, and it [generated this report]([https://deepsource.io/gh/de-sh/lxd](https://deepsource.io/gh/de-sh/lxd)) that I think you should check out! I am opening this PR to fix a few of the highlighted issues, as mentioned below: - Omit comparison with boolean constant - Remove unnecessary fmt.Sprintf() on string - Replace .Sub(time.Now()) with time.Until() handler - Use result of type assertion to simplify cases - Add .deepsource.toml From c731e3e5ae3af292f15aa7e6e9cf8425a715c813 Mon Sep 17 00:00:00 2001 From: Devdutt Shenoi Date: Sat, 12 Dec 2020 21:54:56 +0530 Subject: [PATCH 1/5] Add DeepSource config Signed-off-by: Devdutt Shenoi --- .deepsource.toml | 20 1 file changed, 20 insertions(+) create mode 100644 .deepsource.toml diff --git a/.deepsource.toml b/.deepsource.toml new file mode 100644 index 00..8588c35be6 --- /dev/null +++ b/.deepsource.toml @@ -0,0 +1,20 @@ +version = 1 + +test_patterns = [ +"test/**", +"*_test.go" +] + +[[analyzers]] +name = "python" +enabled = true + + [analyzers.meta] + runtime_version = "3.x.x" + +[[analyzers]] +name = "go" +enabled = true + + [analyzers.meta] + import_paths = ["github.com/lxd/lxd"] \ No newline at end of file From 8d6f3f891766ee0b41eee498d5be9cc22adf7c31 Mon Sep 17 00:00:00 2001 From: Devdutt Shenoi Date: Sat, 12 Dec 2020 21:55:56 +0530 Subject: [PATCH 2/5] Use result of type assertion to simplify cases Signed-off-by: Devdutt Shenoi --- client/lxd.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/client/lxd.go b/client/lxd.go index 220f7bc900..77ec3e80f7 100644 --- a/client/lxd.go +++ b/client/lxd.go @@ -179,10 +179,10 @@ func (r *ProtocolLXD) rawQuery(method string, url string, data interface{}, ETag // Get a new HTTP request setup if data != nil { - switch data.(type) { + switch data := data.(type) { case io.Reader: // Some data to be sent along with the request - req, err = http.NewRequest(method, url, data.(io.Reader)) + req, err = http.NewRequest(method, url, data) if err != nil { return nil, "", err } From 584599931a5759911c1a9226b2ea8a64199b543a Mon Sep 17 00:00:00 2001 From: Devdutt Shenoi Date: Sat, 12 Dec 2020 21:56:28 +0530 Subject: [PATCH 3/5] Replace .Sub(time.Now()) with time.Until() handler Signed-off-by: Devdutt Shenoi --- lxc/utils/progress.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc/utils/progress.go b/lxc/utils/progress.go index 1a548d7539..815354f2bb 100644 --- a/lxc/utils/progress.go +++ b/lxc/utils/progress.go @@ -83,7 +83,7 @@ func (p *ProgressRenderer) Done(msg string) { // Update changes the status message to the provided string func (p *ProgressRenderer) Update(status string) { // Wait if needed - timeout := p.wait.Sub(time.Now()) + timeout := time.Until(p.wait) if timeout.Seconds() > 0 { time.Sleep(timeout) } From 07828469f9c6520ef07a48905483832c6fcec495 Mon Sep 17 00:00:00 2001 From: Devdutt Shenoi Date: Sat, 12 Dec 2020 21:56:58 +0530 Subject: [PATCH 4/5] Remove unnecessary fmt.Sprintf() on string Signed-off-by: Devdutt Shenoi --- lxc/query.go | 2 +- lxc/utils/progress.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lxc/query.go b/lxc/query.go index 29e58de88a..498b93d9cb 100644 --- a/lxc/query.go +++ b/lxc/query.go @@ -55,7 +55,7 @@ func (c *cmdQuery) pretty(input interface{}) string { return fmt.Sprintf("%v", input) } - return fmt.Sprintf("%s", pretty.String()) + return pretty.String() } func (c *cmdQuery) Run(cmd *cobra.Command, args []string) error { diff --git a/lxc/utils/progress.go b/lxc/utils/progress.go index 815354f2bb..9b7ef1892d 100644 --- a/lxc/utils/progress.go +++ b/lxc/utils/progress.go @@ -153,7 +153,7 @@ func (p *ProgressRenderer) Warn(status string, timeout time.Duration) { // Render the new message p.wait = time.Now().Add(timeout) - msg := fmt.Sprintf("%s", status) + msg := status // Truncate msg to terminal length msg = "\r" + p.truncate(msg) From efd22b81c3741d0d30bae86ea9e6151371240bb1 Mon Sep 17 00:00:00 2001 From: Devdutt Shenoi Date: Sat, 12 Dec 2020 21:57:31 +0530 Subject: [PATCH 5/5] O
[lxc-devel] [lxd/master] Storage: Clustering state avoid duplicate global config when doing re-create
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8250 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === - Restructures storage pool creation to align with network creation process. - Adds detection for duplicate storage pool config. - Adds rejection of global config when performing a storage pool re-create attempt. - Reinstates the Errored storage pool status so that we can detect re-create attempts even when no global config supplied. From f5d6d54f2b257002e100e989faeb651c9ba02cdb Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 17:19:49 + Subject: [PATCH 01/32] lxd/db/networks: Adds duplicate key detection to getNetworkConfig Signed-off-by: Thomas Parrott --- lxd/db/networks.go | 5 + 1 file changed, 5 insertions(+) diff --git a/lxd/db/networks.go b/lxd/db/networks.go index dece3638a6..e6f75119ca 100644 --- a/lxd/db/networks.go +++ b/lxd/db/networks.go @@ -670,6 +670,11 @@ func (c *Cluster) getNetworkConfig(id int64) (map[string]string, error) { key = r[0].(string) value = r[1].(string) + _, found := config[key] + if found { + return nil, fmt.Errorf("Duplicate config row found for key %q for network ID %d", key, id) + } + config[key] = value } From 849aabe23e60d7186a9f56c93606f903297da988 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 14 Dec 2020 10:06:57 + Subject: [PATCH 02/32] lxd/db/networks: Adds NetworkErrored function Signed-off-by: Thomas Parrott --- lxd/db/networks.go | 5 + 1 file changed, 5 insertions(+) diff --git a/lxd/db/networks.go b/lxd/db/networks.go index e6f75119ca..dbc6e93a14 100644 --- a/lxd/db/networks.go +++ b/lxd/db/networks.go @@ -323,6 +323,11 @@ func (c *ClusterTx) NetworkCreated(project string, name string) error { return c.networkState(project, name, networkCreated) } +// NetworkErrored sets the state of the given network to networkErrored. +func (c *ClusterTx) NetworkErrored(project string, name string) error { + return c.networkState(project, name, networkErrored) +} + func (c *ClusterTx) networkState(project string, name string, state NetworkState) error { stmt := "UPDATE networks SET state=? WHERE project_id = (SELECT id FROM projects WHERE name = ?) AND name=?" result, err := c.tx.Exec(stmt, state, project, name) From ffc6845170d5e31b6df042a052c2518b4e464c83 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 14 Dec 2020 10:07:11 + Subject: [PATCH 03/32] lxd/db/networks: Changes UpdateNetwork to not set created status We shouldn't be allowing updates on non-created networks anyway. Signed-off-by: Thomas Parrott --- lxd/db/networks.go | 10 +- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/lxd/db/networks.go b/lxd/db/networks.go index dbc6e93a14..a675b01f0c 100644 --- a/lxd/db/networks.go +++ b/lxd/db/networks.go @@ -725,7 +725,7 @@ func (c *Cluster) CreateNetwork(projectName string, name string, description str // UpdateNetwork updates the network with the given name. func (c *Cluster) UpdateNetwork(project string, name, description string, config map[string]string) error { - id, netInfo, _, err := c.GetNetworkInAnyState(project, name) + id, _, _, err := c.GetNetworkInAnyState(project, name) if err != nil { return err } @@ -736,14 +736,6 @@ func (c *Cluster) UpdateNetwork(project string, name, description string, config return err } - // Update network status if change applied successfully. - if netInfo.Status == api.NetworkStatusErrored { - err = tx.NetworkCreated(project, name) - if err != nil { - return err - } - } - return nil }) From 9f070059265055cbf509e0b75c78a04315e2fa67 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 17:20:04 + Subject: [PATCH 04/32] lxd/network/driver/ovn: Reject instance port start if cannot find DHCP options Signed-off-by: Thomas Parrott --- lxd/network/driver_ovn.go | 8 1 file changed, 8 insertions(+) diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index 4d7a6a3851..6cd162accb 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -2151,6 +2151,10 @@ func (n *ovn) InstanceDevicePortAdd(instanceUUID string, instanceName string, de if err != nil { return "", err } + + if dhcpV4ID == "" { + return "", fmt.Errorf
[lxc-devel] [pylxd/master] add support for Network.state()
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/441 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 1485daefc9eacffe915361207db4bc3b97bdb83f Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Mon, 14 Dec 2020 12:52:05 +0100 Subject: [PATCH 1/2] Extract InstanceState logic to AttributeDict Signed-off-by: Alberto Donato --- pylxd/models/_model.py | 12 pylxd/models/instance.py | 8 ++-- pylxd/tests/models/test_model.py | 12 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/pylxd/models/_model.py b/pylxd/models/_model.py index f05f4eae..65d3a11d 100644 --- a/pylxd/models/_model.py +++ b/pylxd/models/_model.py @@ -13,12 +13,24 @@ #under the License. import os import warnings +from copy import deepcopy from pylxd import exceptions MISSING = object() +class AttributeDict: +"""Wrap a dict making keys accessible as attributes.""" + +def __init__(self, dct): +for key, value in dct.items(): +setattr(self, key, value) + +def _asdict(self): +return deepcopy(self.__dict__) + + class Attribute: """A metadata class for model attributes.""" diff --git a/pylxd/models/instance.py b/pylxd/models/instance.py index 01ed452b..afb748bd 100644 --- a/pylxd/models/instance.py +++ b/pylxd/models/instance.py @@ -34,13 +34,9 @@ from pylxd.models.operation import Operation -class InstanceState: +class InstanceState(model.AttributeDict): """A simple object for representing instance state.""" -def __init__(self, **kwargs): -for key, value in kwargs.items(): -setattr(self, key, value) - _InstanceExecuteResult = collections.namedtuple( "InstanceExecuteResult", ["exit_code", "stdout", "stderr"] @@ -357,7 +353,7 @@ def _set_state(self, state, timeout=30, force=True, wait=False): def state(self): response = self.api.state.get() -state = InstanceState(**response.json()["metadata"]) +state = InstanceState(response.json()["metadata"]) return state def start(self, timeout=30, force=True, wait=False): diff --git a/pylxd/tests/models/test_model.py b/pylxd/tests/models/test_model.py index 1b626132..cda5182f 100644 --- a/pylxd/tests/models/test_model.py +++ b/pylxd/tests/models/test_model.py @@ -33,6 +33,18 @@ class ChildItem(Item): """A fake model child class.""" +class TestAttributeDict: +def test_from_dict(self): +a = model.AttributeDict({"foo": "bar", "baz": "bza"}) +assert a.foo == "bar" +assert a.baz == "bza" + +def test_as_dict(self): +d = {"foo": "bar", "baz": "bza"} +a = model.AttributeDict(d) +assert a._asdict() == d + + class TestModel(testing.PyLXDTestCase): """Tests for pylxd.model.Model.""" From f414b151370a3652ef4159121b15e437137c68fe Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Mon, 14 Dec 2020 13:09:02 +0100 Subject: [PATCH 2/2] add Network.state() Signed-off-by: Alberto Donato --- pylxd/models/network.py| 10 pylxd/tests/models/test_network.py | 40 ++ 2 files changed, 50 insertions(+) diff --git a/pylxd/models/network.py b/pylxd/models/network.py index 61b3a0c8..84cdce59 100644 --- a/pylxd/models/network.py +++ b/pylxd/models/network.py @@ -16,6 +16,10 @@ from pylxd.models import _model as model +class NetworkState(model.AttributeDict): +"""A simple object for representing a network state.""" + + class Network(model.Model): """Model representing a LXD network.""" @@ -125,6 +129,12 @@ def save(self, *args, **kwargs): self.client.assert_has_api_extension("network") super().save(*args, **kwargs) +def state(self): +"""Get network state.""" +response = self.api.state.get() +state = NetworkState(response.json()["metadata"]) +return state + @property def api(self): return self.client.api.networks[self.name] diff --git a/pylxd/tests/models/test_network.py b/pylxd/tests/models/test_network.py index 3c67533b..148950f6 100644 --- a/pylxd/tests/models/test_network.py +++ b/pylxd/tests/models/test_network.py @@ -216,6 +216,46 @@ def test_delete(self): network.delete() +def test_state(self): +state = { +
[lxc-devel] [lxc/master] unmounted proc/sys/net if dropping CAP_NET_ADMIN
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3599 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From dc9ef29bcd26aca8fb36779265426f096ef0538d Mon Sep 17 00:00:00 2001 From: zhenr667 <44516803+zhenr...@users.noreply.github.com> Date: Sun, 13 Dec 2020 02:13:21 -0600 Subject: [PATCH] unmounted proc/sys/net if dropping CAP_NET_ADMIN Signed-off-by: Henry Zhang --- src/lxc/conf.c | 41 - 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 434104c927..b0d5936244 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -616,6 +616,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha const char *fstype; unsigned long flags; const char *options; + bool requires_cap_net_admin; } default_mounts[] = { /* Read-only bind-mounting... In older kernels, doing that * required to do one MS_BIND mount and then @@ -629,26 +630,27 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha * it's busy... MS_REMOUNT|MS_BIND|MS_RDONLY seems to work for * kernels as low as 2.6.32... */ - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc","proc", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc","proc", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL, 0 }, /* proc/tty is used as a temporary placeholder for proc/sys/net which we'll move back in a few steps */ - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty",NULL,MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys",NULL,MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys",NULL, MS_REMOUNT|MS_BIND|MS_RDONLY,NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net",NULL,MS_MOVE, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL,MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY,NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW,"proc", "%r/proc","proc", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL,MS_BIND, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY,NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", &
[lxc-devel] [lxd/master] Issue #7274 Proper Support For Moving Between Pools
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8249 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Modified the following four files: lxd/storage/backend_lxd.go /shared/api/instance.go /lxc/move.go /lxd/instance_post.go Attempted to address the below specifications: Have MoveInstance function use MigrateInstance and CreateInstanceFromMigration to move the data across, update the DB record as needed and finally delete the source from its storage pool. Extend api.InstancePost to add a Pool string entry that the client would use to trigger such a server-side move Update lxc/move.go to use MigrateContainer in the client codebase combined with that new Pool field to trigger it Update lxd/instance_post.go on the server side to detect that Pool field and trigger the new MoveInstance logic. From fec87d5a2386c9d7c01754f53edb420eab2d3d25 Mon Sep 17 00:00:00 2001 From: Pranav Varanasi Date: Fri, 11 Dec 2020 22:08:47 -0800 Subject: [PATCH 1/2] vpranav5: Version 2, Issue #7274 Proper Support For Moving Between Pools --- lxd/instance_post.go | 13 +++ lxd/storage/backend_lxd.go | 211 + 2 files changed, 224 insertions(+) diff --git a/lxd/instance_post.go b/lxd/instance_post.go index 32bb5c59e9..a4252615b4 100644 --- a/lxd/instance_post.go +++ b/lxd/instance_post.go @@ -425,6 +425,19 @@ func containerPostClusteringMigrate(d *Daemon, c instance.Instance, oldName, new return response.InternalError(err) } + +// Call MoveInstance function to trigger MoveInstance logic on the server side + op, err := dest.MoveInstance(destName, instancePost) + if err != nil { + return errors.Wrap(err, "Failed to issue move instance API request") + } + + err = op.Wait() + if err != nil { + return errors.Wrap(err, "Move instance operation failed") + } + + return operations.OperationResponse(op) } diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go index 048d6728bd..77a0f60288 100644 --- a/lxd/storage/backend_lxd.go +++ b/lxd/storage/backend_lxd.go @@ -3791,3 +3791,214 @@ func (b *lxdBackend) CreateCustomVolumeFromBackup(srcBackup backup.Info, srcData revert.Success() return nil } + + + + + + + +// MoveInstance +func (b *lxdBackend) MoveInstance(inst instance.Instance, src instance.Instance, op *operations.Operation) error { + + logger := logging.AddContext(b.logger, log.Ctx{"project": inst.Project(), "instance": inst.Name(), "src": src.Name(), "snapshots": snapshots}) + logger.Debug("MoveInstance started") + defer logger.Debug("MoveInstance finished") + + if b.Status() == api.StoragePoolStatusPending { + return fmt.Errorf("Specified pool is not fully created") + } + + if inst.Type() != src.Type() { + return fmt.Errorf("Instance types must match") + } + + if src.Type() == instancetype.VM && src.IsRunning() { + return errors.Wrap(ErrNotImplemented, "Unable to perform VM live migration") + } + + volType, err := InstanceTypeToVolumeType(inst.Type()) + if err != nil { + return err + } + + volDBType, err := VolumeTypeToDBType(volType) + if err != nil { + return err + } + + contentType := InstanceContentType(inst) + + // Get the root disk device config. + rootDiskConf, err := b.instanceRootVolumeConfig(inst) + if err != nil { + return err + } + + // b is the target storage pool to move to + + // Get the volume name on storage. + volStorageName := project.Instance(inst.Project(), inst.Name()) + + // Initialise a new volume containing the root disk config supplied in the new instance. + vol := b.newVolume(volType, contentType, volStorageName, rootDiskConf) + + if b.driver.HasVolume(vol) { + return fmt.Errorf("Cannot create volume, already exists on target") + } + + // Get the src volume name on storage. + srcVolStorageName := project.Instance(src.Project(), src.Name()) + + // We don't need to use the source instance's root disk config, so set to nil. + srcVol := b.newVolume(volType, contentType, srcVolStorageName, nil) + + revert := revert.New() + defer revert.Fail() + + srcPool, err := GetPoolByInstance(b.state, src) + if err != nil { + return err + } + + // Some driver backing stores require that running instances be frozen during copy. + if !src.IsSnapshot() && b.d
[lxc-devel] [lxd/master] Smarter handling of `volatile` keys in restricted projects #7896
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8248 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Changes made: - Created a list of safe volatile keys - Modified checkRestrictionsOnVolatileConfig function to parse through the list of safe volatile keys and skip any keys that were safe and deleted any unsafe volatile keys from the config file instead of failing the copy From 4fe66fee77a368bf465b796bc8cb2daccae5e582 Mon Sep 17 00:00:00 2001 From: Jeremy Tajonera Date: Fri, 11 Dec 2020 23:11:12 -0600 Subject: [PATCH 1/2] Issue #7896 Smarter handling of `volatile` keys in restricted projects --- lxd/project/permissions.go | 18 ++ 1 file changed, 18 insertions(+) diff --git a/lxd/project/permissions.go b/lxd/project/permissions.go index 7c320bc2c4..d744db340c 100644 --- a/lxd/project/permissions.go +++ b/lxd/project/permissions.go @@ -152,11 +152,29 @@ func checkRestrictionsOnVolatileConfig(project *api.Project, instanceType instan return nil } + // List of safe keys + safe_keys := [5]string{"volatile.apply_template", "volatile.base_image", "volatile.last_state.power", "volatile.DEVNAME.apply_quota", "volatile.DEVNAME.hwaddr"} + for key, value := range config { if !strings.HasPrefix(key, shared.ConfigVolatilePrefix) { continue } + // Allow given safe volatile keys to be set + var isSafeKey bool + for _, safe_key := range safe_keys { + // If current key is in the safe_key list, break out of for loop and set isSafeKey to true + if safe_key == key { + isSafeKey = true + break + } + } + + // If the current key is a safe volatile key, get out of current iteration + if isSafeKey { + continue + } + currentValue, ok := currentConfig[key] if !ok { return fmt.Errorf( From 84bd55bfd087f1b4f3aff50ef8ac0f677fe40a73 Mon Sep 17 00:00:00 2001 From: Jeremy Tajonera Date: Fri, 11 Dec 2020 23:24:07 -0600 Subject: [PATCH 2/2] Issue 7896 - Removed Fail on unsafe key, delete key instead --- lxd/project/permissions.go | 10 -- 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/lxd/project/permissions.go b/lxd/project/permissions.go index d744db340c..89ea97230a 100644 --- a/lxd/project/permissions.go +++ b/lxd/project/permissions.go @@ -177,15 +177,13 @@ func checkRestrictionsOnVolatileConfig(project *api.Project, instanceType instan currentValue, ok := currentConfig[key] if !ok { - return fmt.Errorf( - "Setting %q on %s %q in project %q is forbidden", - key, instanceType, instanceName, project.Name) + // Strip any non-allowed volatile key from the config + delete(config, key) } if currentValue != value { - return fmt.Errorf( - "Changing %q on %s %q in project %q is forbidden", - key, instanceType, instanceName, project.Name) + // Strip any non-allowed volatile key from the config + delete(config, key) } } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] unmounted proc/sys/net if dropping CAP_NET_ADMIN
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3597 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 958779e4bfd5f2cdbaf66232afd8d0d865eb827b Mon Sep 17 00:00:00 2001 From: zhenr667 <44516803+zhenr...@users.noreply.github.com> Date: Fri, 11 Dec 2020 19:12:11 -0600 Subject: [PATCH 1/2] unmount /proc/sys/net if dropping CAP_NET_ADMIN --- src/lxc/conf.c | 39 ++- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 84d16d7749..9fcedb9298 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -616,6 +616,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha const char *fstype; unsigned long flags; const char *options; + int net_cap_dropped; } default_mounts[] = { /* Read-only bind-mounting... In older kernels, doing that * required to do one MS_BIND mount and then @@ -629,24 +630,24 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha * it's busy... MS_REMOUNT|MS_BIND|MS_RDONLY seems to work for * kernels as low as 2.6.32... */ - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc","proc", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc","proc", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL, 0 }, /* proc/tty is used as a temporary placeholder for proc/sys/net which we'll move back in a few steps */ - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty",NULL,MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys",NULL,MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys",NULL, MS_REMOUNT|MS_BIND|MS_RDONLY,NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net",NULL,MS_MOVE, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL,MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY,NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW,"proc", "%r/proc","proc", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID,NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL,MS_BIND, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY,NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", "sysfs", 0,
[lxc-devel] [lxd/master] lxd/backup: Fix URL in lifecycle events
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8247 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Stéphane Graber From 88e97effbd247c1efbca563b33288eacb02adda6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 11 Dec 2020 16:08:30 -0500 Subject: [PATCH] lxd/backup: Fix URL in lifecycle events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/backup/backup_utils.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lxd/backup/backup_utils.go b/lxd/backup/backup_utils.go index 3b3d39cb35..d2d2924f62 100644 --- a/lxd/backup/backup_utils.go +++ b/lxd/backup/backup_utils.go @@ -34,8 +34,10 @@ func TarReader(r io.ReadSeeker) (*tar.Reader, context.CancelFunc, error) { // Lifecycle emits a backup-specific lifecycle event. func Lifecycle(s *state.State, inst Instance, name string, action string, ctx map[string]interface{}) error { + _, backupName, _ := shared.InstanceGetParentAndSnapshotName(name) + prefix := "instance-backup" - u := fmt.Sprintf("/1.0/instances/%s/backups/%s", url.PathEscape(inst.Name()), url.PathEscape(name)) + u := fmt.Sprintf("/1.0/instances/%s/backups/%s", url.PathEscape(inst.Name()), url.PathEscape(backupName)) if inst.Project() != project.Default { u = fmt.Sprintf("%s?project=%s", u, url.QueryEscape(inst.Project())) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] lxd/instance/qmp: Update for go-qmp change
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8245 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Stéphane Graber From 74f75353c4ad07632dcc44f2ea12bd9716409caa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 11 Dec 2020 14:15:08 -0500 Subject: [PATCH] lxd/instance/qmp: Update for go-qmp change MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/instance/drivers/qmp/monitor.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lxd/instance/drivers/qmp/monitor.go b/lxd/instance/drivers/qmp/monitor.go index d3698580a3..20c6dd4d01 100644 --- a/lxd/instance/drivers/qmp/monitor.go +++ b/lxd/instance/drivers/qmp/monitor.go @@ -1,6 +1,7 @@ package qmp import ( + "context" "encoding/json" "fmt" "os" @@ -111,7 +112,7 @@ func (m *Monitor) run() error { } // Start event monitoring go routine. - chEvents, err := m.qmp.Events() + chEvents, err := m.qmp.Events(context.Background()) if err != nil { return err } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Clustering state avoid duplicate global config when doing re-create
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8244 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === When doing a `lxc network create` for subsequent attempts after failed initial attempt, avoid creating duplicate global config by ignoring global config supplied on subsequent attempts. From 689ca1fd3da951dcc790ed8d7fdcfd5b3c3fb3f1 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 17:19:49 + Subject: [PATCH 1/7] lxd/db/networks: Adds duplicate key detection to getNetworkConfig Signed-off-by: Thomas Parrott --- lxd/db/networks.go | 5 + 1 file changed, 5 insertions(+) diff --git a/lxd/db/networks.go b/lxd/db/networks.go index dece3638a6..e6f75119ca 100644 --- a/lxd/db/networks.go +++ b/lxd/db/networks.go @@ -670,6 +670,11 @@ func (c *Cluster) getNetworkConfig(id int64) (map[string]string, error) { key = r[0].(string) value = r[1].(string) + _, found := config[key] + if found { + return nil, fmt.Errorf("Duplicate config row found for key %q for network ID %d", key, id) + } + config[key] = value } From fec13a6a73b02ea609cdca005ece4538ae758615 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 17:20:04 + Subject: [PATCH 2/7] lxd/network/driver/ovn: Reject instance port start if cannot find DHCP options Signed-off-by: Thomas Parrott --- lxd/network/driver_ovn.go | 8 1 file changed, 8 insertions(+) diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index 4d7a6a3851..6cd162accb 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -2151,6 +2151,10 @@ func (n *ovn) InstanceDevicePortAdd(instanceUUID string, instanceName string, de if err != nil { return "", err } + + if dhcpV4ID == "" { + return "", fmt.Errorf("Could not find DHCPv4 options for instance port") + } } if dhcpv6Subnet != nil { @@ -2159,6 +2163,10 @@ func (n *ovn) InstanceDevicePortAdd(instanceUUID string, instanceName string, de return "", err } + if dhcpV4ID == "" { + return "", fmt.Errorf("Could not find DHCPv6 options for instance port") + } + // If port isn't going to have fully dynamic IPs allocated by OVN, and instead only static IPv4 // addresses have been added, then add an EUI64 static IPv6 address so that the switch port has an // IPv6 address that will be used to generate a DNS record. This works around a limitation in OVN From c3c36e878ad6b02078b8dace1892527bec553e73 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 17:20:33 + Subject: [PATCH 3/7] lxd/networks: doNetworksCreate usage Signed-off-by: Thomas Parrott --- lxd/networks.go | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lxd/networks.go b/lxd/networks.go index daf238facf..cf28c7d846 100644 --- a/lxd/networks.go +++ b/lxd/networks.go @@ -198,9 +198,14 @@ func networksPost(d *Daemon, r *http.Request) response.Response { clientType := request.UserAgentClientType(r.Header.Get("User-Agent")) if isClusterNotification(r) { + n, err := network.LoadByName(d.State(), projectName, req.Name) + if err != nil { + return response.SmartError(err) + } + // This is an internal request which triggers the actual creation of the network across all nodes // after they have been previously defined. - err = doNetworksCreate(d, projectName, req, clientType) + err = doNetworksCreate(d, n, clientType) if err != nil { return response.SmartError(err) } From 319053c314e310ef561c5de381d4ed5e118b0e86 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 17:20:52 + Subject: [PATCH 4/7] lxd/networks: When auto creating pending nodes, don't pass global config into DB function in networksPost We don't want to store global config yet and this can cause duplicates. Signed-off-by: Thomas Parrott --- lxd/networks.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lxd/networks.go b/lxd/networks.go index cf28c7d846..7701b03d6c 100644 --- a/lxd/networks.go +++ b/lxd/networks.go @@ -256,7 +256,8 @@ func networksPost(d *Daemon, r *http.Request) response.Response { }
[lxc-devel] [lxd/master] Add VLAN struct to network state
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8243 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 414b214363e759b9156d806fb3bd8646b581b016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 11 Dec 2020 11:27:28 -0500 Subject: [PATCH 1/4] shared/api: Fix typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- shared/api/network.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/api/network.go b/shared/api/network.go index 12b126dc33..8647a42bf1 100644 --- a/shared/api/network.go +++ b/shared/api/network.go @@ -117,7 +117,7 @@ type NetworkStateBond struct { LowerDevices []string `json:"lower_devices" yaml:"lower_devices"` } -// NetworkStateBridge represents bond specific state +// NetworkStateBridge represents bridge specific state // API extension: network_state_bond_bridge type NetworkStateBridge struct { ID string `json:"id" yaml:"id"` From bb7e2fab1193201789bf373348607eea8c2bfe2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 11 Dec 2020 11:27:38 -0500 Subject: [PATCH 2/4] shared/api: Add NetworkStateVLAN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- shared/api/network.go | 10 ++ 1 file changed, 10 insertions(+) diff --git a/shared/api/network.go b/shared/api/network.go index 8647a42bf1..6178675e23 100644 --- a/shared/api/network.go +++ b/shared/api/network.go @@ -85,6 +85,9 @@ type NetworkState struct { // API extension: network_state_bond_bridge Bond *NetworkStateBond `json:"bond" yaml:"bond"` Bridge *NetworkStateBridge `json:"bridge" yaml:"bridge"` + + // API extension: network_state_vlan + VLAN *NetworkStateVLAN `json:"vlan" yaml:"vlan"` } // NetworkStateAddress represents a network address @@ -129,3 +132,10 @@ type NetworkStateBridge struct { UpperDevices []string `json:"upper_devices" yaml:"upper_devices"` } + +// NetworkStateVLAN represents VLAN specific state +// API extension: network_state_vlan +type NetworkStateVLAN struct { + LowerDevice string `json:"lower_device" yaml:"lower_device"` + VID uint64 `json:"vid" yaml:"vid"` +} From 05ad258cd4ec72e23187f83d45b080042ec0e0cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 11 Dec 2020 11:37:39 -0500 Subject: [PATCH 3/4] lxd/resources: Add VLAN struct MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/resources/network.go | 43 1 file changed, 43 insertions(+) diff --git a/lxd/resources/network.go b/lxd/resources/network.go index 8edecf20b0..84597a045a 100644 --- a/lxd/resources/network.go +++ b/lxd/resources/network.go @@ -616,6 +616,49 @@ func GetNetworkState(name string) (*api.NetworkState, error) { network.Bridge = } + // Populate VLAN details. + type vlan struct { + lower string + vid uint64 + } + vlans := map[string]vlan{} + + vlanPath := "/proc/net/vlan/config" + if sysfsExists(vlanPath) { + entries, err := ioutil.ReadFile(vlanPath) + if err != nil { + return nil, err + } + + for _, line := range strings.Split(string(entries), "\n") { + fields := strings.Split(line, "|") + if len(fields) != 3 { + continue + } + + vName := strings.TrimSpace(fields[0]) + vVID, err := strconv.ParseUint(strings.TrimSpace(fields[1]), 10, 64) + if err != nil { + continue + } + vLower := strings.TrimSpace(fields[2]) + + vlans[vName] = vlan{ + lower: vLower, + vid: vVID, + } + } + } + + // Check if the inrterface is a VLAN. + entry, ok := vlans[name] + if ok { + network.VLAN = { + LowerDevice: entry.lower, + VID: entry.vid, + } + } + // Get counters. counters, err := GetNetworkCounters(name) if err != nil { From 5003
[lxc-devel] [pylxd/master] Update the contributing docs to reflect recent changes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/440 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 3ef20fd6eaae9f3b1b79ce2f7456b94f51393640 Mon Sep 17 00:00:00 2001 From: Dougal Matthews Date: Fri, 11 Dec 2020 14:58:06 + Subject: [PATCH] Update the contributing docs to reflect recent changes --- doc/source/contributing.rst | 34 +- 1 file changed, 5 insertions(+), 29 deletions(-) diff --git a/doc/source/contributing.rst b/doc/source/contributing.rst index 0ac7f062..477fa2aa 100644 --- a/doc/source/contributing.rst +++ b/doc/source/contributing.rst @@ -77,10 +77,9 @@ Testing Testing pyLXD is in 3 parts: -1. Conformance with `PEP 8`_, using the ``tox -e pep8`` command. +1. Conformance with Black and isort, using the ``tox -e lint`` command. 2. Unit tests using ``tox -e py``. -3. Integration tests using the ``run_integration_tests`` script in the root of - the repository. +3. Integration tests using the ``tox -e integration-in-lxd``. .. note:: all of the tests can be run by just using the ``tox`` command on it's own, with the exception of the integration tests. These are not @@ -94,7 +93,7 @@ Unit Testing pyLXD tries to follow best practices when it comes to testing. PRs are gated -by `Travis CI <https://travis-ci.org/lxc/pylxd>`_ and +by `GitHub Actions <https://github.com/lxc/pylxd/actions>`_ and `CodeCov <https://codecov.io/gh/lxc/pylxd>`_. It's best to submit tests with new changes, as your patch is unlikely to be accepted without them. @@ -105,32 +104,9 @@ To run the tests, you should use `Tox`_:: Integration Testing ^^^ -Integration testing requires a running LXD system. At present this is not -performed by the CI system, although this is intended at some point in the -future. Integration testing *should* be performed prior to merging a PR. - -Currently, there are two variants of the script to run integration tests: - -1. ``run_integration_tests-16-04`` -2. ``run_integration_tests-18-04`` - -The default is ``run_integration_tests-18-04``, which is symlinked to -``run_integration_tests``. This is because the default is to test on Ubuntu -Focal (20.04 LTS), with Ubuntu Bionic (18.04 LTS) for maintenance purposes. - -.. note:: A script to automate running the integration tests needs to be added. - -Some hints on how to run the integration tests: - -1. On Ubuntu it's probably easiest to use the `Multipass`_ snap. -2. Launch an LTS instance using ``multipass launch -n foo`` -3. Shell into the instance: ``multipass exec foo -- bash`` -4. Install tox and python3.6+. -5. Clone the branch from the PR (or otherwise copy the repo into the machine) -6. Configure LXD using ``lxd init`` -- follow the prompts provided. -7. Run the integration tests. +Integration testing requires a running LXD system. They can be tested locally +in LXD container with nesting support; ``tox -e integration-in-lxd``. .. _Github: https://github.com/lxc/pylxd -.. _PEP 8: https://www.python.org/dev/peps/pep-0008/ .. _Tox: https://tox.readthedocs.io/en/latest/ .. _Multipass: https://github.com/CanonicalLtd/multipass ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Improvements to clustering node state to better handle failed startup during network create
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8242 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === - If a network was successfully "created" (using `n.Create()`) on a local node, but then failed to start (using `n.Start()`) then it was possible for setup done in `n.Create()` to be left behind because although `n.Delete()` was called on failure, the node status was still Pending and so the tear down was not performed. - To cope with this, and to better align with storage pool state management, I've moved the DB record deletion and cluster notification logic into the API route handler function, leaving the network package's `Delete()` function to always tear down local setup. - This allows the API route handler functions to decide for themselves (using `n.LocalStatus()`) whether it is appropriate to call `n.Delete()` depending on the scenario. From bc7e0525ef8f585bbcda22d3a4bb160ae124b7e6 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 14:43:56 + Subject: [PATCH 1/8] lxd/network/network/interface: Adds Project function Signed-off-by: Thomas Parrott --- lxd/network/network_interface.go | 1 + 1 file changed, 1 insertion(+) diff --git a/lxd/network/network_interface.go b/lxd/network/network_interface.go index 021cd88198..af8c8afcbe 100644 --- a/lxd/network/network_interface.go +++ b/lxd/network/network_interface.go @@ -31,6 +31,7 @@ type Network interface { Validate(config map[string]string) error ID() int64 Name() string + Project() string Description() string Status() string LocalStatus() string From 4b48e17ab725d8bf598b1bcf75021e46ffeedb3e Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 14:44:14 + Subject: [PATCH 2/8] lxd/network/driver/common: Adds Project function Signed-off-by: Thomas Parrott --- lxd/network/driver_common.go | 5 + 1 file changed, 5 insertions(+) diff --git a/lxd/network/driver_common.go b/lxd/network/driver_common.go index 03f4b9ab7d..c17bf1d8d6 100644 --- a/lxd/network/driver_common.go +++ b/lxd/network/driver_common.go @@ -130,6 +130,11 @@ func (n *common) Name() string { return n.name } +// Project returns the network project. +func (n *common) Project() string { + return n.project +} + // Description returns the network description. func (n *common) Description() string { return n.description From 40defa5130a86dedd14ec111ccd6bf0667519fc8 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Fri, 11 Dec 2020 14:44:35 + Subject: [PATCH 3/8] lxd/network/driver/common: Remove cluster notification and DB record removal from delete() function We need more control over when we generate notifications and remove DB records, so this is being moved into the API route handler function (networkDelete()). This also aligns better with storage pools, where the notifications and DB record removal is also handled by API route handler function (storagePoolDelete()). Signed-off-by: Thomas Parrott --- lxd/network/driver_common.go | 28 +--- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/lxd/network/driver_common.go b/lxd/network/driver_common.go index c17bf1d8d6..2c9138f1c1 100644 --- a/lxd/network/driver_common.go +++ b/lxd/network/driver_common.go @@ -368,34 +368,16 @@ func (n *common) rename(newName string) error { // delete the network from the database if clusterNotification is false. func (n *common) delete(clientType request.ClientType) error { - // Only delete database record if not cluster notification. - if clientType != request.ClientTypeNotifier { - // Notify all other nodes. If any node is down, an error will be returned. - notifier, err := cluster.NewNotifier(n.state, n.state.Endpoints.NetworkCert(), cluster.NotifyAll) - if err != nil { - return err - } - err = notifier(func(client lxd.InstanceServer) error { - return client.UseProject(n.project).DeleteNetwork(n.name) - }) - if err != nil { - return err - } - - // Remove the network from the database. - err = n.state.Cluster.DeleteNetwork(n.project, n.name) - if err != nil { - return err - } - - n.lifecycle("deleted", nil) - } - // Cleanup storage. if shared.PathExists(shared.VarPath("networks", n.name)) { os.RemoveAll(shared.VarPath("networks", n.name)) } + // Generate lifecycle event if not notification. + if clientType != request.ClientTypeNotifier { +
[lxc-devel] [pylxd/master] add linter for shell scripts
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/439 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 90a72f6e930e4201aecd4cb4ab8a237bd9b039b6 Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Fri, 11 Dec 2020 15:25:28 +0100 Subject: [PATCH] add linter for shell scripts --- .github/workflows/ci.yml | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f3cee93e..52308280 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: - master jobs: - lint: + lint-python: runs-on: ubuntu-latest steps: - name: Repository checkout @@ -24,10 +24,19 @@ jobs: run: | pip install --upgrade pip tox -- name: Lint +- name: Lint Python files run: | tox -e lint + lint-shell: +runs-on: ubuntu-latest +steps: +- name: Repository checkout + uses: actions/checkout@v2 + +- name: Lint shell files + uses: ludeeus/action-shellcheck@master + test: runs-on: ubuntu-latest strategy: ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [pylxd/master] drop unused files
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/438 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From a4ffbbbd79b975ea5da88e07e976a6d7f501d762 Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Fri, 11 Dec 2020 15:11:52 +0100 Subject: [PATCH] drop unused files --- .testr.conf | 7 --- blacklist | 1 - openstack-common.conf | 6 -- 3 files changed, 14 deletions(-) delete mode 100644 .testr.conf delete mode 100644 blacklist delete mode 100644 openstack-common.conf diff --git a/.testr.conf b/.testr.conf deleted file mode 100644 index fb622677.. --- a/.testr.conf +++ /dev/null @@ -1,7 +0,0 @@ -[DEFAULT] -test_command=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \ - OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \ - OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-60} \ - ${PYTHON:-python} -m subunit.run discover -t ./ . $LISTOPT $IDOPTION -test_id_option=--load-list $IDFILE -test_list_option=--list \ No newline at end of file diff --git a/blacklist b/blacklist deleted file mode 100644 index 5e02c814.. --- a/blacklist +++ /dev/null @@ -1 +0,0 @@ -integration.* diff --git a/openstack-common.conf b/openstack-common.conf deleted file mode 100644 index b1cb5045.. --- a/openstack-common.conf +++ /dev/null @@ -1,6 +0,0 @@ -[DEFAULT] - -# The list of modules to copy from oslo-incubator.git - -# The base module to hold the copy of openstack.common -base=pylxd \ No newline at end of file ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [pylxd/master] Blacken and isort contrib_testing, integration and migration code
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/437 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Dougal Matthews From dcaa938e29ff1d31c5e2fc264d10b8a699dccf4e Mon Sep 17 00:00:00 2001 From: Dougal Matthews Date: Fri, 11 Dec 2020 12:20:59 + Subject: [PATCH] Blacken and isort contrib_testing, integration and migration code Signed-off-by: Dougal Matthews --- contrib_testing/local-http-test.py | 35 +++--- contrib_testing/local-unix-test.py | 35 +++--- contrib_testing/remote-test.py | 37 --- integration/busybox.py | 56 +- integration/test_client.py | 6 +- integration/test_cluster_members.py | 5 +- integration/test_containers.py | 162 +--- integration/test_images.py | 15 ++- integration/test_networks.py| 51 + integration/test_profiles.py| 17 ++- integration/test_storage.py | 26 ++--- integration/testing.py | 71 ++-- migration/busybox.py| 56 +- migration/test_containers.py| 63 +-- migration/testing.py| 71 ++-- tox.ini | 10 +- 16 files changed, 353 insertions(+), 363 deletions(-) diff --git a/contrib_testing/local-http-test.py b/contrib_testing/local-http-test.py index 3e47bcae..9ddde29e 100755 --- a/contrib_testing/local-http-test.py +++ b/contrib_testing/local-http-test.py @@ -1,12 +1,12 @@ #!/usr/bin/env python3 import datetime -import pylxd -import requests import time +import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning +import pylxd requests.packages.urllib3.disable_warnings(InsecureRequestWarning) @@ -18,22 +18,25 @@ def log(s): def create_and_update(client): log("Creating...") -base = client.containers.create({ -'name': 'ubuntu-1604', -'source': { -'type': 'image', -'protocol': 'simplestreams', -'server': 'https://images.linuxcontainers.org', -'alias': 'ubuntu/xenial/amd64' -} -}, wait=True) +base = client.containers.create( +{ +"name": "ubuntu-1604", +"source": { +"type": "image", +"protocol": "simplestreams", +"server": "https://images.linuxcontainers.org;, +"alias": "ubuntu/xenial/amd64", +}, +}, +wait=True, +) log("starting...") base.start(wait=True) -while len(base.state().network['eth0']['addresses']) < 2: +while len(base.state().network["eth0"]["addresses"]) < 2: time.sleep(1) commands = [ -['apt-get', 'update'], -['apt-get', 'install', 'openssh-server', 'sudo', 'man', '-y'] +["apt-get", "update"], +["apt-get", "install", "openssh-server", "sudo", "man", "-y"], ] for command in commands: log("command: {}".format(command)) @@ -43,9 +46,9 @@ def create_and_update(client): log("stderr: {}".format(result.stderr)) -if __name__ == '__main__': +if __name__ == "__main__": client = pylxd.Client("https://127.0.0.1:8443/;, verify=False) log("Authenticating...") -client.authenticate('password') +client.authenticate("password") create_and_update(client) diff --git a/contrib_testing/local-unix-test.py b/contrib_testing/local-unix-test.py index 580c0d56..fa291d71 100755 --- a/contrib_testing/local-unix-test.py +++ b/contrib_testing/local-unix-test.py @@ -1,12 +1,12 @@ #!/usr/bin/env python3 import datetime -import pylxd -import requests import time +import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning +import pylxd requests.packages.urllib3.disable_warnings(InsecureRequestWarning) @@ -18,22 +18,25 @@ def log(s): def create_and_update(client): log("Creating...") -base = client.containers.create({ -'name': 'ubuntu-1604', -'source': { -'type': 'image', -'protocol': 'simplestreams', -'server': 'https://images.linuxcontainers.org', -'alias': 'ubuntu/xenial/amd64' -} -}, wait=True) +base = client.containers.create( +{ +"name": "ubuntu-1604", +"source": { +"type": "image", +"protocol": "
[lxc-devel] [lxd/master] Allows bulk instance state changes.
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8241 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes #7934 From 27026e3042e5028c2f45d684ca79883cb2497898 Mon Sep 17 00:00:00 2001 From: Kevin Turner Date: Thu, 10 Dec 2020 22:21:34 -0600 Subject: [PATCH 1/6] client: Adds support for bulk instance state change. Signed-off-by: Kevin Turner --- client/interfaces.go| 1 + client/lxd_instances.go | 16 2 files changed, 17 insertions(+) diff --git a/client/interfaces.go b/client/interfaces.go index 85a84a73ee..d50d2532d4 100644 --- a/client/interfaces.go +++ b/client/interfaces.go @@ -87,6 +87,7 @@ type InstanceServer interface { // Container functions GetContainerNames() (names []string, err error) GetContainers() (containers []api.Container, err error) + PutInstances(state api.InstancesPut, ETag string) (Operation, error) GetContainersFull() (containers []api.ContainerFull, err error) GetContainer(name string) (container *api.Container, ETag string, err error) CreateContainer(container api.ContainersPost) (op Operation, err error) diff --git a/client/lxd_instances.go b/client/lxd_instances.go index 0195d7504d..9fef38fc66 100644 --- a/client/lxd_instances.go +++ b/client/lxd_instances.go @@ -91,6 +91,22 @@ func (r *ProtocolLXD) GetInstances(instanceType api.InstanceType) ([]api.Instanc return instances, nil } +// PutInstances +func (r *ProtocolLXD) PutInstances(state api.InstancesPut, ETag string) (Operation, error) { + path, v, err := r.instanceTypeToPath(api.InstanceTypeAny) + if err != nil { + return nil, err + } + + // Send the request + op, _, err := r.queryOperation("PUT", fmt.Sprintf("%s?%s", path, v.Encode()), state, ETag) + if err != nil { + return nil, err + } + + return op, nil +} + // GetInstancesFull returns a list of instances including snapshots, backups and state. func (r *ProtocolLXD) GetInstancesFull(instanceType api.InstanceType) ([]api.InstanceFull, error) { instances := []api.InstanceFull{} From 5264907d11ee846ba840569ec7ce26b1d75a3503 Mon Sep 17 00:00:00 2001 From: Kevin Turner Date: Thu, 10 Dec 2020 22:23:56 -0600 Subject: [PATCH 2/6] lxc: Adds support for bulk instance state change. Signed-off-by: Kevin Turner --- lxc/action.go | 138 -- 1 file changed, 88 insertions(+), 50 deletions(-) diff --git a/lxc/action.go b/lxc/action.go index 292a82372a..d589ef4b6e 100644 --- a/lxc/action.go +++ b/lxc/action.go @@ -130,6 +130,65 @@ func (c *cmdAction) Command(action string) *cobra.Command { return cmd } +func (c *cmdAction) doActionAll(action string, resources []remoteResource) error { + for _, resource := range resources { + if resource.name != "" { + // both --all and instance name given + return fmt.Errorf(i18n.G("Both --all and instance name given")) + } + + remote := resource.remote + d, err := c.global.conf.GetInstanceServer(remote) + if err != nil { + return err + } + + state := false + + // Pause is called freeze + if action == "pause" { + action = "freeze" + } + + // Only store state if asked to + if action == "stop" && c.flagStateful { + state = true + } + + req := api.InstancesPut{ + Action: action, + Timeout: c.flagTimeout, + Force: c.flagForce, + Stateful: state, + } + + op, err := d.PutInstances(req, "") + if err != nil { + return err + } + + progress := utils.ProgressRenderer { + Quiet: c.global.flagQuiet, + } + + _, err = op.AddHandler(progress.UpdateOp) + if err != nil { + progress.Done("") + return err + } + + err = utils.CancelableWait(op, ) + if err != nil { + progress.Done("") + return err + } + + progress.Done("") + } + + return nil +} + func (c *cmdAction) doAction(action string, conf *config.Config, nameArg string) error { state := false @@ -23
[lxc-devel] [lxd/master] #7868: `proxy` device support for VMs (NAT-only)
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8240 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Allows `proxy` devices to attach to VMs, and runs the necessary startup hooks for the proxy device to work. CC: @grant-he @benhartcheatham From d1c9b0e1afe1b5b7868b8918cc769c8740eab3c5 Mon Sep 17 00:00:00 2001 From: JLRDRAGON92000 Date: Fri, 4 Dec 2020 22:58:58 -0600 Subject: [PATCH 1/3] lxd/device: allow adding proxy device to VM instances Signed-off-by: Jared Rankin --- lxd/device/proxy.go | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lxd/device/proxy.go b/lxd/device/proxy.go index d169a4671e..c114c0230f 100644 --- a/lxd/device/proxy.go +++ b/lxd/device/proxy.go @@ -48,7 +48,7 @@ type proxyProcInfo struct { // validateConfig checks the supplied config for correctness. func (d *proxy) validateConfig(instConf instance.ConfigReader) error { - if !instanceSupported(instConf.Type(), instancetype.Container) { + if !instanceSupported(instConf.Type(), instancetype.Container, instancetype.VM) { return ErrUnsupportedDevType } @@ -85,6 +85,10 @@ func (d *proxy) validateConfig(instConf instance.ConfigReader) error { return err } + if instConf.Type() == instancetype.VM && !shared.IsTrue(d.config["nat"]) { + return fmt.Errorf("Only NAT mode is supported for proxies on VM instances") + } + listenAddr, err := ProxyParseAddr(d.config["listen"]) if err != nil { return err From 3d0fad9d218f6a188ef1a7fa25536e4fdfae100e Mon Sep 17 00:00:00 2001 From: JLRDRAGON92000 Date: Fri, 4 Dec 2020 23:00:01 -0600 Subject: [PATCH 2/3] lxd/instance/drivers: run device post-start hooks in QEMU driver Signed-off-by: Jared Rankin --- lxd/instance/drivers/driver_qemu.go | 15 +++ 1 file changed, 15 insertions(+) diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index e243634547..ef1b42f657 100644 --- a/lxd/instance/drivers/driver_qemu.go +++ b/lxd/instance/drivers/driver_qemu.go @@ -794,6 +794,7 @@ func (vm *qemu) Start(stateful bool) error { } devConfs := make([]*deviceConfig.RunConfig, 0, len(vm.expandedDevices)) + postStartHooks := []func() error{} // Setup devices in sorted order, this ensures that device mounts are added in path order. for _, d := range vm.expandedDevices.Sorted() { @@ -817,6 +818,11 @@ func (vm *qemu) Start(stateful bool) error { } }) + // Add post-start hooks + if len(runConf.PostHooks) > 0 { + postStartHooks = append(postStartHooks, runConf.PostHooks...) + } + devConfs = append(devConfs, runConf) } @@ -1071,6 +1077,15 @@ func (vm *qemu) Start(stateful bool) error { return err } + // Run any post-start hooks. + err = vm.runHooks(postStartHooks) + if err != nil { + op.Done(err) + // Shut down the VM if hooks fail. + vm.Stop(false) + return err + } + // Database updates err = vm.state.Cluster.Transaction(func(tx *db.ClusterTx) error { // Record current state From 4cf11b2ad0224d859825f858be7e9fb8f3850d5b Mon Sep 17 00:00:00 2001 From: JLRDRAGON92000 Date: Thu, 10 Dec 2020 15:57:44 -0600 Subject: [PATCH 3/3] doc: update `proxy` doc to reflect VM support Signed-off-by: Jared Rankin --- doc/instances.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/instances.md b/doc/instances.md index dece79586a..9ef66151b9 100644 --- a/doc/instances.md +++ b/doc/instances.md @@ -766,7 +766,7 @@ mode| int | 0660 | no| Mode of the device in ### Type: proxy -Supported instance types: container +Supported instance types: container (`nat` and non-`nat` modes), VM (`nat` mode only) Proxy devices allow forwarding network connections between host and instance. This makes it possible to forward traffic hitting one of the host's ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Fix apparmor policy to allow snap ceph config access
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8239 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From acc09a9f09b307f4b02c4b0f43a8b24d32214575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Wed, 9 Dec 2020 17:58:07 -0500 Subject: [PATCH 1/2] doc/networks: Add missing escaping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- doc/networks.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/networks.md b/doc/networks.md index 55082dcc82..ccdc9c417d 100644 --- a/doc/networks.md +++ b/doc/networks.md @@ -330,4 +330,4 @@ ipv6.ovn.ranges | string| - | - ipv6.routes | string| ipv6 address | - | Comma separated list of additional IPv6 CIDR subnets that can be used with child OVN networks ipv6.routes.external setting ipv6.routes.anycast | boolean | ipv6 address | false | Allow the overlapping routes to be used on multiple networks/NIC at the same time. dns.nameservers | string| standard mode | - | List of DNS server IPs on physical network -ovn.ingress_mode| string| standard mode | l2proxy | Sets the method that OVN NIC external IPs will be advertised on uplink network. Either `l2proxy` (proxy ARP/NDP) or `routed`. +ovn.ingress\_mode | string| standard mode | l2proxy | Sets the method that OVN NIC external IPs will be advertised on uplink network. Either `l2proxy` (proxy ARP/NDP) or `routed`. From 6f3169e5d6aec32baa80955e1ea1f38bdced4cc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Thu, 10 Dec 2020 13:00:49 -0500 Subject: [PATCH 2/2] lxd/apparmor/qemu: Allow ceph snap paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/apparmor/instance_qemu.go | 4 1 file changed, 4 insertions(+) diff --git a/lxd/apparmor/instance_qemu.go b/lxd/apparmor/instance_qemu.go index 4f7e7104f0..deb3075960 100644 --- a/lxd/apparmor/instance_qemu.go +++ b/lxd/apparmor/instance_qemu.go @@ -69,6 +69,10 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) { /snap/lxd/*/bin/qemu* mrix, /snap/lxd/*/share/qemu/** kr, + # Snap-specific paths + /var/snap/lxd/common/ceph/** r, + {{ .rootPath }}/etc/ceph/** r, + # Snap-specific libraries /snap/lxd/*/lib/**.so*mr, {{- end }} ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Only add default route and SNAT rules to OVN router after adding external router port
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8238 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes log message "No path for static route 0.0.0.0/0; next hop n.n.n.n" when creating/editing network. Also only add default routes and SNAT rules if logical router has external IPs. Signed-off-by: Thomas Parrott From 55e2051f529070acd275e399771ffd1e719a9801 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 10 Dec 2020 16:04:38 + Subject: [PATCH] lxd/network/driver/ovn: Only add default route and SNAT rules to router after adding external router port Fixes log message "No path for static route 0.0.0.0/0; next hop n.n.n.n" when creating/editing network. Also only add default routes and SNAT rules if logical router has external IPs. Signed-off-by: Thomas Parrott --- lxd/network/driver_ovn.go | 60 +++ 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index 0c01386158..7b64b778c7 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -1499,36 +1499,6 @@ func (n *ovn) setup(update bool) error { // Configure logical router. - // Add default routes. - if uplinkNet.routerExtGwIPv4 != nil { - err = client.LogicalRouterRouteAdd(n.getRouterName(), {IP: net.IPv4zero, Mask: net.CIDRMask(0, 32)}, uplinkNet.routerExtGwIPv4, false) - if err != nil { - return errors.Wrapf(err, "Failed adding IPv4 default route") - } - } - - if uplinkNet.routerExtGwIPv6 != nil { - err = client.LogicalRouterRouteAdd(n.getRouterName(), {IP: net.IPv6zero, Mask: net.CIDRMask(0, 128)}, uplinkNet.routerExtGwIPv6, false) - if err != nil { - return errors.Wrapf(err, "Failed adding IPv6 default route") - } - } - - // Add SNAT rules. - if shared.IsTrue(n.config["ipv4.nat"]) && routerIntPortIPv4Net != nil && routerExtPortIPv4 != nil { - err = client.LogicalRouterSNATAdd(n.getRouterName(), routerIntPortIPv4Net, routerExtPortIPv4) - if err != nil { - return err - } - } - - if shared.IsTrue(n.config["ipv6.nat"]) && routerIntPortIPv6Net != nil && routerExtPortIPv6 != nil { - err = client.LogicalRouterSNATAdd(n.getRouterName(), routerIntPortIPv6Net, routerExtPortIPv6) - if err != nil { - return err - } - } - // Generate external router port IPs (in CIDR format). extRouterIPs := []*net.IPNet{} if routerExtPortIPv4Net != nil { @@ -1593,6 +1563,36 @@ func (n *ovn) setup(update bool) error { if err != nil { return errors.Wrapf(err, "Failed linking external switch provider port to external provider network") } + + // Add SNAT rules. + if shared.IsTrue(n.config["ipv4.nat"]) && routerIntPortIPv4Net != nil && routerExtPortIPv4 != nil { + err = client.LogicalRouterSNATAdd(n.getRouterName(), routerIntPortIPv4Net, routerExtPortIPv4) + if err != nil { + return err + } + } + + if shared.IsTrue(n.config["ipv6.nat"]) && routerIntPortIPv6Net != nil && routerExtPortIPv6 != nil { + err = client.LogicalRouterSNATAdd(n.getRouterName(), routerIntPortIPv6Net, routerExtPortIPv6) + if err != nil { + return err + } + } + + // Add default routes. + if uplinkNet.routerExtGwIPv4 != nil { + err = client.LogicalRouterRouteAdd(n.getRouterName(), {IP: net.IPv4zero, Mask: net.CIDRMask(0, 32)}, uplinkNet.routerExtGwIPv4, false) + if err != nil { + return errors.Wrapf(err, "Failed adding IPv4 default route") + } + } + + if uplinkNet.routerExtGwIPv6 != nil { + err = client.LogicalRouterRouteAdd(n.getRouterName(), {IP: net.IPv6zero, Mask: net.CIDRMask(0, 128)}, uplinkNet.routerExtGwIPv6, false) + if err != nil { + return errors.Wrapf(err, "Failed adding IPv6 default route") + } + } } // Create internal logical switch if not updating. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxcfs/master] proc_fuse: add /proc/slabinfo with slab accounting memcg
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxcfs/pull/440 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Feng Sun From 6cc153e698cc2f8e7cd356d0e6da1f89e8fa984e Mon Sep 17 00:00:00 2001 From: Feng Sun Date: Thu, 10 Dec 2020 17:30:54 +0800 Subject: [PATCH] proc_fuse: add /proc/slabinfo with slab accounting memcg Signed-off-by: Feng Sun --- README.md| 2 ++ src/api_extensions.h | 1 + src/bindings.h | 3 ++ src/cgroups/cgfsng.c | 17 + src/cgroups/cgroup.h | 4 ++- src/proc_fuse.c | 83 ++-- 6 files changed, 107 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3c638c3..54d3eab 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ such as: /proc/stat /proc/swaps /proc/uptime +/proc/slabinfo /sys/devices/system/cpu/online ``` @@ -98,6 +99,7 @@ docker run -it -m 256m --memory-swap 256m \ -v /var/lib/lxcfs/proc/stat:/proc/stat:rw \ -v /var/lib/lxcfs/proc/swaps:/proc/swaps:rw \ -v /var/lib/lxcfs/proc/uptime:/proc/uptime:rw \ + -v /var/lib/lxcfs/proc/slabinfo:/proc/slabinfo:rw \ ubuntu:18.04 /bin/bash ``` diff --git a/src/api_extensions.h b/src/api_extensions.h index a4ee0c1..9ee55da 100644 --- a/src/api_extensions.h +++ b/src/api_extensions.h @@ -22,6 +22,7 @@ static char *api_extensions[] = { "proc_stat", "proc_swaps", "proc_uptime", + "proc_slabinfo", "shared_pidns", "cpuview_daemon", "loadavg_daemon", diff --git a/src/bindings.h b/src/bindings.h index e260902..dc0c23e 100644 --- a/src/bindings.h +++ b/src/bindings.h @@ -62,6 +62,9 @@ enum lxcfs_virt_t { LXC_TYPE_PROC_LOADAVG, #define LXC_TYPE_PROC_LOADAVG_PATH "/proc/loadavg" + LXC_TYPE_PROC_SLABINFO, +#define LXC_TYPE_PROC_SLABINFO_PATH "/proc/slabinfo" + LXC_TYPE_SYS_DEVICES, LXC_TYPE_SYS_DEVICES_SYSTEM, LXC_TYPE_SYS_DEVICES_SYSTEM_CPU, diff --git a/src/cgroups/cgfsng.c b/src/cgroups/cgfsng.c index d772f25..f80785f 100644 --- a/src/cgroups/cgfsng.c +++ b/src/cgroups/cgfsng.c @@ -632,6 +632,22 @@ static int cgfsng_get_memory_swap_max(struct cgroup_ops *ops, return cgfsng_get_memory(ops, cgroup, "memory.swap.max", value); } +static int cgfsng_get_memory_slabinfo_fd(struct cgroup_ops *ops, const char *cgroup) +{ + __do_free char *path = NULL; + struct hierarchy *h; + + h = ops->get_hierarchy(ops, "memory"); + if (!h) + return -1; + + if (faccessat(h->fd, "memory.kmem.slabinfo", F_OK, 0)) + return -1; + + path = must_make_path_relative(cgroup, "memory.kmem.slabinfo", NULL); + return openat(h->fd, path, O_RDONLY | O_CLOEXEC | O_NOFOLLOW); +} + static bool cgfsng_can_use_swap(struct cgroup_ops *ops) { bool has_swap = false; @@ -1021,6 +1037,7 @@ struct cgroup_ops *cgfsng_ops_init(void) cgfsng_ops->get_memory_swap_max = cgfsng_get_memory_swap_max; cgfsng_ops->get_memory_current = cgfsng_get_memory_current; cgfsng_ops->get_memory_swap_current = cgfsng_get_memory_swap_current; + cgfsng_ops->get_memory_slabinfo_fd = cgfsng_get_memory_slabinfo_fd; cgfsng_ops->can_use_swap = cgfsng_can_use_swap; /* cpuset */ diff --git a/src/cgroups/cgroup.h b/src/cgroups/cgroup.h index f4b5d19..c9ea370 100644 --- a/src/cgroups/cgroup.h +++ b/src/cgroups/cgroup.h @@ -152,9 +152,11 @@ struct cgroup_ops { int (*get_memory_max)(struct cgroup_ops *ops, const char *cgroup, char **value); int (*get_memory_swappiness)(struct cgroup_ops *ops, const char *cgroup, - char **value); +char **value); int (*get_memory_swap_max)(struct cgroup_ops *ops, const char *cgroup, char **value); + int (*get_memory_slabinfo_fd)(struct cgroup_ops *ops, + const char *cgroup); bool (*can_use_swap)(struct cgroup_ops *ops); /* cpuset */ diff --git a/src/proc_fuse.c b/src/proc_fuse.c index 9bf963b..3cee526 100644 --- a/src/proc_fuse.c +++ b/src/proc_fuse.c @@ -102,7 +102,8 @@ __lxcfs_fuse_ops int proc_getattr(const char *path, struct stat *sb) strcmp(path, "/proc/stat") == 0 || strcmp(path, "/proc/diskstats") == 0 || strcmp(path, "/proc/swaps") == 0 || - strcmp(path, "/proc/loadavg") == 0) { + strcmp(path, "/proc/loadavg")
[lxc-devel] [lxd/master] Storage: Prevent modification of storage pool source property on non-pending members
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8235 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From e600777f0fa8f8a3ab4742da1490961e55d8f316 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 10 Dec 2020 09:53:01 + Subject: [PATCH 1/3] lxd/db/storage/pools: Comment wrapping Signed-off-by: Thomas Parrott --- lxd/db/storage_pools.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lxd/db/storage_pools.go b/lxd/db/storage_pools.go index 378e6547c5..b38d7a62f7 100644 --- a/lxd/db/storage_pools.go +++ b/lxd/db/storage_pools.go @@ -946,8 +946,7 @@ func (c *Cluster) FillMissingStoragePoolDriver() error { return err } -// StoragePoolNodeConfigKeys lists all storage pool config keys which are -// node-specific. +// StoragePoolNodeConfigKeys lists all storage pool config keys which are node-specific. var StoragePoolNodeConfigKeys = []string{ "size", "source", From ecd88221bd7a55a4c6e8b1286714e4309744dbef Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 10 Dec 2020 09:53:15 + Subject: [PATCH 2/3] lxd/storage/backend/lxd: Prevent modification of source field on non-pending nodes Signed-off-by: Thomas Parrott --- lxd/storage/backend_lxd.go | 6 ++ 1 file changed, 6 insertions(+) diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go index 184c6e8d6a..048d6728bd 100644 --- a/lxd/storage/backend_lxd.go +++ b/lxd/storage/backend_lxd.go @@ -223,6 +223,12 @@ func (b *lxdBackend) Update(clientType request.ClientType, newDesc string, newCo // Diff the configurations. changedConfig, userOnly := b.detectChangedConfig(b.db.Config, newConfig) + // Check if the pool source is being changed that the local state is still pending, otherwise prevent it. + _, sourceChanged := changedConfig["source"] + if sourceChanged && b.LocalStatus() != api.StoragePoolStatusPending { + return fmt.Errorf("Pool source cannot be changed when not in pending state") + } + // Apply changes to local node if not pending and non-user config changed. if len(changedConfig) != 0 && b.LocalStatus() != api.StoragePoolStatusPending && !userOnly { err = b.driver.Update(changedConfig) From 6404936c1516ebfc65614fd976ee2acaec2a4711 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Thu, 10 Dec 2020 09:53:35 + Subject: [PATCH 3/3] lxd/storage/drivers/driver/lvm: Comment typo Signed-off-by: Thomas Parrott --- lxd/storage/drivers/driver_lvm.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/storage/drivers/driver_lvm.go b/lxd/storage/drivers/driver_lvm.go index 8654f0053d..a6f375a9dc 100644 --- a/lxd/storage/drivers/driver_lvm.go +++ b/lxd/storage/drivers/driver_lvm.go @@ -356,7 +356,7 @@ func (d *lvm) Delete(op *operations.Operation) error { // Thin pool exists. if err == nil { // If thin pool is empty and the total VG volume count is 1 (our thin pool - // volume) then just remote the entire volume group. + // volume) then just remove the entire volume group. if thinVolCount == 0 && lvCount == 1 { removeVg = true } else if thinVolCount == 0 && lvCount > 1 { ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] lxd/device: Add support for bridge port isolation
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8234 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This is a preliminary pull request to discuss implementation of addition. From 9076661eccd4e6389d3bd795fca78a50cca83fb1 Mon Sep 17 00:00:00 2001 From: Matthew Anderson Date: Wed, 9 Dec 2020 15:28:42 -0600 Subject: [PATCH] lxd/device: Add support for bridge port isolation --- lxd/device/nic.go | 1 + lxd/device/nic_bridged.go | 9 + 2 files changed, 10 insertions(+) diff --git a/lxd/device/nic.go b/lxd/device/nic.go index 3aa3d164c2..133185b92b 100644 --- a/lxd/device/nic.go +++ b/lxd/device/nic.go @@ -21,6 +21,7 @@ func nicValidationRules(requiredFields []string, optionalFields []string) map[st "security.mac_filtering": validate.IsAny, "security.ipv4_filtering": validate.IsAny, "security.ipv6_filtering": validate.IsAny, + "security.port_isolation": validate.IsAny, "maas.subnet.ipv4":validate.IsAny, "maas.subnet.ipv6":validate.IsAny, "ipv4.address": validate.Optional(validate.IsNetworkAddressV4), diff --git a/lxd/device/nic_bridged.go b/lxd/device/nic_bridged.go index 8e43cdfbce..23d9bdbc60 100644 --- a/lxd/device/nic_bridged.go +++ b/lxd/device/nic_bridged.go @@ -64,6 +64,7 @@ func (d *nicBridged) validateConfig(instConf instance.ConfigReader) error { "security.mac_filtering", "security.ipv4_filtering", "security.ipv6_filtering", + "security.port_isolation", "maas.subnet.ipv4", "maas.subnet.ipv6", "boot.priority", @@ -309,6 +310,14 @@ func (d *nicBridged) Start() (*deviceConfig.RunConfig, error) { return nil, err } + // Attempt to enable port isolation + if !strings.HasPrefix(saveData["host_name"], "tunnel.") && shared.IsTrue(d.config["security.port_isolation"]) { + _, err = shared.RunCommand("bridge", "link", "set", "dev", saveData["host_name"], "isolated", "on") + if err != nil { + return nil, err + } + } + // Detech bridge type and setup VLAN settings on bridge port. if network.IsNativeBridge(d.config["parent"]) { err = d.setupNativeBridgePortVLANs(saveData["host_name"]) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [distrobuilder/master] sources/docker: Permit to use private docker registry with credentials
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/382 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This permits to creation LXD image from a docker image pulled by a private docker registry with a username and a password. Require master upstream of the docker-companion project. From 128bdfbbb7f5cf557dec76ed35e25ff4f86c2829 Mon Sep 17 00:00:00 2001 From: Daniele Rondina Date: Wed, 9 Dec 2020 19:51:02 +0100 Subject: [PATCH] sources/docker: Permit to use private docker registry with credentials Signed-off-by: Daniele Rondina --- sources/docker.go | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sources/docker.go b/sources/docker.go index da120a4..860cb59 100644 --- a/sources/docker.go +++ b/sources/docker.go @@ -26,7 +26,9 @@ func (d *DockerHTTP) Run(definition shared.Definition, rootfsDir string) error { // If DOCKER_REGISTRY_BASE is not set it's used default https://registry-1.docker.io return dcapi.DownloadAndUnpackImage(definition.Source.URL, absRootfsDir, { - RegistryBase: os.Getenv("DOCKER_REGISTRY_BASE"), - KeepLayers: false, + RegistryBase: os.Getenv("DOCKER_REGISTRY_BASE"), + RegistryUsername: os.Getenv("DOCKER_REGISTRY_BASE_USER"), + RegistryPassword: os.Getenv("DOCKER_REGISTRY_BASE_PASS"), + KeepLayers: false, }) } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] bin/test-lxd-ovn: Adds routed ingress anycast tests
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/214 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Parrott From 4888daacd0a6fcef92f8be2460070445277eb38a Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 18:20:04 + Subject: [PATCH] bin/test-lxd-ovn: Adds routed ingress anycast tests Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 28 ++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index 24d5f2c..6d904dc 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -151,13 +151,29 @@ lxc network create ovn-virtual-network --type=ovn --project testovn network=dumm ipv4.nat=false \ ipv6.nat=false -# Check network external subnet overlap. +# Check network external subnet overlap is prevented. ! lxc network create ovn-virtual-network2 --type=ovn --project default network=dummy \ ipv4.address=198.51.100.1/26 \ +ipv4.nat=false || false + +! lxc network create ovn-virtual-network2 --type=ovn --project default network=dummy \ ipv6.address=2001:db8:1:2::1/122 \ -ipv4.nat=false \ ipv6.nat=false || false +# Check network external subnet overlap check relaxation when uplink has anycast routed ingress mode enabled. +lxc network set dummy ovn.ingress_mode=routed ipv4.routes.anycast=true ipv6.routes.anycast=true --project default + +lxc network create ovn-virtual-network2 --type=ovn --project default network=dummy \ +ipv4.address=198.51.100.1/26 \ +ipv4.nat=false \ +ipv6.address=2001:db8:1:2::1/122 \ +ipv6.nat=false + +lxc network delete ovn-virtual-network2 --project default +lxc network unset dummy ovn.ingress_mode --project default +lxc network unset dummy ipv4.routes.anycast --project default +lxc network unset dummy ipv6.routes.anycast --project default + lxc init images:ubuntu/20.04 u1 --project testovn lxc config device add u1 eth0 nic network=ovn-virtual-network name=eth0 --project testovn @@ -206,7 +222,15 @@ lxc init images:ubuntu/20.04 u2 --project testovn lxc config device add u2 eth0 nic network=ovn-virtual-network name=eth0 --project testovn ! lxc config device set u2 eth0 ipv4.routes.external=198.51.100.1/32 --project testovn || false ! lxc config device set u2 eth0 ipv6.routes.external=2001:db8:1:2::1/128 --project testovn || false + +# Check NIC external route overlap check relaxation when uplink has anycast routed ingress mode enabled. +lxc network set dummy ovn.ingress_mode=routed ipv4.routes.anycast=true ipv6.routes.anycast=true --project default +lxc config device set u2 eth0 ipv4.routes.external=198.51.100.1/32 --project testovn +lxc config device set u2 eth0 ipv6.routes.external=2001:db8:1:2::1/128 --project testovn lxc delete -f u2 --project testovn +lxc network unset dummy ovn.ingress_mode --project default +lxc network unset dummy ipv4.routes.anycast --project default +lxc network unset dummy ipv6.routes.anycast --project default # Check DNAT rules get added when starting instance port with external routes. lxc start u1 --project testovn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [pylxd/master] don't depend CI jobs
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/436 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Alberto Donato From 5e6dfd30be4423a384aa927ff3751ea02c7a06ad Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Wed, 9 Dec 2020 14:00:25 +0100 Subject: [PATCH] don't depend CI jobs Signed-off-by: Alberto Donato --- .github/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e0221157..f3cee93e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,7 +29,6 @@ jobs: tox -e lint test: -needs: lint runs-on: ubuntu-latest strategy: matrix: ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Adds ipv4.routes.anycast and ipv6.routes.anycast settings to physical networks
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8233 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Adds `ipv4.routes.anycast` and `ipv6.routes.anycast` boolean settings for `physical` networks. Defaults to false. Allows OVN networks using physical network as uplink to relax external subnet/route overlap detection when used with `ovn.ingress_mode=routed`. From 3bff5fac1e39e625ace73878bf4c182e6fb2f2dd Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 17:29:07 + Subject: [PATCH 1/6] doc/networks: Adds ipv4.routes.anycast and ipv6.routes.anycast to physical networks Signed-off-by: Thomas Parrott --- doc/networks.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/networks.md b/doc/networks.md index 8877835e70..55082dcc82 100644 --- a/doc/networks.md +++ b/doc/networks.md @@ -324,8 +324,10 @@ vlan| integer | - | - ipv4.gateway| string| standard mode | - | IPv4 address for the gateway and network (CIDR notation) ipv4.ovn.ranges | string| - | - | Comma separate list of IPv4 ranges to use for child OVN network routers (FIRST-LAST format) ipv4.routes | string| ipv4 address | - | Comma separated list of additional IPv4 CIDR subnets that can be used with child OVN networks ipv4.routes.external setting +ipv4.routes.anycast | boolean | ipv4 address | false | Allow the overlapping routes to be used on multiple networks/NIC at the same time. ipv6.gateway| string| standard mode | - | IPv6 address for the gateway and network (CIDR notation) ipv6.ovn.ranges | string| - | - | Comma separate list of IPv6 ranges to use for child OVN network routers (FIRST-LAST format) ipv6.routes | string| ipv6 address | - | Comma separated list of additional IPv6 CIDR subnets that can be used with child OVN networks ipv6.routes.external setting +ipv6.routes.anycast | boolean | ipv6 address | false | Allow the overlapping routes to be used on multiple networks/NIC at the same time. dns.nameservers | string| standard mode | - | List of DNS server IPs on physical network ovn.ingress_mode| string| standard mode | l2proxy | Sets the method that OVN NIC external IPs will be advertised on uplink network. Either `l2proxy` (proxy ARP/NDP) or `routed`. From 33ac2d80492c9efd3ab433c60dff755f607fd3e9 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 17:30:09 + Subject: [PATCH 2/6] lxd/network/driver/physical: Adds ipv4.routes.anycast and ipv6.routes.anycast options Signed-off-by: Thomas Parrott --- lxd/network/driver_physical.go | 26 ++ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/lxd/network/driver_physical.go b/lxd/network/driver_physical.go index 99a8be7f11..6cf8bd31e1 100644 --- a/lxd/network/driver_physical.go +++ b/lxd/network/driver_physical.go @@ -34,18 +34,20 @@ func (n *physical) DBType() db.NetworkType { // Validate network config. func (n *physical) Validate(config map[string]string) error { rules := map[string]func(value string) error{ - "parent": validate.Required(validate.IsNotEmpty, validInterfaceName), - "mtu": validate.Optional(validate.IsNetworkMTU), - "vlan": validate.Optional(validate.IsNetworkVLAN), - "maas.subnet.ipv4": validate.IsAny, - "maas.subnet.ipv6": validate.IsAny, - "ipv4.gateway": validate.Optional(validate.IsNetworkAddressCIDRV4), - "ipv6.gateway": validate.Optional(validate.IsNetworkAddressCIDRV6), - "ipv4.ovn.ranges": validate.Optional(validate.IsNetworkRangeV4List), - "ipv6.ovn.ranges": validate.Optional(validate.IsNetworkRangeV6List), - "ipv4.routes": validate.Optional(validate.IsNetworkV4List), - "ipv6.routes": validate.Optional(validate.IsNetworkV6List), - "dns.nameservers": validate.Optional(validate.IsNetworkAddressList), + "parent": validate.Required(validate.IsNotEmpty, validInterfaceName), +
[lxc-devel] [python3-lxc/master] Allows setting of multiple network devices at creation.
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/python3-lxc/pull/24 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === [Work in progress PR] Fixes [#17 ](https://github.com/lxc/python3-lxc/issues/17) > Crash when attempting to set multiple network devices using Python bindings during container creation. Changes: `ContainerNetworkList.__getitem__()' will create a new network by calling 'ContainerNetworkList.add()' if the requested index is not in bounds. Signed-off-by: Michael Satanovsky michael.satanov...@gmail.com From e480c63805d7f8a8cad2762fa9a2b7f5b3a8c730 Mon Sep 17 00:00:00 2001 From: Michael Satanovsky Date: Wed, 9 Dec 2020 08:00:32 -0800 Subject: [PATCH 1/2] Added logic to add new network device when needed. --- lxc/__init__.py | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lxc/__init__.py b/lxc/__init__.py index 8c51f70..c45e292 100644 --- a/lxc/__init__.py +++ b/lxc/__init__.py @@ -118,8 +118,12 @@ def __init__(self, container): self.container = container def __getitem__(self, index): +print("getting item") if index >= len(self): -raise IndexError("list index out of range") + +# If index of network is out of bounds, create a new network. +print("Network index out of range. Creating new network at index %d." % index) +self.add("temp_type") return ContainerNetwork(self.container, index) @@ -130,6 +134,7 @@ def __len__(self): values = None if values: +#print(values) return len(values) else: return 0 From faad5b1de8d612a0f3bd3d12ea8a30d361842d2f Mon Sep 17 00:00:00 2001 From: Michael Satanovsky Date: Wed, 9 Dec 2020 08:02:50 -0800 Subject: [PATCH 2/2] Got rid of some extraneous lines --- lxc/__init__.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/lxc/__init__.py b/lxc/__init__.py index c45e292..957d7df 100644 --- a/lxc/__init__.py +++ b/lxc/__init__.py @@ -118,7 +118,6 @@ def __init__(self, container): self.container = container def __getitem__(self, index): -print("getting item") if index >= len(self): # If index of network is out of bounds, create a new network. @@ -134,7 +133,6 @@ def __len__(self): values = None if values: -#print(values) return len(values) else: return 0 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] jenkins/jobs: Remove Fedora 31 (EOL)
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/213 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 29e83e94dfc4e3bf81831a7ed5aeea0254383c07 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Wed, 9 Dec 2020 16:54:38 +0100 Subject: [PATCH] jenkins/jobs: Remove Fedora 31 (EOL) Signed-off-by: Thomas Hipp --- jenkins/jobs/image-fedora.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/jenkins/jobs/image-fedora.yaml b/jenkins/jobs/image-fedora.yaml index 5d585f1..285ed83 100644 --- a/jenkins/jobs/image-fedora.yaml +++ b/jenkins/jobs/image-fedora.yaml @@ -20,7 +20,6 @@ name: release type: user-defined values: -- 31 - 32 - 33 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] doc/networks: Mention DNSSEC setting
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8231 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Closes #8230 Signed-off-by: Stéphane Graber From db9c2eeeb56da9d393412ba4f2ffbb744ad6752b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Wed, 9 Dec 2020 10:25:59 -0500 Subject: [PATCH] doc/networks: Mention DNSSEC setting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #8230 Signed-off-by: Stéphane Graber --- doc/networks.md | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/networks.md b/doc/networks.md index 3b7b268843..87f9fb5bb2 100644 --- a/doc/networks.md +++ b/doc/networks.md @@ -118,7 +118,6 @@ lxc network set ``` ### Integration with systemd-resolved - If the system running LXD uses systemd-resolved to perform DNS lookups, it's possible to notify resolved of the domain(s) that LXD is able to resolve. This requires telling resolved the @@ -159,6 +158,10 @@ exists, so you must repeat this command each reboot and after LXD is restarted. Also note this only works if the bridge `dns.mode` is not `none`. +Note that depending on the `dns.domain` used, you may need to disable +DNSSEC in resolved to allow for DNS resolution. This can be done through +the `DNSSEC` option in `resolved.conf`. + ### IPv6 prefix size For optimal operation, a prefix size of 64 is preferred. Larger subnets (prefix smaller than 64) should work properly too but ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] bin/test-lxd-ovn: Adds tests for DHCP disabling
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/212 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Depends on https://github.com/lxc/lxd/pull/8229 Signed-off-by: Thomas Parrott From b31002fe874776978df7c7cd6b51860216311506 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 15:18:49 + Subject: [PATCH] bin/test-lxd-ovn: Adds tests for DHCP disabling Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 13 + 1 file changed, 13 insertions(+) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index f5cbc92..b01a3a9 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -240,6 +240,19 @@ if [ "$natRulesBefore" -ne "$natRulesAfter" ]; then fi lxc delete -f u1 --project testovn +lxc network unset dummy ovn.ingress_mode + +# Set custom domain to allow identification of DHCP options. +lxc network set ovn-virtual-network dns.domain=testdhcp --project testovn + +# Look for DHCP options mentioning our testdhcp domain name, there should be two. +sudo ovn-nbctl --format=csv --no-headings --data=bare --colum=_uuid,options find dhcp_options | grep testdhcp | wc -l | grep 2 + +# Check DHCP can be disabled. +lxc network set ovn-virtual-network ipv4.dhcp=false ipv6.dhcp=false --project testovn + +# Look for DHCP options mentioning our testdhcp domain name, there shouldn't be any. +sudo ovn-nbctl --format=csv --no-headings --data=bare --colum=_uuid,options find dhcp_options | grep testdhcp | wc -l | grep 0 lxc network delete ovn-virtual-network --project testovn lxc image delete "${FINGERPRINT}" --project testovn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] Change ownership of pylxd
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/211 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 1f29bdb8e7ad0dfceca49f518d800e9bfc2c62fd Mon Sep 17 00:00:00 2001 From: Adam Collard Date: Wed, 9 Dec 2020 15:17:27 + Subject: [PATCH] Change ownership of pylxd --- jenkins/includes/admins/pylxd.yaml.inc | 11 +-- 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/jenkins/includes/admins/pylxd.yaml.inc b/jenkins/includes/admins/pylxd.yaml.inc index 203700c..ee40900 100644 --- a/jenkins/includes/admins/pylxd.yaml.inc +++ b/jenkins/includes/admins/pylxd.yaml.inc @@ -1,7 +1,6 @@ -- ajkavanagh -- ChrisMacNaughton -- hallyn -- javacruft -- rockstar +- albertodonato +- bjornt +- d0ugal +- ltrager +- sparkiegeek - stgraber -- zulcss ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: Adds ipv4.dhcp and ipv6.dhcp settings for OVN networks
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8229 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Allows DHCP/RA to be disabled. From 19b1f4ea200277bbcb3519e4ec630bee769b7156 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 13:58:55 + Subject: [PATCH 1/7] lxd/network/openvswitch/ovn: Exports LogicalSwitchDHCPOptionsDelete and adds optional UUID filter for deletion Signed-off-by: Thomas Parrott --- lxd/network/openvswitch/ovn.go | 29 +++-- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/lxd/network/openvswitch/ovn.go b/lxd/network/openvswitch/ovn.go index 643e6d7047..d7ad3079ee 100644 --- a/lxd/network/openvswitch/ovn.go +++ b/lxd/network/openvswitch/ovn.go @@ -325,7 +325,7 @@ func (o *OVN) LogicalSwitchDelete(switchName OVNSwitch) error { return err } - err = o.logicalSwitchDHCPOptionsDelete(switchName) + err = o.LogicalSwitchDHCPOptionsDelete(switchName) if err != nil { return err } @@ -549,8 +549,9 @@ func (o *OVN) LogicalSwitchDHCPOptionsGet(switchName OVNSwitch) ([]OVNDHCPOptsSe return dhcpOpts, nil } -// logicalSwitchDHCPOptionsDelete deletes any DHCP options defined for a switch. -func (o *OVN) logicalSwitchDHCPOptionsDelete(switchName OVNSwitch) error { +// LogicalSwitchDHCPOptionsDelete deletes any DHCP options defined for a switch. +// Optionally accepts one or more specific UUID records to delete (if they are associated to the specified switch). +func (o *OVN) LogicalSwitchDHCPOptionsDelete(switchName OVNSwitch, onlyUUID ...string) error { existingOpts, err := o.nbctl("--format=csv", "--no-headings", "--data=bare", "--colum=_uuid", "find", "dhcp_options", fmt.Sprintf("external_ids:lxd_switch=%s", string(switchName)), ) @@ -558,12 +559,28 @@ func (o *OVN) logicalSwitchDHCPOptionsDelete(switchName OVNSwitch) error { return err } + shouldDelete := func(existingUUID string) bool { + if len(onlyUUID) <= 0 { + return true // Delete all records if no UUID filter supplied. + } + + for _, uuid := range onlyUUID { + if existingUUID == uuid { + return true + } + } + + return false + } + existingOpts = strings.TrimSpace(existingOpts) if existingOpts != "" { for _, uuid := range strings.Split(existingOpts, "\n") { - _, err = o.nbctl("destroy", "dhcp_options", uuid) - if err != nil { - return err + if shouldDelete(uuid) { + _, err = o.nbctl("destroy", "dhcp_options", uuid) + if err != nil { + return err + } } } } From f893eb22808c247ac88fe0051bc53b91fc66dae8 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 14:02:45 + Subject: [PATCH 2/7] lxc/network/driver/ovn: Adds ipv4.dhcp and ipv6.dhcp boolean settings Signed-off-by: Thomas Parrott --- lxd/network/driver_ovn.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index dc7668e853..4723a8445f 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -180,6 +180,7 @@ func (n *ovn) Validate(config map[string]string) error { return validate.Optional(validate.IsNetworkAddressCIDRV4)(value) }, + "ipv4.dhcp": validate.Optional(validate.IsBool), "ipv6.address": func(value string) error { if validate.IsOneOf(value, []string{"none", "auto"}) == nil { return nil @@ -187,6 +188,7 @@ func (n *ovn) Validate(config map[string]string) error { return validate.Optional(validate.IsNetworkAddressCIDRV6)(value) }, + "ipv6.dhcp": validate.Optional(validate.IsBool), "ipv6.dhcp.stateful": validate.Optional(validate.IsBool), "ipv4.nat": validate.Optional(validate.IsBool), "ipv6.nat": validate.Optional(validate.IsBool), From 9067bf591633532827a2708cccdc3d779f92c7cc Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9
[lxc-devel] [pylxd/master] fix CI badge
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/435 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Alberto Donato From cb1179210b781204511f6b3ceae5f2e56da414a8 Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Wed, 9 Dec 2020 14:00:25 +0100 Subject: [PATCH] fix CI badge Signed-off-by: Alberto Donato --- .gitreview | 4 README.rst | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) delete mode 100644 .gitreview diff --git a/.gitreview b/.gitreview deleted file mode 100644 index d86ee7b6.. --- a/.gitreview +++ /dev/null @@ -1,4 +0,0 @@ -[gerrit] -host=review.openstack.org -port=29418 -project=openstack/pylxd.git \ No newline at end of file diff --git a/README.rst b/README.rst index 4248072f..48c215f2 100644 --- a/README.rst +++ b/README.rst @@ -3,8 +3,8 @@ pylxd .. image:: http://img.shields.io/pypi/v/pylxd.svg :target: https://pypi.python.org/pypi/pylxd -.. image:: https://travis-ci.org/lxc/pylxd.svg?branch=master -:target: https://travis-ci.org/lxc/pylxd +.. image:: https://github.com/lxc/pylxd/workflows/CI%20tests/badge.svg +:target: https://github.com/lxc/pylxd/actions?query=workflow%3A%22CI+tests%22 .. image:: https://codecov.io/github/lxc/pylxd/coverage.svg?branch=master :target: https://codecov.io/github/lxc/pylxd .. image:: https://readthedocs.org/projects/docs/badge/?version=latest ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] Network: Adds OVN routed ingress mode tests
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/210 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Depends on https://github.com/lxc/lxd/pull/8226 From 5f02b017fdb125fe27992f6808c021e2ab7ae896 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 10:53:08 + Subject: [PATCH 1/4] bin/test-lxd-ovn: Adds external routes allowed check Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index f011144..d16729d 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -177,9 +177,13 @@ lxc network set ovn-virtual-network --project testovn \ ipv4.nat=true \ ipv6.nat=true -# Check external routes are ensured to be within uplink's external routes. +# Check external routes are not too big (when using l2proxy uplink ingress mode). ! lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/24 --project testovn || false ! lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/64 --project testovn || false + +# Check external routes are ensured to be within uplink's external routes. +! lxc config device set u1 eth0 ipv4.routes.external=203.0.113.0/26 --project testovn || false +! lxc config device set u1 eth0 ipv6.routes.external=2001:db8:2:2::/122 --project testovn || false lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/26 --project testovn lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/122 --project testovn From 32ad6cdfae2edfb7875bd9f84448ff3d576fe13d Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 11:09:41 + Subject: [PATCH 2/4] bin/test-lxd-ovn: Typo Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index d16729d..0a50dca 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -132,7 +132,7 @@ lxc network create ovn-virtual-network network=lxdbr0 --project testovn lxc network delete ovn-virtual-network --project testovn lxc network delete lxdbr1 --project default -# Test physical uplink with external IPs +# Test physical uplink with external IPs. ip link add dummy0 type dummy lxc network create dummy --type=physical --project default \ parent=dummy0 \ From 043d77f45a43b6017f36efb0fc9e70c14648aba9 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 11:09:55 + Subject: [PATCH 3/4] bin/test-lxd-ovn: Add NAT rule cleanup checks Signed-off-by: Thomas Parrott --- bin/test-lxd-ovn | 22 ++ 1 file changed, 22 insertions(+) diff --git a/bin/test-lxd-ovn b/bin/test-lxd-ovn index 0a50dca..18f2d33 100755 --- a/bin/test-lxd-ovn +++ b/bin/test-lxd-ovn @@ -160,6 +160,10 @@ lxc network create ovn-virtual-network --type=ovn --project testovn network=dumm lxc init images:ubuntu/20.04 u1 --project testovn lxc config device add u1 eth0 nic network=ovn-virtual-network name=eth0 --project testovn + +# Record NAT rules count before u1 started. +natRulesBefore=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l) + lxc start u1 --project testovn # Test external IPs allocated and published using dnat. @@ -170,6 +174,13 @@ ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | gr ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | grep "${U1_EXT_IPV6},${U1_EXT_IPV6},dnat_and_snat" lxc stop -f u1 --project testovn +# Check NAT rules got cleaned up. +natRulesAfter=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l) +if [ "$natRulesBefore" -ne "$natRulesAfter" ]; then +echo "NAT rules left over. Started with ${natRulesBefore} now have ${natRulesAfter}" +false +fi + # Test external IPs routed to OVN NIC. lxc network set ovn-virtual-network --project testovn \ ipv4.address=auto \ @@ -177,6 +188,9 @@ lxc network set ovn-virtual-network --project testovn \ ipv4.nat=true \ ipv6.nat=true +# Record NAT rules count before u1 started again. +natRulesBefore=$(ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l) + # Check external routes are not too big (when using l2proxy uplink ingress mode). ! lxc config device set u1 eth0 ipv4.routes.external=198.51.100.0/24 --project testovn || false ! lxc config device set u1 eth0 ipv6.routes.external=2001:db8:1:2::/64 --project testovn || false @@ -204,6 +218,14 @@ ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | gr ovn-nbctl --bare --format=csv --column=external_ip,logical_ip,type find nat | wc -l | grep 132 lxc delete -f u1 --project tes
[lxc-devel] [pylxd/master] run lint as a separate job
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/434 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Alberto Donato From e850c042ad84fc5d5982605b83da1df604bd5690 Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Wed, 9 Dec 2020 12:41:31 +0100 Subject: [PATCH] run lint as a separate job Signed-off-by: Alberto Donato --- .github/workflows/{unittest.yml => ci.yml} | 41 +- 1 file changed, 24 insertions(+), 17 deletions(-) rename .github/workflows/{unittest.yml => ci.yml} (55%) diff --git a/.github/workflows/unittest.yml b/.github/workflows/ci.yml similarity index 55% rename from .github/workflows/unittest.yml rename to .github/workflows/ci.yml index 13318056..f3cee93e 100644 --- a/.github/workflows/unittest.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: Unit tests +name: CI tests on: push: @@ -9,7 +9,26 @@ on: - master jobs: - run: + lint: +runs-on: ubuntu-latest +steps: +- name: Repository checkout + uses: actions/checkout@v2 + +- name: Set up Python + uses: actions/setup-python@v2 + with: +python-version: "3.6" + +- name: Install dependencies + run: | +pip install --upgrade pip tox + +- name: Lint + run: | +tox -e lint + + test: runs-on: ubuntu-latest strategy: matrix: @@ -21,27 +40,15 @@ jobs: - name: Repository checkout uses: actions/checkout@v2 -- name: Set up Python ${{ matrix.python-version }} +- name: Set up Python uses: actions/setup-python@v2 with: python-version: ${{ matrix.python-version }} -- name: Cache packages - uses: actions/cache@v2 - with: -path: ~/.cache/pip -# Look to see if there is a cache hit for the corresponding requirements file -key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }} -restore-keys: | - ${{ runner.os }}-pip- - ${{ runner.os }}- - name: Install dependencies run: | -pip install --upgrade pip -pip install tox codecov -- name: Lint - run: | -tox -e lint +pip install --upgrade pip tox codecov + - name: Test run: | tox -e py ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Update backup file when deleting a snapshot
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8228 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes https://github.com/lxc/lxd/issues/8227 Signed-off-by: David Munro From 89f27374793bfeb1d23faee0a36526721af57958 Mon Sep 17 00:00:00 2001 From: feileacan <54381366+feilea...@users.noreply.github.com> Date: Wed, 9 Dec 2020 22:08:41 +1100 Subject: [PATCH] Update backup file when deleting a snapshot Fixes https://github.com/lxc/lxd/issues/8227 --- lxd/instance/drivers/driver_lxc.go | 4 1 file changed, 4 insertions(+) diff --git a/lxd/instance/drivers/driver_lxc.go b/lxd/instance/drivers/driver_lxc.go index 9b1f3dd757..b24abcf9aa 100644 --- a/lxd/instance/drivers/driver_lxc.go +++ b/lxd/instance/drivers/driver_lxc.go @@ -3397,6 +3397,10 @@ func (d *lxc) Delete(force bool) error { if err != nil { return err } + err = c.UpdateBackupFile() + if err != nil { + return err + } } } else { // Remove all snapshots by initialising each snapshot as an Instance and ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Network: OVN Ingress mode
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8226 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Add `ovn.ingress_mode` (either `l2proxy` (default) or `routed`) on `physical` networks to allow OVN NICs to change the way they advertise their external IPs on the uplink network. From 4ec52f656bb1c178a38f1bcffb489f12ad644a10 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 09:24:48 + Subject: [PATCH 1/7] lxd/network/driver/ovn: Improve error message Signed-off-by: Thomas Parrott --- lxd/network/driver_ovn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go index e222099fee..3dc4db91bb 100644 --- a/lxd/network/driver_ovn.go +++ b/lxd/network/driver_ovn.go @@ -1411,7 +1411,7 @@ func (n *ovn) setup(update bool) error { err := n.state.Cluster.Transaction(func(tx *db.ClusterTx) error { err = tx.UpdateNetwork(n.id, n.description, n.config) if err != nil { - return errors.Wrapf(err, "Failed saving optimal bridge MTU") + return errors.Wrapf(err, "Failed saving updated network config") } return nil From 7cbdd62e06db2b2758a4d2b7ad620722fdc3f719 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Wed, 9 Dec 2020 10:04:37 + Subject: [PATCH 2/7] lxd/network/driver/physical: Adds ovn.ingress_mode config key Allows specifying how external OVN NIC IPs are advertised to the uplink; either "l2proxy" (default) or "routed". Signed-off-by: Thomas Parrott --- lxd/network/driver_physical.go | 27 +++ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/lxd/network/driver_physical.go b/lxd/network/driver_physical.go index 19d0001a57..99a8be7f11 100644 --- a/lxd/network/driver_physical.go +++ b/lxd/network/driver_physical.go @@ -34,18 +34,21 @@ func (n *physical) DBType() db.NetworkType { // Validate network config. func (n *physical) Validate(config map[string]string) error { rules := map[string]func(value string) error{ - "parent": validate.Required(validate.IsNotEmpty, validInterfaceName), - "mtu": validate.Optional(validate.IsNetworkMTU), - "vlan": validate.Optional(validate.IsNetworkVLAN), - "maas.subnet.ipv4":validate.IsAny, - "maas.subnet.ipv6":validate.IsAny, - "ipv4.gateway": validate.Optional(validate.IsNetworkAddressCIDRV4), - "ipv6.gateway": validate.Optional(validate.IsNetworkAddressCIDRV6), - "ipv4.ovn.ranges": validate.Optional(validate.IsNetworkRangeV4List), - "ipv6.ovn.ranges": validate.Optional(validate.IsNetworkRangeV6List), - "ipv4.routes": validate.Optional(validate.IsNetworkV4List), - "ipv6.routes": validate.Optional(validate.IsNetworkV6List), - "dns.nameservers": validate.Optional(validate.IsNetworkAddressList), + "parent": validate.Required(validate.IsNotEmpty, validInterfaceName), + "mtu": validate.Optional(validate.IsNetworkMTU), + "vlan": validate.Optional(validate.IsNetworkVLAN), + "maas.subnet.ipv4": validate.IsAny, + "maas.subnet.ipv6": validate.IsAny, + "ipv4.gateway": validate.Optional(validate.IsNetworkAddressCIDRV4), + "ipv6.gateway": validate.Optional(validate.IsNetworkAddressCIDRV6), + "ipv4.ovn.ranges": validate.Optional(validate.IsNetworkRangeV4List), + "ipv6.ovn.ranges": validate.Optional(validate.IsNetworkRangeV6List), + "ipv4.routes": validate.Optional(validate.IsNetworkV4List), + "ipv6.routes": validate.Optional(validate.IsNetworkV6List), + "dns.nameservers": validate.Optional(validate.IsNetworkAddressList), + "ovn.ingress_mode": validate.Optional(func(value string) error { + return validate.IsOneOf(value, []string{"l2proxy", "routed"}) + }), "volatile.last_state.created": validate.Optional(valid
[lxc-devel] [pylxd/master] configure github actions
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/433 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Github actions test - DON'T MERGE YET From 397bde20ca16ec8d1d786c095903a15db2e63f66 Mon Sep 17 00:00:00 2001 From: Alberto Donato Date: Wed, 9 Dec 2020 08:34:13 +0100 Subject: [PATCH] configure github actions --- .github/workflows | 52 +++ 1 file changed, 52 insertions(+) create mode 100644 .github/workflows diff --git a/.github/workflows b/.github/workflows new file mode 100644 index ..defb80b0 --- /dev/null +++ b/.github/workflows @@ -0,0 +1,52 @@ +# -*- mode: yaml -*- + +name: PyLXD + +on: + push: +branches: + - main + pull_request: +branches: + - main + +jobs: + build: + +runs-on: ubuntu-latest +strategy: + matrix: +python-version: + - "3.6" + - "3.7" + - "3.8" + +steps: +- name: Repository checkout + uses: actions/checkout@v2 + +- name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v2 + with: +python-version: ${{ matrix.python-version }} + +- name: Cache packages + uses: actions/cache@v2 + with: +path: ~/.cache/pip +# Look to see if there is a cache hit for the corresponding requirements file +key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }} + restore-keys: | +${{ runner.os }}-pip- +${{ runner.os }}- +- name: Install dependencies + run: | +pip install --upgrade pip +pip install tox codecov +- name: Lint + run: | +tox -e lint +- name: Test + run: | +tox -e py +codecov ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] Restore interfaces to the correct namespace on error
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3596 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === If the container unexpectedly exists we may need to restore physical interfaces back into the main namespace in a tidy way. Signed-off-by: Blair Steven From abd953eb5120b8a5fd4c97634ba01305ec6e1f3b Mon Sep 17 00:00:00 2001 From: Blair Steven Date: Wed, 9 Dec 2020 11:23:39 +1300 Subject: [PATCH] Restore interfaces to the correct namespace on error If the container unexpectedly exists we may need to restore physical interfaces back into the main namespace in a tidy way. Signed-off-by: Blair Steven --- src/lxc/start.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 7bf7f8a2fb..863ae123b3 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -2144,6 +2144,7 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops, out_delete_network: lxc_abort(handler); + lxc_restore_phys_nics_to_netns(handler); lxc_delete_network(handler); detach_block_device(handler->conf); lxc_end(handler); ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [distrobuilder/master] sources/openwrt: Use fallback image if necessary
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/381 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 4eed9c1197d39fb2f054c18425dfd41599c34d53 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Tue, 8 Dec 2020 17:46:40 +0100 Subject: [PATCH] sources/openwrt: Use fallback image if necessary Signed-off-by: Thomas Hipp --- sources/openwrt-http.go | 12 1 file changed, 12 insertions(+) diff --git a/sources/openwrt-http.go b/sources/openwrt-http.go index 4093f50..d40de2e 100644 --- a/sources/openwrt-http.go +++ b/sources/openwrt-http.go @@ -68,6 +68,18 @@ func (s *OpenWrtHTTP) Run(definition shared.Definition, rootfsDir string) error strings.Replace(definition.Image.ArchitectureMapped, "_", "-", 1)) } + resp, err := http.Head(baseURL) + if err != nil { + return err + } + + // Use fallback image "generic" + if resp.StatusCode == http.StatusNotFound && definition.Image.ArchitectureMapped == "x86_64" { + baseURL = strings.ReplaceAll(baseURL, "x86/64", "x86/generic") + baseURL = strings.ReplaceAll(baseURL, "x86-64", "x86-generic") + fname = strings.ReplaceAll(fname, "x86-64", "x86-generic") + } + url, err := url.Parse(baseURL) if err != nil { return err ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] bin/test-lxd-vm: Adds ceph support and uses random pool name
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/209 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Depends on https://github.com/lxc/lxd/pull/8225 Signed-off-by: Thomas Parrott From f358834e4a7820e12f51d4022abaa6ec86379a0a Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 8 Dec 2020 16:30:43 + Subject: [PATCH] bin/test-lxd-vm: Adds ceph support and uses random pool name Signed-off-by: Thomas Parrott --- bin/test-lxd-vm | 46 +- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/bin/test-lxd-vm b/bin/test-lxd-vm index b02715d..6fe72d1 100755 --- a/bin/test-lxd-vm +++ b/bin/test-lxd-vm @@ -12,7 +12,7 @@ cleanup() { exit 0 } -poolDriverList="${1:-dir btrfs lvm zfs}" +poolDriverList="${1:-dir btrfs lvm zfs ceph}" FAIL=1 trap cleanup EXIT HUP INT TERM @@ -39,17 +39,21 @@ lxd waitready --timeout=300 lxc network create lxdbr0 lxc profile device add default eth0 nic network=lxdbr0 +poolName="vmpool$$" + for poolDriver in $poolDriverList do echo "==> Create storage pool using driver ${poolDriver}" if [ "${poolDriver}" = "dir" ]; then -lxc storage create vmpool "${poolDriver}" +lxc storage create "${poolName}" "${poolDriver}" +elif [ "${poolDriver}" = "ceph" ]; then +lxc storage create "${poolName}" "${poolDriver}" source="${poolName}" else -lxc storage create vmpool "${poolDriver}" size=20GB +lxc storage create "${poolName}" "${poolDriver}" size=20GB fi echo "==> Create VM and boot" -lxc init images:ubuntu/20.04/cloud v1 --vm -s vmpool +lxc init images:ubuntu/20.04/cloud v1 --vm -s "${poolName}" lxc start v1 sleep 60 lxc info v1 @@ -74,8 +78,8 @@ do lxc delete -f v1 echo "==> Change volume.size on pool and create VM" -lxc storage set vmpool volume.size 6GB -lxc init images:ubuntu/20.04/cloud v1 --vm -s vmpool +lxc storage set "${poolName}" volume.size 6GB +lxc init images:ubuntu/20.04/cloud v1 --vm -s "${poolName}" lxc start v1 sleep 60 lxc info v1 @@ -85,12 +89,12 @@ do echo "==> Deleting VM and reset pool volume.size" lxc delete -f v1 -lxc storage unset vmpool volume.size +lxc storage unset "${poolName}" volume.size if [ "${poolDriver}" = "lvm" ]; then echo "==> Change volume.block.filesystem on pool and create VM" -lxc storage set vmpool volume.block.filesystem xfs -lxc init images:ubuntu/20.04/cloud v1 --vm -s vmpool +lxc storage set "${poolName}" volume.block.filesystem xfs +lxc init images:ubuntu/20.04/cloud v1 --vm -s "${poolName}" lxc start v1 sleep 60 lxc info v1 @@ -101,12 +105,12 @@ do echo "==> Deleting VM" lxc delete -f v1 -lxc storage unset vmpool volume.block.filesystem +lxc storage unset "${poolName}" volume.block.filesystem fi echo "==> Create VM from profile with small disk size" lxc profile copy default vmsmall -lxc profile device add vmsmall root disk pool=vmpool path=/ size=7GB +lxc profile device add vmsmall root disk pool="${poolName}" path=/ size=7GB lxc init images:ubuntu/20.04/cloud v1 --vm -p vmsmall lxc start v1 sleep 60 @@ -122,8 +126,8 @@ do dstPoolDriver=lvm # Use something different when testing ZFS. fi -lxc storage create vmpool2 "${dstPoolDriver}" size=20GB -lxc copy v1 v2 -s vmpool2 +lxc storage create "${poolName}"2 "${dstPoolDriver}" size=20GB +lxc copy v1 v2 -s "${poolName}"2 lxc start v2 sleep 60 lxc info v2 @@ -132,9 +136,9 @@ do lxc exec v2 -- df -B10 | grep sda2 | grep 7 lxc delete -f v2 -echo "==> Grow above default voume size and copy to different storage pool" +echo "==> Grow above default volume size and copy to different storage pool" lxc config device override v1 root size=11GB -lxc copy v1 v2 -s vmpool2 +lxc copy v1 v2 -s "${poolName}"
[lxc-devel] [lxc-ci/master] images/centos: Fix CentOS Plus repo location
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/208 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From e7a505c596a58b02890c724b05b2d6409abb44c1 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Tue, 8 Dec 2020 16:56:05 +0100 Subject: [PATCH] images/centos: Fix CentOS Plus repo location Signed-off-by: Thomas Hipp --- images/centos.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/centos.yaml b/images/centos.yaml index ce4bfef..c098a1b 100644 --- a/images/centos.yaml +++ b/images/centos.yaml @@ -585,7 +585,7 @@ actions: set -eux # Enable the centosplus repo which has a kernel with 9p support -sed -i 's/^enabled=0/enabled=1/' /etc/yum.repos.d/CentOS-centosplus.repo +sed -i 's/^enabled=0/enabled=1/' /etc/yum.repos.d/CentOS-Linux-Plus.repo types: - vm releases: ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] Remove CentOS 6 (EOL)
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/207 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 03fa639a708dde4ed6479ebb0c917ed65c02c2e1 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Tue, 8 Dec 2020 16:21:13 +0100 Subject: [PATCH 1/2] jenkins/jobs: Drop CentOS 6 (EOL) Signed-off-by: Thomas Hipp --- jenkins/jobs/image-centos.yaml | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/jenkins/jobs/image-centos.yaml b/jenkins/jobs/image-centos.yaml index 607e4d2..e711ad0 100644 --- a/jenkins/jobs/image-centos.yaml +++ b/jenkins/jobs/image-centos.yaml @@ -20,7 +20,6 @@ name: release type: user-defined values: -- 6 - 7 - 8 - 8-Stream @@ -53,7 +52,7 @@ fi TYPE="container" -if [ "${architecture}" = "amd64" ] && [ "${release}" != "6" ]; then +if [ "${architecture}" = "amd64" ]; then TYPE="container,vm" fi @@ -64,13 +63,11 @@ execution-strategy: combination-filter: ' - !(architecture=="arm64" && release == "6") - && !(architecture=="arm64" && release == "7") + !(architecture=="arm64" && release == "7") && !(architecture=="ppc64el" && release == "7") && !(architecture=="armhf" && release != "7") && !(architecture=="i386" && release == "8") - && !(architecture=="i386" && release == "8-Stream") - && !(architecture=="ppc64el" && release == "6")' + && !(architecture=="i386" && release == "8-Stream")' properties: - build-discarder: From 24b0966efec24ca3990bc4f6479ef4ace38f9bfe Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Tue, 8 Dec 2020 16:22:39 +0100 Subject: [PATCH 2/2] images: Remove CentOS 6 references Signed-off-by: Thomas Hipp --- images/centos.yaml | 37 - 1 file changed, 37 deletions(-) diff --git a/images/centos.yaml b/images/centos.yaml index ce4bfef..8d4bc61 100644 --- a/images/centos.yaml +++ b/images/centos.yaml @@ -259,7 +259,6 @@ files: MTU= DHCP_HOSTNAME=LXC_NAME releases: - - 6 - 7 types: - container @@ -295,7 +294,6 @@ files: MTU= DHCP_HOSTNAME={{ container.name }} releases: - - 6 - 7 - name: ifcfg-eth0.lxd @@ -416,41 +414,6 @@ files: NETWORKING=yes HOSTNAME={{ container.name }} -- name: lxc-sysinit - path: /etc/init/lxc-sysinit.conf - generator: dump - content: |- -start on startup -env container - -pre-start script -if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then -stop; -fi - -rm -f /var/lock/subsys/* -rm -f /var/run/*.pid -[ -e /etc/mtab ] || ln -s /proc/mounts /etc/mtab -mkdir -p /dev/shm -mount -t tmpfs -o nosuid,nodev tmpfs /dev/shm - -initctl start tty TTY=console -telinit 3 -exit 0 -end script - releases: - - 6 - -- name: sigpwr.conf - path: /etc/init/power-status-changed.conf - generator: dump - content: |- -start on power-status-changed - -exec /sbin/shutdown -h now "SIGPWR received" - releases: - - 6 - - name: meta-data generator: cloud-init variants: ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] tree-wide: fixes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3595 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From 62af653cc125c90997b48179fbcff7e0fe6317b6 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 8 Dec 2020 14:34:06 +0100 Subject: [PATCH 01/25] confile: cleanup set_config_personality() Signed-off-by: Christian Brauner --- src/lxc/confile.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index e7ab359291..e7f9df3c49 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1242,8 +1242,9 @@ static int set_config_hooks_version(const char *key, const char *value, static int set_config_personality(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - signed long personality = lxc_config_parse_arch(value); + signed long personality; + personality = lxc_config_parse_arch(value); if (personality >= 0) lxc_conf->personality = personality; else From 49aabd9d60e3879254ac6601a2fadb268259cc7e Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 8 Dec 2020 14:36:17 +0100 Subject: [PATCH 02/25] confile: cleanup set_config_pty_max() Signed-off-by: Christian Brauner --- src/lxc/confile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index e7f9df3c49..412d1045bc 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1266,7 +1266,7 @@ static int set_config_pty_max(const char *key, const char *value, ret = lxc_safe_uint(value, ); if (ret < 0) - return -1; + return ret_errno(EINVAL); lxc_conf->pty_max = max; From 572f6a14705f2e1a187cc50f40e825a774cf5de1 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 8 Dec 2020 14:38:16 +0100 Subject: [PATCH 03/25] confile: cleanup set_config_start() Signed-off-by: Christian Brauner --- src/lxc/confile.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 412d1045bc..38416e840c 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1281,6 +1281,7 @@ static int set_config_pty_max(const char *key, const char *value, static int set_config_start(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + int ret; bool is_empty; is_empty = lxc_config_value_empty(value); @@ -1291,11 +1292,12 @@ static int set_config_start(const char *key, const char *value, return 0; } - if (lxc_safe_uint(value, _conf->start_auto) < 0) - return -1; + ret = lxc_safe_uint(value, _conf->start_auto); + if (ret) + return ret; if (lxc_conf->start_auto > 1) - return -1; + return ret_errno(EINVAL); return 0; } else if (*(key + 10) == 'd') { /* lxc.start.delay */ @@ -1314,7 +1316,7 @@ static int set_config_start(const char *key, const char *value, return lxc_safe_int(value, _conf->start_order); } - return -1; + return ret_errno(EINVAL); } static int set_config_monitor(const char *key, const char *value, From e16659731606d7f2ef9debe62dd872cbc403eb75 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 8 Dec 2020 14:38:57 +0100 Subject: [PATCH 04/25] confile: cleanup set_config_monitor() Signed-off-by: Christian Brauner --- src/lxc/confile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 38416e840c..6bf8143606 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1330,7 +1330,7 @@ static int set_config_monitor(const char *key, const char *value, if (strcmp(key + 12, "unshare") == 0) return lxc_safe_uint(value, _conf->monitor_unshare); - return -1; + return ret_errno(EINVAL); } static int set_config_monitor_signal_pdeath(const char *key, const char *value, From cb5f3df2588ecf3c34716c6cac49dbfcaf6a83ff Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 8 Dec 2020 14:39:49 +0100 Subject: [PATCH 05/25] confile: cleanup set_config_monitor_signal_pdeath() Signed-off-by: Christian Brauner --- src/lxc/confile.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 6bf8143606..4d1acc1fb1 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1346,13 +1346,13 @@ static int set_config_monitor_signal_pdeath(const char *key,
[lxc-devel] [lxd/master] Storage: ZFS rounding up
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8225 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes issue when copying from ceph to zfs pools, the zfs volumes were being rounded to the nearest 8192 bytes, which sometimes meant the volume size created was just too small to accommodate the source ceph volume (which doesn't round to nearest 8192 bytes). This modifies the ZFS volumes to round up to nearest 8192 bytes. From 23835ab8cc0a8b7334fff5a185b97e67a5920f86 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 8 Dec 2020 12:56:13 + Subject: [PATCH 1/8] lxd/storage/drivers/utils: Modifies roundVolumeBlockFileSizeBytes to round up Ensures that the returned bytes is always greater than or equal to the input bytes. Signed-off-by: Thomas Parrott --- lxd/storage/drivers/utils.go | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/lxd/storage/drivers/utils.go b/lxd/storage/drivers/utils.go index a64635bbc2..3a216852c7 100644 --- a/lxd/storage/drivers/utils.go +++ b/lxd/storage/drivers/utils.go @@ -310,16 +310,24 @@ func ensureSparseFile(filePath string, sizeBytes int64) error { return nil } -// roundVolumeBlockFileSizeBytes parses the supplied size string and then rounds it to the nearest 8k bytes. -func roundVolumeBlockFileSizeBytes(sizeBytes int64) (int64, error) { +// roundVolumeBlockFileSizeBytes parses the supplied size string and then rounds it to the nearest multiple of +// MinBlockBoundary bytes that is equal to or larger than sizeBytes. +func roundVolumeBlockFileSizeBytes(sizeBytes int64) int64 { // Qemu requires image files to be in traditional storage block boundaries. // We use 8k here to ensure our images are compatible with all of our backend drivers. if sizeBytes < MinBlockBoundary { sizeBytes = MinBlockBoundary } + roundedSizeBytes := int64(sizeBytes/MinBlockBoundary) * MinBlockBoundary + + // Ensure the rounded size is at least the size specified in sizeBytes. + if roundedSizeBytes < sizeBytes { + roundedSizeBytes += MinBlockBoundary + } + // Round the size to closest MinBlockBoundary bytes to avoid qemu boundary issues. - return int64(sizeBytes/MinBlockBoundary) * MinBlockBoundary, nil + return roundedSizeBytes } // ensureVolumeBlockFile creates new block file or enlarges the raw block file for a volume to the specified size. From f1a1b13c5acbd16969c5f3186d1c7cc74e2d3636 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 8 Dec 2020 12:56:55 + Subject: [PATCH 2/8] lxd/storage/drivers/utils: roundVolumeBlockFileSizeBytes usage Signed-off-by: Thomas Parrott --- lxd/storage/drivers/utils.go | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lxd/storage/drivers/utils.go b/lxd/storage/drivers/utils.go index 3a216852c7..b922e12160 100644 --- a/lxd/storage/drivers/utils.go +++ b/lxd/storage/drivers/utils.go @@ -339,10 +339,7 @@ func ensureVolumeBlockFile(vol Volume, path string, sizeBytes int64) (bool, erro } // Get rounded block size to avoid qemu boundary issues. - sizeBytes, err := roundVolumeBlockFileSizeBytes(sizeBytes) - if err != nil { - return false, err - } + sizeBytes = roundVolumeBlockFileSizeBytes(sizeBytes) if shared.PathExists(path) { fi, err := os.Stat(path) @@ -384,7 +381,7 @@ func ensureVolumeBlockFile(vol Volume, path string, sizeBytes int64) (bool, erro // If path doesn't exist, then there has been no filler function supplied to create it from another source. // So instead create an empty volume (use for PXE booting a VM). - err = ensureSparseFile(path, sizeBytes) + err := ensureSparseFile(path, sizeBytes) if err != nil { return false, errors.Wrapf(err, "Failed creating disk image %q as size %d", path, sizeBytes) } From 8e7d36e48fa423424b37e5b08fb31f0025ac47f3 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Tue, 8 Dec 2020 12:57:16 + Subject: [PATCH 3/8] lxd/storage/drivers/driver/zfs/utils: Use roundVolumeBlockFileSizeBytes in createVolume Signed-off-by: Thomas Parrott --- lxd/storage/drivers/driver_zfs_utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/storage/drivers/driver_zfs_utils.go b/lxd/storage/drivers/driver_zfs_utils.go index 13e59cb80f..555a71b7ab 100644 --- a/lxd/storage/drivers/driver_zfs_utils.go +++ b/lxd/storage/drivers/driver_zfs_utils.go @@ -55,7 +55,7 @@ func (d *zfs) createDataset(dataset string, options ...string) error { } func (d *zfs) createVolume(dataset string, size int64, options ...string) error { - size = (size /
[lxc-devel] [lxc/master] tree-wide: fixes and cleanups
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3594 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From c4ef8f4c1103c87144e5dabe051d23b3619179d7 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Tue, 8 Dec 2020 11:53:54 +0100 Subject: [PATCH 1/3] tree-wide: use call_cleaner(netns_freeifaddrs) Signed-off-by: Christian Brauner --- src/include/netns_ifaddrs.h | 3 +- src/lxc/confile.c | 12 +++ src/lxc/lxccontainer.c | 72 + 3 files changed, 38 insertions(+), 49 deletions(-) diff --git a/src/include/netns_ifaddrs.h b/src/include/netns_ifaddrs.h index 1b8703ee7d..d3f1d6eef8 100644 --- a/src/include/netns_ifaddrs.h +++ b/src/include/netns_ifaddrs.h @@ -13,7 +13,7 @@ extern "C" { #include #include "compiler.h" -#include "netns_ifaddrs.h" +#include "memory_utils.h" struct netns_ifaddrs { struct netns_ifaddrs *ifa_next; @@ -52,6 +52,7 @@ struct netns_ifaddrs { #define __ifa_dstaddr ifa_ifu.ifu_dstaddr __hidden extern void netns_freeifaddrs(struct netns_ifaddrs *); +define_cleanup_function(struct netns_ifaddrs *, netns_freeifaddrs); __hidden extern int netns_getifaddrs(struct netns_ifaddrs **ifap, __s32 netns_id, bool *netnsid_aware); diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 4f7621a900..6f5bf3909b 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -377,17 +377,16 @@ static int set_config_net_flags(const char *key, const char *value, static int create_matched_ifnames(const char *value, struct lxc_conf *lxc_conf, struct lxc_netdev *netdev) { - struct netns_ifaddrs *ifaddr, *ifa; + call_cleaner(netns_freeifaddrs) struct netns_ifaddrs *ifaddr = NULL; + struct netns_ifaddrs *ifa; int n; int ret = 0; const char *type_key = "lxc.net.type"; const char *link_key = "lxc.net.link"; const char *tmpvalue = "phys"; - if (netns_getifaddrs(, -1, &(bool){false}) < 0) { - SYSERROR("Failed to get network interfaces"); - return -1; - } + if (netns_getifaddrs(, -1, &(bool){false}) < 0) + return log_error_errno(-1, errno, "Failed to get network interfaces"); for (ifa = ifaddr, n = 0; ifa != NULL; ifa = ifa->ifa_next, n++) { if (!ifa->ifa_addr) @@ -413,9 +412,6 @@ static int create_matched_ifnames(const char *value, struct lxc_conf *lxc_conf, } } - netns_freeifaddrs(ifaddr); - ifaddr = NULL; - return ret; } diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 96aa372e1d..da18be8aa1 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -2340,20 +2340,21 @@ static char **do_lxcapi_get_interfaces(struct lxc_container *c) char **interfaces = NULL; char interface[IFNAMSIZ]; - if (pipe2(pipefd, O_CLOEXEC) < 0) - return NULL; + if (pipe2(pipefd, O_CLOEXEC)) + return log_error_errno(NULL, errno, "Failed to create pipe"); pid = fork(); if (pid < 0) { - SYSERROR("Failed to fork task to get interfaces information"); close(pipefd[0]); close(pipefd[1]); - return NULL; + return log_error_errno(NULL, errno, "Failed to fork task to get interfaces information"); } - if (pid == 0) { /* child */ - int ret = 1, nbytes; - struct netns_ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; + if (pid == 0) { + call_cleaner(netns_freeifaddrs) struct netns_ifaddrs *ifaddrs = NULL; + struct netns_ifaddrs *ifa = NULL; + int ret = 1; + int nbytes; /* close the read-end of the pipe */ close(pipefd[0]); @@ -2364,15 +2365,15 @@ static char **do_lxcapi_get_interfaces(struct lxc_container *c) } /* Grab the list of interfaces */ - if (netns_getifaddrs(, -1, &(bool){false})) { + if (netns_getifaddrs(, -1, &(bool){false})) { SYSERROR("Failed to get interfaces list"); goto out; } /* Iterate through the interfaces */ - for (tempIfAddr = interfaceArray; tempIfAddr != NULL; -tempIfAddr = tempIfAddr->ifa_next) { - nbytes = lxc_write_nointr(pipefd[1], tempIfAddr->ifa_name, IFNAMSIZ); +
[lxc-devel] [lxd/master] Add USBAddress and more PICAddress to resources API
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8224 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From efabc7ee81743706ac3134d17da55e05cdd8c8ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Mon, 7 Dec 2020 18:26:59 -0500 Subject: [PATCH 1/3] api: Add resources_network_usb and resources_disk_address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- doc/api-extensions.md | 10 -- shared/version/api.go | 2 ++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/api-extensions.md b/doc/api-extensions.md index 5fdc480d10..12c78e6eb5 100644 --- a/doc/api-extensions.md +++ b/doc/api-extensions.md @@ -1225,7 +1225,13 @@ send/receive on top of that. ## gpu\_mdev This adds support for virtual GPUs. It introduces the `mdev` config key for GPU devices which takes -a supported mdev type, e.g. i915-GVTg_V5_4. +a supported mdev type, e.g. i915-GVTg\_V5\_4. ## resources\_pci\_iommu -This adds the IOMMUGroup field for PCI entries in the resources API. \ No newline at end of file +This adds the IOMMUGroup field for PCI entries in the resources API. + +## resources\_network\_usb +Adds the usb\_address field to the network card entries in the resources API. + +## resources\_disk\_address +Adds the usb\_address and pci\_address fields to the disk entries in the resources API. diff --git a/shared/version/api.go b/shared/version/api.go index 12ae55eb2d..427249d08b 100644 --- a/shared/version/api.go +++ b/shared/version/api.go @@ -237,6 +237,8 @@ var APIExtensions = []string{ "storage_zfs_clone_copy_rebase", "gpu_mdev", "resources_pci_iommu", + "resources_network_usb", + "resources_disk_address", } // APIExtensionsCount returns the number of available API extensions. From 89a5672ef40061d1bbcab952cba241deccc0fb97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Mon, 7 Dec 2020 18:27:41 -0500 Subject: [PATCH 2/3] lxd/resources: Add PCIAddress/USBAddress for networks and disks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #8215 Signed-off-by: Stéphane Graber --- lxd/resources/network.go | 6 ++ lxd/resources/storage.go | 31 + lxd/resources/usb.go | 42 3 files changed, 79 insertions(+) diff --git a/lxd/resources/network.go b/lxd/resources/network.go index 034e5b8190..b6bf773e71 100644 --- a/lxd/resources/network.go +++ b/lxd/resources/network.go @@ -59,6 +59,12 @@ func networkAddDeviceInfo(devicePath string, pciDB *pcidb.PCIDB, uname unix.Utsn } } + // USB address + usbAddr, err := parseUSBAddress(devicePath) + if err == nil { + card.USBAddress = usbAddr + } + // Vendor and product deviceVendorPath := filepath.Join(devicePath, "vendor") if sysfsExists(deviceVendorPath) { diff --git a/lxd/resources/storage.go b/lxd/resources/storage.go index b051957f76..8a07c1c2a0 100644 --- a/lxd/resources/storage.go +++ b/lxd/resources/storage.go @@ -160,6 +160,37 @@ func GetStorage() (*api.ResourcesStorage, error) { } disk.Device = strings.TrimSpace(string(diskDev)) + // PCI address + deviceDevicePath := filepath.Join(devicePath, "device") + if sysfsExists(deviceDevicePath) { + linkTarget, err := filepath.EvalSymlinks(deviceDevicePath) + if err != nil { + return nil, errors.Wrapf(err, "Failed to track down \"%s\"", deviceDevicePath) + } + + if strings.Contains(linkTarget, "/pci") && sysfsExists(filepath.Join(deviceDevicePath, "subsystem")) { + virtio := strings.HasPrefix(filepath.Base(linkTarget), "virtio") + if virtio { + linkTarget = filepath.Dir(linkTarget) + } + + subsystem, err := filepath.EvalSymlinks(filepath.Join(deviceDevicePath, "subsystem")) + if err != nil { + return nil, errors.Wrapf(err, "Failed to track down \"%s\"", filepath.Join(deviceDevicePath, "subsystem")) +
[lxc-devel] [lxd/master] lxd/rbac: Fix checks by matching proper name
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8223 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === The data from RBAC uses resource IDs not project names, so we need to map things through r.resources. Signed-off-by: Stéphane Graber From 3a726c2472b875fb7be66a357d77f5796fdb1eab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Mon, 7 Dec 2020 17:10:29 -0500 Subject: [PATCH] lxd/rbac: Fix checks by matching proper name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The data from RBAC uses resource IDs not project names, so we need to map things through r.resources. Signed-off-by: Stéphane Graber --- lxd/rbac/server.go | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lxd/rbac/server.go b/lxd/rbac/server.go index 48c15569ea..7faeb1a949 100644 --- a/lxd/rbac/server.go +++ b/lxd/rbac/server.go @@ -332,7 +332,17 @@ func (r *Server) UserAccess(username string) (*UserAccess, error) { continue } - access.Projects[k] = v + // Look for project name. + for projectName, resourceId := range r.resources { + if k != resourceId { + continue + } + + access.Projects[projectName] = v + break + } + + // Ignore unknown projects. } return , nil ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc-ci/master] Adds test for LXD VMs
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc-ci/pull/205 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === There's a few more tests to add, but this adds most of them: - VM create. - VM grow on next reboot. - VM shrink prevented. - VM create after storage volume.size changed. - VM create after storage volume.block.filesystem changed. - VM create from profile with disk smaller than default VM volume size. - VM migrate across pools with disk size larger than volume.size. - VM migrate across pools with disk size smaller than volume.size. Signed-off-by: Thomas Parrott From 9e7f5e431d73348d67d1f1a643d8f29c9bead2dd Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 7 Dec 2020 20:57:38 + Subject: [PATCH] Adds test for LXD VMs Signed-off-by: Thomas Parrott --- bin/test-lxd-vm | 152 1 file changed, 152 insertions(+) create mode 100755 bin/test-lxd-vm diff --git a/bin/test-lxd-vm b/bin/test-lxd-vm new file mode 100755 index 000..7c51b65 --- /dev/null +++ b/bin/test-lxd-vm @@ -0,0 +1,152 @@ +#!/bin/sh +set -eux + +cleanup() { +echo "" +if [ "${FAIL}" = "1" ]; then +echo "Test failed" +exit 1 +fi + +echo "Test passed" +exit 0 +} + +poolDriverList="${1:-dir btrfs lvm zfs}" +FAIL=1 +trap cleanup EXIT HUP INT TERM + +# Wait for snapd seeding +sleep 1m + +# Configure to use the proxy +curl -s http://canonical-lxd.stgraber.org/config/snapd.sh | sh + +# Install LXD +while :; do +[ ! -e /usr/bin/lxd ] && break +apt remove --purge lxd lxd-client --yes && break +done +snap install lxd --edge +snap install jq +snap refresh lxd --channel=latest/edge +lxd waitready --timeout=300 + +# Configure LXD +lxc network create lxdbr0 +lxc profile device add default eth0 nic network=lxdbr0 + +for poolDriver in $poolDriverList +do + echo "==> Create storage pool using driver ${poolDriver}" +if [ "${poolDriver}" = "dir" ]; then + lxc storage create vmpool "${poolDriver}" + else + lxc storage create vmpool "${poolDriver}" size=20GB + fi + + echo "==> Create VM and boot" + lxc init images:ubuntu/20.04/cloud v1 --vm -s vmpool + lxc start v1 + sleep 60 + lxc info v1 + + echo "==> Checking VM root disk size is 10GB" + lxc exec v1 -- df -B10 | grep sda2 | grep 10 + + echo "==> Increasing VM root disk size for next boot" + lxc config device set v1 root size=11GB + lxc config get v1 volatile.root.apply_quota | grep 11GB + lxc stop -f v1 + lxc start v1 + sleep 60 + + echo "==> Checking VM root disk size is 11GB" + lxc exec v1 -- df -B10 | grep sda2 | grep 11 + + echo "==> Check VM shrink is blocked" + ! lxc config device set v1 root size=10GB || false + + echo "==> Deleting VM" + lxc delete -f v1 + + echo "==> Change volume.size on pool and create VM" + lxc storage set vmpool volume.size 6GB + lxc init images:ubuntu/20.04/cloud v1 --vm -s vmpool +lxc start v1 +sleep 60 +lxc info v1 + +echo "==> Checking VM root disk size is 6GB" +lxc exec v1 -- df -B10 | grep sda2 | grep 6 + +echo "==> Deleting VM and reset pool volume.size" +lxc delete -f v1 + lxc storage unset vmpool volume.size + + if [ "${poolDriver}" = "lvm" ]; then + echo "==> Change volume.block.filesystem on pool and create VM" + lxc storage set vmpool volume.block.filesystem xfs + lxc init images:ubuntu/20.04/cloud v1 --vm -s vmpool + lxc start v1 + sleep 60 + lxc info v1 + + echo "==> Checking VM config disk filesyste is XFS" + serverPID="$(lxc query /1.0 | jq .environment.server_pid)" + nsenter -m -t "${serverPID}" stat -f -c %T /var/snap/lxd/common/lxd/virtual-machines/v1 | grep xfs + + echo "==> Deleting VM" + lxc delete -f v1 + lxc storage unset vmpool volume.block.filesystem + fi + + echo "==> Create VM from profile with small disk size" + lxc profile copy default vmsmall + lxc profile device add vmsmall root disk pool=vmpool path=/ size=7GB +lxc init images:ubuntu/20.04/cloud v1 --vm -p vmsmall +lxc start v1 +sleep 60 +
[lxc-devel] [lxd/master] Storage: Allow BTRFS to detect volume.size pool changes and regeneration image volumes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8220 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes image volume resize errors. From c622519f3cc9260dda192811626696b8e9283c5b Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 7 Dec 2020 19:27:15 + Subject: [PATCH 1/4] lxd/storage/backend/lxd: Comment typo fix Signed-off-by: Thomas Parrott --- lxd/storage/backend_lxd.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxd/storage/backend_lxd.go b/lxd/storage/backend_lxd.go index 79a72c541e..0259328829 100644 --- a/lxd/storage/backend_lxd.go +++ b/lxd/storage/backend_lxd.go @@ -2201,8 +2201,8 @@ func (b *lxdBackend) EnsureImage(fingerprint string, op *operations.Operation) e imgVol.SetConfigSize(newVolSize) - // Try applying the current size policy to the existin volume. If it is the same the driver - // should make no changes, and if not then attempt to resize it to the new policy. + // Try applying the current size policy to the existing volume. If it is the same the + // driver should make no changes, and if not then attempt to resize it to the new policy. logger.Debug("Setting image volume size", "size", imgVol.ConfigSize()) err = b.driver.SetVolumeQuota(imgVol, imgVol.ConfigSize(), op) if errors.Cause(err) == drivers.ErrCannotBeShrunk || errors.Cause(err) == drivers.ErrNotSupported { From f245258acf7e23b74d6d16e050ab9656bde99c18 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 7 Dec 2020 19:27:38 + Subject: [PATCH 2/4] lxd/storage/drivers/driver/btrfs/volumes: Enable allowUnsafeResize in CreateVolume when creating initial image volume This is so the image volume can be resized to desired size after filler has run but before readonly snapshot is created. Signed-off-by: Thomas Parrott --- lxd/storage/drivers/driver_btrfs_volumes.go | 7 +++ 1 file changed, 7 insertions(+) diff --git a/lxd/storage/drivers/driver_btrfs_volumes.go b/lxd/storage/drivers/driver_btrfs_volumes.go index 3de65c5c78..687c935138 100644 --- a/lxd/storage/drivers/driver_btrfs_volumes.go +++ b/lxd/storage/drivers/driver_btrfs_volumes.go @@ -68,6 +68,13 @@ func (d *btrfs) CreateVolume(vol Volume, filler *VolumeFiller, op *operations.Op return err } + // Allow unsafe resize of image volumes as filler won't have been able to resize the volume to the + // target size as volume file didn't exist then (and we can't create in advance because qemu-img + // truncates the file to image size). + if vol.volType == VolumeTypeImage { + vol.allowUnsafeResize = true + } + _, err = ensureVolumeBlockFile(vol, rootBlockPath, sizeBytes) // Ignore ErrCannotBeShrunk as this just means the filler has needed to increase the volume size. From 059863e24bcca4e9f53cff413541553e8a3d6f39 Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 7 Dec 2020 19:29:02 + Subject: [PATCH 3/4] lxd/storage/drivers/utils: Updates ensureVolumeBlockFile to return unsupported when trying to resize image volume without allowUnsafeResize enabled This is so the correct error response is returned to trigger backendLXD to regenerate cached BTRFS image volume when pool's volume.size changes. Doesn't affect dir pools (which also use this function) as they do not have cached image volumes. Signed-off-by: Thomas Parrott --- lxd/storage/drivers/utils.go | 7 +++ 1 file changed, 7 insertions(+) diff --git a/lxd/storage/drivers/utils.go b/lxd/storage/drivers/utils.go index 646d10c4a4..a64635bbc2 100644 --- a/lxd/storage/drivers/utils.go +++ b/lxd/storage/drivers/utils.go @@ -347,6 +347,13 @@ func ensureVolumeBlockFile(vol Volume, path string, sizeBytes int64) (bool, erro return false, nil } + // Block image volumes cannot be resized because they can have a readonly snapshot that doesn't get + // updated when the volume's size is changed, and this is what instances are created from. + // During initial volume fill allowUnsafeResize is enabled because snapshot hasn't been taken yet. + if !vol.allowUnsafeResize && vol.volType == VolumeTypeImage { + return false, ErrNotSupported + } + // Only perform pre-resize sanity checks if we are not in "unsafe" mode. // In unsafe mode we expect the caller to know what th
[lxc-devel] [pylxd/master] Remove duplicated pytest
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/431 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From a29a63100470657519df841bc487bb07d1e18b28 Mon Sep 17 00:00:00 2001 From: Dougal Matthews Date: Mon, 7 Dec 2020 15:39:56 + Subject: [PATCH] Remove duplicated pytest --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index 3778d7b7..f7c5488c 100644 --- a/tox.ini +++ b/tox.ini @@ -14,7 +14,7 @@ deps = commands = pytest --cov=pylxd pylxd [testenv:integration] -commands = pytest pytest integration +commands = pytest integration [testenv:migration] commands = pytest migration ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Storage: Fixes 10s delay when using VMs with ZFS in snap
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8218 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This is caused because /dev/zvol appears to not be populated when using the snap. Signed-off-by: Thomas Parrott From 2c6b7c840cfd03c1328a4ec3953239116b87321a Mon Sep 17 00:00:00 2001 From: Thomas Parrott Date: Mon, 7 Dec 2020 11:21:40 + Subject: [PATCH] lxd/storage/drivers/drivers/zfs/volumes: Fixes 10s delay when using VMs with ZFS in snap This is caused because /dev/zvol appears to not be populated when using the snap. Signed-off-by: Thomas Parrott --- lxd/storage/drivers/driver_zfs_volumes.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/storage/drivers/driver_zfs_volumes.go b/lxd/storage/drivers/driver_zfs_volumes.go index 42e8056d1b..78152519e9 100644 --- a/lxd/storage/drivers/driver_zfs_volumes.go +++ b/lxd/storage/drivers/driver_zfs_volumes.go @@ -1003,7 +1003,7 @@ func (d *zfs) SetVolumeQuota(vol Volume, size string, op *operations.Operation) // GetVolumeDiskPath returns the location of a root disk block device. func (d *zfs) GetVolumeDiskPath(vol Volume) (string, error) { // Shortcut for udev. - if tryExists(filepath.Join("/dev/zvol", d.dataset(vol, false))) { + if shared.PathExists(filepath.Join("/dev/zvol", d.dataset(vol, false))) { return filepath.Join("/dev/zvol", d.dataset(vol, false)), nil } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [pylxd/master] client: Add basic support for projects
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/430 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This allows passing the project name as a string to Client and have it automatically added to all URLs. Blackened by @d0ugal for easier merging. Signed-off-by: Stéphane Graber Signed-off-by: Dougal Matthews From 1c39ede17b999b179988cdf7bb837a45e9ba23fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Wed, 7 Oct 2020 15:40:23 -0400 Subject: [PATCH] client: Add basic support for projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows passing the project name as a string to Client and have it automatically added to all URLs. Blackened by @d0ugal for easier merging. Signed-off-by: Stéphane Graber Signed-off-by: Dougal Matthews --- pylxd/client.py | 61 + 1 file changed, 56 insertions(+), 5 deletions(-) diff --git a/pylxd/client.py b/pylxd/client.py index c632db11..23890305 100644 --- a/pylxd/client.py +++ b/pylxd/client.py @@ -63,9 +63,12 @@ class EventType(Enum): class _APINode: """An api node object.""" -def __init__(self, api_endpoint, cert=None, verify=True, timeout=None): +def __init__( +self, api_endpoint, cert=None, verify=True, timeout=None, project=None +): self._api_endpoint = api_endpoint self._timeout = timeout +self._project = project if self._api_endpoint.startswith("http+unix://"): self.session = requests_unixsocket.Session() @@ -91,6 +94,7 @@ def __getattr__(self, name): cert=self.session.cert, verify=self.session.verify, timeout=self._timeout, +project=self._project, ) def __getitem__(self, item): @@ -106,6 +110,7 @@ def __getitem__(self, item): cert=self.session.cert, verify=self.session.verify, timeout=self._timeout, +project=self._project, ) def _assert_response( @@ -163,6 +168,12 @@ def get(self, *args, **kwargs): """ is_api = kwargs.pop("is_api", True) kwargs["timeout"] = kwargs.get("timeout", self._timeout) + +if self._project is not None: +params = kwargs.get("params", {}) +params["project"] = self._project +kwargs["params"] = params + response = self.session.get(self._api_endpoint, *args, **kwargs) self._assert_response( response, stream=kwargs.get("stream", False), is_api=is_api @@ -172,13 +183,18 @@ def get(self, *args, **kwargs): def post(self, *args, **kwargs): """Perform an HTTP POST.""" kwargs["timeout"] = kwargs.get("timeout", self._timeout) -target = kwargs.pop("target", None) +target = kwargs.pop("target", None) if target is not None: params = kwargs.get("params", {}) params["target"] = target kwargs["params"] = params +if self._project is not None: +params = kwargs.get("params", {}) +params["project"] = self._project +kwargs["params"] = params + response = self.session.post(self._api_endpoint, *args, **kwargs) # Prior to LXD 2.0.3, successful synchronous requests returned 200, # rather than 201. @@ -188,6 +204,12 @@ def post(self, *args, **kwargs): def put(self, *args, **kwargs): """Perform an HTTP PUT.""" kwargs["timeout"] = kwargs.get("timeout", self._timeout) + +if self._project is not None: +params = kwargs.get("params", {}) +params["project"] = self._project +kwargs["params"] = params + response = self.session.put(self._api_endpoint, *args, **kwargs) self._assert_response(response, allowed_status_codes=(200, 202)) return response @@ -195,6 +217,12 @@ def put(self, *args, **kwargs): def patch(self, *args, **kwargs): """Perform an HTTP PATCH.""" kwargs["timeout"] = kwargs.get("timeout", self._timeout) + +if self._project is not None: +params = kwargs.get("params", {}) +params["project"] = self._project +kwargs["params"] = params + response = self.session.patch(self._api_endpoint, *args, **kwargs)
[lxc-devel] [lxc/master] 2020 12 07/bugfixes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3593 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 052535c8657e2671ce5de5b4fae4c6f293a8d76c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 7 Dec 2020 11:25:58 +0100 Subject: [PATCH 1/2] macro: move MAX_GRBUF_SIZE Signed-off-by: Christian Brauner --- src/lxc/macro.h | 4 src/lxc/utils.h | 4 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lxc/macro.h b/src/lxc/macro.h index d6b9954e8d..c8e810a3dc 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -25,6 +25,10 @@ #define PATH_MAX 4096 #endif +#ifndef MAX_GRBUF_SIZE +#define MAX_GRBUF_SIZE 65536 +#endif + #define INT64_FMT "%" PRId64 /* Define __S_ISTYPE if missing from the C library. */ diff --git a/src/lxc/utils.h b/src/lxc/utils.h index ddd1cbe620..4825599c4e 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -6,10 +6,6 @@ /* Properly support loop devices on 32bit systems. */ #define _FILE_OFFSET_BITS 64 -#ifndef MAX_GRBUF_SIZE -#define MAX_GRBUF_SIZE 65536 -#endif - #include #include #include From 703c2767c94e4850d39c18dbcc9d8601e9ccabb8 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 7 Dec 2020 11:28:42 +0100 Subject: [PATCH 2/2] macro: bump MAX_GRBUF_SIZE to 2 mb Closes #3592. Signed-off-by: Christian Brauner --- src/lxc/macro.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/macro.h b/src/lxc/macro.h index c8e810a3dc..2d5d683316 100644 --- a/src/lxc/macro.h +++ b/src/lxc/macro.h @@ -26,7 +26,7 @@ #endif #ifndef MAX_GRBUF_SIZE -#define MAX_GRBUF_SIZE 65536 +#define MAX_GRBUF_SIZE (1 << 31) #endif #define INT64_FMT "%" PRId64 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Adds a new 'limits.instances' key in project
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8217 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Fixes #7925. From 17a021048c153783a97748f09db5ca62141d7361 Mon Sep 17 00:00:00 2001 From: Max Patrick Date: Mon, 7 Dec 2020 11:24:36 +0530 Subject: [PATCH 1/3] doc: Adds limits.instances key description. Signed-off-by: Kevin Turner --- doc/projects.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/projects.md b/doc/projects.md index 462864fabb..65a54f9266 100644 --- a/doc/projects.md +++ b/doc/projects.md @@ -21,6 +21,7 @@ features.images | boolean | - | true features.networks| boolean | - | true | Separate set of networks for the project features.profiles| boolean | - | true | Separate set of profiles for the project features.storage.volumes | boolean | - | true | Separate set of storage volumes for the project +limits.instances | integer | - | - | Maximum number of total instances that can be created in the project limits.containers| integer | - | - | Maximum number of containers that can be created in the project limits.cpu | integer | - | - | Maximum value for the sum of individual "limits.cpu" configs set on the instances of the project limits.disk | string| - | - | Maximum value of aggregate disk space used by all instances volumes, custom volumes and images of the project From 2d5fc48461dac7d3bfceecade9c1765f361f606b Mon Sep 17 00:00:00 2001 From: Max Patrick Date: Mon, 7 Dec 2020 11:25:23 +0530 Subject: [PATCH 2/3] api: Adds limits.instances Signed-off-by: Kevin Turner --- lxd/api_project.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lxd/api_project.go b/lxd/api_project.go index 5c4993cec1..c87cf8e20e 100644 --- a/lxd/api_project.go +++ b/lxd/api_project.go @@ -351,6 +351,7 @@ func projectChange(d *Daemon, project *api.Project, req api.ProjectPut) response // Update the database entry. err = d.cluster.Transaction(func(tx *db.ClusterTx) error { err := projecthelpers.AllowProjectUpdate(tx, project.Name, req.Config, configChanged) + if err != nil { return err } @@ -524,6 +525,7 @@ func projectValidateConfig(s *state.State, config map[string]string) error { "features.images": validate.Optional(validate.IsBool), "features.storage.volumes": validate.Optional(validate.IsBool), "features.networks": validate.Optional(validate.IsBool), + "limits.instances": validate.Optional(validate.IsUint32), "limits.containers": validate.Optional(validate.IsUint32), "limits.virtual-machines": validate.Optional(validate.IsUint32), "limits.memory": validate.Optional(validate.IsSize), From bbbd95b3d82c86ac63897de856cf4b12676e5d09 Mon Sep 17 00:00:00 2001 From: Max Patrick Date: Mon, 7 Dec 2020 11:26:03 +0530 Subject: [PATCH 3/3] lxd/project: Adds 'limits.instances' configuration key Signed-Off-By: Kevin Turner --- lxd/api_project.go | 2 +- lxd/project/permissions.go | 52 + lxd/project/permissions_test.go | 35 ++ 3 files changed, 88 insertions(+), 1 deletion(-) diff --git a/lxd/api_project.go b/lxd/api_project.go index c87cf8e20e..103faafd32 100644 --- a/lxd/api_project.go +++ b/lxd/api_project.go @@ -525,7 +525,7 @@ func projectValidateConfig(s *state.State, config map[string]string) error { "features.images": validate.Optional(validate.IsBool), "features.storage.volumes": validate.Optional(validate.IsBool), "features.networks": validate.Optional(validate.IsBool), - "limits.instances": validate.Optional(validate.IsUint32), + "limits.instances": validate.Optional(validate.IsUint32), "limits.containers": validate.Optional(validate.IsUint32), "limits.virt
[lxc-devel] [lxc/master] disable ipv6 upon creating a bridge in lxc-net.in and enable it on user specifications
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3591 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This is the proposed solution; please let me know if there's an issue with this solution. From f22affcce77bb35f1f961cb154f5141370cd1815 Mon Sep 17 00:00:00 2001 From: Andrew Deng Date: Sat, 5 Dec 2020 17:32:56 -0600 Subject: [PATCH] disable ipv6 upon creating a bridge in lxc-net.in and enable it on user specifications Signed-off-by: Andrew Deng --- config/init/common/lxc-net.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index a7dfa6f199..923b1ccd10 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -78,6 +78,7 @@ start() { [ ! -d /sys/class/net/${LXC_BRIDGE} ] && ip link add dev ${LXC_BRIDGE} type bridge echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv6/conf/${LXC_BRIDGE}/accept_dad || true +echo 1 > /proc/sys/net/ipv6/conf/${LXC_BRIDGE}/disable_ipv6 # if we are run from systemd on a system with selinux enabled, # the mkdir will create /run/lxc as init_var_run_t which dnsmasq @@ -93,6 +94,7 @@ start() { LXC_IPV6_ARG="" if [ -n "$LXC_IPV6_ADDR" ] && [ -n "$LXC_IPV6_MASK" ] && [ -n "$LXC_IPV6_NETWORK" ]; then +echo 0 > /proc/sys/net/ipv6/conf/${LXC_BRIDGE}/disable_ipv6 echo 1 > /proc/sys/net/ipv6/conf/all/forwarding echo 0 > /proc/sys/net/ipv6/conf/${LXC_BRIDGE}/autoconf ip -6 addr add dev ${LXC_BRIDGE} ${LXC_IPV6_ADDR}/${LXC_IPV6_MASK} ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel