[lxc-devel] [lxc/master] Support nftables using symbolic links to run nftables commands in legacy mode

2020-12-14 Thread comannnnndooooo on Github 
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3602

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
This implementation uses the update-alternatives command to set nftables to be running in legacy mode when iptables commands need to be run. Then unsets the symbolic link after finishing the ensure there's no unintended behavior afterwards.
From ed53286daf4dec3668fa23410d2aeaff2e5498a8 Mon Sep 17 00:00:00 2001
From: Kyle Colburn 
Date: Mon, 14 Dec 2020 19:24:30 -0600
Subject: [PATCH] Used symbolic links to run nftables in legacy mode to support
 iptables commands when nftables is present.

Signed-off-by: Kyle Colburn 
---
 config/init/common/lxc-net.in | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index a7dfa6f199..ea4732669a 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -91,6 +91,11 @@ start() {
 
 _ifup
 
+nftables_ver_output=$(nft --version)
+if [$nftables_ver_output != *"not found"*]; then
+update-alternatives --set iptables /usr/sbin/iptables-legacy
+fi
+
 LXC_IPV6_ARG=""
 if [ -n "$LXC_IPV6_ADDR" ] && [ -n "$LXC_IPV6_MASK" ] && [ -n 
"$LXC_IPV6_NETWORK" ]; then
 echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
@@ -110,6 +115,10 @@ start() {
 iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d 
${LXC_NETWORK} -j MASQUERADE
 iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p 
udp -m udp --dport 68 -j CHECKSUM --checksum-fill
 
+if [$nftables_ver_output != *"not found"*]; then
+update-alternatives --remove iptables /usr/sbin/iptables-legacy
+fi
+
 LXC_DOMAIN_ARG=""
 if [ -n "$LXC_DOMAIN" ]; then
 LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
@@ -152,6 +161,12 @@ stop() {
 
 if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
 _ifdown 
+
+nftables_ver_output=$(nft --version)
+if [$nftables_ver_output != *"not found"*]; then
+update-alternatives --set iptables /usr/sbin/iptables-legacy
+fi
+
 iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 
67 -j ACCEPT
 iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 
67 -j ACCEPT
 iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 
53 -j ACCEPT
@@ -165,6 +180,10 @@ stop() {
 ip6tables $use_iptables_lock -t nat -D POSTROUTING -s 
${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
 fi
 
+if [$nftables_ver_output != *"not found"*]; then
+update-alternatives --remove iptables /usr/sbin/iptables-legacy
+fi
+
 pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid
 rm -f "${varrun}"/dnsmasq.pid
 # if $LXC_BRIDGE has attached interfaces, don't destroy the bridge
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxd/master] Remade all typo fix changes and reapplied patch. (Continuation of: Pull request: 8022)

2020-10-15 Thread comannnnndooooo on Github 
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8039

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Recreated all changes but re-forked to fix some git issues we caused by forgetting to include sign-offs in all of our commits.

Signed-off-by: Kyle Colburn 
From a6c990e86186454ebbce28dcf7c792893ed12cb2 Mon Sep 17 00:00:00 2001
From: Kyle Colburn 
Date: Thu, 15 Oct 2020 21:22:58 -0500
Subject: [PATCH] Remade all typo fix changes and reapplied patch.
 Signed-off-by: Kyle Colburn 

---
 lxd/db/storage_pools.go |  2 +-
 lxd/patches.go  | 56 +
 2 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/lxd/db/storage_pools.go b/lxd/db/storage_pools.go
index e27a3d1e12..76d12693d1 100644
--- a/lxd/db/storage_pools.go
+++ b/lxd/db/storage_pools.go
@@ -885,7 +885,7 @@ var StoragePoolNodeConfigKeys = []string{
"source",
"volatile.initial_source",
"zfs.pool_name",
-   "lvm.thinpool",
+   "lvm.thinpool_name",
"lvm.vg_name",
 }
 
diff --git a/lxd/patches.go b/lxd/patches.go
index d60ad8e1b6..6a37e49214 100644
--- a/lxd/patches.go
+++ b/lxd/patches.go
@@ -102,6 +102,7 @@ var patches = []patch{
{name: "network_clear_bridge_volatile_hwaddr", stage: 
patchPostDaemonStorage, run: patchNetworkCearBridgeVolatileHwaddr},
{name: "move_backups_instances", stage: patchPostDaemonStorage, run: 
patchMoveBackupsInstances},
{name: "network_ovn_enable_nat", stage: patchPostDaemonStorage, run: 
patchNetworkOVNEnableNAT},
+   {name: "thinpool_typo_fix", stage: patchPostDaemonStorage, run: 
patchThinpoolTypoFix},
 }
 
 type patch struct {
@@ -166,6 +167,61 @@ func patchesApply(d *Daemon, stage patchStage) error {
 
 // Patches begin here
 
+//  renames any config incorrectly set config file entries due to the 
lvm.thinpool_name typo
+func patchThinpoolTypoFix(name string, d *Daemon) error {
+   tx, err = d.cluster.Transaction(func(tx *db.ClusterTx) error {
+   // Fetch the IDs of all existing nodes.
+   nodeIDs, err := query.SelectIntegers(tx, "SELECT id FROM nodes")
+   if err != nil {
+   return errors.Wrap(err, "Failed to get IDs of current 
nodes")
+   }
+
+   // Fetch the IDs of all existing lvm pools.
+   poolIDs, err := query.SelectIntegers(tx, "SELECT id FROM 
storage_pools WHERE driver='lvm'")
+   if err != nil {
+   return errors.Wrap(err, "Failed to get IDs of current 
lvm pools")
+   }
+
+   for _, poolID := range poolIDs {
+   // Fetch the config for this lvm pool and check if it 
has the
+   // lvn.thinpool_name key.
+   config, err := query.SelectConfig(
+   tx, "storage_pools_config", 
"storage_pool_id=?", poolID)
+   if err != nil {
+   return errors.Wrap(err, "Failed a fetch of lvm 
pool config")
+   }
+   
+   value, ok := config["lvm.thinpool"]
+   if !ok {
+   continue
+   }
+
+   // Delete the current key
+   _, err = tx.Exec(`
+   DELETE FROM storage_pools_config WHERE 
key='lvm.thinpool' AND storage_pool_id=?`, poolID)
+   if err != nil {
+   return errors.Wrapf(err, "Failed to delete %s 
config", key)
+   }
+   
+   // Add the config entry for each node
+   for _, nodeID := range nodeIDs {
+   _, err := tx.Exec(`
+   INSERT INTO 
storage_pools_config(storage_pool_id, node_id, key, value)
+   VALUES(?, ?, 'lvm.thinpool_name', ?)
+   `, poolID, curNodeID, value)
+   if err != nil {
+   return errors.Wrapf(err, "Failed to 
create %s node config", key)
+   }
+   }
+   }
+   })
+   if err != nil {
+   return errors.Wrap(err, "Failed to commit transaction")
+   }
+   
+   return err
+}
+
 // patchNetworkOVNEnableNAT adds "ipv4.nat" and "ipv6.nat" keys set to "true" 
to OVN networks if not present.
 // This is to ensure existing networks retain the old behaviour of always 
having NAT enabled as we introduce
 // the new NAT settings which default to disabled if not specified.
___
lxc-d