Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I'll look for openvz down script today. (I have sent a patch for qemu) - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Vendredi 2 Mai 2014 16:25:23 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) There is also /usr/sbin/vznetcfg, but seems this is only called for init. from vzctl/include/types.h: #define VPS_NET_ADD SCRIPTDIR /vps-net_add #define VPS_NET_DEL SCRIPTDIR /vps-net_del #define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add #define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del so we need to check which script in /usr/lib/vzctl/scripts/ is best. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
There is also /usr/sbin/vznetcfg, but seems this is only called for init.
indeed,
in veth.c
static int veth_ctl(vps_handler *h, envid_t veid, int op, veth_param *list,
int rollback)
list_for_each(tmp, dev_h, list) {
if (op == ADD) {
if ((ret = h-veth_ctl(h, veid, ADD, tmp)))
break;
if ((ret = run_vznetcfg(veid, tmp)))
break;
} else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) {
break;
}
}
maybe can we add something like
else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) {
if ((ret = run_vznetcfgdown(veid, tmp)))
break;
}
De: Dietmar Maurer diet...@proxmox.com
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel pve-devel@pve.proxmox.com
Envoyé: Vendredi 2 Mai 2014 16:25:23
Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
There is also /usr/sbin/vznetcfg, but seems this is only called for init.
from vzctl/include/types.h:
#define VPS_NET_ADD SCRIPTDIR /vps-net_add
#define VPS_NET_DEL SCRIPTDIR /vps-net_del
#define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add
#define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del
so we need to check which script in /usr/lib/vzctl/scripts/ is best.
for openvz veth, I don't known if it's possible to use a script at
shutdown ?
Maybe we can use an action script for that:
http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS
Maybe vps.umount?
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
maybe better, reuse run_vznetcfg, and pass ADD|DEL , then we just need to add a
new section in vznetcfg init script.
list_for_each(tmp, dev_h, list) {
if (op == ADD) {
if ((ret = h-veth_ctl(h, veid, ADD, tmp)))
break;
if ((ret = run_vznetcfg(veid, tmp, ADD)))
break;
} else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) {
run_vznetcfg(veid, tmp, DEL);
break;
}
}
static int run_vznetcfg(envid_t veid, veth_dev *dev, int op)
{
int ret;
char buf[16];
char *argv[] = {VZNETCFG, op == ADD ? init : del, veth, NULL,
NULL};
char *env[2];
if (stat_file(VZNETCFG) != 1)
return 0;
argv[3] = dev-dev_name;
snprintf(buf, sizeof(buf), VEID=%d, veid);
env[0] = buf;
env[1] = NULL;
if ((ret = run_script(VZNETCFG, argv, env, 0))) {
logger(-1, 0, VZNETCFG exited with error);
ret = VZ_VETH_ERROR;
}
return ret;
}
- Mail original -
De: Alexandre DERUMIER aderum...@odiso.com
À: Dietmar Maurer diet...@proxmox.com
Cc: pve-devel pve-devel@pve.proxmox.com
Envoyé: Lundi 5 Mai 2014 14:32:20
Objet: Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
There is also /usr/sbin/vznetcfg, but seems this is only called for init.
indeed,
in veth.c
static int veth_ctl(vps_handler *h, envid_t veid, int op, veth_param *list,
int rollback)
list_for_each(tmp, dev_h, list) {
if (op == ADD) {
if ((ret = h-veth_ctl(h, veid, ADD, tmp)))
break;
if ((ret = run_vznetcfg(veid, tmp)))
break;
} else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) {
break;
}
}
maybe can we add something like
else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) {
if ((ret = run_vznetcfgdown(veid, tmp)))
break;
}
De: Dietmar Maurer diet...@proxmox.com
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel pve-devel@pve.proxmox.com
Envoyé: Vendredi 2 Mai 2014 16:25:23
Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
There is also /usr/sbin/vznetcfg, but seems this is only called for init.
from vzctl/include/types.h:
#define VPS_NET_ADD SCRIPTDIR /vps-net_add
#define VPS_NET_DEL SCRIPTDIR /vps-net_del
#define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add
#define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del
so we need to check which script in /usr/lib/vzctl/scripts/ is best.
for openvz veth, I don't known if it's possible to use a script at
shutdown ?
Maybe we can use an action script for that:
http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS
Maybe vps.umount?
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
maybe better, reuse run_vznetcfg, and pass ADD|DEL , then we just need to add a new section in vznetcfg init script. would you mind to post that one the openvz list? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
would you mind to post that one the openvz list? don't seem to work, the code don't seem to be called on vm shutdown. I think that DEL is only use for rollback, if the ADD fail. I'll look for another way. - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Lundi 5 Mai 2014 15:34:25 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) maybe better, reuse run_vznetcfg, and pass ADD|DEL , then we just need to add a new section in vznetcfg init script. would you mind to post that one the openvz list? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I have sent a patch using vps.postumount hook script, works perfectly ! Good. The only problem I see is that users already use that file already for other things. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Good. The only problem I see is that users already use that file already for other things. Good point. I'll look if we can add a proxmox specific script, hacking the code to add a second postumount script - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Mardi 6 Mai 2014 06:19:59 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) I have sent a patch using vps.postumount hook script, works perfectly ! Good. The only problem I see is that users already use that file already for other things. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I'll look if we can add a proxmox specific script, hacking the code to add a second postumount script Ok, thanks! ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I think in
src/lib/fs.c
if (!(skip SKIP_ACTION_SCRIPT)) {
snprintf(buf, sizeof(buf), %s%d.%s, VPS_CONF_DIR,
veid, POST_UMOUNT_PREFIX);
for (i = 0; i 2; i++) {
if (run_pre_script(veid, buf)) {
logger(-1, 0, Error executing umount script
%s,
buf);
return VZ_ACTIONSCRIPT_ERROR;
}
snprintf(buf, sizeof(buf), %svps.%s, VPS_CONF_DIR,
POST_UMOUNT_PREFIX);
++snprintf(buf, sizeof(buf), %sproxmox.%s,
VPS_CONF_DIR,
++POST_UMOUNT_PREFIX);
}
}
should call /etc/vz/conf/proxmox.postumount
(maybe putting the script is /usr/sbin/ is better ?)
- Mail original -
De: Dietmar Maurer diet...@proxmox.com
À: Alexandre DERUMIER aderum...@odiso.com
Cc: pve-devel pve-devel@pve.proxmox.com
Envoyé: Mardi 6 Mai 2014 06:29:35
Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I'll look if we can add a proxmox specific script, hacking the code to add a
second postumount script
Ok, thanks!
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
++snprintf(buf, sizeof(buf), %sproxmox.%s, VPS_CONF_DIR, ++POST_UMOUNT_PREFIX); } } should call /etc/vz/conf/proxmox.postumount (maybe putting the script is /usr/sbin/ is better ?) Please use SCRIPTDIR (see include/types.h) ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Just a side note that it might be a good idea to hack in the other script types as well while you're in there anyway. That way if/when something should end up in, say, a premount script, you only need to write the script itself. Something to consider, anyway. On May 5, 2014 11:12 PM, Dietmar Maurer diet...@proxmox.com wrote: ++snprintf(buf, sizeof(buf), %sproxmox.%s, VPS_CONF_DIR, ++POST_UMOUNT_PREFIX); } } should call /etc/vz/conf/proxmox.postumount (maybe putting the script is /usr/sbin/ is better ?) Please use SCRIPTDIR (see include/types.h) ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
but wait, maybe vzeventd is the solution. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Ok, we need to modify /usr/lib/vzctl/scripts/vzevent-stop That script is even called when container is stopped from inside (poweroff). -Original Message- From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of Dietmar Maurer Sent: Dienstag, 06. Mai 2014 07:23 To: Alexandre DERUMIER Cc: pve-devel Subject: Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) but wait, maybe vzeventd is the solution. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Ok, we need to modify /usr/lib/vzctl/scripts/vzevent-stop That script is even called when container is stopped from inside (poweroff). Sigh, I guess we need both things (modify vzctl and add cleanup actions in /usr/lib/vzctl/scripts/vzevent-stop), because vzevent-stop is run asynchronous and simply exit it there is a running 'vzctl stop' (for safety if guess). ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Ok, I'll check that. thanks for help. - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Mardi 6 Mai 2014 07:38:29 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) Ok, we need to modify /usr/lib/vzctl/scripts/vzevent-stop That script is even called when container is stopped from inside (poweroff). Sigh, I guess we need both things (modify vzctl and add cleanup actions in /usr/lib/vzctl/scripts/vzevent-stop), because vzevent-stop is run asynchronous and simply exit it there is a running 'vzctl stop' (for safety if guess). ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Indeed we have stale bridge. I cleanup this at vm start (on tap_plug more precisily).I have a sub for this PVE::Network::bridge_cleanup($iface) Ah This can happen on vm_crash I don't known what is the best way in this case ? but also on vm shutdown (can be a shutdown from inside the guest for example) I think for the second case, we should add a shutdown script -netdev downscript=ifdown.sh). Yes, a shutdown script would help in that case. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
from vzctl/include/types.h: #define VPS_NET_ADD SCRIPTDIR /vps-net_add #define VPS_NET_DEL SCRIPTDIR /vps-net_del #define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add #define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del so we need to check which script in /usr/lib/vzctl/scripts/ is best. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
