Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I'll look for openvz down script today. (I have sent a patch for qemu) - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Vendredi 2 Mai 2014 16:25:23 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) There is also /usr/sbin/vznetcfg, but seems this is only called for init. from vzctl/include/types.h: #define VPS_NET_ADD SCRIPTDIR /vps-net_add #define VPS_NET_DEL SCRIPTDIR /vps-net_del #define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add #define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del so we need to check which script in /usr/lib/vzctl/scripts/ is best. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
There is also /usr/sbin/vznetcfg, but seems this is only called for init. indeed, in veth.c static int veth_ctl(vps_handler *h, envid_t veid, int op, veth_param *list, int rollback) list_for_each(tmp, dev_h, list) { if (op == ADD) { if ((ret = h-veth_ctl(h, veid, ADD, tmp))) break; if ((ret = run_vznetcfg(veid, tmp))) break; } else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) { break; } } maybe can we add something like else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) { if ((ret = run_vznetcfgdown(veid, tmp))) break; } De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Vendredi 2 Mai 2014 16:25:23 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) There is also /usr/sbin/vznetcfg, but seems this is only called for init. from vzctl/include/types.h: #define VPS_NET_ADD SCRIPTDIR /vps-net_add #define VPS_NET_DEL SCRIPTDIR /vps-net_del #define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add #define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del so we need to check which script in /usr/lib/vzctl/scripts/ is best. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
maybe better, reuse run_vznetcfg, and pass ADD|DEL , then we just need to add a new section in vznetcfg init script. list_for_each(tmp, dev_h, list) { if (op == ADD) { if ((ret = h-veth_ctl(h, veid, ADD, tmp))) break; if ((ret = run_vznetcfg(veid, tmp, ADD))) break; } else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) { run_vznetcfg(veid, tmp, DEL); break; } } static int run_vznetcfg(envid_t veid, veth_dev *dev, int op) { int ret; char buf[16]; char *argv[] = {VZNETCFG, op == ADD ? init : del, veth, NULL, NULL}; char *env[2]; if (stat_file(VZNETCFG) != 1) return 0; argv[3] = dev-dev_name; snprintf(buf, sizeof(buf), VEID=%d, veid); env[0] = buf; env[1] = NULL; if ((ret = run_script(VZNETCFG, argv, env, 0))) { logger(-1, 0, VZNETCFG exited with error); ret = VZ_VETH_ERROR; } return ret; } - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Lundi 5 Mai 2014 14:32:20 Objet: Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) There is also /usr/sbin/vznetcfg, but seems this is only called for init. indeed, in veth.c static int veth_ctl(vps_handler *h, envid_t veid, int op, veth_param *list, int rollback) list_for_each(tmp, dev_h, list) { if (op == ADD) { if ((ret = h-veth_ctl(h, veid, ADD, tmp))) break; if ((ret = run_vznetcfg(veid, tmp))) break; } else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) { break; } } maybe can we add something like else if ((ret = h-veth_ctl(h, veid, DEL, tmp))) { if ((ret = run_vznetcfgdown(veid, tmp))) break; } De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Vendredi 2 Mai 2014 16:25:23 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) There is also /usr/sbin/vznetcfg, but seems this is only called for init. from vzctl/include/types.h: #define VPS_NET_ADD SCRIPTDIR /vps-net_add #define VPS_NET_DEL SCRIPTDIR /vps-net_del #define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add #define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del so we need to check which script in /usr/lib/vzctl/scripts/ is best. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
maybe better, reuse run_vznetcfg, and pass ADD|DEL , then we just need to add a new section in vznetcfg init script. would you mind to post that one the openvz list? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
would you mind to post that one the openvz list? don't seem to work, the code don't seem to be called on vm shutdown. I think that DEL is only use for rollback, if the ADD fail. I'll look for another way. - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Lundi 5 Mai 2014 15:34:25 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) maybe better, reuse run_vznetcfg, and pass ADD|DEL , then we just need to add a new section in vznetcfg init script. would you mind to post that one the openvz list? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I have sent a patch using vps.postumount hook script, works perfectly ! Good. The only problem I see is that users already use that file already for other things. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Good. The only problem I see is that users already use that file already for other things. Good point. I'll look if we can add a proxmox specific script, hacking the code to add a second postumount script - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Mardi 6 Mai 2014 06:19:59 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) I have sent a patch using vps.postumount hook script, works perfectly ! Good. The only problem I see is that users already use that file already for other things. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I'll look if we can add a proxmox specific script, hacking the code to add a second postumount script Ok, thanks! ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
I think in src/lib/fs.c if (!(skip SKIP_ACTION_SCRIPT)) { snprintf(buf, sizeof(buf), %s%d.%s, VPS_CONF_DIR, veid, POST_UMOUNT_PREFIX); for (i = 0; i 2; i++) { if (run_pre_script(veid, buf)) { logger(-1, 0, Error executing umount script %s, buf); return VZ_ACTIONSCRIPT_ERROR; } snprintf(buf, sizeof(buf), %svps.%s, VPS_CONF_DIR, POST_UMOUNT_PREFIX); ++snprintf(buf, sizeof(buf), %sproxmox.%s, VPS_CONF_DIR, ++POST_UMOUNT_PREFIX); } } should call /etc/vz/conf/proxmox.postumount (maybe putting the script is /usr/sbin/ is better ?) - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Mardi 6 Mai 2014 06:29:35 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) I'll look if we can add a proxmox specific script, hacking the code to add a second postumount script Ok, thanks! ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
++snprintf(buf, sizeof(buf), %sproxmox.%s, VPS_CONF_DIR, ++POST_UMOUNT_PREFIX); } } should call /etc/vz/conf/proxmox.postumount (maybe putting the script is /usr/sbin/ is better ?) Please use SCRIPTDIR (see include/types.h) ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Just a side note that it might be a good idea to hack in the other script types as well while you're in there anyway. That way if/when something should end up in, say, a premount script, you only need to write the script itself. Something to consider, anyway. On May 5, 2014 11:12 PM, Dietmar Maurer diet...@proxmox.com wrote: ++snprintf(buf, sizeof(buf), %sproxmox.%s, VPS_CONF_DIR, ++POST_UMOUNT_PREFIX); } } should call /etc/vz/conf/proxmox.postumount (maybe putting the script is /usr/sbin/ is better ?) Please use SCRIPTDIR (see include/types.h) ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
but wait, maybe vzeventd is the solution. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Ok, we need to modify /usr/lib/vzctl/scripts/vzevent-stop That script is even called when container is stopped from inside (poweroff). -Original Message- From: pve-devel [mailto:pve-devel-boun...@pve.proxmox.com] On Behalf Of Dietmar Maurer Sent: Dienstag, 06. Mai 2014 07:23 To: Alexandre DERUMIER Cc: pve-devel Subject: Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) but wait, maybe vzeventd is the solution. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Ok, we need to modify /usr/lib/vzctl/scripts/vzevent-stop That script is even called when container is stopped from inside (poweroff). Sigh, I guess we need both things (modify vzctl and add cleanup actions in /usr/lib/vzctl/scripts/vzevent-stop), because vzevent-stop is run asynchronous and simply exit it there is a running 'vzctl stop' (for safety if guess). ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Ok, I'll check that. thanks for help. - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel pve-devel@pve.proxmox.com Envoyé: Mardi 6 Mai 2014 07:38:29 Objet: RE: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug) Ok, we need to modify /usr/lib/vzctl/scripts/vzevent-stop That script is even called when container is stopped from inside (poweroff). Sigh, I guess we need both things (modify vzctl and add cleanup actions in /usr/lib/vzctl/scripts/vzevent-stop), because vzevent-stop is run asynchronous and simply exit it there is a running 'vzctl stop' (for safety if guess). ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
Indeed we have stale bridge. I cleanup this at vm start (on tap_plug more precisily).I have a sub for this PVE::Network::bridge_cleanup($iface) Ah This can happen on vm_crash I don't known what is the best way in this case ? but also on vm shutdown (can be a shutdown from inside the guest for example) I think for the second case, we should add a shutdown script -netdev downscript=ifdown.sh). Yes, a shutdown script would help in that case. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : masquerade results (+veth vlan tag bug)
from vzctl/include/types.h: #define VPS_NET_ADD SCRIPTDIR /vps-net_add #define VPS_NET_DEL SCRIPTDIR /vps-net_del #define VPS_NETNS_DEV_ADD SCRIPTDIR /vps-netns_dev_add #define VPS_NETNS_DEV_DEL SCRIPTDIR /vps-netns_dev_del so we need to check which script in /usr/lib/vzctl/scripts/ is best. for openvz veth, I don't known if it's possible to use a script at shutdown ? Maybe we can use an action script for that: http://openvz.org/Man/vzctl.8#ACTION_SCRIPTS Maybe vps.umount? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel