[lxc-devel] [pylxd/master] Changed the implementation of Containers.migration to match the 'lxc …
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/pylxd/pull/319 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This should solve definetively the issue https://github.com/lxc/pylxd/issues/315 And the behaviour of migration will be the same of using ``` lxc move : ``` Also added myself to contributors.rst Hope this is usefull From 7e74b596fb79df725fed8e3794046b6e7a95a029 Mon Sep 17 00:00:00 2001 From: gabrik Date: Wed, 11 Jul 2018 16:38:32 +0200 Subject: [PATCH] Changed the implementation of Containers.migration to match the 'lxc move :' behaviour Signed-off-by: gabrik --- CONTRIBUTORS.rst | 1 + pylxd/models/container.py | 19 --- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst index 86035b2..f09f5b0 100644 --- a/CONTRIBUTORS.rst +++ b/CONTRIBUTORS.rst @@ -34,5 +34,6 @@ These are the contributors to pylxd according to the Github repository. chrismacnaughton Chris MacNaughton ppkt Karol Werner mrtc0Kohei Morita + gabrik Gabriele Baldoni === == diff --git a/pylxd/models/container.py b/pylxd/models/container.py index f55e53e..c5a21c1 100644 --- a/pylxd/models/container.py +++ b/pylxd/models/container.py @@ -421,9 +421,22 @@ def migrate(self, new_client, wait=False): """ if self.api.scheme in ('http+unix',): raise ValueError('Cannot migrate from a local client connection') - -return new_client.containers.create( -self.generate_migration_data(), wait=wait) + +if self.status.upper() == 'RUNNING': +try: +res = new_client.containers.create( +self.generate_migration_data(), wait=wait) +except LXDAPIException as e: +if '{}'.format(e) == "The container is already running": +self.delete() +return new_client.containers.get(self.name) +else: +raise e +else: + res = new_client.containers.create( +self.generate_migration_data(), wait=wait) +self.delete() +return res def generate_migration_data(self): """Generate the migration data. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Optimized UDP/TCP proxying (NAT)
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4775 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 1f9752260266a8c1b8ed02014284c6a5b792cae4 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Mon, 9 Jul 2018 15:03:49 +0200 Subject: [PATCH 1/2] lxd: Optimized UDP/TCP proxying (NAT) Signed-off-by: Thomas Hipp --- lxd/container_lxc.go | 101 ++ lxd/{networks_iptables.go => iptables.go} | 35 +-- 2 files changed, 130 insertions(+), 6 deletions(-) rename lxd/{networks_iptables.go => iptables.go} (62%) diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go index 2cee8ad1d..afad5b06d 100644 --- a/lxd/container_lxc.go +++ b/lxd/container_lxc.go @@ -6850,6 +6850,10 @@ func (c *containerLXC) insertProxyDevice(devName string, m types.Device) error { return fmt.Errorf("Can't add proxy device to stopped container") } + if c.tryNat(devName, m) { + return nil + } + proxyValues, err := setupProxyProcInfo(c, m) if err != nil { return err @@ -6881,13 +6885,107 @@ func (c *containerLXC) insertProxyDevice(devName string, m types.Device) error { return nil } +func (c *containerLXC) tryNat(proxy string, device types.Device) bool { + listenAddr, err := parseAddr(device["listen"]) + if err != nil { + return false + } + + connectAddr, err := parseAddr(device["connect"]) + if err != nil { + return false + } + + cAddrFields := strings.SplitN(connectAddr.addr[0], ":", 2) + validIP := false + + for _, name := range c.expandedDevices.DeviceNames() { + m := c.expandedDevices[name] + if m["type"] == "nic" { + if m["nictype"] != "bridged" { + continue + } + + // Check whether the NIC has a static IP + ip, ok := m["ipv4.address"] + if ok && ip == cAddrFields[0] { + validIP = true + break + } + } + } + + if !validIP { + logger.Info("NAT unavailable: NIC IP doesn't match proxy target IP") + return false + } + + if len(connectAddr.addr) > len(listenAddr.addr) { + // Cannot support single port -> multiple port + return false + } + + // Support TCP <-> TCP and UDP <-> UDP + if listenAddr.connType == "unix" || connectAddr.connType == "unix" || + listenAddr.connType != connectAddr.connType { + logger.Info(fmt.Sprintf("NAT unavailable: %s <-> %s not supported", + listenAddr.connType, connectAddr.connType)) + return false + } + + iptablesComment := fmt.Sprintf("%s (%s)", c.Name(), proxy) + + for i, lAddr := range listenAddr.addr { + listenFields := strings.SplitN(lAddr, ":", 2) + var cAddr string + if len(connectAddr.addr) == 1 { + cAddr = connectAddr.addr[0] + } else { + cAddr = connectAddr.addr[i] + } + + // outbound <-> container + err := containerIptablesPrepend("ipv4", iptablesComment, "nat", + "PREROUTING", "-p", listenAddr.connType, "--destination", + listenFields[0], "--dport", listenFields[1], "-j", "DNAT", + "--to-destination", cAddr) + if err != nil { + goto fail + } + + // host <-> container + err = containerIptablesPrepend("ipv4", iptablesComment, "nat", + "OUTPUT", "-p", listenAddr.connType, "--destination", + listenFields[0], "--dport", listenFields[1], "-j", "DNAT", + "--to-destination", cAddr) + if err != nil { + goto fail + } + } + + logger.Info("Using NAT for proxy device '%s'", proxy) + return true + +fail: + containerIptablesClear("ipv4", iptablesComment, "nat") + return false +} + func (c *containerLXC) removeProxyDevice(devName string) error { if !c.IsRunning() { return fmt.Errorf("Can't remove proxy device from stopped container") } + // Remove possible iptables entries + containerIptablesClear("ipv4", fmt.Sprintf("%s (%s)", c.Name(), devName), "nat") + devFileName := fmt.Sprintf("proxy.%s", devName) devPath := filepath.Join(c.DevicesPath(), devFileName) +
[lxc-devel] [lxc/master] tools: lxc-ls: fix signed_to_bigger_unsigned issue
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2458 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Hello, Fix assignment of a signed value which has type 'int' to a variable of a bigger integer type 'size_t' Thanks. Signed-off-by: 2xsec From 3a3dcd343249e546ae2a4bc5512de0fce9deb2fd Mon Sep 17 00:00:00 2001 From: 2xsec Date: Wed, 11 Jul 2018 21:59:18 +0900 Subject: [PATCH] tools: lxc-ls: fix signed_to_bigger_unsigned issue Signed-off-by: 2xsec --- src/lxc/tools/lxc_ls.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lxc/tools/lxc_ls.c b/src/lxc/tools/lxc_ls.c index bba72e8d5..32278d498 100644 --- a/src/lxc/tools/lxc_ls.c +++ b/src/lxc/tools/lxc_ls.c @@ -308,7 +308,7 @@ static char *ls_get_config_item(struct lxc_container *c, const char *item, if (running) return c->get_running_config_item(c, item); - size_t len = c->get_config_item(c, item, NULL, 0); + int len = c->get_config_item(c, item, NULL, 0); if (len <= 0) return NULL; @@ -316,7 +316,7 @@ static char *ls_get_config_item(struct lxc_container *c, const char *item, if (!val) return NULL; - if ((size_t)c->get_config_item(c, item, val, len + 1) != len) { + if (c->get_config_item(c, item, val, len + 1) != len) { free(val); val = NULL; } @@ -612,7 +612,7 @@ static int ls_get(struct ls **m, size_t *size, const struct lxc_arguments *args, static char *ls_get_cgroup_item(struct lxc_container *c, const char *item) { - size_t len = c->get_cgroup_item(c, item, NULL, 0); + int len = c->get_cgroup_item(c, item, NULL, 0); if (len <= 0) return NULL; @@ -620,7 +620,7 @@ static char *ls_get_cgroup_item(struct lxc_container *c, const char *item) if (!val) return NULL; - if ((size_t)c->get_cgroup_item(c, item, val, len + 1) != len) { + if (c->get_cgroup_item(c, item, val, len + 1) != len) { free(val); val = NULL; } @@ -630,7 +630,7 @@ static char *ls_get_cgroup_item(struct lxc_container *c, const char *item) static char *ls_get_groups(struct lxc_container *c, bool running) { - size_t len = 0; + int len = 0; char *val = NULL; if (running) @@ -640,7 +640,7 @@ static char *ls_get_groups(struct lxc_container *c, bool running) if (!val && (len > 0)) { val = malloc((len + 1) * sizeof(*val)); - if ((size_t)c->get_config_item(c, "lxc.group", val, len + 1) != len) { + if (c->get_config_item(c, "lxc.group", val, len + 1) != len) { free(val); return NULL; } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Reduce the frequency of raft snapshots
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4774 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === We have been taking raft snapshots agressively for a while now, to mitigate This change makes the frequency less aggressive. It shouldn't really make a difference regarding #4485, since we take a raft snapshot at daemon shutdown anyways, so the net effect is virtually the same (except in case of hard crashes). The snapshots trick will go away altogether in the new dqlite implementation. Signed-off-by: Free Ekanayaka From 02689d2c19563893bc10904d7026b18281f1f02c Mon Sep 17 00:00:00 2001 From: Free Ekanayaka Date: Wed, 11 Jul 2018 14:10:08 + Subject: [PATCH] Reduce the frequency of raft snapshots We have been taking raft snapshots agressively for a while now, to mitigate This change makes the frequency less aggressive. It shouldn't really make a difference regarding #4485, since we take a raft snapshot at daemon shutdown anyways, so the net effect is virtually the same (except in case of hard crashes). The snapshots trick will go away altogether in the new dqlite implementation. Signed-off-by: Free Ekanayaka --- lxd/cluster/raft.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxd/cluster/raft.go b/lxd/cluster/raft.go index b40493a20..742fa26fd 100644 --- a/lxd/cluster/raft.go +++ b/lxd/cluster/raft.go @@ -406,7 +406,7 @@ func raftConfig(latency float64) *raft.Config { // number of uncompacted raft logs low, and workaround slow // log replay when the LXD daemon starts (see #4485). A more // proper fix should be probably implemented in dqlite. - config.SnapshotThreshold = 64 + config.SnapshotThreshold = 512 config.TrailingLogs = 128 return config ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] c12d8f: namespace: add api to convert namespaces to standa...
Branch: refs/heads/stable-3.0 Home: https://github.com/lxc/lxc Commit: c12d8fa773f01aaa90a3c5e223f4d3a2bdbbf60c https://github.com/lxc/lxc/commit/c12d8fa773f01aaa90a3c5e223f4d3a2bdbbf60c Author: 2xsec Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/namespace.c M src/lxc/namespace.h Log Message: --- namespace: add api to convert namespaces to standard identifiers Signed-off-by: 2xsec Commit: d98ccfe8b438725f1cff955c982ce29b16efa020 https://github.com/lxc/lxc/commit/d98ccfe8b438725f1cff955c982ce29b16efa020 Author: 2xsec Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/tools/lxc_attach.c Log Message: --- tools: lxc-attach: replace converting standard identifiers of namespaces to api Signed-off-by: 2xsec Commit: f2c0d8f20a2bdbb45cdc503348dcdfb99f825cac https://github.com/lxc/lxc/commit/f2c0d8f20a2bdbb45cdc503348dcdfb99f825cac Author: 2xsec Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/tools/lxc_unshare.c Log Message: --- tools: lxc-unshare: replace converting standard identifiers of namespaces to api Signed-off-by: 2xsec Commit: 6e824338aeba6e94635b8c4b33080ef911d8368a https://github.com/lxc/lxc/commit/6e824338aeba6e94635b8c4b33080ef911d8368a Author: 2xsec Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/tools/lxc_unshare.c Log Message: --- tools: lxc-unshare: replace write_id_mapping() to the same function in conf.c Signed-off-by: 2xsec Commit: da0353d9b90f575f4e8bb67b224b5b8b20ca19aa https://github.com/lxc/lxc/commit/da0353d9b90f575f4e8bb67b224b5b8b20ca19aa Author: Christian Brauner Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/Makefile.am Log Message: --- autotools: build both a shared and static liblxc Signed-off-by: Christian Brauner Cc: Serge Hallyn Cc: Tycho Andersen Commit: 9e793462b889eae1b06fc51ddee06fc954d437f0 https://github.com/lxc/lxc/commit/9e793462b889eae1b06fc51ddee06fc954d437f0 Author: Christian Brauner Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/conf.c Log Message: --- conf: create /dev directory If users specified lxc.autodev = 1 it does not make sense to skip setting up autodev if /dev does not exist. We rather should create it. Signed-off-by: Christian Brauner Commit: 57585db945fb77907bb93adc997a0b1d260ddb72 https://github.com/lxc/lxc/commit/57585db945fb77907bb93adc997a0b1d260ddb72 Author: Christian Brauner Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/start.c Log Message: --- start: don't unconditionally open("/dev/null") Signed-off-by: Christian Brauner Compare: https://github.com/lxc/lxc/compare/311e6357fd6a...57585db945fb **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] autotools: cleanup Makefile.am
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2459 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From ba7bd8c8debc4c6e95763b5ed3e2c349b3558364 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 11 Jul 2018 22:35:44 +0200 Subject: [PATCH] autotools: cleanup Makefile.am Signed-off-by: Christian Brauner --- src/lxc/Makefile.am | 398 1 file changed, 216 insertions(+), 182 deletions(-) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index ff4c7ff8c..c5e46ac28 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -1,48 +1,45 @@ -pkginclude_HEADERS = \ - attach_options.h \ - lxccontainer.h \ - version.h - -noinst_HEADERS = \ - attach.h \ - storage/storage.h \ - storage/btrfs.h \ - storage/dir.h \ - storage/loop.h \ - storage/lvm.h \ - storage/nbd.h \ - storage/overlay.h \ - storage/rbd.h \ - storage/rsync.h \ - storage/zfs.h \ - storage/storage_utils.h \ - tools/arguments.h \ - cgroups/cgroup.h \ - cgroups/cgroup_utils.h \ - caps.h \ - conf.h \ - confile.h \ - confile_utils.h \ - error.h \ - initutils.h \ - list.h \ - log.h \ - lxc.h \ - lxclock.h \ - monitor.h \ - namespace.h \ - start.h \ - state.h \ - terminal.h \ - utils.h \ - criu.h \ - ../tests/lxctest.h +pkginclude_HEADERS = attach_options.h \ +lxccontainer.h \ +version.h + +noinst_HEADERS = attach.h \ +caps.h \ +cgroups/cgroup.h \ +cgroups/cgroup_utils.h \ +conf.h \ +confile.h \ +confile_utils.h \ +criu.h \ +error.h \ +initutils.h \ +list.h \ +log.h \ +lxc.h \ +lxclock.h \ +monitor.h \ +namespace.h \ +start.h \ +state.h \ +storage/btrfs.h \ +storage/dir.h \ +storage/loop.h \ +storage/lvm.h \ +storage/nbd.h \ +storage/overlay.h \ +storage/rbd.h \ +storage/rsync.h \ +storage/storage.h \ +storage/storage_utils.h \ +storage/zfs.h \ +terminal.h \ +../tests/lxctest.h \ +tools/arguments.h \ +utils.h if IS_BIONIC -noinst_HEADERS += \ - ../include/ifaddrs.h \ - ../include/openpty.h \ - ../include/lxcmntent.h +noinst_HEADERS += ../include/ifaddrs.h \ + ../include/lxcmntent.h \ + ../include/openpty.h endif if !HAVE_PRLIMIT @@ -67,9 +64,9 @@ endif sodir=$(libdir) -LSM_SOURCES = \ - lsm/nop.c \ - lsm/lsm.h lsm/lsm.c +LSM_SOURCES = lsm/lsm.c \ + lsm/lsm.h \ + lsm/nop.c if ENABLE_APPARMOR LSM_SOURCES += lsm/apparmor.c @@ -80,65 +77,63 @@ LSM_SOURCES += lsm/selinux.c endif lib_LTLIBRARIES = liblxc.la -liblxc_la_SOURCES = \ - storage/storage.c storage/storage.h \ - storage/btrfs.c storage/btrfs.h \ - storage/dir.c storage/dir.h \ - storage/loop.c storage/loop.h \ - storage/lvm.c storage/lvm.h \ - storage/nbd.c storage/nbd.h \ - storage/overlay.c storage/overlay.h \ - storage/rbd.c storage/rbd.h \ - storage/rsync.c storage/rsync.h \ - storage/zfs.c storage/zfs.h \ - storage/storage_utils.c storage/storage_utils.h \ - cgroups/cgfsng.c \ - cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ - cgroups/cgroup.c cgroups/cgroup.h \ - commands.c commands.h \ - commands_utils.c commands_utils.h \ - start.c start.h \ - execute.c \ - monitor.c monitor.h \ - terminal.c \ - freezer.c \ - error.h error.c \ - parse.c parse.h \ - lxc.h \ - initutils.c initutils.h \ - utils.c utils.h \ - sync.c sync.h \ - namespace.h namespace.c \ - conf.c conf.h \ - confile.c confile.h \ - confile_utils.c confile_utils.h \ - list.h \ - state.c state.h \ - log.c log.h \ - attach.c attach.h \ - criu.c criu.h \ - ringbuf.c ringbuf.h \ - \ - network.c network.h \ - nl.c nl.h \ - rtnl.c rtnl.h \ - \ - caps.c caps.h \ - lxcseccomp.h \ - mainloop.c mainloop.h \ - af_unix.c af_unix.h \ - \ - lxclock.h lxclock.c \ - lxccontainer.c lxccontainer.h \ -
[lxc-devel] [lxd/master] lxd/storage/ceph: Don't keep snapshots mounted
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4776 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Stéphane Graber From f3f3c7a72a81cdecc129e5d814531acd6b967b0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Wed, 11 Jul 2018 17:05:43 -0400 Subject: [PATCH] lxd/storage/ceph: Don't keep snapshots mounted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/storage_ceph.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lxd/storage_ceph.go b/lxd/storage_ceph.go index fda817a01..27d7ea697 100644 --- a/lxd/storage_ceph.go +++ b/lxd/storage_ceph.go @@ -1558,7 +1558,7 @@ func (s *storageCeph) ContainerRestore(target container, source container) error if err != nil { return err } - if ourStorageStop { + if !ourStorageStop { defer source.StorageStart() } @@ -1566,7 +1566,7 @@ func (s *storageCeph) ContainerRestore(target container, source container) error if err != nil { return err } - if ourStorageStop { + if !ourStorageStop { defer target.StorageStart() } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 3a3dcd: tools: lxc-ls: fix signed_to_bigger_unsigned issue
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 3a3dcd343249e546ae2a4bc5512de0fce9deb2fd https://github.com/lxc/lxc/commit/3a3dcd343249e546ae2a4bc5512de0fce9deb2fd Author: 2xsec Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/tools/lxc_ls.c Log Message: --- tools: lxc-ls: fix signed_to_bigger_unsigned issue Signed-off-by: 2xsec Commit: 337fa8eadf338acbd93f683145a6d977ea02a644 https://github.com/lxc/lxc/commit/337fa8eadf338acbd93f683145a6d977ea02a644 Author: Christian Brauner Date: 2018-07-11 (Wed, 11 Jul 2018) Changed paths: M src/lxc/tools/lxc_ls.c Log Message: --- Merge pull request #2458 from 2xsec/bugfix tools: lxc-ls: fix signed_to_bigger_unsigned issue Compare: https://github.com/lxc/lxc/compare/f2c0c2bf9ac3...337fa8eadf33 **NOTE:** This service been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/ Functionality will be removed from GitHub.com on January 31st, 2019. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel