[lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Stefan Tomanek 
This commit adds an configuration option to specify a script to be
executed before, during and after creating or configuring the pair of
veth devices. The name of the host sided device is passed as an
argument, so the script can be used to configures routes or firewall
rules related to the container. The interface can be extended to service
other network types, and as well can be used to introduce scriptable
hooks into other sections of the configuration.
---
 src/lxc/conf.c|  103 ++---
 src/lxc/conf.h|   23 +++-
 src/lxc/confile.c |   35 ++
 src/lxc/start.c   |2 +-
 4 files changed, 140 insertions(+), 23 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index adfe862..2993bce 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -24,11 +24,13 @@
 #include stdio.h
 #undef _GNU_SOURCE
 #include stdlib.h
+#include stdarg.h
 #include errno.h
 #include string.h
 #include dirent.h
 #include mntent.h
 #include unistd.h
+#include sys/wait.h
 #include pty.h
 
 #include sys/types.h
@@ -92,7 +94,7 @@ lxc_log_define(lxc_conf, lxc);
 
 extern int pivot_root(const char * new_root, const char * put_old);
 
-typedef int (*instanciate_cb)(struct lxc_netdev *);
+typedef int (*instanciate_cb)(struct lxc_handler *, struct lxc_netdev *);
 
 struct mount_opt {
char *name;
@@ -105,11 +107,11 @@ struct caps_opt {
int value;
 };
 
-static int instanciate_veth(struct lxc_netdev *);
-static int instanciate_macvlan(struct lxc_netdev *);
-static int instanciate_vlan(struct lxc_netdev *);
-static int instanciate_phys(struct lxc_netdev *);
-static int instanciate_empty(struct lxc_netdev *);
+static int instanciate_veth(struct lxc_handler *, struct lxc_netdev *);
+static int instanciate_macvlan(struct lxc_handler *, struct lxc_netdev *);
+static int instanciate_vlan(struct lxc_handler *, struct lxc_netdev *);
+static int instanciate_phys(struct lxc_handler *, struct lxc_netdev *);
+static int instanciate_empty(struct lxc_handler *, struct lxc_netdev *);
 
 static  instanciate_cb netdev_conf[LXC_NET_MAXCONFTYPE + 1] = {
[LXC_NET_VETH]= instanciate_veth,
@@ -184,6 +186,52 @@ static struct caps_opt caps_opt[] = {
{ mac_admin, CAP_MAC_ADMIN },
 };
 
+static int run_script(const char *name, const char *section, const char 
*script, ...)
+{
+   va_list argp;
+   int vargc = 4;
+   /* count variable arguments and add 4 for script, container
+* and section name  as well as the terminating NULL
+*/
+   va_start(argp, script);
+   while (va_arg(argp, char*)) vargc++;
+   va_end(argp);
+   INFO(Executing script '%s' for section '%s', script, section);
+
+   int pid = fork();
+   if (pid  0) {
+   ERROR(Error forking);
+   } else if (pid == 0) {
+   /* prepare command line arguments */
+   char *args[vargc];
+   args[0] = strdup(script);
+   args[1] = strdup(name);
+   args[2] = strdup(section);
+   args[vargc-1] = (char*) NULL;
+   va_start(argp, script);
+   int i;
+   for (i=3; ivargc; i++) {
+   args[i] = va_arg(argp, char*);
+   }
+   va_end(argp);
+
+   execv(script, args);
+   /* if we cannot exex, we exit this fork */
+   exit(1);
+   } else {
+   int status = 0;
+   waitpid( pid, status, 0 );
+   if (status != 0) {
+   /* something weird happened */
+   SYSERROR(Script '%s' terminated with non-zero exitcode 
%d,  name, status);
+   return -1;
+   } else {
+   return 1; /* all is well */
+   }
+   }
+   return -1;
+}
+
 static int find_fstype_cb(char* buffer, void *data)
 {
struct cbarg {
@@ -1204,7 +1252,7 @@ struct lxc_conf *lxc_conf_init(void)
return new;
 }
 
-static int instanciate_veth(struct lxc_netdev *netdev)
+static int instanciate_veth(struct lxc_handler *handler, struct lxc_netdev 
*netdev)
 {
char veth1buf[IFNAMSIZ], *veth1;
char veth2buf[IFNAMSIZ], *veth2;
@@ -1267,6 +1315,16 @@ static int instanciate_veth(struct lxc_netdev *netdev)
}
}
 
+   if (netdev-script) {
+   err = run_script(handler-name, net, netdev-script, veth,
+veth1, (char*) NULL);
+   if (err) {
+   ERROR(failed to run script '%s' for interface '%s',
+ netdev-script, veth1);
+   goto out_delete;
+   }
+   }
+
DEBUG(instanciated veth '%s/%s', index is '%d',
  veth1, veth2, netdev-ifindex);
 
@@ -1277,7 +1335,7 @@ out_delete:
return -1;
 }
 
-static int instanciate_macvlan(struct lxc_netdev

Re: [lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Michael Tokarev 
Stefan Tomanek wrote:
 Dies schrieb Michael Tokarev (m...@tls.msk.ru):
[]
 There's apparently no reason to run a script before
 creating a netdev (pair).  Note that we don't even
 know which names will be used for the netdevs, at
 least in general case.
 
 I know, but there might be a point in executing a point script before
 network configuration in general. I cannot thin of an example right now,
 but Debian has the same distinction for its network configuration.

It occured to me too that you may be following debian network/interfaces.
But this is something else: in the pre-up in debian you may want to
load a NIC driver module for example, so that the interface actually
appears and when it goes to the initialisation stage when ifup runs
tools like ifconfig to configure the IP addresses, the interface is
already here.  In lxc, the whole 'pre-up' stage is always done by
lxc tools (instantiating veth/macvlan/etc device), so there's just
no pre-up stage at all.

 The during version makes no sense at all, in my
 opinion anyway, because we're syncronous, and there's
 no way to run something during the veth creation.
 So it actually becomes either before or after
 anyway.
 
 It is during due to the fact that it is network type specific and
 gets called inside the instanciate_* (veth in this case) function.
 That is the only part where the host-facing interface name is known,
 so calling a general hook afterwards is of no use.

Ok, I'll re-read the patch again...  somehow I understand it
completely differently...

/mjt

--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2  L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Stefan Tomanek 
Dies schrieb Michael Tokarev (m...@tls.msk.ru):

  I know, but there might be a point in executing a point script before
  network configuration in general. I cannot thin of an example right now,
  but Debian has the same distinction for its network configuration.
 
 It occured to me too that you may be following debian network/interfaces.
 But this is something else: in the pre-up in debian you may want to
 load a NIC driver module for example, so that the interface actually
 appears and when it goes to the initialisation stage when ifup runs
 tools like ifconfig to configure the IP addresses, the interface is
 already here.  In lxc, the whole 'pre-up' stage is always done by
 lxc tools (instantiating veth/macvlan/etc device), so there's just
 no pre-up stage at all.

pre-up is used for other purposes as well, I've written quit some extensions
to Debian's ifupdown. WIFI-configuration takes place at that time.

Your point assumes that the work done by LXC covers all cases of use; however,
this is probably not the case - actually, the lack of decent veth
configurability is my intention for this patch. Having an extra hook available,
even if not used, will make it easier for admins to adapt their setup to their
needs - and not having to re-learn C programming like I did in the last few
days :-)
-- 
- Wertarbyte EDV-Dienstleistungen -
  Stefan Tomanek
  WWW: http://wertarbyte.de/
  E-Mail:  kont...@wertarbyte.de

--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2  L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Stefan Tomanek 
Dies schrieb Daniel Lezcano (daniel.lezc...@free.fr):

 Are we sure, we want to add these hooks (pre and post) ? I am not 
 against adding them, but IMO it is more sane to add them if needed 
 rather than adding something which may not be used.

Well, until now, there was not a single hook, although I desperately
needed one. And there are probably people out there who might use
these hooks and are not able to add them for themselves.

 Wouldn't preferable to have these two hooks:
 
  lxc.network.script.up
  lxc.network.script.down
 
 (script parameter will need 'name', 'conf section' 'up' | 'down' ...

I still advise to split the hooks into generic ones and those specific
to the network type. The parameters passed to a script configuring a veth
device will be completely different than those passed to a macvlan device;
generic commands can then be placed in a different script, while special
commands can be handled in specific scripts.

I'd at least propose to use two hooks for setting up the interface, on being 
called
in instanciate_* (.up?), passing the arguments suitable to that network type, 
as well as
one generic (.post-up?)

 If there is a need for a pre or post hook, we can easily add later:

Sure, _we_ probably can, but not the person who might need the patch. There are 
quite
many sysadmins who are masters at shell scripting, but are unable to add such a 
hook
to a C codebase. Not being able to extend the system in an easy fashion would 
be a huge
show stopper for them, just as the lack of scripting was to me.

  +   return -1;
  +   } else {
  +   return 1; /* all is well */
 
 
 The convention is '0' means 'no error', why do you return 1 here ?

Oh, I probably got the exit codes mixed up, I'll fix it...
-- 
- Wertarbyte EDV-Dienstleistungen -
  Stefan Tomanek
  WWW: http://wertarbyte.de/
  E-Mail:  kont...@wertarbyte.de

--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2  L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Michael Tokarev 
Stefan Tomanek wrote:
 Dies schrieb Daniel Lezcano (daniel.lezc...@free.fr):
 
 Are we sure, we want to add these hooks (pre and post) ? I am not 
 against adding them, but IMO it is more sane to add them if needed 
 rather than adding something which may not be used.
 
 Well, until now, there was not a single hook, although I desperately
 needed one. And there are probably people out there who might use
 these hooks and are not able to add them for themselves.
 
 Wouldn't preferable to have these two hooks:

  lxc.network.script.up
  lxc.network.script.down

 (script parameter will need 'name', 'conf section' 'up' | 'down' ...
 
 I still advise to split the hooks into generic ones and those specific
 to the network type. The parameters passed to a script configuring a veth
 device will be completely different than those passed to a macvlan device;
 generic commands can then be placed in a different script, while special
 commands can be handled in specific scripts.

Note that the script may receive other parameters, depending on the
type of the network device, just the first 3 are fixed.  THere's also
$ENVIRONMENT $VARIABLES for us.

 I'd at least propose to use two hooks for setting up the interface, on being 
 called
 in instanciate_* (.up?), passing the arguments suitable to that network type, 
 as well as
 one generic (.post-up?)

If there's a need, the specific script may call some common
code/script by its own, or the reverse.  There's no need to do
that in lxc.  Of if we do, how about adding a _set_ of scripts
for each stage ?  :)

 If there is a need for a pre or post hook, we can easily add later:
 
 Sure, _we_ probably can, but not the person who might need the patch. There 
 are quite
 many sysadmins who are masters at shell scripting, but are unable to add such 
 a hook
 to a C codebase. Not being able to extend the system in an easy fashion would 
 be a huge
 show stopper for them, just as the lack of scripting was to me.

There IS a trivial way to extend system already (when
just ONE hook is implemented) - chain your scripts.
There's no need to re-implement shell in lxc.

/mjt

--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2  L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Daniel Lezcano 
On 10/08/2010 05:13 PM, Michael Tokarev wrote:
 Stefan Tomanek wrote:

 Dies schrieb Daniel Lezcano (daniel.lezc...@free.fr):

  
 Are we sure, we want to add these hooks (pre and post) ? I am not
 against adding them, but IMO it is more sane to add them if needed
 rather than adding something which may not be used.

 Well, until now, there was not a single hook, although I desperately
 needed one. And there are probably people out there who might use
 these hooks and are not able to add them for themselves.

  
 Wouldn't preferable to have these two hooks:

   lxc.network.script.up
   lxc.network.script.down

 (script parameter will need 'name', 'conf section' 'up' | 'down' ...

 I still advise to split the hooks into generic ones and those specific
 to the network type. The parameters passed to a script configuring a veth
 device will be completely different than those passed to a macvlan device;
 generic commands can then be placed in a different script, while special
 commands can be handled in specific scripts.
  
 Note that the script may receive other parameters, depending on the
 type of the network device, just the first 3 are fixed.  THere's also
 $ENVIRONMENT $VARIABLES for us.


 I'd at least propose to use two hooks for setting up the interface, on being 
 called
 in instanciate_* (.up?), passing the arguments suitable to that network 
 type, as well as
 one generic (.post-up?)
  
 If there's a need, the specific script may call some common
 code/script by its own, or the reverse.  There's no need to do
 that in lxc.  Of if we do, how about adding a _set_ of scripts
 for each stage ?  :)


 If there is a need for a pre or post hook, we can easily add later:

 Sure, _we_ probably can, but not the person who might need the patch. There 
 are quite
 many sysadmins who are masters at shell scripting, but are unable to add 
 such a hook
 to a C codebase. Not being able to extend the system in an easy fashion 
 would be a huge
 show stopper for them, just as the lack of scripting was to me.
  

I am not a sysadmin, may be you are right, having the hooks available is 
good, but I am still not convinced they are needed. I am heavily using 
kvm, and with the two scripts qemu-ifup and qemu-ifdown I am quite happy :)
Anything to be done before or after falls in /etc/network/interfaces.

 There IS a trivial way to extend system already (when
 just ONE hook is implemented) - chain your scripts.
 There's no need to re-implement shell in lxc.


Michael, I am not sure I get the idea. Can you elaborate a bit ?
In our case, we need the veth name which is available in 
instanciate_veth, no ?


--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2  L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Michael Tokarev 
08.10.2010 19:45, Daniel Lezcano wrote:
[]
 There IS a trivial way to extend system already (when
 just ONE hook is implemented) - chain your scripts.
 There's no need to re-implement shell in lxc.

 
 Michael, I am not sure I get the idea. Can you elaborate a bit ?
 In our case, we need the veth name which is available in 
 instanciate_veth, no ?

I'm trying to say that one script is enough, that's basically it ;)
Before (that makes no sense), During and After - just use one
During, with all the proper names and other parameters.  That calls
a script, and that script is free to call other scripts at will.

/mjt

--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2  L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel