Commits
Author | Commit | Message | Commit date | Issues | |
---|---|---|---|---|---|
Kir Kolyshkin | db10d31d9dd | Released vzctl 4.5Changes: see http://openvz.org/Download/vzctl/4.5/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | dd9824e07eb | vps_create(): don't save LOCAL_UID/GID== for OVZCommit b529da9 added saving LOCAL_UID=0 and LOCAL_GID=0 when user namespace is not available. This is needed for upstream kernel, but does not make any sense for OpenVZ kernel. So let's add a check for non-ovz kernel. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 02d8d838abe | Makefile: optionally include local makefileSigned-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 6a82c8ddee8 | vzctl.spec: fix build on older systems wrt sharedstatedirCommits 6d4e622 and df80be5 made use of %{_sharedstatedir} macro (which is /var/lib). Unfortunately, on some ancient systems (i.e. RHEL4) this macro expands to /usr/com which is definitely not what we want. Fix by explicitly defining it. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 855b3a88688 | Improve veth random MAC generationUse first host MAC as a seed to hash (as it was intended). https://bugzilla.openvz.org/2695 Reported-by: Alvaro Polo <apv@tid.es> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Marc MAURICE | f5b9c740329 | vzmigrate: support for VE_PRIVATE being a symlinkIn my company we use symlinks for VE_PRIVATE directories. We wanted to keep the default VE_PRIVATE location (from vz.conf) while still being able to choose the VM storage location. The attached patch will handle VM migration if VE_PRIVATE is a symlink. I know VE_PRIVATE symlinks are maybe not fully supported by OpenVZ project (seen bug #1095). http://bugzilla.openvz.org/2694 | |||
Slava Dubrovskiy | 90183488a66 | libvzchown: link to -ldlGot error from our post build checks: verify-elf: ERROR: ./usr/lib64/libvzchown-1.0.so: undefined symbol: dlerror https://bugzilla.openvz.org/2705 | |||
Kir Kolyshkin | f8b1fc0d0bc | ndsend: fix option field in sending packetsndsend which is contained in vzctl package comes with an important bug. According to RFC4861 #4.4 && #4.6.1 when sending an unsolicited Neighbor Advertisement one should be using option type 2 (Target Link-Layer Address). ndsend on the other hand uses option type 1 (Source Link-Layer Address). This makes RFC compliant devices not behaving according to what ndsend is supposed to do, the packet ... | |||
Kir Kolyshkin | 7325b00eae5 | vzctl_env_convert_ploop(): check chmod return codeIf it fails, since it's too late to roll back, just issue a warning. Reported by Coverity, CID 1064410. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | a88ca37ea68 | vzctl_env_switch_snapshot: fix leak on error pathIf ploop.uuid_generate() failed, follow proper rollback path. Reported by Coverity, CID 996913. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 746ebfcdec2 | load_ploop_lib(): load .so.1, try .so tooIn ploop-1.9 we are introducing library versioning, so we have libploop.so.1 and thus dlopen("libploop.so") will fail. Therefore, we can't release ploop-1.9 before vzctl because it will break existing systems. We can't release vzctl with dlopen("libploop.so.1") before ploop-1.9 either for the same reason. Chicken and egg problem here. Since we can't release vzctl and ploop at the same time, le... | |||
Kir Kolyshkin | 16b6cdf53cc | read_resolv_conf(): fix potential buffer overflowstrncat() expects size to contain the remainder of dest buffer, so we way it was coded was prone to buffer overflow. Compiler even hints about it: > In file included from /usr/include/string.h:642, > from vps_configure.c:23: > In function 'strncat', > inlined from 'read_resolv_conf' at vps_configure.c:191: > /usr/include/bits/string3.h:152: warning: call to > __builtin___s... | |||
Kir Kolyshkin | b09e07c4c61 | vz-postinstall: be verbose about what we doAdd output of what we're changing. Add grep to skip changing if the value is already the way we want it to be. First run: vz-postinstall: /etc/sysconfig/selinux: set SELINUX = disabled vz-postinstall: /etc/sysctl.conf: set net.ipv4.ip_forward = 1 vz-postinstall: /etc/sysctl.conf: add net.ipv4.conf.default.proxy_arp = 0 vz-postinstall: /etc/sysctl.conf: set kernel.sysrq = 1 vz-postinstall: /etc... | |||
Kir Kolyshkin | fcb8a1c53ec | vzdaemon_stop(): don't return error if stopped alreadyAccording to Debian policy (http://www.debian.org/doc/debian-policy/ch-opersys.html#s-writing-init) > The init.d scripts must ensure that they will behave sensibly > (i.e. returning success and not starting multiple copies of a service) if > invoked with start when the service is already running, or with stop > when it isn't Our stop script didn't do that, i.e. it returned 1 if a service is a... | |||
Kir Kolyshkin | 42dd2f60135 | vztmpl-dl: add --upload-all, --ignore-errorsBefore this patch, there was no easy way to update all existing OS templates. Theoretically, it could be done using something like vztmpl-dl $(vztmpl-dl --list-local) Practically, such command would exit on the first template which can't be found remotely (such as, say, old fedora which moved into unsupported). So, --ignore-errors option is added to keep downloading templates, even if some ... | |||
Kir Kolyshkin | ffbc4f7a053 | vztmpl-dl: fix a bashism in list_localUnfortunately we can't use {} construct. Reported by checkbashisms. Introduced in commit 2a25f12. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 53d40a8feaf | vztmpl: improve usagePut <template> argument in triangle brackets, and fix copyright years. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 2a25f1287ee | vztmpl-dl: add --list-remote, --list-localPreviously, we only had --list argument, to list templates available for download. It makes sense to also add an ability to list local templates (--list-local) and all templates (both local and available for download) (--list-all). While we're at it, * rename --list to --list-remote; * modify usage and man page accordingly; * fix bash_completion for vzctl accordingly. Signed-off-by: Kir Kolys... | |||
Kir Kolyshkin | a7aaea07a6c | vz-postinstall: enabled iptables for bridgesIn RHEL6/CentOS 6, iptables are disabled for bridges. This breaks setups such as the one described in bug #2641, where iptables commlimit is used to limit number of connections between containers. Initially, RHEL6 added the following to /etc/sysctl.conf (see https://bugzilla.redhat.com/show_bug.cgi?id=512206) # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridg... | |||
Kir Kolyshkin | 586e7f081c1 | vzctl.spec: run vz-postinstall on a fresh install onlyvz-postinstall changes some sysctl.conf parameters etc. We do not need to run it every time we upgrade vzctl, but only when installing on a fresh system (with no previous version of vzctl installed). The thing is, if vzctl is installed, chances are high system is already configured the way it should be. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 8f7931298f7 | vz-postinstall: do not change rp_filterApparently some people need to disable rp_filter, so let's not touch it. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | de13ab07f06 | vztmpl-dl: do not check GPG signatures by default1. Set the built-in default for CHECK_TEMPLATE_SIG to no 2. Add --gpg-check option (and --update while we're at it) 3. Fix download.conf accordingly (and note the defaults) 4. Fix vztmpl-dl(8) man page accordingly https://bugzilla.openvz.org/show_bug.cgi?id=2673 Reported-by: Pavel Odintsov <pavel.odintsov@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Marc MAURICE | 7834ffed659 | vzmigrate: add / to paths for rsyncI think the way rsync is called in the vzmigrate script may lead to data loss. Steps to reproduce: * have a VM on a source host * add a trailing slash in VE_PRIVATE in the VM config (example: * VE_PRIVATE="/vz/private/888/") * have a target host with some no critical data in /vz/private * vzmigrate your VM from source to target host (you may use --rsync="-vn" to have some debug and not to do... | |||
Kir Kolyshkin | 1ab93d96428 | vzctl start: always mount /dev/pts for upstream CTCommit 5b8cd90, among other things, added devpts mount to container start. For some reason it was done only if userns is available. In fact, we need devpts inside a container in order to be able to enter it, so remove the if (userns) condition. This should fix vzctl enter on a recent Fedora 18-19 kernel (3.9, the one that disables CONFIG_USERNS in favor of XFS). Signed-off-by: Kir Kolyshkin <... | |||
Kir Kolyshkin | e18a7399b99 | Factor out mount_devpts()Move that piece of code that does /dev/pts mount for a newly created container out of _env_create to a separate function mount_devpts(). No changes in the code. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | bf084c049a5 | vzctl create: use proper version of basename()libgen.h supplies us with a bad POSIX version of basename(), as it is outlined in basename(3) man page, while string.h (of GNU libc) gives us a nice one. Let's use GNU basename(). This is a fix to commit 33dae1f. Cc: Slava Dubrovskiy <dubrsl@altlinux.ru> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 72b38d205bd | vzctl create: fix running postcreate action wrt --ostemplate path/tmplFix running postcreate action in case --ostemplate argument contains path. Commit 1975a5c introduced support for path in --ostemplate argument, and then commit 33dae1f fixed the case of storing that path in OSTEMPLATE value in container's configuration file. Running of post-create script is still not fixed though, leading to this error: Warning: configuration file for distribution beta/fedo... | |||
Kir Kolyshkin | b529da96cde | vps_create(): save LOCAL_UID/GID=0 if !usernsIn case user namespace is not available at the time of container creation, we are basically creating container with LOCAL_UID=0 and LOCAL_GID=0. Make sure to write these values to container configuration file, otherwise the global default from /etc/vz/vz.conf will take place during container start and it will fail with the following message: Container private area is owned by 0:0, but configu... | |||
Kir Kolyshkin | 4c7b8e9231d | ct_do_open(): minor optimizationThere is no need to dynamically construct names like /proc/<mypid>/... because we can just use /proc/self/... Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Marc MAURICE | a83a0a55bbd | vzmigrate: remove a bashismvzmigrate is unable to move CTs when the target host is a Debian with /bin/dash as default /bin/sh shell (which is the default on new Debian installs). To make the vzmigrate script POSIX compatible, the (easy) fix is to replace 'source' by '.'. This is a fix to commit 0853972. https://bugzilla.openvz.org/2682 | |||
Kir Kolyshkin | df80be5dc3e | vzctl.spec: add /var/lib/vz as a symlink to /vzSigned-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 49c2d96d233 | [style] use VPSCONFDIR from Makefile definesWe always had that VPSCONFDIR variable defined in paths.am and propagated through pathsubst.am. Nevertheless, we were defining it again (as VPS_CONF_DIR) in include/types.h Let's eliminate that duplication, propagating VPSCONFDIR to C code by means of CFLAGS in Makefiles, like we do with others. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | b185dd67f07 | [style] remove / from VPS_CONF_DIRSigned-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | d4b73d45a20 | vzctl.spec: remove extra slashesReported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 8814662bab7 | vzctl.spec: quote rpm macrosUse %{_variable} style everywhere. Reported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 6d4e62223a0 | vzctl.spec: use %_sharedstatedir not /var/libReported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 330c4e699ce | vzctl.spec: remove a bunch of definesLet's remove those paths that are only used once or twice. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 8a5aef690da | vzctl.spec: don't mark symlink as %dir/etc/vz/conf is a symlink. Do not mark it as a directory. Reported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 3223a8ad90c | scripts: use VPSCONFDIR instead of PKGCONFDIR/confSigned-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 8c1bd48fb4e | scripts: use VPSCONFDIR...instead of PKGCONFDIR/conf Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | aa245d57b2a | Released vzctl 4.4Changes: see http://openvz.org/Download/vzctl/4.4/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Marc MAURICE | 39c84837ce2 | debian-add_ip.sh: ignore comments when looking for venet0When starting a debian container, the /etc/vz/dists/scripts/debian-add_ip.sh script will do some checks to automatically overwrite debian interfaces config if the VM is in venet mode. When we leave some old commented venet configuration in /etc/network/interfaces, the script will detect it and overwrite it, even if we don't want to because the network is in veth mode. Steps to reproduce : 1. ... | |||
Kir Kolyshkin | a347f10ad30 | [style] vzctl.spec: s/$RPM_BUILD_ROOT/%{buildroot}/Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 376cc3d2c5e | [style] vzctl.spec: Use _configdir instead of /etc/vz/Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 8f58c9d0408 | [style] vzctl.spec: curly brackets for %_libdirs/%_libdir/%{_libdir}/ Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | a5aebc83385 | [style] vzctl.spec: s/$RPM_OPT_FLAGS/%{optflags}/Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 3e319a93335 | [style] vzctl_mount_snapshot(): rm unneeded typecastBoth vzctl_mount_param.guid and ploop_mount_param.guid are of char * type, so there is no need to do casting here. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 3da1927b492 | Implement nameserver/searchdomain inheritanceNow, if NAMESERVER/--nameserver and/or SEARCHDOMAIN/--searchdomain value is "inherit", the corresponding setting is taken from host system's /etc/resolv.conf. That way, a user don't have to do extra configuration step required for DNS to work inside a container. Note that per-CT parameters are inherited from the global /etc/vz/vz.conf, so we set NAMESERVER=inherit in vz.conf and therefore all ... | |||
Andrey Vagin | fa3ef2da0da | ct: fix exec to really enter into pidns (v3)setns() of the pid namespace unlike unsharing of other namespaces does not take affect immediately. Instead it affects the children created with fork and clone. v2: don't forget about the end mark in close_fds v3: use nice and dandy env_wait() https://bugzilla.openvz.org/show_bug.cgi?id=2658 Reported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Andrey Vagin <avagin@openvz.org> | |||
Kir Kolyshkin | ce7386b8c8d | [build] configure: set localstatedir to w/o prefix/var should be /var, not /usr/local/var or /usr/var. Currently we work around this by supplying --localstatedir argument to ./configure in vzctl.spec, but people building/installing from source have bad paths as a result. So, use the same trick as we did for sysconfdir in commit 2e95e285. https://bugzilla.openvz.org/show_bug.cgi?id=2637#c2 Reported-by: hoverhell@gmail.com Signed-off-by: Kir ... |