OpenVZ-legacy
  1. OpenVZ-legacy

vzctl

Public
AuthorCommitMessageCommit dateIssues
Kir KolyshkinKir Kolyshkin
db10d31d9ddReleased vzctl 4.5Changes: see http://openvz.org/Download/vzctl/4.5/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
dd9824e07ebvps_create(): don't save LOCAL_UID/GID== for OVZCommit b529da9 added saving LOCAL_UID=0 and LOCAL_GID=0 when user namespace is not available. This is needed for upstream kernel, but does not make any sense for OpenVZ kernel. So let's add a check for non-ovz kernel. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
02d8d838abeMakefile: optionally include local makefileSigned-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
6a82c8ddee8vzctl.spec: fix build on older systems wrt sharedstatedirCommits 6d4e622 and df80be5 made use of %{_sharedstatedir} macro (which is /var/lib). Unfortunately, on some ancient systems (i.e. RHEL4) this macro expands to /usr/com which is definitely not what we want. Fix by explicitly defining it. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
855b3a88688Improve veth random MAC generationUse first host MAC as a seed to hash (as it was intended). https://bugzilla.openvz.org/2695 Reported-by: Alvaro Polo <apv@tid.es> Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Marc MAURICEKir KolyshkinMarc MAURICE
f5b9c740329vzmigrate: support for VE_PRIVATE being a symlinkIn my company we use symlinks for VE_PRIVATE directories. We wanted to keep the default VE_PRIVATE location (from vz.conf) while still being able to choose the VM storage location. The attached patch will handle VM migration if VE_PRIVATE is a symlink. I know VE_PRIVATE symlinks are maybe not fully supported by OpenVZ project (seen bug #1095). http://bugzilla.openvz.org/2694
Slava DubrovskiyKir KolyshkinSlava Dubrovskiy
90183488a66libvzchown: link to -ldlGot error from our post build checks: verify-elf: ERROR: ./usr/lib64/libvzchown-1.0.so: undefined symbol: dlerror https://bugzilla.openvz.org/2705
Kir KolyshkinKir Kolyshkin
f8b1fc0d0bcndsend: fix option field in sending packetsndsend which is contained in vzctl package comes with an important bug. According to RFC4861 #4.4 && #4.6.1 when sending an unsolicited Neighbor Advertisement one should be using option type 2 (Target Link-Layer Address). ndsend on the other hand uses option type 1 (Source Link-Layer Address). This makes RFC compliant devices not behaving according to what ndsend is supposed to do, the packet ...
Kir KolyshkinKir Kolyshkin
7325b00eae5vzctl_env_convert_ploop(): check chmod return codeIf it fails, since it's too late to roll back, just issue a warning. Reported by Coverity, CID 1064410. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
a88ca37ea68vzctl_env_switch_snapshot: fix leak on error pathIf ploop.uuid_generate() failed, follow proper rollback path. Reported by Coverity, CID 996913. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
746ebfcdec2load_ploop_lib(): load .so.1, try .so tooIn ploop-1.9 we are introducing library versioning, so we have libploop.so.1 and thus dlopen("libploop.so") will fail. Therefore, we can't release ploop-1.9 before vzctl because it will break existing systems. We can't release vzctl with dlopen("libploop.so.1") before ploop-1.9 either for the same reason. Chicken and egg problem here. Since we can't release vzctl and ploop at the same time, le...
Kir KolyshkinKir Kolyshkin
16b6cdf53ccread_resolv_conf(): fix potential buffer overflowstrncat() expects size to contain the remainder of dest buffer, so we way it was coded was prone to buffer overflow. Compiler even hints about it: > In file included from /usr/include/string.h:642, > from vps_configure.c:23: > In function 'strncat', > inlined from 'read_resolv_conf' at vps_configure.c:191: > /usr/include/bits/string3.h:152: warning: call to > __builtin___s...
Kir KolyshkinKir Kolyshkin
b09e07c4c61vz-postinstall: be verbose about what we doAdd output of what we're changing. Add grep to skip changing if the value is already the way we want it to be. First run: vz-postinstall: /etc/sysconfig/selinux: set SELINUX = disabled vz-postinstall: /etc/sysctl.conf: set net.ipv4.ip_forward = 1 vz-postinstall: /etc/sysctl.conf: add net.ipv4.conf.default.proxy_arp = 0 vz-postinstall: /etc/sysctl.conf: set kernel.sysrq = 1 vz-postinstall: /etc...
Kir KolyshkinKir Kolyshkin
fcb8a1c53ecvzdaemon_stop(): don't return error if stopped alreadyAccording to Debian policy (http://www.debian.org/doc/debian-policy/ch-opersys.html#s-writing-init) > The init.d scripts must ensure that they will behave sensibly > (i.e. returning success and not starting multiple copies of a service) if > invoked with start when the service is already running, or with stop > when it isn't Our stop script didn't do that, i.e. it returned 1 if a service is a...
Kir KolyshkinKir Kolyshkin
42dd2f60135vztmpl-dl: add --upload-all, --ignore-errorsBefore this patch, there was no easy way to update all existing OS templates. Theoretically, it could be done using something like vztmpl-dl $(vztmpl-dl --list-local) Practically, such command would exit on the first template which can't be found remotely (such as, say, old fedora which moved into unsupported). So, --ignore-errors option is added to keep downloading templates, even if some ...
Kir KolyshkinKir Kolyshkin
ffbc4f7a053vztmpl-dl: fix a bashism in list_localUnfortunately we can't use {} construct. Reported by checkbashisms. Introduced in commit 2a25f12. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
53d40a8feafvztmpl: improve usagePut <template> argument in triangle brackets, and fix copyright years. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
2a25f1287eevztmpl-dl: add --list-remote, --list-localPreviously, we only had --list argument, to list templates available for download. It makes sense to also add an ability to list local templates (--list-local) and all templates (both local and available for download) (--list-all). While we're at it, * rename --list to --list-remote; * modify usage and man page accordingly; * fix bash_completion for vzctl accordingly. Signed-off-by: Kir Kolys...
Kir KolyshkinKir Kolyshkin
a7aaea07a6cvz-postinstall: enabled iptables for bridgesIn RHEL6/CentOS 6, iptables are disabled for bridges. This breaks setups such as the one described in bug #2641, where iptables commlimit is used to limit number of connections between containers. Initially, RHEL6 added the following to /etc/sysctl.conf (see https://bugzilla.redhat.com/show_bug.cgi?id=512206) # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridg...
Kir KolyshkinKir Kolyshkin
586e7f081c1vzctl.spec: run vz-postinstall on a fresh install onlyvz-postinstall changes some sysctl.conf parameters etc. We do not need to run it every time we upgrade vzctl, but only when installing on a fresh system (with no previous version of vzctl installed). The thing is, if vzctl is installed, chances are high system is already configured the way it should be. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
8f7931298f7vz-postinstall: do not change rp_filterApparently some people need to disable rp_filter, so let's not touch it. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
de13ab07f06vztmpl-dl: do not check GPG signatures by default1. Set the built-in default for CHECK_TEMPLATE_SIG to no 2. Add --gpg-check option (and --update while we're at it) 3. Fix download.conf accordingly (and note the defaults) 4. Fix vztmpl-dl(8) man page accordingly https://bugzilla.openvz.org/show_bug.cgi?id=2673 Reported-by: Pavel Odintsov <pavel.odintsov@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Marc MAURICEKir KolyshkinMarc MAURICE
7834ffed659vzmigrate: add / to paths for rsyncI think the way rsync is called in the vzmigrate script may lead to data loss. Steps to reproduce: * have a VM on a source host * add a trailing slash in VE_PRIVATE in the VM config (example: * VE_PRIVATE="/vz/private/888/") * have a target host with some no critical data in /vz/private * vzmigrate your VM from source to target host (you may use --rsync="-vn" to have some debug and not to do...
Kir KolyshkinKir Kolyshkin
1ab93d96428vzctl start: always mount /dev/pts for upstream CTCommit 5b8cd90, among other things, added devpts mount to container start. For some reason it was done only if userns is available. In fact, we need devpts inside a container in order to be able to enter it, so remove the if (userns) condition. This should fix vzctl enter on a recent Fedora 18-19 kernel (3.9, the one that disables CONFIG_USERNS in favor of XFS). Signed-off-by: Kir Kolyshkin <...
Kir KolyshkinKir Kolyshkin
e18a7399b99Factor out mount_devpts()Move that piece of code that does /dev/pts mount for a newly created container out of _env_create to a separate function mount_devpts(). No changes in the code. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
bf084c049a5vzctl create: use proper version of basename()libgen.h supplies us with a bad POSIX version of basename(), as it is outlined in basename(3) man page, while string.h (of GNU libc) gives us a nice one. Let's use GNU basename(). This is a fix to commit 33dae1f. Cc: Slava Dubrovskiy <dubrsl@altlinux.ru> Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
72b38d205bdvzctl create: fix running postcreate action wrt --ostemplate path/tmplFix running postcreate action in case --ostemplate argument contains path. Commit 1975a5c introduced support for path in --ostemplate argument, and then commit 33dae1f fixed the case of storing that path in OSTEMPLATE value in container's configuration file. Running of post-create script is still not fixed though, leading to this error: Warning: configuration file for distribution beta/fedo...
Kir KolyshkinKir Kolyshkin
b529da96cdevps_create(): save LOCAL_UID/GID=0 if !usernsIn case user namespace is not available at the time of container creation, we are basically creating container with LOCAL_UID=0 and LOCAL_GID=0. Make sure to write these values to container configuration file, otherwise the global default from /etc/vz/vz.conf will take place during container start and it will fail with the following message: Container private area is owned by 0:0, but configu...
Kir KolyshkinKir Kolyshkin
4c7b8e9231dct_do_open(): minor optimizationThere is no need to dynamically construct names like /proc/<mypid>/... because we can just use /proc/self/... Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Marc MAURICEKir KolyshkinMarc MAURICE
a83a0a55bbdvzmigrate: remove a bashismvzmigrate is unable to move CTs when the target host is a Debian with /bin/dash as default /bin/sh shell (which is the default on new Debian installs). To make the vzmigrate script POSIX compatible, the (easy) fix is to replace 'source' by '.'. This is a fix to commit 0853972. https://bugzilla.openvz.org/2682
Kir KolyshkinKir Kolyshkin
df80be5dc3evzctl.spec: add /var/lib/vz as a symlink to /vzSigned-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
49c2d96d233[style] use VPSCONFDIR from Makefile definesWe always had that VPSCONFDIR variable defined in paths.am and propagated through pathsubst.am. Nevertheless, we were defining it again (as VPS_CONF_DIR) in include/types.h Let's eliminate that duplication, propagating VPSCONFDIR to C code by means of CFLAGS in Makefiles, like we do with others. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
b185dd67f07[style] remove / from VPS_CONF_DIRSigned-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
d4b73d45a20vzctl.spec: remove extra slashesReported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
8814662bab7vzctl.spec: quote rpm macrosUse %{_variable} style everywhere. Reported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
6d4e62223a0vzctl.spec: use %_sharedstatedir not /var/libReported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
330c4e699cevzctl.spec: remove a bunch of definesLet's remove those paths that are only used once or twice. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
8a5aef690davzctl.spec: don't mark symlink as %dir/etc/vz/conf is a symlink. Do not mark it as a directory. Reported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
3223a8ad90cscripts: use VPSCONFDIR instead of PKGCONFDIR/confSigned-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
8c1bd48fb4escripts: use VPSCONFDIR...instead of PKGCONFDIR/conf Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
aa245d57b2aReleased vzctl 4.4Changes: see http://openvz.org/Download/vzctl/4.4/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Marc MAURICEKir KolyshkinMarc MAURICE
39c84837ce2debian-add_ip.sh: ignore comments when looking for venet0When starting a debian container, the /etc/vz/dists/scripts/debian-add_ip.sh script will do some checks to automatically overwrite debian interfaces config if the VM is in venet mode. When we leave some old commented venet configuration in /etc/network/interfaces, the script will detect it and overwrite it, even if we don't want to because the network is in veth mode. Steps to reproduce : 1. ...
Kir KolyshkinKir Kolyshkin
a347f10ad30[style] vzctl.spec: s/$RPM_BUILD_ROOT/%{buildroot}/Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
376cc3d2c5e[style] vzctl.spec: Use _configdir instead of /etc/vz/Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
8f58c9d0408[style] vzctl.spec: curly brackets for %_libdirs/%_libdir/%{_libdir}/ Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
a5aebc83385[style] vzctl.spec: s/$RPM_OPT_FLAGS/%{optflags}/Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
3e319a93335[style] vzctl_mount_snapshot(): rm unneeded typecastBoth vzctl_mount_param.guid and ploop_mount_param.guid are of char * type, so there is no need to do casting here. Signed-off-by: Kir Kolyshkin <kir@openvz.org>
Kir KolyshkinKir Kolyshkin
3da1927b492Implement nameserver/searchdomain inheritanceNow, if NAMESERVER/--nameserver and/or SEARCHDOMAIN/--searchdomain value is "inherit", the corresponding setting is taken from host system's /etc/resolv.conf. That way, a user don't have to do extra configuration step required for DNS to work inside a container. Note that per-CT parameters are inherited from the global /etc/vz/vz.conf, so we set NAMESERVER=inherit in vz.conf and therefore all ...
Andrey VaginKir KolyshkinAndrey Vagin
fa3ef2da0dact: fix exec to really enter into pidns (v3)setns() of the pid namespace unlike unsharing of other namespaces does not take affect immediately. Instead it affects the children created with fork and clone. v2: don't forget about the end mark in close_fds v3: use nice and dandy env_wait() https://bugzilla.openvz.org/show_bug.cgi?id=2658 Reported-by: Igor Gnatenko <i.gnatenko.brain@gmail.com> Signed-off-by: Andrey Vagin <avagin@openvz.org>
Kir KolyshkinKir Kolyshkin
ce7386b8c8d[build] configure: set localstatedir to w/o prefix/var should be /var, not /usr/local/var or /usr/var. Currently we work around this by supplying --localstatedir argument to ./configure in vzctl.spec, but people building/installing from source have bad paths as a result. So, use the same trick as we did for sysconfdir in commit 2e95e285. https://bugzilla.openvz.org/show_bug.cgi?id=2637#c2 Reported-by: hoverhell@gmail.com Signed-off-by: Kir ...