Commits
Author | Commit | Message | Commit date | Issues | |
---|---|---|---|---|---|
Sergey Bronnikov | cf1c5b50b18 | Released vzctl 4.9.4Changes: see https://openvz.org/Download/vzctl/4.9.4/changes | |||
Igor Sukhih | 74985e4eef0M | Merge pull request #1 in OVZL/vzctl from ~IBAZHITOV/ovz-vzctl:sec to master* commit '22d967c336de3db0d30dae2bb7b2a9a69a0686de': Store VE layout to VE config on start Store VE layout in VE config during create and convert Move layout and mode fields from vps_opt to fs_param config: constify input path src/.gitignore: add vzfsync, vznnc bin/.gitignore: add vzoversell | |||
Igor Bazhitov | 22d967c336d | Store VE layout to VE config on startThis will help those, who didn't set the VE_LAYOUT into per-VE config manually. On the next CT start the autodetected VE layout would be saved in the VE config. Signed-off-by: Igor Bazhitov <ibazhitov@virtuozzo.com> | |||
Igor Bazhitov | 9e98ea630ac | Store VE layout in VE config during create and convertVE layout (ploop or simfs) is automatically detected based on presence of "root.hdd/DiskDescriptor.xml" file inside the VE private directory. Imagine that inside a simfs CT this file is created by some malicious user, which has root privileges there. When vzctl starts a CT, it would mistakenly autodetect the CT as being the ploop one! This design flaw leads to a certain kind of attack vectors, ... | |||
Igor Bazhitov | 3116b1fc255 | Move layout and mode fields from vps_opt to fs_paramThis is a preparation for saving VE layout in a per-VE config file. Moving the layout and mode fields to struct fs_param will save us plenty of various functions parameters changes. Signed-off-by: Igor Bazhitov <ibazhitov@virtuozzo.com> | |||
Igor Bazhitov | 3ad329bb6c0 | config: constify input pathSigned-off-by: Igor Bazhitov <ibazhitov@virtuozzo.com> | |||
Igor Bazhitov | 2786e96f2bf | src/.gitignore: add vzfsync, vznncSigned-off-by: Igor Bazhitov <ibazhitov@virtuozzo.com> | |||
Igor Bazhitov | f518005b43c | bin/.gitignore: add vzoversellSigned-off-by: Igor Bazhitov <ibazhitov@virtuozzo.com> | |||
Kir Kolyshkin | 0d841aef199 | Released vzctl 4.9.3Changes: see https://openvz.org/Download/vzctl/4.9.3/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kirill Kolyshkin | c18483d1b89M | Merge pull request #2 from zzmp/feat/vps-net_add-force-routevps-net_add: add FORCE_ROUTE to change existing route to container | |||
Zach Pomerantz | 91e700b9a26 | vps-net_add: add FORCE_ROUTE to change existing route to container | |||
Kir Kolyshkin | 485cb193459 | vzctl umount: fix exit code if CT is runningFixes the following issue: # vzctl umount 10101 Container is running -- stop it first # echo $? 0 Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 24f939e8159 | vzoversell: handle unlimited RAM CTsSome containers might be configured as unlimited (i.e. infinite physpages and privvmpages limit). Also, a container might appear as unlimited while it is being restored from dump (as beancounter limits are initially set to unlimited and only set to proper values at the end of the restoration process). In case such unlimited containers are present, overcommitment figures shown doesn't make sen... | |||
Konstantin Volckov | 137c14b2756 | set_console.sh: ubuntu 15.04 systemd console supportReference: PCLIN-32529 | PCLIN-32529 | ||
Kir Kolyshkin | cb7cd395f6b | Released vzctl 4.9.2Changes: see https://openvz.org/Download/vzctl/4.9.2/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 869f8d8cb77 | store_devnodes: fix NULL derefAs pointed out by Linas Žilinskas in bug #3228, we should check name for being non-NULL here. https://bugzilla.openvz.org/3228 Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | b0409ff0bf0 | vps-create.sh: use stat -f instead of dfOn a node with a stale NFS mount (not related to /vz), vzctl create fails after a long timeout. It happens because vps-create calls df $VE_ROOT, but for some odd reason df wants to stat() all the mount points and it hangs for a while and then fails on that stale mount. The solution is to use stat -f rather than df. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 4d4c21e1dbe | vzctl.spec: require attr packageIt never occured to me that setfattr can not be available, but it happens: # vzctl create ... ... Performing postcreate actions /etc/vz/dists/scripts/postcreate.sh: line 119: setfattr: command not found ... So, let's require it from spec file. This is an addition to commit f537353. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | b7d68dbd360 | Released vzctl 4.9.1Changes: see https://openvz.org/Download/vzctl/4.9.1/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | cf652d0df15 | vzctl.spec: drop the Conflicts: vzkernelThe change this patch is reverting was introduced to fix bug #3094. Unfortunately, it breaks the update for RHEL5-based OpenVZ kernels, which is the subject of bug #3219. The only solution I found is to list all the old RHEL6-based kernel explicitly. It would be good enough, but looks ugly. As the newest RHEL6-based kernel conflicting with this vzctl is at least 2 years old, let's just drop t... | |||
Kir Kolyshkin | 3774851d661 | create_hardlink_dir(): fix wrong owner/perms caseIn case CPT_HARDLINK_DIR exists, is a directory, but its ownership and/or permissions are wrong, the best course of action is not to remove it, but just fix what's wrong. This is what this patch does. In addition: * mark create_hardlink_dir() as static (as it should be) * report and return a potential error from stat() syscall, (as it should not happen and if it is, it's probably fatal) Th... | |||
Kir Kolyshkin | 4a4beac565c | Released vzctl 4.9Changes: see https://openvz.org/Download/vzctl/4.9/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | d375c03ea52 | vzmigrate: check CPU caps for suspended CTThis commit adds a check for CPU capabilities when migrating a suspended container. Such a check is needed because if CPU caps differ, a container might not survive restore after migrating. To implement this check, a support from the kernel is required (CPT_TEST_CAPS ioctl for /dev/cpt). Such support was errorneously removed from the kernel 042stab101.5, but then restored in 042stab107.1, so a... | |||
Kir Kolyshkin | 8e02bf02b70 | vzmigrate: fix for vzfsync if VE_PRIVATE differsWhen referring to DDXML, we assumed VE_PRIVATE == VE_PRIVATE_REMOTE which is not always the case. Fix it. https://bugzilla.openvz.org/3170 Reported-by: toumin <983510@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 1cd0931da24 | etc/vz.conf: improve NEIGHBOUR_DEVS descriptionThis is an addition to commit 2869ab3 https://bugzilla.openvz.org/1289 https://bugzilla.openvz.org/3192 Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Per Johansson | 358aa2dec17 | ct_enter(): enter mnt namespace lastmnt needs to be set last since it changes the filesystem. Runnig vzctl start on upstream kernel fails for me on CentOS 6.5. I used to run vzkernel but reverted to stock to be able to run docker / lxc at the same time. With strace I noticed it's failing to find /proc/<pid>/ns/pid and I traced that to the loop in hooks_ct.c. After it does setns on the mnt file the pid one no longer can be opene... | |||
Kir Kolyshkin | 2869ab3acc2 | vz.conf: allow list of interfaces in NEIGHBOUR_DEVSHistorically, allowed values for NEIGHBOUR_DEVS were either "detect" or any other value, in the last case "all devices" are assumed. It's time to change it. From now on, NEIGHBOUR_DEVS can be one of: * all (or empty string, or unset) -- old behavior (all devices are used * detect -- same as before, devices to use for ARP are detected * list:* -- devices are explicitly listed (as in "list:et... | |||
Kir Kolyshkin | c502784b4e8 | vzctl set --devices: made cumulative, fixThis is the same as commits 90e8dd6 and b8708e2 for vzctl set --devnodes. From now on: * the option is now cumulative, so any new devices set by "vzctl set --devices" command are added to the existing devices * vzctl set --devices t:major:minor:none --save" removes the device from the configuration. Note if last device is deleted from the list, we have to add DEVICES="" to the configurat... | |||
Kir Kolyshkin | b93eefb62db | [style] store_devnodes(): fix a commentThis is an addition to commit b8708e2. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 1a348851c27 | store_dev(): introduce PRINT_DEV macroThis is a preparation to the next patch. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | fc1f1357039 | vzctl set --devices: fix SIGSEGVThis is caused by the commit c2a48a7e. Note add_dev_param() is called from parse_devices_str() in which name is not set, so we shouldn't blindly use strdup(). https://bugzilla.openvz.org/3189 Reported-by: Devon <devon.b@virtualcomplete.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 1a89ea43a65 | init.d: exit code if vzctl or vz.conf not foundIn case vzctl binary of vz.conf global configuration file is not found, we should not exit with 0. Instead, use codes 5 "program is not installed" and 6 "program is not configured", as per LSB http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html https://bugzilla.openvz.org/show_bug.cgi?id=3195 Reported-by: nethubonline@gmail.com Signed-off-by: Kir Kolysh... | |||
Kir Kolyshkin | 6031c647f97 | init.d/vz-redhat: fix exit code according to LSBIn case an invalid command is specified, we should return exit code of 3 -- <<unimplemented feature (for example, "reload")>> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 3353ac0b0c2 | vzeventd(8): document new behaviorAs per previous commit, vzeventd now processes all known events. Document it. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 41ef81e0879 | vzevent: try to run a script for all known eventsPreviously, we only tried to execute vzevent-stop and vzevent-reboot scripts. This change makes vzevent process all known events as they come from the kernel. Unknown (not recognized) events are still logged as errors (maybe we need to change that). Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 3b7c743e22a | vzeventd: ignore non-existent event scriptsAdd a check that the executable event script file is present. Ignore ENOENT but report other errors. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | c2db7bbfe23 | vzlist -j: output valid JSON for no CTsIn case there are no containers found, still produce valid JSON output. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 98f29073b13 | make_dir_mode(): ignore EEXIST from mkdir()It seems two instances of vzctl can create a directory at the same time, so due to a time period between access() and mkdir() a directory can be created, so we need to ignore EEXIST error. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | b2f9c254447 | vps_start_custom(): fixupIn case VPS_PRESTART script failed, we just return an error, no need to rollback anything yet. This is a fix to commit 0807ef4. Found by Coverity, CID 1271650, 1271651, 1271652. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | c49eb62f1d0 | Revert "dir_empty(): skip lost+found"As described in commit 07a6ee9, it was a bad idea to try allowing VE_PRIVATE being a mount point. As we don't do it anymore, this patch is no longer required -- so revert it This reverts commit 320bc278ac7d2e3f712f15f802550bca45c2ca7b. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | eab4d5b8db6 | vps_create: minor fixes to cleanup logicfs_create() is supposed to remove VE_PRIVATE in case of error, so we don't need to clean it up if it return an error. This fixes the following error (lines marked with *): # vzctl create 666 --ostemplate centos-6-x86-minimal --private /dev/shm Can't create: private dir (/dev/shm) is a mount point. Suggestion: use --private /dev/shm/private * Destroying container private area: /dev/shm ... | |||
Kir Kolyshkin | c37c353e9ca | fs_create: lock privateWe are supposed to have VE_PRIVATE created for the duration of fs_create() run. It's like some sort of locking. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 07a6ee99494 | vzctl create: disallow VE_PRIVATE be a mount pointAs it is pointed out in bug #3166, when VE_PRIVATE is a mount point, container creation leads to a bunch of weird errors: # vzctl create $CTID --private '/data/$VEID' Creating container private area (debian-7.0-x86_64-minimal) Can't rename /data/10001.tmp to /data/10001: Device or resource busy Destroying container private area: /data/10001 Warning: directory /data/10001 is not on the sam... | |||
Kir Kolyshkin | 0807ef4fb74 | vzctl start/resume: load kernel modules needed for CTThis patch introduces vps-prestart script which is executed upon container start or restore. Currently, this script checks CT config and loads some kernel modules if reqired. This should help NFS, NFSD, PPP, and Docker to work inside CT (if configured). Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 09e974fa3ac | vzctl chkpnt: workaround for ENOSPCIn order to be able to checkpoint/restore processes having opened but deleted files, we have a kernel helper that hardlinks such files to a special CPT_HARDLINK_DIR (see commit 16ee8dd). The problem is if there is no disk space (or disk inodes) available, checkpointing fails like this: # vzctl chkpnt 74933 --dump --dumpfile /dev/shm/dump.74933 Setting up checkpoint... join context.. dump... | |||
Kir Kolyshkin | 2dfc74f0b70 | [style] call clean_hardlink_dir() from _env_create()We need to call clean_hardlink_dir() when starting a container. Calling it from fill_container_param() is not obvious and confusing. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | f3094bd3596 | vzctl set --devnodes: remove devices from CTStrictly speaking it is not required to remove /dev/XXX nodes from CT when permissions are revoked (as in "vzctl set --devnodes XXX:none") since XXX is becoming inaccessible from CT anyway. Having said that, removal of revoked devices makes things look more clear, so let's do it. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | b8708e2d5c8 | vzctl set --devnodes: fix removing last deviceApparently removing a last device from the list is a special case, as merge_conf() doesn't detect it unless we provide some string. So, let's print DEVNODES="" in this case. This fixes the following bug: # grep DEVNODES /etc/vz/conf/101.conf DEVNODES="ttyS3:rw " # vzctl set 101 --devnodes ttyS3:none --save No changes in CT configuration, not saving # grep DEVNODES /etc/vz/conf/101.conf ... | |||
Kir Kolyshkin | 90e8dd6c847 | vzctl set --devnodes: made cumulative, fixThis patch fixes the handling of --devnodes option. First, the option is now cumulative, so any new devices set by "vzctl set --devnodes" command are added to the existing devices. Second, "vzctl set --devnodes DEV:none --save" removes DEV from the configuration. https://bugzilla.openvz.org/3186 Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | c2a48a7e24e | add_dev_param(): don't modify second argumentCommit ea64ee6 has a bad side effect: after calling merge_dev() the device names in vps_p list (which is supposed to have configuration as read from ve.conf) disappear. This is caused by the hunk modifying add_dev_param(). This patch fixes that side effect, also marking the second argument const so this won't happen in the future. This is not a bug fix per se (as no one was using dev in vps_p... |