[pve-devel] SPAM: [PATCH v2 container 0/2] fix #3443: unique machine-id for containers

[pve-devel] SPAM: [PATCH v2 container 0/2] fix #3443: unique machine-id for containers

[Oguz Bektas]

v1 -> v2:
* remove crontab change
* detect if container is using systemd
* handle clones (truncate)

Oguz Bektas (2):
  setup: clear /etc/machine-id for newly created containers
  clear machine-id also after container clone

 src/PVE/API2/LXC.pm       | 19 ++++++++++++++++++-
 src/PVE/LXC/Setup.pm      | 10 ++++++++++
 src/PVE/LXC/Setup/Base.pm | 25 +++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 1 deletion(-)

-- 
2.20.1

[pve-devel] [PATCH container 1/2] setup: clear /etc/machine-id for newly created containers

[Oguz Bektas]

this way when new containers are created they will have a unique
/etc/machine-id

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
v1->v2:
* incorporated thomas' suggestions


 src/PVE/LXC/Setup.pm      | 10 ++++++++++
 src/PVE/LXC/Setup/Base.pm | 25 +++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index 8b8fee9..c31a164 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -352,6 +352,16 @@ sub pre_start_hook {
     $self->protected_call($code);
 }
 
+sub clear_machine_id {
+    my ($self, $conf, $clone) = @_;
+
+    my $code = sub {
+	$self->{plugin}->clear_machine_id($self->{conf}, $clone);
+    };
+    $self->protected_call($code);
+
+}
+
 sub post_create_hook {
     my ($self, $root_password, $ssh_keys) = @_;
 
diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
index d73335b..21074b7 100644
--- a/src/PVE/LXC/Setup/Base.pm
+++ b/src/PVE/LXC/Setup/Base.pm
@@ -476,6 +476,30 @@ sub set_timezone {
     }
 }
 
+sub clear_machine_id {
+    my ($self, $conf, $clone) = @_;
+
+    my $uses_systemd = $self->ct_is_executable("/lib/systemd/systemd")
+	|| $self->ct_is_executable("/usr/lib/systemd/systemd");
+
+    my $dbus_machine_id_path = "/var/lib/dbus/machine-id";
+    my $machine_id_path = "/etc/machine-id";
+    if (
+	$self->ct_file_exists($dbus_machine_id_path)
+	&& !$self->ct_is_symlink($dbus_machine_id_path)
+	&& $uses_systemd
+    ) {
+        $self->ct_unlink($dbus_machine_id_path);
+    }
+
+    # don't remove file if container is being cloned
+    if ($clone) {
+	$self->ct_file_set_contents($machine_id_path, "\n");
+    } else {
+	$self->ct_unlink($machine_id_path);
+    }
+}
+
 sub pre_start_hook {
     my ($self, $conf) = @_;
 
@@ -491,6 +515,7 @@ sub pre_start_hook {
 sub post_create_hook {
     my ($self, $conf, $root_password, $ssh_keys) = @_;
 
+    $self->clear_machine_id($conf);
     $self->template_fixup($conf);
 
     &$randomize_crontab($self, $conf);
-- 
2.20.1

[pve-devel] [PATCH v2 container 2/2] clear /etc/machine-id also after container clone

[Oguz Bektas]

pass $clone=1 to avoid removing the file. instead we truncate it to an
empty file

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---

 src/PVE/API2/LXC.pm | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index a9ea3a6..413f466 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -1594,7 +1594,24 @@ __PACKAGE__->register_method({
 	};
 
 	PVE::Firewall::clone_vmfw_conf($vmid, $newid);
-	return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd);
+
+	my $task = eval {
+	    return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd);
+	};
+	if (my $err = $@) {
+	    warn $@ if $@;
+	    die $err;
+	}
+
+	my $lastconf = PVE::LXC::Config->load_config($newid);
+	my $rootdir = PVE::LXC::mount_all($newid, $storecfg, $lastconf, 1);
+	my $lxc_setup = PVE::LXC::Setup->new($lastconf, $rootdir);
+	$lxc_setup->clear_machine_id($lastconf, 1);
+	PVE::LXC::umount_all($newid, $storecfg, $lastconf, 1);
+
+	return $task;
+
+
     }});
 
 
-- 
2.20.1

Re: [pve-devel] [PATCH v2 container 2/2] clear /etc/machine-id also after container clone

[Fabian Grünbichler]

On May 26, 2021 4:18 pm, Oguz Bektas wrote:
> pass $clone=1 to avoid removing the file. instead we truncate it to an
> empty file
> 
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
> 
>  src/PVE/API2/LXC.pm | 19 ++++++++++++++++++-
>  1 file changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index a9ea3a6..413f466 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -1594,7 +1594,24 @@ __PACKAGE__->register_method({
>  	};
>  
>  	PVE::Firewall::clone_vmfw_conf($vmid, $newid);
> -	return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd);
> +
> +	my $task = eval {
> +	    return $rpcenv->fork_worker('vzclone', $vmid, $authuser, $realcmd);

this forks the task worker that does the actual cloning of 
mountpoints/volumes, so after this point that code ($realcmd) will run 
concurrent to the rest of the API worker itself handling the request.

doing anything after forking the task worker is almost always wrong.

> +	};
> +	if (my $err = $@) {
> +	    warn $@ if $@;
> +	    die $err;
> +	}
> +
> +	my $lastconf = PVE::LXC::Config->load_config($newid);

this config might or might not contain any of the updated/cloned 
volumes, this is entirely up to the speed of cloning

> +	my $rootdir = PVE::LXC::mount_all($newid, $storecfg, $lastconf, 1);

so this might or might not mount anything?

> +	my $lxc_setup = PVE::LXC::Setup->new($lastconf, $rootdir);
> +	$lxc_setup->clear_machine_id($lastconf, 1);
> +	PVE::LXC::umount_all($newid, $storecfg, $lastconf, 1);

in which case this might or might not do anything

> +
> +	return $task;

why do you not simply clear the machine ID at the end of the task 
worker?

> +
> +
>      }});
>  
>  
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
>