* [pve-devel] [PATCH v3 container 0/2] fix #3443: unique machine-id for containers
@ 2021-05-27 9:25 Oguz Bektas
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 1/2] setup: clear /etc/machine-id for newly created containers Oguz Bektas
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 2/2] clear machine-id also after container clone Oguz Bektas
0 siblings, 2 replies; 6+ messages in thread
From: Oguz Bektas @ 2021-05-27 9:25 UTC (permalink / raw)
To: pve-devel
v2->v3:
* clear machine-id at the end of clone task worker
Oguz Bektas (2):
setup: clear /etc/machine-id for newly created containers
clear machine-id also after container clone
src/PVE/API2/LXC.pm | 6 ++++++
src/PVE/LXC/Setup.pm | 10 ++++++++++
src/PVE/LXC/Setup/Base.pm | 25 +++++++++++++++++++++++++
3 files changed, 41 insertions(+)
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH v3 container 1/2] setup: clear /etc/machine-id for newly created containers
2021-05-27 9:25 [pve-devel] [PATCH v3 container 0/2] fix #3443: unique machine-id for containers Oguz Bektas
@ 2021-05-27 9:26 ` Oguz Bektas
2021-06-10 11:47 ` Fabian Grünbichler
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 2/2] clear machine-id also after container clone Oguz Bektas
1 sibling, 1 reply; 6+ messages in thread
From: Oguz Bektas @ 2021-05-27 9:26 UTC (permalink / raw)
To: pve-devel
this way when new containers are created they will have a unique
/etc/machine-id
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
v3:
no changes
src/PVE/LXC/Setup.pm | 10 ++++++++++
src/PVE/LXC/Setup/Base.pm | 25 +++++++++++++++++++++++++
2 files changed, 35 insertions(+)
diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index 8b8fee9..c31a164 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -352,6 +352,16 @@ sub pre_start_hook {
$self->protected_call($code);
}
+sub clear_machine_id {
+ my ($self, $conf, $clone) = @_;
+
+ my $code = sub {
+ $self->{plugin}->clear_machine_id($self->{conf}, $clone);
+ };
+ $self->protected_call($code);
+
+}
+
sub post_create_hook {
my ($self, $root_password, $ssh_keys) = @_;
diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
index d73335b..21074b7 100644
--- a/src/PVE/LXC/Setup/Base.pm
+++ b/src/PVE/LXC/Setup/Base.pm
@@ -476,6 +476,30 @@ sub set_timezone {
}
}
+sub clear_machine_id {
+ my ($self, $conf, $clone) = @_;
+
+ my $uses_systemd = $self->ct_is_executable("/lib/systemd/systemd")
+ || $self->ct_is_executable("/usr/lib/systemd/systemd");
+
+ my $dbus_machine_id_path = "/var/lib/dbus/machine-id";
+ my $machine_id_path = "/etc/machine-id";
+ if (
+ $self->ct_file_exists($dbus_machine_id_path)
+ && !$self->ct_is_symlink($dbus_machine_id_path)
+ && $uses_systemd
+ ) {
+ $self->ct_unlink($dbus_machine_id_path);
+ }
+
+ # don't remove file if container is being cloned
+ if ($clone) {
+ $self->ct_file_set_contents($machine_id_path, "\n");
+ } else {
+ $self->ct_unlink($machine_id_path);
+ }
+}
+
sub pre_start_hook {
my ($self, $conf) = @_;
@@ -491,6 +515,7 @@ sub pre_start_hook {
sub post_create_hook {
my ($self, $conf, $root_password, $ssh_keys) = @_;
+ $self->clear_machine_id($conf);
$self->template_fixup($conf);
&$randomize_crontab($self, $conf);
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH v3 container 2/2] clear machine-id also after container clone
2021-05-27 9:25 [pve-devel] [PATCH v3 container 0/2] fix #3443: unique machine-id for containers Oguz Bektas
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 1/2] setup: clear /etc/machine-id for newly created containers Oguz Bektas
@ 2021-05-27 9:26 ` Oguz Bektas
2021-06-10 11:51 ` Fabian Grünbichler
1 sibling, 1 reply; 6+ messages in thread
From: Oguz Bektas @ 2021-05-27 9:26 UTC (permalink / raw)
To: pve-devel
pass $clone=1 to avoid removing the file. instead we truncate it to an
empty file
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
---
v2->v3:
* clear machine-id at the end of clone task worker
src/PVE/API2/LXC.pm | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
index a9ea3a6..d5c12dc 100644
--- a/src/PVE/API2/LXC.pm
+++ b/src/PVE/API2/LXC.pm
@@ -1590,6 +1590,12 @@ __PACKAGE__->register_method({
die "clone failed: $err";
}
+ my $lastconf = PVE::LXC::Config->load_config($newid);
+ my $rootdir = PVE::LXC::mount_all($newid, $storecfg, $lastconf, 1);
+ my $lxc_setup = PVE::LXC::Setup->new($lastconf, $rootdir);
+ $lxc_setup->clear_machine_id($lastconf, 1);
+ PVE::LXC::umount_all($newid, $storecfg, $lastconf, 1);
+
return;
};
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [pve-devel] [PATCH v3 container 1/2] setup: clear /etc/machine-id for newly created containers
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 1/2] setup: clear /etc/machine-id for newly created containers Oguz Bektas
@ 2021-06-10 11:47 ` Fabian Grünbichler
2021-06-10 12:04 ` Oguz Bektas
0 siblings, 1 reply; 6+ messages in thread
From: Fabian Grünbichler @ 2021-06-10 11:47 UTC (permalink / raw)
To: Proxmox VE development discussion
On May 27, 2021 11:26 am, Oguz Bektas wrote:
> this way when new containers are created they will have a unique
> /etc/machine-id
>
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
> v3:
> no changes
>
>
> src/PVE/LXC/Setup.pm | 10 ++++++++++
> src/PVE/LXC/Setup/Base.pm | 25 +++++++++++++++++++++++++
> 2 files changed, 35 insertions(+)
>
> diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
> index 8b8fee9..c31a164 100644
> --- a/src/PVE/LXC/Setup.pm
> +++ b/src/PVE/LXC/Setup.pm
> @@ -352,6 +352,16 @@ sub pre_start_hook {
> $self->protected_call($code);
> }
>
> +sub clear_machine_id {
> + my ($self, $conf, $clone) = @_;
> +
> + my $code = sub {
> + $self->{plugin}->clear_machine_id($self->{conf}, $clone);
> + };
> + $self->protected_call($code);
> +
> +}
maybe it would make more sense to call this "post_clone_hook", so it is
re-usable for other, similar changes (like optionally regenerating SSH
keys, or ...) in the future without polluting the entry-point namespace
too much?
> +
> sub post_create_hook {
> my ($self, $root_password, $ssh_keys) = @_;
>
> diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
> index d73335b..21074b7 100644
> --- a/src/PVE/LXC/Setup/Base.pm
> +++ b/src/PVE/LXC/Setup/Base.pm
> @@ -476,6 +476,30 @@ sub set_timezone {
> }
> }
>
> +sub clear_machine_id {
> + my ($self, $conf, $clone) = @_;
> +
> + my $uses_systemd = $self->ct_is_executable("/lib/systemd/systemd")
> + || $self->ct_is_executable("/usr/lib/systemd/systemd");
> +
> + my $dbus_machine_id_path = "/var/lib/dbus/machine-id";
> + my $machine_id_path = "/etc/machine-id";
> + if (
> + $self->ct_file_exists($dbus_machine_id_path)
> + && !$self->ct_is_symlink($dbus_machine_id_path)
> + && $uses_systemd
> + ) {
> + $self->ct_unlink($dbus_machine_id_path);
> + }
> +
> + # don't remove file if container is being cloned
> + if ($clone) {
> + $self->ct_file_set_contents($machine_id_path, "\n");
> + } else {
> + $self->ct_unlink($machine_id_path);
> + }
> +}
> +
> sub pre_start_hook {
> my ($self, $conf) = @_;
>
> @@ -491,6 +515,7 @@ sub pre_start_hook {
> sub post_create_hook {
> my ($self, $conf, $root_password, $ssh_keys) = @_;
>
> + $self->clear_machine_id($conf);
> $self->template_fixup($conf);
>
> &$randomize_crontab($self, $conf);
> --
> 2.20.1
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [pve-devel] [PATCH v3 container 2/2] clear machine-id also after container clone
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 2/2] clear machine-id also after container clone Oguz Bektas
@ 2021-06-10 11:51 ` Fabian Grünbichler
0 siblings, 0 replies; 6+ messages in thread
From: Fabian Grünbichler @ 2021-06-10 11:51 UTC (permalink / raw)
To: Proxmox VE development discussion
On May 27, 2021 11:26 am, Oguz Bektas wrote:
> pass $clone=1 to avoid removing the file. instead we truncate it to an
> empty file
>
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
> v2->v3:
> * clear machine-id at the end of clone task worker
>
> src/PVE/API2/LXC.pm | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index a9ea3a6..d5c12dc 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -1590,6 +1590,12 @@ __PACKAGE__->register_method({
> die "clone failed: $err";
> }
>
> + my $lastconf = PVE::LXC::Config->load_config($newid);
> + my $rootdir = PVE::LXC::mount_all($newid, $storecfg, $lastconf, 1);
> + my $lxc_setup = PVE::LXC::Setup->new($lastconf, $rootdir);
> + $lxc_setup->clear_machine_id($lastconf, 1);
> + PVE::LXC::umount_all($newid, $storecfg, $lastconf, 1);
this is dangerous - the config is not locked anymore at this point, and
we don't hold any other lock either!
another unrelated thing I just noticed - in case the clone fails, we
don't remove a potentially cloned firewall config..
> +
> return;
> };
>
> --
> 2.20.1
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [pve-devel] [PATCH v3 container 1/2] setup: clear /etc/machine-id for newly created containers
2021-06-10 11:47 ` Fabian Grünbichler
@ 2021-06-10 12:04 ` Oguz Bektas
0 siblings, 0 replies; 6+ messages in thread
From: Oguz Bektas @ 2021-06-10 12:04 UTC (permalink / raw)
To: Proxmox VE development discussion
hi,
> +sub clear_machine_id {
> > + my ($self, $conf, $clone) = @_;
> > +
> > + my $code = sub {
> > + $self->{plugin}->clear_machine_id($self->{conf}, $clone);
> > + };
> > + $self->protected_call($code);
> > +
> > +}
>
> maybe it would make more sense to call this "post_clone_hook", so it is
> re-usable for other, similar changes (like optionally regenerating SSH
> keys, or ...) in the future without polluting the entry-point namespace
> too much?
yes i was also thinking why we don't have a post_clone_hook :D
i'll change that accordingly :)
>
> > +
> > sub post_create_hook {
> > my ($self, $root_password, $ssh_keys) = @_;
> >
> > diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
> > index d73335b..21074b7 100644
> > --- a/src/PVE/LXC/Setup/Base.pm
> > +++ b/src/PVE/LXC/Setup/Base.pm
> > @@ -476,6 +476,30 @@ sub set_timezone {
> > }
> > }
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-06-10 12:04 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-27 9:25 [pve-devel] [PATCH v3 container 0/2] fix #3443: unique machine-id for containers Oguz Bektas
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 1/2] setup: clear /etc/machine-id for newly created containers Oguz Bektas
2021-06-10 11:47 ` Fabian Grünbichler
2021-06-10 12:04 ` Oguz Bektas
2021-05-27 9:26 ` [pve-devel] [PATCH v3 container 2/2] clear machine-id also after container clone Oguz Bektas
2021-06-10 11:51 ` Fabian Grünbichler
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal