Re: [pve-devel] [PATCH container] fix #3443: setup: clear /etc/machine-id in post-create hook

[Thomas Lamprecht <t.lamprecht@proxmox.com>]

On 25.05.21 15:17, Oguz Bektas wrote:
> this way when new containers are created the will have a unique
> /etc/machine-id
> 

why the dbus then? systemd talks explicitly only about /etc/machine-id
in the docs and also in their CT interface [0], the thematic is only touched
there though.

The dbus one is most often a symlink to /etc/machine-id, removing that can
break things...

[0] https://systemd.io/CONTAINER_INTERFACE/

> note that post_create_hook doesn't run for cloned containers so that
> will need to be handled separately
> 

If you read my post you also read that we must not remove the file in the
clone case.

We currently always generate a new random MAC-address for all netX devies of
a CT on clone, that suggests that we always want to truncate in the clone case,
to ensure that IPv6 SLAAC, among other things, can work OK.

We could add a "unique" param to the clone call, but until now this was never
requested to be configurable.

[1]: https://forum.proxmox.com/threads/bug-machine-id-etc-machine-id-not-unique-in-lxc-containers.89708/post-392258

> 
> Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
> ---
>  src/PVE/LXC/Setup/Base.pm | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm
> index be41874..75a7f74 100644
> --- a/src/PVE/LXC/Setup/Base.pm
> +++ b/src/PVE/LXC/Setup/Base.pm
> @@ -476,6 +476,18 @@ sub set_timezone {
>      }
>  }
>  
> +sub clear_machine_id {
> +    my ($self, $conf) = @_;
> +
> +    my $dbus_machine_id_path = "/var/lib/dbus/machine-id";
> +    my $machine_id_path = "/etc/machine-id";
> +    if ($self->ct_file_exists($dbus_machine_id_path)) {
> +        $self->ct_unlink($dbus_machine_id_path);
> +    }
> +    $self->ct_unlink($machine_id_path);
> +    $self->ct_file_set_contents($machine_id_path, "uninitialized\n");
> +}
> +
>  sub pre_start_hook {
>      my ($self, $conf) = @_;
>  
> @@ -491,6 +503,7 @@ sub pre_start_hook {
>  sub post_create_hook {
>      my ($self, $conf, $root_password, $ssh_keys) = @_;
>  
> +    $self->clear_machine_id($conf);

only relevant for systemd envs. so it should be only called then, if we must call this
in such a general place.

Either called in in the respective distro setup or check if any of "/lib/systemd/systemd"
or "/usr/lib/systemd/system" is executable for a heuristic to find out if the CT is
systemd managed.

>      $self->template_fixup($conf);
>  
>      $self->randomize_crontab($conf);
> 

this now depends on the patch which changed the private randomize_crontab helper
to a plugin method as the change is visible in the context, but that isn't mentioned
anywhere...